A new decisive step for the EU Artificial Intelligence Act. Green light from MEPs

Brussels – The last step before the plenary session that, given a preview in joint Committees, will undoubtedly put the final stamp on the world’s first legislation on artificial intelligence. “With an overwhelming majority”-as the chairwoman of the EU Parliament’s Internal Market and Consumer Protection (IMCO) Committee, Anna Cavazzini described it – Europeans gave the green light today (Feb. 13) to the text of the provisional agreement reached in early December with Council negotiators on the EU Artificial Intelligence Regulation. Now, final approval is awaited in the plenary session, and the groundwork for the new EU legislation can proceed.

“We are the first in the world to adopt such a comprehensive piece of legislation on artificial intelligence, paving the way for a human-centered model, now we must move forward with implementation to protect citizens and build a strong and resilient Digital Single Market,”  the co-rapporteur for the EU Parliament on the EU Artificial Intelligence Act, Brando Benifei (Pd) said at the vote in joint IMCO and LIBE (Civil Liberties, Justice and Home Affairs) Committees. “Today is an important day. We said it when we approved our positions in the Committee and, with long and difficult negotiations, we worked for the best possible result,” the Democratic Party’s head delegation said, referring to the Euro Chamber the 36-hour marathon between December 6 and 8, 2023 to finalize the understanding. The “very long hours” of negotiations between negotiators from the two EU institutions were also mentioned by co-rapporteur Dragoș Tudorache (Renew Europe), who joked that “we did not deserve to suffer so much.”

After the most difficult green light in the EU Council on Feb. 2 and with 71 votes in favor, 8 against, and 7 abstentions in the Committee, it looks like a downhill battle for the EU AI Act at the final test of the vote in the plenary session of the European Parliament which – as confirmed by several sources within the EU institution – should be held at the mini-plenary session scheduled in Brussels between April 10 and 11. The Regulation will be fully applicable 24 months after it enters into force, except for prohibitions on banned practices (after 6 months), codes of conduct (after 9 months), general rules on AI, including governance (after 12 months), and obligations for high-risk systems (after 36 months). In the meantime, given the potential impact of new technologies on June’s European elections and given the timing of the entry into force of the new Regulation, the EU pact on artificial intelligence was launched in mid-November to voluntarily anticipate the requirements, and as of January 24, the Commission established an Ad Hoc AI Office within it.

What the EU Act on Artificial Intelligence provides for

The text of the understanding maintained a horizontal level of protection, with a scale of risk to regulate artificial intelligence applications on four levels: minimal, limited, high, and unacceptable.  Systems with limited risk will be subject to very light transparency requirements, including disclosing that content was AI-generated. Cognitive behavior manipulation systems, untargeted collection of facial images from the Internet or CCTV footage to create facial recognition databases, emotion recognition in workplaces and educational institutions, ‘social scoring’ by governments, biometric categorization to infer sensitive data (political, religious, philosophical beliefs, sexual orientation) are banned as they represent an unacceptable level.

There is a pre-market fundamental rights impact assessment for high-risk systems, including a registration requirement with the appropriate EU database and establishing requirements on data and technical documentation to be submitted to demonstrate product compliance. One of the most substantial exceptions is the emergency procedure that will allow law enforcement agencies to use tools that have not passed the evaluation procedure, which will have to dialogue with the specific mechanism on fundamental rights protection. Even the use of real-time remote biometric identification systems in publicly accessible spaces has exemptions “subject to judicial authorization and for strictly defined lists of offenses.” The ‘post-remote’ use will be exclusively for the targeted search of a person convicted or suspected of committing a serious crime, while real-time use will be “limited in time and location” for targeted searches of victims (kidnapping, trafficking, sexual exploitation), prevention of a “specific and current” terrorist threat, and locating or identifying a person suspected of committing specific crimes (terrorism, human trafficking, sexual exploitation, murder, kidnapping, rape, armed robbery, participation in a criminal organization, environmental crimes).

Image created by an artificial intelligence following the instructions “robot making a speech at the EU Parliament.”

The agreement includes new provisions for situations where artificial intelligence systems may be used for many purposes (general purpose) and where general purpose technology is subsequently integrated into another high-risk system. To account for the wide range of tasks that artificial intelligence systems can perform – generation of video, text, images, side-language conversation, computation, or computer code generation – and the rapid expansion of their capabilities, the high-impact foundation models (a type of generative artificial intelligence trained on a broad spectrum of generalized, label-free data) will have to comply with several transparency requirements before being released to the market: from drafting technical documentation to complying with EU copyright law to disseminating detailed summaries of the content used for training.

Any natural or legal person can file a complaint with the relevant market supervisory authority regarding non-compliance with the EU Artificial Intelligence Act. In the event of a violation of the Regulation, the company will have to pay either a percentage of the annual global turnover of the previous financial year or a predetermined amount (whichever is higher): 35 million euros or 7 percent for violations of prohibited applications, 15 million euros or 3 percent for violations of the law’s obligations, 7.5 million euros or 1.5 percent for providing incorrect information. More proportionate ceilings will apply instead for small and medium-sized enterprises and start-ups.