The European Union’s AI Act has officially come into force on August 1, 2024. This legislation plans to govern how companies develop, deploy and use AI targeting large US tech giants and other businesses operating within EU market.
Also Read: Malaysia: New Regulatory License for Social Media Platforms to Combat Cyber Crimes
The AI Act was first introduced by the European Commission to address the negative impacts of AI technologies. It establishes a harmonized regulatory structure across the EU aiming to govern AI development, deployment and application.
While focusing on large US technology companies like Microsoft, Google, Amazon, Apple and Meta, the law also extends to various non-tech firms that utilize AI systems.
The AI Act employs a risk-based approach, differentiating the regulation of AI applications based on the level of risk they pose to society.
AI systems that are categorized as high-risk such as autonomous vehicles, medical devices, loan decision-making systems, educational scoring and remote biometric identification face stringent requirements.
Companies must implement risk assessment and mitigation systems, utilize high-quality training datasets to reduce bias, maintain routine activity logging and share detailed documentation with authorities.
Applications such as autonomous vehicles, medical devices, loan decisioning systems and biometric identification are considered high-risk.
The Act prohibits AI applications deemed to pose unacceptable risks including social scoring systems, predictive policing and emotional recognition technology in workplaces or schools.
Systems like OpenAI’s GPT, Google’s Gemini and Anthropic’s Claude are classified as general-purpose AI and are subject to specific transparency, copyright and cybersecurity requirements.
The Act provides certain exemptions for open-source models, provided they make their parameters publicly available and allow access, modification and distribution.
The AI Act applies to any organization operating or impacting the EU regardless of its geographic location. This means that US tech giants must comply with the regulations if they have any operations in the EU.
The law mandates increased scrutiny of tech companies’ operations in the EU particularly concerning the use of EU citizen data.
Meta has already restricted the availability of its AI model LLaMa in Europe due to regulatory concerns related to GDPR.
Generative AI is categorized as general-purpose AI and must adhere to strict requirements such as EU copyright compliance, transparency disclosures and cybersecurity measures.
Also Read: Beep: Pakistan Launches Homegrown Messaging App
Open-source models are eligible for exemptions if they meet specific criteria such as making their parameters including weights and model architecture, publicly accessible. Models posing systemic risks do not qualify for exemptions.
Companies that violate the AI Act may face fines of up to €35 million ($41 million) or 7% of their global annual revenues whichever is higher.
These penalties are more severe than those under GDPR, which imposes fines of up to €20 million or 4% of annual global turnover.
The European AI Office was established in February 2024 and it is responsible for overseeing compliance and enforcement of the AI Act’s provisions.
The AI Act came into force on August 1, 2024, but most provisions won’t be enforced until 2026. Generative AI systems have a 36-month transition period to achieve compliance.
The European Commission has launched a consultation on a Code of Practice for providers of general-purpose AI models. The Code of Practice is expected to be finalized by April 2025.
A six-month grace period applies to banned applications like remote biometric surveillance in law enforcement, which must be phased out by February 2025.
The majority of the AI Act’s provisions will be enforceable by mid-2026 allowing companies time to adapt. Rules become effective in August 2025 with Codes of Practice expected by April 2025.
Fines can reach up to 7% of a company’s global annual turnover or €35 million, whichever is higher. Violations of lesser obligations can result in fines up to 3% of turnover or €20 million.
Fines up to 1.5% of turnover or €10 million for misinformation to regulators. Adjusted penalties aim to ensure fairness for smaller enterprises.
Also Read: Android Spyware Mandrake Discovered in Google Play