EU Votes AI Act Into Law, with Enforcement Starting By End of 2024
European lawmakers on Wednesday voted in favor of the AI Act, the first major law regulating the use of artificial intelligence. The law is expected to go into effect by the end of the year.
First proposed in 2018, the AI Act seeks to protect consumers from negative impacts of AI by creating a common regulatory and legal framework governing how AI is developed, what companies can use it for, and the consequences of failing to adhere to requirements.
The law creates four categories of AI, with increasing level of restrictions and penalties. AI apps that carry a minimal risk, such as search engines, would be free from regulation, while applications with limited risks, such as chatbots, would be subject to certain transparency requirements.
High-risk AI applications, self-driving cars, credit scoring, law enforcement use cases, and safety components of products like robot-assisted surgery, will require government approval before implementation. The EU will set minimum safety standards for these systems, and the government will maintain a database of all high-risk AI systems.
Applications that are deemed to have an extreme risk, such as social scoring systems, public-facing biometric systems, emotion recognition, and predictive policing will be banned, according to the European Parliamant’s press release (although there will be exceptions for law enforcement).
Generative AI applications must meet certain transparency requirements before they can be put to use, per the new law. “The more powerful GPAI mdoels that could pose systemic risks will face additional requirements, including performing model evaluations, assessing and mitigating systemic risks, and reporting on incidents,” the EU says.
The AI Act is expected to officially become the law of the land in Europe by May or June, which is when individual member countries are expected to give their formal blessing. Some aspects of the new law, including bans on AI that carries extreme risk, will go into effect six months after that, with codes of practices going into effect after nine months. The AI governance requirements will go into force nine months after formal passage, while the requiremetns for high-risk systems won’t go until full effect until 36 months after that.
Reaction to the official passage of the AI Act was mostly positive. Thierry Breton, the European commissioner for internal market, cheered the new law, which passed 523 votes in favor versus 46 against (with 49 abstentions).
“I welcome the overwhelming support from European Parliament for our #AIAct,” Breton said on X. “The world’s 1st comprehensive, binding rules for trusted AI. Europe is NOW a global standard-setter in AI. We are regulating as little as possible–but as much as needed!”
Ashley Casovan, the AI Governance Center Managing Director at the Internatinoal Association of Privacy Professionals, applauded the new law.
“The passage of the EU AI Act will mark the beginning of a new era for how AI is developed and used,” Casovan said. “With human-centric values underpinning this product safety legislation, it sets important guardrails for the safe, fair, and responsible adoption of AI throughout all sectors of society.”
Forrester Principal Analyst Enza Iannopollo said the passage of the AI Act marks the beginning of a new AI era, and its importance “cannot be overstated.”
“The EU AI Act is the world’s first and only set of binding requirements to mitigate AI risks,” Iannopollo said. “Like it or not, with this regulation, the EU establishes the ‘de facto’ standard for trustworthy AI, AI risk mitigation, and responsible AI. Every other region can only play catch-up.”
Just as US companies had to come to grips with the EU’s General Data Protection Regulation (GDPR), they will need to understand the AI Act, said Danny Manimbo, Principal ISO Practice Director and AI Assessment Leader at IT compliance firm Schellman.
“Just like when GDPR was first announced, early preparation will be paramount to ensure readiness for when the Act goes into full effect in 2026,” he said. “Companies will want to pay particular attention to the provisions which take effect this year and begin to understand any gaps in their organizations.”
Related Items:
AI Regs a Moving Target in the US, But Keep an Eye on Europe
European Policymakers Approve Rules for AI Act
Biden’s Executive Order on AI and Data Privacy Gets Mostly Favorable Reactions