Posted inAI Regulations

The EU AI Act: Understanding the Risk-Based Approach

Posted inAI, Regulations
EU AI Act - risk vs obligations - Dr Bothe
EU AI Act - Risk vs Obligations - Dr Bothe

Navigating the complexities of the EU AI Act can be challenging, specifically for the startups and early adapters of high tech SMEs, but understanding its risk-based framework is crucial for compliance and effective AI implementation. This blog breaks down the key elements of the Act, providing clarity on its structure and implications.

The Risk-Based Approach

The EU AI Act categorizes AI systems based on their level of risk, with each category having specific obligations. This structured approach aims to balance innovation with safety, ensuring that AI technologies benefit society while minimizing potential harm. Read the briefing here: EU Artificial intelligence act: Briefing.

Risk Categories and Their Obligations

  1. Unacceptable Risk – Prohibited AI Practices
    • These are AI systems that pose a significant threat to the safety, rights, and freedoms of individuals.
    • Examples:
      • Social scoring by governments, where individuals are rated based on their behavior or other data.
      • Real-time biometric identification systems used in public spaces, except for certain cases like law enforcement under strict conditions.
    • Obligations: These AI practices are outright banned within the EU.
  2. High Risk – Assessment & Monitoring
    • High-risk AI systems can significantly impact people’s lives and must adhere to stringent regulations to ensure safety and fairness.
    • Examples:
      • AI used in critical infrastructure (e.g., transport safety systems).
      • AI applications in education (e.g., exam grading systems).
      • AI in employment processes (e.g., automated CV sorting).
      • AI in law enforcement (e.g., predictive policing tools).
    • Obligations: These systems require rigorous assessment and continuous monitoring. This includes ensuring compliance with safety standards, maintaining documentation, and undergoing regular evaluations.
  3. Limited Risk – Transparency
    • AI systems that present a limited risk but still require transparency to maintain trust and accountability.
    • Examples:
      • AI chatbots that must disclose they are not human.
      • AI-generated content that needs to be clearly identified as such to prevent misinformation (e.g. this content is partially AI-generated).
    • Obligations: These AI systems must provide clear and understandable information about their operations, ensuring users are aware they are interacting with AI.
  4. Minimal/Low Risk – No Specific Regulations
    • These AI systems pose minimal risk and are typically used in non-critical applications.
    • Examples:
      • AI-driven video games, where the AI enhances user experience without significant consequences.
      • AI-enabled spam filters that help manage email but do not impact user rights.
    • Obligations: These systems have no specific regulatory requirements under the EU AI Act, allowing for more flexibility in their development and deployment, more precisely they are not subject to further obligations beyond currently applicable legislation (e.g., GDPR).

General Purpose AI (GPAI) Models

The regulation also provides specific rules for General Purpose AI (GPAI) models. It lays down more stringent requirements for GPAI models with ‘high-impact capabilities’ that could pose a systemic risk and have a significant impact on the internal market. These models must adhere to higher standards of transparency, safety, and accountability due to their broad applicability and potential influence across various sectors.

Implications for AI Developers and Users

Understanding the EU AI Act’s risk-based categorization is essential for AI developers and users. By knowing which category their AI system falls into, developers can ensure they meet the necessary obligations, from rigorous assessments for high-risk applications to maintaining transparency for limited-risk systems. This approach not only helps in regulatory compliance but also fosters trust and accountability in AI technologies. In the next blog I will talk about the Applicability of the EU AI Act and its scopes.

The EU AI Act is a significant step towards ensuring that AI technologies are safe, transparent, and beneficial for society. In other perspective it also slows the development a bit, however, if the regulations are deployed structurally and are organised properly it can be a breeze and good for tech in general. By categorizing AI systems based on their risk levels and assigning specific obligations, the Act provides a clear framework for developing and deploying AI responsibly.

Staying informed about these regulations and understanding the specific requirements for different risk categories is crucial for anyone involved in AI. As the landscape of AI continues to evolve, the EU AI Act will play a pivotal role in shaping the future of AI governance and innovation.