EU finalises rulebook on AI regulations: Reactions and implications 
By Rosemary Kurian

On 02 February, 27 EU member countries approved the Artificial Intelligence regulation act known as the world’s first comprehensive AI Rulebook. This follows a political agreement between the EU member states in December 2023 after addressing concerns over limiting the growth of homegrown AI models through careful analysis.
 
What is the new EU AI Law?
The AI Act was first proposed by the EU in 2021 in an attempt to create a set of rules to manage its technological advancements as well as prevent any grave consequences the technology might bear against the general public. It aims to do the latter by setting specific rules for the providers, deployers, importers and manufacturers of AI products and technology within the EU market. Firstly, the act in its Article 3(1) attempts to define AI as “A machine-based system designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.” While the act applies to the aforementioned categories within the EU or third parties that provide systems in use within the EU market, it will not affect military AI systems or those that are used for the sole purpose of scientific research and development. Similarly, no restrictions have been placed on free open-source AI systems unless specific risks have been identified by the EU.
 
Article 5 of the Act lists out the forbidden activities using AI technology. The EU has proposed a ban on the use of technology that can influence behaviour through manipulative and deceptive AI systems or its use to exploit individual vulnerabilities. To prevent discrimination and hate crimes, the use of biometric information for the determination of individuals’ race, beliefs, sexual orientation, and membership to unions. In addition, the social tracking of an individual to deny them opportunities, use of Remote Biometric Identification (RBI) in public places, creating databases using facial recognition via CCTVs and using AI to deduce human emotions and behaviour in professional and educational spaces is forbidden. Exceptions for law enforcement purposes have been noted.
 
Article 6 lists out the classification of AI systems that are considered “high-risk” and an amendment of the same added exemptions to those systems that pose “no significant risk of harm, to the health, safety or fundamental rights of natural persons, including by not materially influencing the outcome of decision making.” The “high risk” components include biometrics and facial recognition tools not explicitly banned under Article 5, access to public services, private services like insurance and banking, elections, law enforcement, and migration. The producers of such systems must ensure practices of data governance, draft its risk-management measures, monitor its use through a human and record it, and guarantee accuracy and cyber security. The Act further regulates general purpose AI like ChatGPT and Google’s Bard by demanding creators to maintain technical documentation, determine the tool’s limits, document the copyrighted material used to train the software and abide by the EU’s rulebook.
 
What were the reactions within the EU?
When the final version of the text for the bill was presented in the EU on 24 January, most member states including Austria, France and Germany expressed their reservations until the adoption of the bill by the Committee of Permanent Representatives on 02 February. Three of Europe’s largest economies– Germany, France and Italy– expressed their opposition to the stringent regulatory rules for powerful AI systems like Open AI’s GPT-4 and Google’s Bard. They were attempting to prevent the curb in the advancement of potential European enterprises like Aleph Alpha and Mistral AI that could surpass the American dominance in the field. However, the European Parliament decided against the opposition to prevent the risks arising from the most potent forms of AI. On implementation, France insisted ensuring the development of competitive AI models, balancing transparency with protection of sensitive data, and preventing the overburdening of companies with “high risk” recommendations. Austria raised concerns over data protection through law enforcement exceptions and invasive technologies.
 
What are its implications?
The European Parliament is set to adopt the AI rulebook on 13 February with a plenary vote due in April. The official adoption will be complete once it is endorsed at a ministerial level. Once the rulebook is officially published in the Official Journal of the European Union (OJ), it could set a global standard as the most comprehensive law on AI. Given that obligations have been applied by the EU on the deployers of AI technology, it applies even outside the EU through non-EU businesses who would want to be providers of the service. Even a non-EU state would have to oblige if it provides an AI service used in the EU or one that can cause an impact within the EU.
 
The built in system of checks and balances that the new AI Act provides, for example, through policies concerning management of personal information could lead to the responsible use of data and of data governance. The threats of cybersecurity and data breaches, deemed as a threat within the rulebook, could be curbed through the security system created by the Act. The obligations extending to AI technology deployers of “high risk” models urge on impact assessments on fundamental rights and EU code of conduct, which could be duplicated in preventing privacy concerns across systems. The constant need to document trails of AI activities could help monitor the efficacy of data governance across multiple concerns including copyright breaches and breach of personal data.
 
References
Gian Volpicelli, “The EU’s artificial intelligence rulebook, explained”, Politico, 06 February 2024
Luca Bertuzzi, “EU countries give crucial nod to first-of-a-kind Artificial Intelligence law”, Euractiv, 02 February 2024
Clara Hainsdorf, Tim Hickman, Sylvia Lorenzm Jenna Rennie and Clare Connellan, “The pre-final text of the EU’s AI Act leaked online”, White & Case, 06 February 2024
Deborshi Barat, “The EU’s AI Act and the Brussels effect”, The HIndu BusinessLine, 31 December 2023