Global organizations often look to tech regulations from the European Union (“EU”), which tend to be quite strict, to set baseline compliance standards. For example, after the EU published the General Data Protection Regulation (“GDRP”) in 2018, it became the global standard for information privacy and data security. This phenomenon has been dubbed the “Brussels Effect”, which is essentially regulatory globalization through market mechanisms.
Now, the EU is working towards an AI Act (“AIA”). If passed, it will be the world’s first comprehensive AI legislation and will likely set global standards. The AIA was first proposed in April 2021. A general approach to the legislation was approved by the European Commission in 2022. A draft text was tabled in March 2023. On June 14, 2023 the last set of amendments to the draft text were tabled and the commission voted to move forward with it. While the draft received overwhelming support by the commission, many European businesses have noted concerns over the impact on Europe’s competitiveness and technological sovereignty.
At this point, the 394-page draft text will be used for negotiations between EU member states and the European Commission. Some believe the AIA could be passed by the end of 2023, followed by a 2-year implementation period, with enforcement beginning in 2026. Fines for non-compliance will be hefty at a proposed max of 40 million euros or 7% of a company’s global annual income (see update below). Global organizations would be well-served to use the implementation period, whenever it begins, to update their compliance standards.
Global organizations that will be affected by the AIA include those that:
- Provide AI systems created in the EU;
- Are extraterritorial and place AI systems on the EU market;
- Are located in the EU and use AI systems, and
- Are extraterritorial deployers whose AI systems create output used in the EU.
There are some exemptions like military AI and open-source AI systems.
The most interesting aspects of the legislation are its attempts to define artificial intelligence and its risk-based compliance approach. While it may be useful for a global organization to survey the broad brushstrokes of the draft text, a forensic review of the 394-page document may not be useful at this time. Instead, global organizations could update their inventory list of AI, create compliant governance models, develop a culture of compliance, and identify the technologies and infrastructure that may be needed for compliance.
Update: On December 8, 2023 the European Parliament and the Council on the Artificial Intelligence Act reached political agreement on the content of the AIA. Fines under the AIA will range from €35 million or 7% for violations to €7.5 million or 1.5% for supplying incorrect information.
Never miss a post.
We'll keep you in the loop with everything good going on in the modern professional development world.
