The EU’s Bold AI Regulatory Play
Apprehension lingers among companies after the European Union adopted the world's first legal framework for AI yesterday.
The landmark provisional legislation, the EU AI Act, once signed by member states will be phased in over a 36-month period. It sets strict timelines for compliance including a six-month window to eliminate prohibited AI uses, one year to align with rules around general-purpose AI, and a two-year deadline for full compliance.
The Act will regulate high-impact, general-purpose AI models and high-risk AI systems and obligate companies to comply with specific transparency obligations and EU copyright laws on all AI models developed or deployed. The most contentious factor was the use of AI in critical infrastructure (education, healthcare, law enforcement, border management, elections etc.). For instance, biometric facial surveillance, including a government’s use of such systems in public spaces in cases of serious crime (not terrorist attacks) will need to comply with strict requirements – but, how that will work in real-time remains to be seen.
Three years in the making, the Act comes at a moment when generative AI systems such as ChatGPT, and Gemini are becoming ubiquitous, fuelling concerns about widespread misinformation and fake news. It also raises concerns the Act may become obsolete as fast as the ink dries given the dizzying speed of change in AI technologies.
Rules will be enforced by the newly created European AI Office of the European Commission, which is expected to become the EU center of AI expertise and to issue pan-EU guidance on AI. Enforcement of the rules will primarily be at the national level. Each EU country will need to identify the competent regulators to enforce the AI Act within one year of the AI Act becoming law, expected in May of this year. Some countries such as Spain have already created a distinct AI authority.
Besides the red tape, companies will have to remain agile, regularly updating AI governance frameworks with the latest technological advancements and ethical considerations. Such vigilance will place a hefty burden on already stressed and underfunded compliance departments.
Nevertheless, to maintain the trust and confidence of customers and stakeholders, organizations will need to make investments to avoid running afoul of the law, which will further add to competitive pressures facing EU operating companies.
---
