AI Act: scope, key provisions and compliance obligations

In a world increasingly shaped by artificial intelligence (AI), Europe is taking the lead in regulation with the Artificial Intelligence Act (or “AI Act”).

The AI Act is a regulation aimed at ensuring that AI systems developed and deployed within the European Union (EU) comply with ethical standards and the fundamental rights of citizens.

This regulation is about to change the game. Having entered into force on August 1, 2024, the AI Act applies to all organizations, large or small, that develop or use AI systems in Europe. Whether you are an innovative startup, an established multinational group, or a public organization, the AI Act concerns you.

The AI Act is not limited to national borders or even to Europe’s borders, as it applies to operators established within the territory of the European Union, but also to those established in a third country, insofar as their AI systems are used within the EU.

It is also an evolving regulation! The text provides for the possibility for European institutions to amend it over time in order to align it with technological and AI advancements.

The AI Act imposes a number of obligations relating to AI-related risks and their management, as well as administrative obligations regarding documentation and oversight. To this end, the regulation is based on a risk scale ranging from AI systems classified as “prohibited practices,” to general-purpose AI models, including AI systems considered “High-Risk”.

Depending on their qualification, a specific regime of obligations will apply, with requirements that are more or less stringent depending on the risk posed to the health, safety, and fundamental rights of individuals.

Among the main obligations are:

A strict prohibition of certain AI systems (“prohibited practices”), such as social scoring AI systems or automated judicial decision-making without human intervention;

For AI systems considered High-Risk:

• An assessment of the risks that the AI system could pose to the health, safety, or fundamental rights of the persons concerned;

• The maintenance of very extensive technical documentation and a quality management system;

• Governance of the data used, event logging, mandatory human oversight, accuracy, and data security;

• Transparency toward users and/or the persons concerned;

• Carrying out a declaration of conformity, affixing a CE marking, and registering the system in a dedicated EU database;

For all AI systems, obligations relating to transparency and documentation of the analyses carried out.

In the event of non-compliance with the requirements of the regulation, various sanctions (administrative fines, warnings, non-monetary measures, etc.) may be applied in accordance with the legislation of the Member States.

The AI Act nevertheless defines the amounts of administrative fines, which may range, depending on the violation, from 750,000 euros to 35 million euros or 7% of a company’s total worldwide annual turnover.

Ultimately, the AI Act marks the beginning of a new and exciting era for AI in Europe.

By complying with these obligations, we can build a future where AI is synonymous with progress and trust because, beyond financial penalties, the real motivation of this regulation is the development of responsible and ethical AI.