The European parliament adopted its version of the AI Act
IT and Data Protection
| 15/06/23 | 6 min. |
AN IMPORTANT STEP ON THE PATH TOWARDS BALANCING FUNDAMENTAL RIGHTS AND INNOVATION
- On June 14, the European Parliament (“EP”) passed its version of the European Commission’s proposal for a regulation on harmonized rules on artificial intelligence ("AI Act"). The EP modified the initial proposal introducing a series of substantial amendments. As a reminder, the Council already adopted its position last December 6.
- The AI Act will remain a risk-based approach with the following classification of AI usages: prohibited IA usages, high-risk IA usages, and low/minimal risk AI usages.
- In this respect, the proposal relies on a human-centric approach. As a general principle applicable to all AI services, the draft passed by the EP clearly stated that these tools need to serve people, respect human dignity and personal autonomy, and that function in a way that can be appropriately controlled and overseen by humans.
- Among the many amendments introduced by the EP, some needs to be highlighted.
EXTENSION OF THE LIST OF PROHIBITED AND HIGH-RISK AI USAGES
- The European Parliament extended the prohibition of some AI practices to, inter alia, social scoring of natural persons, biometric categorization systems using sensitive characteristics, predictive policing systems based on profiling of a natural person or on assessing personality traits and characteristics, emotion recognition systems in law enforcement, border management, workplace and educational institutions.
- The list of high-risk IA systems contained in Annex III of the AI Act was amended to include : AI systems intended (i) to be used for influencing the outcome of an election or the voting behavior of natural persons in the exercise of their vote and (ii) to be used by social media platforms that have been designated as " very large online platforms" (VLOPs) within the meaning of the Digital Services Act, in their recommendation systems for user-generated content available on the platform.
THE SCOPE OF THE AI ACT IS ALIGNED WITH OECD DEFINITION AND INCLUDES NOW FOUNDATION MODEL & GENERATIVE AI WHICH ARE ALSO SUBJECT TO SPECIFIC COMPLIANCE RULES
- The AI Act as amended sets forth several definitions that are intended to be harmonized with the OECD and the US approach, in order to achieve consistency all over the world, and to ensure a level playing field. In that regard, the co-rapporteurs MM. Benifei and Tudorache outlined the need for alignment since the technology will be the same everywhere and the “Brussels effect” would not suffice to ensure harmonization in a field as complex as IA.
- To better handle Generative AI, the EP version of the AI Act provides a definition of ‘foundation model’ which means an AI system model that is trained on broad data at scale, is designed for generality of output, and can be adapted to a wide range of distinctive task. Therefore, this kind of AI tool needs to be compliant with a serie of rules including on transparency and data governance.
GENERATIVE AI NEEDS TO PAY ATTENTION TO COPYRIGHT LAW
- The AI Act addresses some of the issues raised by generative AI systems, regarding the generation of content in breach of Union law, copyright rules, and potential misuse.
- In that regard, the adopted version of the AI Act sets forth an additional obligation on providers of foundation models used in generative AI, who must document and make publicly available a sufficiently detailed summary of the use of training data protected under copyright law.
"SHARP-TEETH" REGULATION: PENALTIES IN CASE OF NON-COMPLIANCE WITH PROHIBITED AI PRACTICES HAVE BEEN INCREASED UP TO 7% OF WORLDWIDE TURNOVER
- The sanctions incurred in case of non-compliance with the AI Act have been reorganized:
- The maximum penalties that can be incurred are those related to non-compliance with the prohibition of certain artificial intelligence practices, which have been increased up to the higher of 40 000 000 EUR or, if the offender is a company, up to 7 % of the company’s total worldwide annual turnover for the preceding financial year.
- The other fines range from 5 000 000 EUR (or 1% of the offender’s total worldwide annual turnover for the preceding financial year) to 20 000 000 EUR (or 4% of the offender’s total worldwide annual turnover for the preceding financial year), depending on the non-compliance concerned.
- Fines may be imposed in addition to or instead of non-monetary measures such as orders or warnings
- Now, the trialogue will start. The European Parliament, the Council, and the Commission will seek to reach an agreement on a compromise version, possibly before the end of 2023. The AI Act will apply 24 months after its date of entry into force.
- Meanwhile, following the last meeting of the Trade and Technology Council, the European Union, the US Government and key stakeholders are preparing a code of conduct and a voluntary pact to anticipate the regulation of the use of AI.