The European Regulation of Artificial Intelligence (AI Act). Impact on the EU and Andorra.
AI Act: Agreement of the European Parliament and of the Council
9 December 2023 marked an important date in the world of Artificial Intelligence (AI) with the announcement of an historic agreement between the European Parliament and the Council on the Proposal for a European Artificial Intelligence Regulation (AI Act). This agreement is the result of a legislative process that dated back to early 2020 with the public consultation on the White Paper on AI that laid the foundations for what we will still take time to see completed with current and applicable rules.
Who does it affect in the European Union? How does it affect Andorra and non-EU countries?
The rule will affect the public and private sectors and both providers and developers of AI technologies established in the European Union and those who, despite not having a permanent establishment, provide services to EU citizens. With this model, therefore, companies located in Andorra that offer AI-based services to EU citizens with a model similar to that of the data protection regulations, as already discussed in this post.
How are AI applications legally classified?
The AI Act foresees a classification of AI applications based on risk, providing for various obligations by developers and distributors depending on the type of applications they market or use.
Prohibited practices: among others, AI practices such as social profiling, biometric identification techniques in public spaces or emotion recognition in workplaces or educational institutions are included in this category.
High-risk applications: including the control of critical infrastructure (transport, for example), which can put the life and health of citizens at risk; educational or professional background, which can determine access to education and the professional course of someone’s life (for example, exam scores); safety components of products (e.g., application of AI in robot-assisted surgery); employment, workforce management and access to self-employment (e.g., CV sorting software for recruitment procedures); essential public and private services (e.g., the credit score that denies citizens the opportunity to obtain a loan); enforcement of the law that may interfere with the fundamental rights of individuals (e.g., assessing the reliability of evidence); management of migration, asylum and border control (e.g., verification of the authenticity of travel documents); administration of justice and democratic processes (e.g., application of the law to a specific set of facts).
High-risk applications will have to make an assessment of compliance with the regulation and be notified to the competent authorities.
General purpose AI applications (such as ChatGPT and others in mass use), where one of the main obligations is to make the system transparent so that the user knows that they are interacting with a machine.
AI Act and privacy
Without a doubt, AI can pose a risk in the protection of the privacy and intimacy of users or those affected by the systems that will be implemented in the future. For the purposes of mitigating these risks, it includes the obligation that public entities using systems defined as high risk carry out an impact assessment on fundamental rights, which would consider the impact on the right to data protection.
When AI Act is expected to come into force?
The agreement reached on AI Act at the end of 2023 marks the beginning of a long road that may still take years until the regulation is fully applicable. Technical talks are now commencing at all levels to complete the final version of the Regulation and this, together with the elections to the European Parliament scheduled for June 2024, may mean that its publication in the Official Journal may still be delayed until the end of 2024. Once published, it will be enforceable after 24 months and, from then on,:
6 months for the completion of the prohibited practices in the field of AI.
12 months: application of the obligations provided for by the general uses of AI.
24 months: full application of the AI Act.
36 months: application of the measures foreseen for high-risk applications.
Contact us if you need more information about any aspect of AI Act!:
Information on data protection
LEGAL IT GLOBAL 2017, SLP
Providing the service.
Sending the newsletter.
Compliance with the service provision.
Your data will not be shared with any third party, except service providers with which we have signed a valid service agreement.