That's all. European Union lawmakers have given final approval to create the bloc's flagship risk-based regulation on artificial intelligence.
In a press release confirming the approval of the EU AI Law, the Council of the European Union said the law was “groundbreaking” and “as the first of its kind in the world, it can set global standards for AI regulation.”
The European Parliament had already approved the bill in March.
Council approval means the bill will be published in the EU's Official Journal within a few days and come into force across the EU 20 days later. The new rules will be implemented gradually, with some provisions not taking effect until two years or more.
The law adopts a risk-based approach to regulating the use of AI, completely banning some “unacceptable risk” use cases, such as cognitive behavioral manipulation and social scoring. It also defines a range of “high risk” uses, such as biometric and facial recognition, and AI used in areas such as education and employment. App developers will have to register their systems and meet risk and quality management obligations to gain EU market access.
Another category of AI apps, such as chatbots, are considered “limited risk” and are subject to lighter transparency obligations.
The law responds to the rise of generative AI tools with a set of rules for so-called “general purpose AI” (GPAI), such as the model behind OpenAI’s ChatGPT. However, most GPAIs will only face limited transparency requirements, and only GPAIs that exceed certain computing thresholds and are deemed to pose a “systemic risk” will be subject to more stringent regulation. . (See our previous report for more information on how EU AI law corresponds to his GPAI.)
“The adoption of the AI Law is an important milestone for the European Union,” Mathieu Michel, Belgium's Secretary of State for Digitalization, said in a statement. “This groundbreaking legislation is the first of its kind in the world, addressing a global technological challenge and creating opportunities for societies and economies. With the AI Law, Europe highlights the importance of trust, transparency and accountability when dealing with new technologies, while ensuring that this rapidly changing technology can thrive and drive innovation in Europe.”
Additionally, the law establishes a new governance architecture for AI, including an executive body within the European Commission called the AI Secretariat.
In addition, similar to how the European Data Protection Board helps guide the application of the GDPR, a committee of representatives from EU member states will be appointed to advise and assist the European Commission on the consistent and effective application of AI law. An AI committee will also be established. The European Commission will also establish a scientific committee to assist with oversight and an advisory forum to provide technical expertise.
Because the law seeks to replicate the EU's longstanding approach to product regulation, standards bodies will play a key role in determining what is required of AI app developers. We should expect the industry to redirect the energy it has focused on lobbying against the bill into efforts to develop standards that apply to AI developers.
The law also encourages the establishment of regulatory sandboxes to support the development and real-world testing of new AI applications.
While the EU AI law is the EU's first comprehensive regulation on artificial intelligence, AI developers may already be subject to existing laws such as copyright law, GDPR, the EU's online governance regime, and various competition laws. It is worth noting that there is.