AI Act – Artificial Intelligence Regulation

By /

How will artificial intelligence (AI) be regulated according to the AI Act? What solutions does the AI Act bring? And what can we expect from the future of artificial intelligence?

1. AI ACT is Here!

On March 13, 2024, the EU ADOPTED the AI Act (effective from May). This act is the first legal act in the world to regulate the field of artificial intelligence (hereinafter: AI) in a binding manner, with the aim of advancing society while respecting rights and ensuring individual safety.

With the AI Act, after taking a stance on the ethical principles guiding this technology, we have moved into the phase of regulation, transforming ethical principles into principles and creating concrete rules.

The AI Act is based on the digital space of the AI ​​ecosystem on three pillars:

  1. Transparency and accountability;
  2. Innovative development;
  3. RISK LEVEL system.

The AI Act has decided to regulate the field of AI ​​by establishing a system of different RISK LEVELS for society and individual rights. Therefore, first, this act categorizes all AI applications according to the level of risk, and then classifies different manifestations of AI according to functionalities into given categories. The AI systems envisaged by the AI Act are as follows:

  1. UNACCEPTABLE risk – These are AI practices considered too harmful to be allowed, such as those that manipulate people’s behavior to their detriment (deceptive techniques for distorting behavior and obstructing informed decision-making) or systems that unfairly categorize individuals (social scoring), and even real-time facial recognition software in public places – These are prohibited;
  2. HIGH risk – This category is divided into two subcategories: Safety component systems (toys, medical devices) and systems for sensitive use (biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, judiciary). Therefore, this category includes AI systems that could significantly impact people’s safety or fundamental rights. – Strict compliance and security assessment of these systems are required, along with monitoring, data management, record-keeping, cybersecurity, incident reporting systems, etc. (serious penalties will follow violations here);
  3. LIMITED risk – AI systems that directly interact with users, such as chatbots. – They must be transparent about being operated by AI so that users are aware they are not communicating with humans.;
  4. MINIMAL risk – Most AI applications fall into this category, where innovation freedom is maintained with minimal regulatory intervention. These are systems that represent a negligible risk to individuals’ rights or safety. – They can be used with minimal supervision.

2. Artificial Intelligence – DEMYSTIFICATION

Artificial intelligence is not intelligence because it lacks many components and characteristics possessed by human intelligence. One of the components that has been developed is memory, or storage, due to LLM technology and big data.

Actually, here’s the AI formula:

LLM + Big data + Probabilities = AI

The technology processes a large amount of data and then, through mathematical calculations, determines the highest probability of how to form a sentence to a specific question, or what the next word in the sequence is.

Due to the volume of data it is capable of processing, AI often has a deeper understanding of data than humans, and its responses appear very eloquent. However, when asked about a topic where there is not enough literature, it may start to “hallucinate”, i.e., add and invent data just to say something (lie).

However, AI is not just what we see, chatbots. AI is divided into two large groups, according to functionality:

  1. Generative AI;
  2. AI for process automation and decision making.

Although generative AI is more familiar to the average person, especially with the events from December 2022, regulation is more focused on AI for process automation and decision making. This second category is much more dangerous to our rights.

3. What Does This Change for the Individual?

The GOAL of every technology is to improve society, for individuals to feel the benefits of technology. However, it often happens that only large companies benefit. This act limits companies, setting some regulations for them to reduce the risk of violating individuals’ personal rights.

First and foremost, it will be transparent and clear for individuals when interacting with AI. Content called deepfake will have to be marked, and people will be informed when interacting with a chatbot or other AI system. Efforts are made to reduce the possibility of manipulation.

Addition: This is not part of the AI Act, but there are tendencies to reduce the workweek to four days, or 32 hours, as conglomerates have significantly benefited from productivity, while on the other hand, they are laying off employees. This would create a slightly better balance in industries where AI reduces the workload for people while multiplying productivity.

4. What Does AI Act Change for Companies?

Companies developing AI systems must comply with rules, primarily transparency. A larger number of systems will not need to comply with the AI Act because they do not fall into risky groups. Still, all companies will have to meet minimum requirements. In moments of collision between the AI Act and GDPR, companies will have to be careful, as before, about personal data and comply with this regulation.

Companies developing AI-based systems must follow MIM5 (Minimal Interoperability Mechanisms 5 – Fair AI) as well as all technical cybersecurity measures of the NIS2 cybersecurity directive.

Companies face serious PENALTIES:

  • €35 million or 7% of global annual turnover – For using prohibited systems;
  • €15 million or 3% of global annual turnover – For failing to conduct adequate risk assessment.

In addition to all the above, companies’ awareness exists, and according to some research, 96% of organizations developing and using AI support some level of AI regulation. In contrast, only 2% of organizations develop and fully operationalize responsible AI. – RESPONSIBLE AI involves taking deliberate actions to design, deploy, and use AI to create value and build trust by protecting users, fellow citizens, society, from potential AI risks.

5. What Are the Next Steps?

It is necessary to establish REGULATORY BODIES, both at the EU level and in individual countries. These regulatory bodies would be obliged to provide assistance in the implementation of the AI Act and to supervise its application.

Companies will have a 36-month period to comply with the law. Different timeframes are provided for different risk categories, in fact (6 months for prohibited systems, 12 months, 24 months, and 36 months).

Fair AI is a concept that should encompass the idea that AI must be fair, responsible, inclusive, and respectful.

6. AI Act Contents:

  1. Preamble (extensive);
  2. CONTENTS: I General provisions; II Prohibited AI practices; III AI systems of high risk; IV Transparency obligations for AI system providers; VIIIa General-purpose AI models; V Measures to support innovation; VI Management; VII EU database for high-risk AI systems from Annex III; VIII Post-market monitoring, information sharing, and market surveillance; IX Code of conduct; X Confidentiality and penalties; XI Delegated powers and procedures of bodies; XII Final provisions.
  3. Annexes.

7. Instead of Conclusion

As we enter a new era of AI governance, and the AI Act represents a crucial intersection of technology, law, and ethics. This act offers a blueprint for balancing innovation and accountability, setting a global standard for AI legislation. The role of data spaces in this new regulatory environment will be crucial in shaping the future of AI in Europe and beyond.

The AI Act is a legal act by which Europe first seriously regulates AI, as we said at the beginning. This has double implications. On the one hand, Europe is a leader in AI regulation and guarantees its citizens a high level of rights, while on the other hand, companies developing AI systems represent a multi-billion dollar business, and overregulation and strict rules can affect their development, competitiveness in the global market, or even company relocation. The AI Act hovers between free innovation and regulation of innovation.

We will see when Serbia will establish a working group to draft the Artificial Intelligence Act, but we know that due to business relations between our companies and companies in the EU, the law should be in line with this legal act. This is the main reason why we are interested in this legal act here.

Soon, we can expect the AI Convention of the Council of Europe, which legal act will address the relationship between human rights and technology, and within the Council of Europe, Serbia is a member, which additionally interests us.

NOTE: This text does not replace the engagement of a legal expert in the field of IT law or AI law for aligning your business, or a lawyer in case of a legal proceeding. This text is the author’s opinion on the given topic and an invitation to further elaboration of concepts from the AI Act and further discussion on this topic. The author is willing to accept any form of communication via any channel for better mutual understanding of this area.

Text author: Denis Tul (lawit.rs)

Leave a Comment

Scroll to Top