The European Union’s Artificial Intelligence Act emerged at the end of 2023 as a landmark law for the digital age and for the regulation of artificial intelligence. It is the world’s first comprehensive AI legislation to govern the ethical development and safe use of AI technologies. 

The “EU AI Act,” as it’s known, strives to impose a balanced framework as businesses automate manual tasks and deploy AI algorithms to drive efficiency and innovation. The law not only seeks to foster technological advancement and the benefits of AI; it also tries to assure that these developments are aligned with the protection of fundamental rights and social values. 

The law underscores the EU’s commitment to creating a digital ecosystem where innovation can flourish within ethical guidelines and safety standards, setting a global benchmark for AI governance.

What Is the EU AI Act?

The EU AI Act is a legal framework by the European Commission designed to govern artificial intelligence, emphasizing safety, ethics, and innovation. It categorizes AI systems by risk, aiming to protect fundamental rights while assuring Europe’s competitiveness in AI technologies.

It introduces stringent requirements for high-risk AI systems, focusing on transparency, data protection, and accountability to mitigate potential harms. Conversely, AI systems posing minimal risks face fewer obligations, encouraging innovation within a secure framework.

The Act commits to trustworthy AI. It prohibits practices with unacceptable risks or purposes, such as mass surveillance and social scoring. By establishing clear rules, the law seeks to harmonize AI use across the EU member states, fostering a safe and innovative digital environment.

Why Is the EU AI Act Important?

The Act sets a global precedent in AI regulation. It compels the development and use of AI technologies that are aligned with human rights, environmental sustainability, and democratic values. It aims to protect EU citizens from the potential harms of AI while fostering a safe and innovative digital market​​​​.

When Will the EU AI Act Take Effect?

Not for a while yet. Following a provisional agreement on Dec. 9, 2023, the AI Act is on its path towards formal adoption by the European Parliament and the Council. This crucial step will pave the way for its implementation, setting the stage for a regulated AI ecosystem within the EU​​. So it may well be another few years before the AI Act is fully law of the land across Europe.

How the EU AI Act Classifies Different Types of AI Risks

The EU AI Act organizes AI systems into categories based on social risk levels:

  1. Unacceptable risks. Using AI for purposes such as real-time facial recognition and emotion recognition that threaten privacy and personal characteristics are banned under the law. 
  2. High risk. These uses include AI systems for law enforcement, critical infrastructure, and cybersecurity. They are allowed, but will need stringent evaluations and adherence to comprehensive transparency obligations to mitigate systemic risks.
  3. Limited risk. AI applications such as chatbots and generative AI models (ChatGPT, for example), are subject to minimal transparency requirements to inform users. 

The Act mandates comprehensive safeguards for all AI categories, including robust data governance and human oversight. Providers are responsible for assuring that AI models, particularly general-purpose AI (GPAI) and foundation models, follow critical legal standards such as the General Data Protection Regulation (GDPR) and copyright law. 

How Your Organization Can Apply the EU AI Act

To align with the EU AI Act, organizations must evaluate their AI applications to classify risk levels. Any high-risk AI systems you have, such as those used in law enforcement, healthcare, or critical infrastructure management, must comply with stringent regulatory demands. This includes:

  • Conducting fundamental rights impact assessments
  • Adhering to data governance protocols
  • Maintaining transparency in AI operations through technical documentation and user notification 

Companies making AI technology are responsible for assuring that their AI models, especially GPAI and foundation models, follow GDPR and copyright laws and promote an accountable AI culture.

Will There Be Fines for Noncompliance?

Non-compliance with the EU AI Act could result in significant financial penalties, reflecting the EU’s commitment to enforcing its provisions. 

Fines range up to €35 million or 7 percent of global turnover for major violations, such as breaches of banned AI applications. Lesser offenses, including providing incorrect information or failing to meet transparency obligations, can lead to fines of €7.5 million or 1.5 percent of turnover. Violators will also likely need to engage in expensive remediation programs to fix their business practices that led to the violation in the first place.

These penalties highlight the critical importance of taking the AI Act seriously. Businesses will need to assess their AI systems rigorously and update their practices as necessary to comply with the law. 

The Future of AI, Frameworks, and Compliance

As the first significant law of its kind, the EU AI Act is expected to influence AI regulation elsewhere in the world. The Act’s integration with frameworks such as the NIST AI Framework and ISO 42001 can guide businesses in developing trustworthy AI systems that align with international best practices.​

NIST AI Framework

The NIST AI Framework guides ethical, secure AI development, emphasizing risk management for technologies such as deepfakes and biometric identification systems. It supports compliance with the EU law, highlighting the importance of conformity assessments and responsible deployment of high-risk AI systems.

ISO 42001 Framework

ISO 42001 sets global standards for ethical AI use, including remote biometric identification. It aids organizations in meeting international and EU regulatory requirements, assuring that AI applications are developed and used responsibly, with a focus on safety and privacy in the internal market.

ZenGRC Is Your Integrated GRC Solution

Full implementation of the EU AI Act may be a way off yet, but companies embracing AI cannot afford to wait on compliance. The law will require new risk assessments, new risk analysis, new policies and procedures, new testing and remediation, and more.

RiskOptics’ ZenGRC simplifies that compliance work, offering a unified governance, risk management, and compliance (GRC) solution. ZenGRC can help you map your internal systems to frameworks such as the NIST AI framework or ISO 42001, so you can find where your approach to AI may be lacking and take necessary steps to bring your business practices up to code, so to speak.

Equip your business with the tools and insights to adhere to the EU AI Act, promoting responsible AI use. 

Schedule a demo today to align your AI practices with legislative requirements, minimize risks, and enhance the benefits of AI technologies.