The world has come a long way from the first artificial intelligence boom that we saw in late 2022 with the introduction of ChatGPT.

Artificial Intelligence has been at the forefront of digital transformations across countless industries, offering incredible opportunities for innovation and improved efficiency.

As we increasingly rely on artificial intelligence within projects and businesses, the importance of ensuring ethical and responsible practices becomes significant. However with the rate at which these advancements take place, security and ethical usage of these systems seem to take a back seat.

To ensure that every project stays within acceptable and ethical guidelines, the European Union has taken the first steps in introducing the European Union AI Act, which is a comprehensive regulatory framework designed to govern the development and deployment of AI applications.

Understanding the EU AI Act

You might be thinking about how this act impacts the way you use AI within your projects and might wonder if this act applies to you at all! These are all valid questions, so let’s dive right into it.

Applicable Regions

It is important to understand that this act only applies to AI systems and applications that are developed, deployed, or used in the European Union. This means that if your application or system falls into these applicable regions, adhering to this act is crucial to remain compliant.

You shouldn’t disregard this even if your application or system doesn’t fall into these applicable regions cause this act can be a comprehensive guideline for you to follow for your next AI-based project to keep operations ethical and secure.

Risk-Based Approach To AI Adoption

Just like any other comprehensive framework, the European Union’s AI Act implements a risk-based approach to the necessary controls for each use case. This approach allows for granular and stringent controls for high-risk use cases and more lenient controls for other scenarios.

These are the risk classifications for the European Union AI Act:

1. Prohibited AI Systems
2. High-risk AI Systems
3. Limited Risk AI Systems
4. Minimal Risk AI Systems

Prohibited AI Systems

Systems categorized as “Prohibited AI systems” prohibit the use of AI within the systems due to the unacceptable risk to the safety, security, and rights of the users. These use cases include social scoring that could lead to detrimental treatment, emotional recognition systems in workplaces, biometric categorization to work out sensitive data, predictive policing for individuals, and other use cases that put the safety and privacy of its users in harm’s way.

High-risk AI Systems

Unlike the Prohibited AI Systems, the systems that are categorized as High-risk AI Systems could use AI within the systems or functions but would need to comply with the requirements of the AI Act. These use cases include the use of AI in recruitment, biometric identification surveillance, safety components, law enforcement, and other use cases where access to sensitive data was a risk.

Limited Risk AI Systems

Limited Risk AI systems include AI systems that interact with people such as a Chatbot, visual or audio such as Deepfake content that has been manipulated by AI systems. The restrictions on these types of systems meant that they were subject to specific transparency and required disclosure obligations where the use of the systems only posed a limited risk.

Minimal-Risk AI Systems

By default, these were the rest of the systems that did not fall into the rest of the risk categories. The use of AI within these systems does not require additional requirements from the AI Act. These systems often include but are not limited to photo-editing software, product recommendation systems, and spam filters.

Penalties

Just like GDPR (General Data Protection Regulation), the European Union’s AI Act also carries fines for noncompliance. These fines are categorized into the different types of violations:

1. Administrative Fines for Specific Violations

• Up to €30 million or 6% of global annual turnover (whichever is higher) for:
• Violating the prohibition of certain AI practices (Article 5).
• Failing to comply with AI system requirements (Article 10).

2. Administrative Fines for General Non-Compliance

• Up to €20 million or 4% of global annual turnover (whichever is higher) for:
• AI systems not meeting other regulations in the AI Act.

3. Fines for Providing Incorrect Information

• Up to €10 million or 2% of global annual turnover (whichever is higher) for:
• Supplying incorrect, incomplete, or misleading information to regulatory bodies.

Best Practices for AI Integration

To maintain compliance with the European Union’s AI Act, there are certain guidelines that developers and other parties must follow. These are mainly focused on High-Risk AI Systems due to their sensitive nature.

Here are some of the general obligations that must be followed:

1. Establish Comprehensive AI Risk Management: Implement advanced risk management systems to identify, assess, and mitigate any AI-related risks.
2. Effective Data Governance: Adopt robust data governance standards to assure the quality, privacy, and security of data utilized by AI systems.
3. Maintain Technical Documentation: Maintain thorough technical documentation to aid with transparency, accountability, and conformity assessments.
4. Transparency and User Information: Users should be given clear and thorough information on how the AI system works, its limitations, and potential consequences.
5. Human Oversight: Implement human oversight tools to ensure accountability and ethical use of AI technologies.
6. Compliance with Standards: Adhere to recognized accuracy, robustness, and cybersecurity criteria related to the AI system’s intended function.
7. Registration on EU Database: Before placing high-risk AI systems on the market, register them on the EU database to ensure compliance with registration requirements.

Safe Applications of AI

Now that we’ve looked into the general obligations that are expected for High-Risk AI systems, let’s take a look at some specific requirements for developers that must follow at each stage of the system development.

Pre-market Conformity Assessment

1. Self-Assessment and Harmonized Standards: Where applicable, providers can self-assess whether they are adhering to EU-approved technical standards (harmonized standards) that allow for a presumption of conformance.
2. Third-Party Conformity Assessment: In circumstances where safety components, biometric identification systems, or non-harmonized standards are involved, use third-party recognized agencies to conduct conformity evaluations.

Post-market Obligations

1. Continuous Monitoring and Evaluation: Continuously monitor the performance, safety, and compliance of AI systems throughout their lives.
2. Incident Reporting: Report major incidents and malfunctions that result in violations of basic rights to authorized authorities as soon as possible.
3. Conformity Assessment for Modifications: To maintain continued compliance, conduct new conformity evaluations for significant changes.

Deployers’ Obligations

1. Fundamental Rights Impact Assessments (FRIA): Complete FRIA before adopting high-risk AI systems, particularly for governmental organizations and firms delivering general-interest services.
2. Human Oversight and Relevant Data: Implement human oversight with trained workers and ensure that input data is relevant to the system’s use.
3. Suspension Mechanism: Create methods that restrict the usage of the AI system if it poses a national risk.
4. Incident Reporting: Notify the AI system supplier of any significant incidents and keep system records generated automatically.
5. Compliance Verification: Check for compliance with the AI Act and make sure all necessary documentation is present.

Importers and Distributors’ Responsibilities

1. Compliance Verification: Check that the high-risk AI system is compliant with the AI Act and that the necessary paperwork is given.
2. Communication and Collaboration: To ensure compliance, communicate efficiently with the provider and market surveillance authorities.

Minimal-Risk Systems

However, the requirements for Minimal-Risk systems are quite different from the requirements that are set for the High-Risk systems. These requirements are mentioned below:

1. Transparency and Consent: Create AI systems that assure user comprehension, particularly with chatbots, and alert users about the usage of emotion recognition or biometric categorization technologies.
2. Disclosure of Manipulated Content: Disclose and mark AI-manipulated visual or audio content, such as “deep fake” content.

Conclusion

While there will always be a battle to innovate faster and more efficiently with your competitors, there must also be a balance between innovation and ensuring responsible, ethical, and safe practices.

Having regulatory frameworks does not mean that innovation has to stop. Rather you, treating these regulatory frameworks as guidelines and best practices can often increase the productivity and safety of the systems in the long run.

Adhering to the directives outlined in the European Union’s AI Act guarantees the ethical and secure functioning of AI systems, thereby contributing to an enhanced reputation for the system and the business.

I hope you have found this helpful.

Thank you for reading!