The EU AI Act Has Passed The European Parliament. Definitely Time to Get Ready.
Today the European Parliament voted to adopt the Commission’s proposal for the EU AI Act¹. After almost three years of discussions and negotiations in committees, talks between the three EU institutions involved (EU Parliament, Council and Commission) on the final form of the law can now begin. The vote followed many modifications resulting in a consolidated draft by the two concerned committees of the EU parliament in May.
The EU AI Act has now entered the home stretch and if all goes to plan, the EU AI Act will be the first major regulatory framework for AI worldwide.
Last minute disagreements
The most contentious debate of the last weeks has been to which extend the use biometric surveillance data should be limited. Only last week the outright ban of the practice — without any exemptions for law enforcement or national security — had been questioned by the European People’s Party.
A total ban on real-time biometric surveillance and extremely strict limits on non-real-time use of biometric surveillance data
However, this attempt was unsuccessful and today the EU Parliament adopted a total ban on real-time biometric surveillance and put extremely strict limits on non-real-time use of biometric surveillance data (With the sole exception of some migration and border related contexts).
The vote and what the EU AI Act will contain
The Act was voted on with a list of proposed amendments but the core proposal passed with an overwhelming majority:
The EU AI Act will define what application of artificial intelligence systems are unacceptable and thereby banned, and categorises the acceptable applications in a risk-based four tier system², each of which have to meet different regulatory requirements. These — depending on the tier - include audit and transparency requirements.
What happens next
Now that parliament has adopted the Commission’s proposal, inter-institutional negotiation bringing together representatives of the European Parliament, the Council of the European Union and the European Commission can begin immediately to work on the final text. The aim is to reach an agreement by the end of this year.
With the European Parliament election looming in June 2024 work needs to be done quickly. Once the text of the act is finalised, there will be an implementation phase of two years (maybe longer). The implementation phase will not only give the industry time to prepare compliance, but also give the EU and member state the chance to set up regulatory agencies and sandbox programs.
Time to get ready — but don’t panic
However, notwithstanding details it is apparent that it is time for companies and developers to familiarise themselves with the act’s requirements has come. For many smaller software and service companies in the area of AI it will be the first time they might have to deal with risk-assessments and auditing of their product and services.
For those working with AI, from software developers, project managers to management it is time to learn, educate, study and get ready.
As we know from the two year implementation period for the GDPR, time will pass quickly. While not as broad as the GDPR, for those working with AI - from software developers, project managers to management — it is definitely time to learn, educate, study and get ready.
¹ MEPs ready to negotiate first-ever rules for safe and transparent AI — EU Parliament
