Gerrish Legal Toolkit: 1. EU AI Act 101 

Artificial IntelligenceAIAct
Written By Nathalie Pouderoux

On August 1st, the EU made history by implementing the first comprehensive legal framework for Artificial Intelligence. The already complex landscape of AI compliance might seem even more daunting with the introduction of the AI Act. Let us untangle this web for you.  

 

The AI Act simplified 

The EU AI Act is the world's first comprehensive AI law. This legislation sets a new benchmark for AI governance, with the majority of its rules becoming effective for organizations on August 2, 2026. 

 

Key points 

At the heart of the AI Act is a product safety and risk-based approach to AI: 

  1. Minimal Risk: AI systems like recommender systems and spam filters face no obligations due to their minimal risk.  

  2. Specific Transparency Risk: AI systems such as chatbots must disclose their machine nature. Deep fakes and biometric systems must be labelled and designed for detection. 

  3. High Risk: High-risk AI systems, like those used in recruitment or loan assessments, must comply with strict requirements including risk mitigation, data quality, and human oversight. 

  4. Unacceptable Risk: AI systems that threaten fundamental rights, such as those manipulating behavior or enabling social scoring, are banned. 

 

The AI Act also introduces rules for general-purpose AI models, which are highly capable systems designed to perform a wide variety of tasks, such as generating human-like text. The Act aims to ensure transparency along the entire value chain of these models and addresses potential systemic risks associated with their capabilities. This means that developers and users of general-purpose AI models must be clear about how these models are being used and managed, ensuring that any risks are identified and mitigated effectively.  

The European AI Office is inviting stakeholders, to participate in a consultation on trustworthy general-purpose AI models under the AI Act, from 30 July to 10 September 2024, to inform the development of the first General-Purpose AI Code of Practice, which interested parties can also participate in drafting. 

 

The AI Act does not meet the requirements of the GDPR. Instead, it aims to complement them by establishing the conditions necessary for the development and deployment of trustworthy AI systems. 

 

Who is concerned? 

The legal framework applies to both public and private actors, inside and outside the EU, if the AI system is placed on the EU market or affects people in the EU. Obligations impact both providers (e.g., developers of AI tools) and deployers (e.g., banks using these tools). Exemptions include research, development, and prototyping activities before market release, as well as AI systems designed exclusively for military, defense, or national security purposes. 

For more information, click here.  

 

Implementation timeline 

The AI Act will fully apply on August 2, 2026, except for specific provisions: 

  1. Prohibitions, definitions, and AI literacy provisions take effect on February 2, 2025. 

  2. Governance rules and obligations for general-purpose AI apply on August 2, 2025. 

  3. Obligations for high-risk AI systems embedded in regulated products (listed in Annex II) apply on August 2, 2027. 

 

Application and Enforcement 

Member States have until August 2025 to designate authorities to oversee AI rules. The Commission's AI Office will implement and enforce these rules at the EU level, supported by advisory bodies ensuring uniform application and technical advice.  

 

Penalties 

Violations of prohibited AI practices and requirements for high-risk AI systems can result in penalties of up to €35 million or 7% of global annual turnover, whichever is higher. Providing incorrect, incomplete, or misleading information to national competent authorities may incur fines of up to €7.5 million or 1% of global annual turnover. Additionally, non-compliance with other obligations under the AI Act can lead to fines of up to €15 million or 3% of global annual turnover. 

 

How Can Gerrish Legal Help? 

Gerrish Legal is a dynamic digital law firm. We pride ourselves on giving high-quality and expert legal advice to our valued clients. We specialize in many aspects of digital law such as GDPR, data privacy, digital and technology law, commercial law, and intellectual property.  

We give companies the support they need to successfully and confidently run their businesses whilst complying with legal regulations without the burdens of keeping up with ever-changing digital requirements.  

We are here to help you, get in contact with us today for more information.

 

Article by Irene Krief, paralegal at Gerrish Legal 

Nathalie Pouderoux
Previous

How Will The AI Act Be Implemented in France?
Next

New Google Analytics Migration: Guide For Marketers