The EU adopts the first law on Artificial Intelligence, which has enjoyed broad support within the European Parliament and will enter into force gradually between 2025 and 2026.
With this new regulation, the EU aims to guarantee respect for the fundamental rights of its citizens, as well as the highest possible degree of security of AI systems, all in a balanced way, without hindering technological development or investment and innovation in AI. To this end, a series of prohibited practices are established, as well as categories for AI systems based on the potential risks they pose to citizens, although the wording used is sufficiently flexible to allow for its application to future technological developments.
With regard to the scope of application of the standard, it will affect both providers, deployers and users that are established in the EU, as well as those that are located in third countries but used in the territory of the Union.
The Act provides a normative definition of an AI system, classifying them into those of unacceptable risk (whose use is prohibited and pose a threat to individuals and their fundamental rights), high-risk (which are subject to specific obligations to operate in the EU), limited risk (subject to transparency obligations towards users), and minimal risk (which are free to use).
In order to ensure compliance with the above, rules have been established for the commercialisation of AI systems in the market, as well as governance and transparency obligations for those responsible for them. The creation of a European Office for Artificial Intelligence is envisaged, which will be responsible for supervising Member States’ compliance with the Act, as well as for monitoring new systems entering the market. It is important to note that this regulation provides for administrative penalties of up to 35 million euros fines or 7% of the total annual turnover of the previous year for companies.
The Act also contains a series of measures to support innovation, including the creation of controlled AI regulatory sandboxes, which may be at European, regional, local or joint level between several Member States.
We will have to wait and see whether this AI Act will achieve the same success as the General Data Protection Regulation did at the international level, as well as the level of adaptability it aims to offer in the face of rapidly changing and evolving AI systems.
Jorge Díaz Rodríguez
Abril Abogados