The European Artificial Intelligence Act is driving new levels of human oversight and regulatory compliance for artificial intelligence (AI) within the European Union. Similar to GDPR for privacy, the EU AI Act has potential to set the tone for upcoming AI regulations worldwide.
In early 2024, the European Parliament comprised of 27 member states, unanimously endorsed the EU AI Act. The act is now making its way through the final phases of the legislative process and is expected to rollout in stages in the second half of 2024. Understanding the provisions of the EU AI Act (link resides outside of ibm.com) and readying for compliance is essential for any organization who develops, deploys or uses AI — or is planning to.
The AI Act aims to “strengthen Europe’s position as a global hub of excellence in AI from the lab to the market, ensure that AI in Europe respects set values and rules, and harnesses the potential of AI for industrial use.”
— European Parliament News (link resides outside of ibm.com)
The primary focus of the EU AI Act is to strengthen regulatory compliance in the areas of risk management, data protection, quality management systems, transparency, human oversight, accuracy, robustness and cyber security. It aims to drive transparency and accountability into how AI systems are developed and deployed, helping to ensure that AI products placed in the market are safe for individuals to use.
The EU AI Act aims to meet the challenge to develop and deploy AI responsibly across industries including those that are highly regulated such as healthcare, finance and energy. For industries providing essential services to clients such as insurance, banking and retail, the law requires the use of a fundamental rights impact assessment that details how the use of AI will affect the rights of customers.
The EU AI Act requires that general purpose AI models, including generative AI systems such as large language (LLMs) and foundation models, adhere to a classification system based on systematic risk tiers. Higher risk tiers have more transparency requirements including model evaluation, documentation and reporting. They also involve assessment and mitigation of system risks, reporting of serious incidents and providing protections against cybersecurity. In addition, these transparency requirements include maintenance of up-to-date technical documentation, providing a summary of the content used for model training, and complying with European copyright laws.
The EU AI act follows a risk-based approach, using tiers to classify the level of risk that AI systems pose to an individual’s health, safety or fundamental rights. The three tiers are:
The EU AI Act also imposes rules as to how customers are notified when using a chatbot or when an emotion recognition system is used. There are addition requirements for labeling deep fakes and identifying when generative AI content is used in the media.
Not complying with the EU AI Act can be costly (link resides outside of ibm.com):
7.5 million euros or 1.5% of a company’s total worldwide annual turnover (whichever is higher) for the supply of incorrect information. 15 million euros or 3% of a company’s total worldwide annual turnover (whichever is higher) for violations of the EU AI Act’s obligations.
— VentureBeat
The European AI Act is currently the most comprehensive legal framework for AI regulations. Governments worldwide are taking note and actively discussing how to regulate AI technology to ensure their citizens, business and government agencies are protected from potential risks. In addition, stakeholders from corporate boards to consumers are starting to prioritize trust, transparency, fairness and accountability when it comes to AI.
IBM watsonx.governance helps you accelerate responsible, transparent and explainable AI workflows
IBM® watsonx.governance™ allows you to accelerate your AI governance, the directing, managing and monitoring of your organization’s AI activities. It employs software automation to strengthen your ability to mitigate risks, manage policies requirements, and govern the lifecycle for both generative AI and predictive machine learning (ML) models.
Watsonx.governance helps to drive model transparency, explainability and documentation in 3 key areas:
The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation.
Learn how the EU AI Act will impact business, how to prepare, how you can mitigate risk and how to balance regulation and innovation.
Learn about the new challenges of generative AI, the need for governing AI and ML models and steps to build a trusted, transparent and explainable AI framework.
Read about driving ethical and compliant practices with a platform for generative AI models.
Gain a deeper understanding of how to ensure fairness, manage drift, maintain quality and enhance explainability with watsonx.governance™.
We surveyed 2,000 organizations about their AI initiatives to discover what's working, what's not and how you can get ahead.
Learn how to select the most suitable AI foundation model for your use case.
Govern generative AI models from anywhere and deploy on cloud or on premises with IBM watsonx.governance.
Prepare for the EU AI Act and establish a responsible AI governance approach with the help of IBM Consulting®.
Simplify how you manage risk and regulatory compliance with a unified GRC platform.