Artificial Intelligence Act

Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence

Background and Scope

The Artificial Intelligence Act (Regulation (EU) 2024/1689) aims to improve the functioning of the internal market by laying down a legal framework for AI systems in the Union. The regulation pursues several key objectives: promoting human-centric and trustworthy artificial intelligence, supporting innovation, whilst ensuring high-level and safety standards.

The regulation applies broadly to various actors regardless of their location. It covers providers developing and placing AI systems on the market or putting them into service in the Union, irrespective of whether those providers are established within the Union or in a third country. It also applies to deployers of AI systems that have their place of establishment within the Union and extends to third-country providers and deployers where the AI system output is used in the Union.

The AI Act follows a clearly defined risk-based approach, tailoring rules to the intensity and scope of risks. This approach includes prohibiting unacceptable AI practices, establishing requirements for high-risk systems, and implementing transparency obligations for certain AI systems.

Important exclusions from the regulation’s scope include areas outside Union law. National security competences, AI systems used exclusively for military, defense or national security purposes, and AI systems specifically developed for scientific research and development are entrusted to the member states.

Key Obligations

• Prohibition on unacceptable AI practices: Systems using real-time remote biometric identification in public spaces and systems deploying subliminal or manipulative techniques to affect a person’s decisions or behavior, as well as other AI systems with unacceptable risk are completely prohibited.
• High risk AI-system requirements: High-risk AI system providers must comply with comprehensive obligations including continuous, iterative risk management throughout the entire AI lifecycle. Furthermore, they must ensure quality of training data, and the system must be designed with appropriate human-machine interface tools, enabling effective oversight by natural persons.
• General purpose AI obligations: General Purpose AI Systems will be required to provide information to downstream providers, implement copyright compliance policies and publish training content summaries. Systemic risk models have additional obligations, where they must have standardized model evaluation protocols, systemic risk assessment and mitigation, incident reporting and adequate cybersecurity protection.
• Transparency requirements: The AI Act establishes clear transparency obligations where users must be informed when interacting with AI systems, AI generated audio, video, image or text must be marked as artificially generated and deployers must clearly disclose artificially generated content that resembles real persons or events.