The European Parliament of the EU passed on Wednesday the first-ever Artificial Intelligence (AI) Act. The act passed with a majority of 85 percent of lawmakers in favor. It aims to mitigate the risks associated with AI, while ensuring that AI systems uphold privacy, human dignity and fundamental rights. The act is also part of a set of policy objectives to uniformly foster trustworthy AI development within the EU, together with the AI innovation package and the Coordinated Plan on AI.
The act identifies certain unacceptable uses of AI systems that threaten fundamental rights and privacy, such as using facial images from the internet or CCTV footage to create facial recognition databases. It also distinguishes three different levels of risk associated with other AI systems based on their intended purposes and functions. Systems deemed high-risk will be subjected to stringent obligations, such as adequate risk assessment and appropriate human oversight. This includes systems used in resume-sorting software for recruitment, migration and asylum management, as well as in the administration of justice.
Light-risk systems include chatbots like ChatGPT, where the proposed act mandates transparency requirements for AI-generated content to inform users appropriately. This would entail clearly labeling artificial or manipulated images, audio or video content—which are referred to as “deepfakes.” The issue of deepfakes became particularly relevant in the context of elections, as there is growing concern that such content can be used to deceive voters.
The European AI Office was established in February 2024 within the commission to oversee the AI Act’s enforcement and implementation together with the member states, providers and deployers of AI systems. Fines for non-compliance may run as high as 35 million Euros.
The act is expected to become EU law by May or June after endorsement by the European Council and will be fully enforceable two years after its adoption. The legal framework will apply to both public and private actors inside and outside the EU, so long as the AI system is placed on the EU market or affects EU citizens. The act has the potential to have a global impact in regulating AI, similar to the impact of the EU’s General Data Protection Regulation (GDPR) in data protection. On the other hand, the digital trade association Digital Europe warned against possible overregulation and high compliance costs for companies.