Understanding the EU’s AI Act: Key Provisions and Implications
The European Union’s AI Act is poised to significantly reshape the landscape of artificial intelligence regulation within its jurisdiction. With its initial provisions set to commence on February 2, 2025, businesses and AI developers must prepare for stringent compliance requirements.
Prohibited AI Practices
At the heart of the AI Act are measures aimed at regulating prohibited AI practices. These practices encompass a range of AI systems deemed to present an unacceptable risk to fundamental rights and EU values. As outlined in Article 5, the following categories are strictly prohibited:
- Subliminal, manipulative or deceptive techniques
- Exploiting vulnerable groups that materially distort behavior and risk significant harm
- Social scoring in specific use cases
- Predicting criminality based on profiling
- Web scraping or CCTV for facial recognition databases
- Interfering with emotions in workplaces or schools
- Biometric categorization to infer sensitive characteristics such as race, political opinions, or sexual orientation
- Real-time remote biometric identification in public spaces for law enforcement purposes
While exceptions exist, they are subject to a case-by-case analysis. It is crucial to note that these prohibitions do not replace any other restrictions imposed by existing laws, such as the GDPR and consumer protection regulations.
Consequences of Non-Compliance
The penalties for violating the AI Act are severe, with fines potentially reaching €35 million or 7% of total worldwide annual turnover from the preceding financial year, whichever is higher. Notably, these penalties will take effect on August 2, 2025.
Global Reach of the AI Act
Importantly, the AI Act’s jurisdiction extends beyond the EU borders. AI systems may be subject to its regulations even if they are not marketed or used within the EU, particularly when services are contracted by EU-based operators from third countries. However, exceptions for certain activities such as law enforcement, military defense, and national security apply.
Next Steps for Organizations
Organizations must take immediate action to assess their AI systems for compliance with the AI Act. This involves:
- Evaluating whether their AI systems fall under the Act’s scope
- Determining if they are categorized as prohibited practices
- Tracking updates to the list of prohibitions, as this may evolve over time
The EU’s AI Act represents a significant step toward regulating artificial intelligence, ensuring that its deployment aligns with the fundamental rights of individuals while promoting responsible innovation.
