Hi ChatGPT, how do you feel about the upcoming EU AI Act?

Hi ChatGPT, how do you feel about the upcoming EU AI Act?
June 16, 2023

On 14 June 2023, the European Parliament adopted its position on the draft AI Act, which brings one step closer an EU regulation for generative AI and other AI systems. This blog gives the highlights of the current draft text, taking into account the newest amendments that have been proposed.

A (draft) AI Act?

In April 2021, the EU legislator published a first draft text of the so-called “AI Act”, which aims to create a set of harmonised rules for the development, placing on the market, and use of AI in the European Union to ensure AI systems are used in a safe, ethical, and trustworthy manner while protecting people’s rights.

Since then the text has been modified and debated extensively. In particular, ChatGPT’s recent mainstream introduction and the attention for such “generative purpose AI systems” has been a trigger to insert considerable clarifications and obligations for the providers of such AI systems.

As the AI Act will be a regulation, it will be binding in its entirety and directly applicable in all the Member States.

What are the main components of the draft AI Act?

Central to the AI Act is a risk-based approach. It is based upon 6 quality principles:

  • human agency and oversight
  • technical robustness and safety
  • privacy and data governance
  • transparency
  • diversity, non-discrimination and fairness
  • social and environmental well-being

These principles are then turned into specific obligations. Which obligations an entity should comply with will depend (a) of the nature of the entity and (b) the AI system concerned.

a) To whom does the draft AI Act apply?

The AI Act will apply in the first place to providers placing AI systems on the EU market. As with the GDPR, being established in the EU is not a requirement to fall within the AI Act’s scope. So, US or Chinese companies may be subject to this legislation too. Furthermore, also manufacturers, authorised representatives, distributors and importers will have to meet certain obligations.

b) What are the different AI systems and obligations?

The following is a brief overview of the most important points for the different AI systems set out in the draft:

CategoryMain characteristics and obligationsExamples
AI systems with unacceptable risksThere is a general prohibition on putting such AI systems on the EU market as they are considered to contradict the Union values of respect for human dignity and fundamental rights.Social scoring (classifying people based on their social behaviour or personal characteristics); emotion recognition systems in law enforcement, the workplace or educational institutions; “real-time” remote biometric identification systems in publicly accessible spaces.
High-risk AI systemsThis is the category to be most strictly regulated. It concerns AI systems posing significant harm to people’s health, safety, fundamental rights, or the environment. The AI Act imposes very broad requirements in which AI systems must comply as well as far-reaching obligations for providers if they would like to market such AI systems. It includes implementing a quality management system, conducting a conformity assessment (CE marking), conducting a  “fundamental rights impact assessment”, data training and data governance and cybersecurity.AI systems used for the operation of critical infrastructure (e.g. the supply of electricity); Automatic recruitment tools; Creditworthiness scores;AI recommender systems used by social media platforms that are designated as very large online platforms under the Digital Services Act.
General purpose AI systemsThese are AI systems designed to perform a wide range of tasks that broadly apply across different domains. They are capable of performing functions such as recognising and understanding images and speech, generating audio and video content, detecting patterns, answering questions, translating languages, and more. This category has only recently been introduced and encompasses also generative AI (e.g. ChatGPT) and “foundation models” (e.g. GPT 3.5). A tiered approach is proposed for these models, with a stricter regime for foundation models. Obligations include: conducting risk assessments, obligations relating to the design of the foundation model (including from an environmental impact perspective), registration of the foundation model in an EU database, notifying individuals that they are interacting with an AI system as well as indicating a summary of the training data available that is protected under copyright law.Chatbots;Translation tools;Virtual assistants.
All other AI systemsAll AI systems require in principle to provide certain information to users to ensure transparency.
What about enforcement?

Enforcement will mainly be conducted by the national supervisory authorities. They will have extensive competences, including making fines (with the amounts concerned being similar to the GDPR). However, putting unacceptable AI systems on the market may be punished by either administrative fines of up to 40 000 000 EUR or, if the offender is a company, up to 7 % of its total worldwide annual turnover for the preceding financial year, whichever is higher.

When do companies have to comply with the AI Act?

A final text is expected by the end of the year and will then apply two years later.

Finally, how did ChatGPT feel about this AI Act?

“As an AI language model, I don’t have personal feelings or opinions”.

If you would like more information or to discuss the possible implications for your organisation, please do not hesitate to contact our team at ALTIUS.

Written by

  • Jan Clinck

    Counsel

Recommended articles

September 27, 2024

The Belgian Competition Authority intensifies its fight against bid rigging – with physical persons also to be prosecuted

On 21 September 2024, the Chief Public Prosecutor of the Belgian Competition authority (“BCA”) publicly announced that in the BCA’s investigations into agreements concerning subsidies granted for the delivery of newspapers and magazines in Belgium the BCA will for the first time also be prosecuting physical persons.

Read on
July 17, 2024

Hacking NIS2: 5 innovations about the sequel to the EU’s cybersecurity framework

NIS2 (the second “Network and Information Systems Directive”) is an updated regulatory framework introduced by the European Union to strengthen cybersecurity across member states. It is a successor to the original NIS Directive, which was adopted in 2016.

Read on
April 10, 2024

New guidelines for the Belgian rules on foreign direct investment

Since 1 July 2023, the Belgian rules on the screening of foreign direct investments (“FDI”) have been in force. As the decisions of the Interfederal Screening Commission (“ISC”) are not published, the rules’ application and interpretation still raise a lot of legal uncertainty. On 4 April 2024, the ISC published guidelines to provide further clarification.

Read on