Today the European Parliament voted to adopt the Commission’s proposal for the EU AI Act¹. After almost three years of discussions and negotiations in committees, talks between the three EU institutions involved (EU Parliament, Council and Commission) on the ultimate type of the law can now begin. The vote followed many modifications leading to a consolidated draft by the 2 concerned committees of the EU parliament in May.
The EU AI Act has now entered the house stretch and if all goes to plan, the EU AI Act can be the primary major regulatory framework for AI worldwide.
Last minute disagreements
Essentially the most contentious debate of the last weeks has been to which extend the use biometric surveillance data must be limited. Only last week the outright ban of the practice — with none exemptions for law enforcement or national security — had been questioned by the European People’s Party.
A complete ban on real-time biometric surveillance and very strict limits on non-real-time use of biometric surveillance data
Nonetheless, this attempt was unsuccessful and today the EU Parliament adopted a complete ban on real-time biometric surveillance and put extremely strict limits on non-real-time use of biometric surveillance data (With the only real exception of some migration and border related contexts).
The vote and what the EU AI Act will contain
The Act was voted on with an inventory of proposed amendments however the core proposal passed with an amazing majority:
The EU AI Act will define what application of artificial intelligence systems are unacceptable and thereby banned, and categorises the suitable applications in a risk-based 4 tier system², each of which have to satisfy different regulatory requirements. These — depending on the tier – include audit and transparency requirements.
What happens next
Now that parliament has adopted the Commission’s proposal, inter-institutional negotiation bringing together representatives of the European Parliament, the Council of the European Union and the European Commission can begin immediately to work on the ultimate text. The aim is to achieve an agreement by the top of this yr.
With the European Parliament election looming in June 2024 work must be done quickly. Once the text of the act is finalised, there can be an implementation phase of two years (perhaps longer). The implementation phase won’t only give the industry time to organize compliance, but in addition give the EU and member state the possibility to establish regulatory agencies and sandbox programs.
Time to prepare — but don’t panic
Nonetheless, notwithstanding details it is clear that it’s time for corporations and developers to familiarise themselves with the act’s requirements has come. For a lot of smaller software and repair corporations in the realm of AI it’s going to be the primary time they might need to cope with risk-assessments and auditing of their product and services.
For those working with AI, from software developers, project managers to management it’s time to learn, educate, study and prepare.
As we all know from the 2 yr implementation period for the GDPR, time will pass quickly. While not as broad because the GDPR, for those working with AI – from software developers, project managers to management — it is certainly time to learn, educate, study and prepare.
¹ MEPs able to negotiate first-ever rules for secure and transparent AI — EU Parliament