5 Key Things AI Businesses Need to Know About the EU AI Act

We understand that the EU AI Act is something new, and it will significantly impact the way companies develop, deploy, or use AI, but it doesn't have to be a source of panic. Understanding its scope and impact is the first step in navigating this new regulatory landscape. So, does the EU AI Act apply to you? And if so, what could be the consequences of non-compliance?

First things first, let's define the playing field. The EUAI Act follows a risk-based approach, differentiating between uses of AI that create an unacceptable risk, a high risk, and low or minimal risk.

• Unacceptable risks - the goal is to prevent anyone from using secret tricks to control people without them knowing or from taking advantage of vulnerable groups like children or those with disabilities. This is to prevent actions that could hurt them or others, either in their mind or body. AI systems that pose unacceptable risks are prohibited and will be banned immediately. 
• High-risk AI systems  - this category encompasses systems deemed to pose significant risks to fundamental rights, such as those used in facial recognition, recruitment, or credit scoring. These systems face the strictest compliance requirements.
• Low or minimal-risk AI systems - these systems, like basic image filters or spam filters, face minimal regulatory burden.

As mentioned, the consequences of not following the regulations can be severe. They include fines that can reach up to €35 million or 7% of company’s global annual turnover, whichever is higher. Additionally, companies that do not comply with the AI regulations risk being banned from the market and suffering damage to their reputation. On the other hand, early adoption of these regulations offers significant benefits, such as a competitive edge and building trust among all stakeholders.

Now, where does your business stand? You can use our free EU AI impact assessment, which will help you understand how the EU AI Act affects your AI system and business operations, and determine the risk category of your AI system. This should be definitely your starting point.

As mentioned above, EU takes a firm stance against specific AI systems deemed too risky for fundamental rights and societal well-being. These "unacceptable risk" systems find themselves on a strict no-go list, signaling the EU's commitment to responsible and trustworthy AI. 

To better understand which AI systems will be prohibited under the EU AI Act and the level of threat they represent, we are sharing two examples with you.

Example 1 - Social Scoring App

Imagine a system that assigns individuals a score based on their social behavior, financial history, or online activity. This score then dictates access to essential services, employment opportunities, or even loan approvals. This is the chilling reality of social scoring, a practice the EU AI Act explicitly bans. 

Concerns about discrimination, social manipulation, and the potential for misuse by authoritarian regimes led to this decisive move. The EU AI Act recognizes the inherent threat social scoring poses to individual freedom and equality, safeguarding citizens from its harmful potential.

Example 2 - Real-Time Facial Recognition

Imagine a system that records and recognizes the lines of your face while you walk down the street, collects data about your walking paths, and forwards that information to advertising agencies to place targeted ads on your way to the office, home, or cinema. Sounds scary, right?

The widespread use of real-time facial recognition in public spaces has already raised significant privacy concerns. The EU AI Act addresses this issue head-on by prohibiting its use for mass surveillance. While limited exceptions exist for specific cases, such as missing child investigations, the ban reflects a broader commitment to protecting individuals' right to privacy and freedom from constant monitoring. Concerns about potential misuse for profiling, discrimination, and chilling effects on public discourse played a crucial role in this decision.

These specific prohibitions act as a strong message about the EU's values and vision for responsible AI development. Beyond the banned systems, the EU AI Act sets a regulatory framework with varying levels of requirements based on risk assessment. This nuanced approach fosters innovation while mitigating potential harms. However, the conversation doesn't end here. As technology evolves, ethical considerations and regulatory frameworks will continuously adapt to navigate the complex landscape of AI.

The EU AI Act makes the previously hidden parts of AI development more open. It strongly focuses on detailed documentation that must cover multiple aspects of an AI system. 

It’s important to note that not all AI systems face the same documentation requirements. The EU AI Act targets high-risk AI systems, defined as those posing a significant threat to fundamental rights or safety. This includes areas like facial recognition for law enforcement, AI-powered recruitment tools, and medical diagnosis algorithms. Similar requirements are also applicable to general-purpose AI systems. If your company operates in any of these areas, or others that pose high risk, be prepared to document, document, and document.

Take our free assessment and find out what is the risk level your AI system is associated with according to the EU AI Act.

What Needs to be Documented?

The EU AI Act demands a technical documentation package covering multiple facets of the AI system:

• Comprehensive details about the datasets and training sets used, including their origin, composition, and potential biases. This level of scrutiny aims to expose potential discrimination and ensure data privacy compliance.
• Technical descriptions of the algorithms, frameworks, and training methods employed, shedding light on how the AI learns and makes decisions. This transparency enhances explainability and helps identify potential risks like model drift or unfair outcomes.
• Clear explanations of how the AI system arrives at its conclusions, outlining the factors influencing each decision. This promotes trust and enables developers to address potential biases within the decision-making logic.
• Regular evaluations of the system's performance, along with comprehensive assessments of potential risks, including safety, security, fairness, and environmental impact. This allows for continuous improvement and proactive mitigation of negative consequences.
• Detailed descriptions of the role of human intervention in the system's operation and decision-making, ensuring accountability and preventing unintended consequences.

Navigating the documentation maze isn’t a simple task, moreover, it can drag your development a few steps back.

Building this comprehensive documentation package is no easy feat. Companies face multiple challenges like:

• Gathering and organizing vast amounts of technical data - imagine sifting through terabytes of data used to train your AI, including everything from text and images to sensor readings and user interactions. Identifying, collecting, and organizing this diverse data for documentation can be a mammoth task, requiring specialized tools and skilled personnel.
• Balancing transparency with protecting intellectual property - sharing details about your data and algorithms fosters trust, but revealing too much might expose your unique competitive edge. Striking the right balance between transparency and protecting intellectual property requires careful consideration of what information is truly necessary for documentation.
• Developing clear and concise explanations for complex algorithms - translating complex algorithms into clear and concise explanations for non-technical audiences is akin to explaining rocket science to a kindergartener. It requires expertise in both AI and communication, along with innovative techniques like visualization and interactive demos.
• Maintaining documentation throughout the AI system's lifecycle - AI systems, like living organisms, evolve over time. Keeping documentation current with updates, bug fixes, and new functionalities becomes an ongoing challenge, demanding meticulous record-keeping and efficient updating procedures.

While the EU AI Act mandates documentation for high-risk and general-purpose AI systems, the benefits extend far beyond mere compliance. Transparency fosters trust among users, regulators, and the public, enhancing the legitimacy and acceptability of AI applications. Additionally, detailed documentation facilitates internal learning and improvement, enabling developers to optimize algorithms, identify biases, and ensure the system operates as intended.

Remember the "black box" algorithms of AI's past? The EU AI Act says no more. Transparency and explainability (often called XAI) are now central to responsible AI development, and AI businesses need to embrace them. 

But why they care about transparency? There are multiple reasons why European Union has decided to prioritize transparency and explainability of AI systems:

• Trust and user rights - users deserve to understand how AI systems affect them, especially when critical decisions are involved.
• Mitigating bias and discrimination - by understanding how models reach their conclusions, potential biases can be identified and addressed before they harm individuals or groups.
• Accountability and legal compliance - the EU AI Act mandates sufficientexplainability for high-risk systems, ensuring accountability for decision-making processes.

Transparency is not just another regulatory burden. It can actually improve your AI's performance and user trust.

So, how should your AI company transform transparency and explainability into practice? Well, you should do the following:

• Provide accessible information about what your AI system does, how it works, and what data it uses.
• Don't just tell users the answer; explain how the system arrived at that answer using understandable language and visualizations.
• Always allow human oversight and intervention when needed, ensuring the responsible use of the system.
• Regularly test your system for bias and ensure that explanations are accurate and helpful.

Once again, transparency shouldn’t be considered a regulatory burden, but rather a great starting point for building long-term relationships with customers, establishing trust, and enhancing reputation.