AI Insights, DECEMBER 2023

The long-awaited EU AI Act: A comprehensive timeline and preparation guide

The European Union’s Artificial Intelligence Act (EU AI Act) is a landmark piece of legislation that aims to establish a framework for the development, deployment, and use of AI systems within the EU. This comprehensive regulation, once finalized, will have a significant impact on businesses across various industries that rely on AI technologies.

What is the AI Act?

The EU AI Act is a proposed regulation that seeks to establish harmonized standards for AI systems across the EU member states. The overarching goal of the EU AI Act is to foster responsible AI development and deployment while safeguarding fundamental rights, including privacy, non-discrimination, and fairness. [1]

Timeline of the EU AI Act

In April 2021, following the development of initial frameworks and drafts in 2018, the EU AI Act proposal was unveiled by the European Commission. The bill has since undergone extensive scrutiny and debate within the EU institutions.

In December of 2022, the Council or the EU adopted its common position on the AI Act.

In June 2023, following a series of amendments adopted by the European Parliament, the final legislative deliberations of the AI Act, or “trilogue” negotiations, began. [2]

The final round of trilogue discussions took place over several intense days, culminating on 8th of December, 2023. With this provisional agreement reached, the EU becomes the first continent to set clear rules for the use of AI. In this meeting, “MEPs reached a political deal with the Council on a bill to ensure AI in Europe is safe, respects fundamental rights and democracy, while businesses can thrive and expand”. [3]

On a high level, this is what was included in the agreement:

  • Safeguards agreed on general purpose artificial intelligence
  • Limitation for the of use biometric identification systems by law enforcement
  • Bans on social scoring and AI used to manipulate or exploit user vulnerabilities
  • Right of consumers to launch complaints and receive meaningful explanations
  • Fines ranging from 35 million euro or 7% of global turnover to 7.5 million or 1.5% of turnover [3]

The proposed law needs approval from both the Parliament and the Council before it can be officially implemented as EU law. The Parliament’s relevant committees will vote on the agreement soon.

Timeline

EU AI Act timeline

When should companies get started?

The timeline for compliance with the EU AI Act will vary depending on the industry and company size. However, businesses should begin preparations as soon as possible to ensure adequate time to adapt and implement the necessary measures.

Here are three reasons to start preparing for the EU AI Act right away:

  • Implementing the required checks for the model portfolio can be a time consuming process
  • Attempting to address all compliance requirements at once could disrupt the ongoing model development process
  • Achieving compliance with the EU AI Act may necessitate changes to existing organizational processes, which can take time to implement effectively.

Considerations for different industries and company sizes

High-risk AI applications: Companies developing or deploying AI applications classified as high risk, such as those used in healthcare, finance, and education, should prioritize their compliance efforts. These applications will be subject to stricter requirements under the EU AI Act.

Small and medium-sized enterprises may have limited resources to dedicate to compliance with regulations in the EU AI Act. Nevertheless, they should begin by:

  1. Identifying their AI-related activities
  2. Assessing their potential risk profile
  3. Adopting a suitable framework that helps them implement the required steps

The implementation can typically be divided into smaller, more manageable steps that can be implemented immediately, with the ability to incorporate later changes and extensions as needed.

Key steps to prepare for compliance

  • Conduct an AI inventory: Identify and map all AI systems and applications used within the organization.
  • Run risk assessments: Evaluate the potential risks associated with each AI system, considering factors such as bias, fairness, and transparency.
  • Implement mitigation measures: Develop and implement appropriate measures to address identified risks, ensuring compliance with the EU AI Act’s requirements.
  • Ensure documentation and record-keeping: Maintain comprehensive documentation and records of AI development, deployment, and risk assessment processes.
  • Seek expert guidance: If necessary, consult with legal and technical experts to ensure proper interpretation and implementation of the EU AI Act’s provisions.

Conclusion

The EU AI Act is poised to transform the regulatory landscape for AI in the EU. While the exact timeline for its implementation is still under negotiation, businesses should proactively prepare for compliance to avoid potential disruptions and legal challenges. For some industries, the AI Act might not be the only regulation; further, industry-specific checks might also be required. Therefore, it is critical to establish a framework and processes that enable the simultaneous handling of multiple regulations and reporting standards without overwhelming the organization with bureaucracy.

By understanding the EU AI Act’s objectives, requirements, and timeline, companies can make informed decisions and take timely actions to ensure their AI practices align with the new regulatory framework.

For more information about EU AI Act, please contact:
Björn Preuß, Chief Data Scientist at 2021.AI
Email: bpr@2021.ai

You might also like…

European Union flags in front of building

The EU Rules on Artificial Intelligence – Five actions to consider now!

For a couple of years, the EU Commission has worked on rules, regulations, and incentives around Artificial Intelligence…

READ MORE

You might also like - AI for business managers

Are you up to date with the new EU AI Regulation?

When GDPR was enforced in 2018, it was a big change for both big and small companies and organizations around the world, because from then on data privacy…

READ MORE