The Timeline of the EU AI Act (And a Look Ahead)

Emily Bogin |

The EU AI Act marks a new milestone in the landscape of AI governance — and businesses are taking note.

This past March, the EU passed new regulations surrounding AI in the EU AI Act that have been years in the making. Let’s start with a brief look at the timeline:

While some parts are already enforced, other aspects have a longer tail before companies must be compliant. Lets dive in.

tech bloat

How Does the EU AI Act Work?

The EU AI Act takes a risk-based approach to the use of artificial intelligence. This means that the rules governing AI focus more on how a company uses their technology, and for what purpose, rather than limiting the technology itself. However, some risks are deemed “unacceptable” and these kinds of technologies will be banned. The Act bans AI systems that surveil people according to sensitive characteristics, such as political views and sexual orientation — although law enforcement is not banned altogether from using sensitive biometric information.

“High-risk” AI technologies will be subject to more scrutiny in the form of “risk-mitigation systems, high quality data sets, logging of activity, detailed documentation, clear user information, human oversight” and more. These risks apply to AI technologies that pose a threat to the health, safety, and or the fundamental rights of persons – such as resume-scanning tools, loan evaluation tools, and remote biometric identification systems. Limited risk AI systems must meet certain transparency obligations – these are called “specific transparency risk.” Specific transparency risks are managed through appropriate labeling. In other words, when you are talking to an AI bot, companies are responsible for identifying the bot as such. The EU has stated that most AI technologies pose no risk or minimal risk, and these AI technologies will not be subject to additional obligations.

How is the EU AI Act Being Enforced?

The EU AI Act will be enforced at both the Member State level and through the European AI Office. The Act is not wholly enforceable immediately, but will be administered in phases. For example, high risk obligations will be fully applicable 36 months after the Act’s entry into force.

Like failure to comply with GDPR, violations of the EU AI Act come with heavy penalties and fines. These fines range from 7.5 million euros or 1.5% of global turnover, to 35 million euro, or 7% of turnover. Beyond regulatory fines, companies that fail to comply with the EU Act may face civil redress and reputational injuries. Citizens have the right to submit complaints about AI systems and “receive explanations about decisions based on high-risk AI systems that affect their rights.” These complaints will depend on AI literacy and the savviness of the citizens harmed by these technologies.

How Are Companies Preparing for the EU AI Act?

Before you begin to put governance in place, you first have to understand what you’re governing. Strategic companies looking to stay compliant with the EU AI Act prioritize building a comprehensive risk inventory — a central location where all AI-enabled technologies can be monitored and routinely assessed for risk.

Ask yourself the following questions:

  1. Risk Identification – Have you catalogued all of your AI systems in use or under development within your organization and documented their purposes and potential risks?
  2. Risk Assessment – Do you know whether your AI technologies fall under the EU requirements for unacceptable, high, limited, or minimal risk?
  3. AI Validation – Do you have a system in place to formalize the
    validation of an AI application for use in your business?
  4. AI Review – Are your stakeholders all aware of use cases, guardrails in place and the key risks associated with adopting these AI applications?
  5. AI Risk Mitigation – Have you formalized system for setting the right controls in place, in some cases increasing documentation, in other cases increasing human oversight?
  6. Ongoing Monitoring – Can you remain dedication to monitoring changes in AI regulations as well as internal AI systems to ensure that your company stays compliant with the EU AI Act?

Learning more about the Act’s requirements and how implementing robust compliance measures will not only help you avoid penalties but also enhance the trust and reliability of your AI systems.

Our focus? On your success.

Schedule a demo, or learn more about Mitratech’s products, services, and commitment.