Understanding the EU’s AI Act: Key Guidelines and Prohibitions
The EU’s AI Act, published in June 2024, is a significant step toward regulating artificial intelligence within the European Union. However, it will take years before the interpretive guidance from the Court of Justice of the European Union (CJEU) becomes available. In the interim, the European Commission is tasked with publishing guidelines to assist developers and deployers of AI technologies. Although these guidelines are not legally binding, they are crucial for EU countries as they enforce the law and impose penalties on AI developers and deployers.
Current Status of the AI Act
As of February 2, 2025, the first five articles of the AI Act, which include prohibitions, are in effect. It is essential to interpret the newly published guidelines by understanding the timeline of application. These guidelines detail the definition of an AI system and the prohibited practices under the AI Act, aiming to enhance legal clarity.
Definition of an AI System
The guidelines clarify that spreadsheets are not considered AI systems. The definition comprises seven key elements:
- A machine-based system
- Designed to operate with varying levels of autonomy
- May exhibit adaptiveness after deployment
- For explicit or implicit objectives
- Infers from the input received how to generate outputs
- Outputs may include predictions, content, recommendations, or decisions
- Can influence physical or virtual environments
Among these, the capability to infer is highlighted as a critical characteristic of AI systems. The guidelines, however, create confusion by excluding certain methods like linear or logistic regression from the definition of AI systems, despite their capacity to infer.
Prohibitions Under the AI Act
The AI Act outlines eight prohibitions that address significant ethical concerns:
- Manipulation and deception
- Exploitation of vulnerabilities
- Social scoring
- Individual criminal offense risk assessment and prediction
- Untargeted scraping to develop facial recognition databases
- Emotion recognition in workplaces and educational institutions
- Biometric categorization
- Real-time remote biometric identification (RBI)
These prohibitions apply to the use of AI systems, encompassing both intended and unintended misuse. For instance, while the prohibition on real-time RBI specifically targets deployers, other prohibitions apply to providers and operators as well. A clear example of the application of these prohibitions is the recognition that the prohibition on untargeted scraping does not require the database’s sole purpose to be facial recognition, as long as it can be used for that purpose.
Addressing Manipulation and Deception
The AI Act prohibits AI systems that are manipulative or deceptive, even if such effects are not intended by the developers. For instance, an AI system that tailors persuasive messages based on user data could fall under this prohibition if it leads to significant harm.
Biometric Regulations
The prohibition on emotion recognition is explicitly limited to workplaces and educational contexts. Nevertheless, the guidelines indicate that using monitoring systems to assess customer emotions in call centers or supermarkets is not prohibited, despite potential ethical concerns regarding privacy and consent.
Conclusion
The EU’s AI Act represents a formidable effort to regulate AI technologies, addressing critical issues related to ethics and human rights. As the guidelines evolve, stakeholders in the AI community must remain vigilant and adaptable, ensuring compliance while fostering innovation. The prohibitions set forth by the Act underscore the importance of maintaining ethical standards in AI development and deployment.
