quarta, 31 julho 2024

Publication of the E.U. Regulation on Artificial Intelligence after a long wait

VolverArtificial Intelligence (AI) has become an increasingly pervasive technology in our society, with applications ranging from personal assistance to critical decision-making in areas such as health, justice and public safety. However, the rapid development of these systems raises ethical, legal and security challenges that need to be proactively addressed. After a long period of debate and negotiations, Regulation (EU) 2024/1689 on Artificial Intelligence has finally been published recently, laying the foundations for a harmonised regulatory framework across the European Union.

The Artificial Intelligence Regulation has an eminently pioneering character compared to other existing regulations in the rest of the world. The European regulation not only establishes control mechanisms, but also promotes the sustainable development of AI, especially for small and medium-sized enterprises (SMEs); notwithstanding this, the Artificial Intelligence Regulation contains a broad definition of AI, excluding from its scope systems intended for military purposes or scientific research.

Thus, the Artificial Intelligence Regulation establishes as its main basis the respect for the following fundamental principles:

Respect for human rights: the AI Regulation must respect and protect human rights, including privacy, non-discrimination, equal treatment and dignity of persons.

Transparency and accountability: The decision-making processes of AI systems must be transparent and explainable, so that users and relevant authorities can understand how decisions are reached.

Security and reliability: AI systems must be secure and reliable, with adequate mechanisms to prevent and mitigate security risks, technical failures and algorithmic biases.

Governance and oversight: Governance and oversight bodies will be established at national and European level to ensure compliance with the Regulation and will have the power to impose sanctions in case of non-compliance.

Requirements and obligations

Taking into account the above basic principles, the AI Regulation sets out a number of requirements and obligations for companies and organisations developing and using AI systems:

Risk assessment: Before implementing an AI system, organisations should conduct a thorough assessment of the potential risks to fundamental rights, safety and well-being of individuals.

Transparency and explainability: Organisations must provide clear and accessible information about the operation of their AI systems, including the data used, algorithms applied and decision-making processes.

User rights: Users of AI systems will have specific rights, such as to request rectification or deletion of incorrect or outdated data, and to receive an explanation of decisions made by these systems.

Supervision and enforcement: Supervisory bodies will be established at national and European level to ensure compliance with the Regulation and will have the power to impose administrative and financial sanctions in case of non-compliance.

Risk classification

The Artificial Intelligence Regulation classifies AI systems into three levels of risk:

Inadmissible Risk: Prohibited practices that infringe fundamental rights.

High Risk: Systems that require conformity assessment and are subject to strict regulations.

Low Risk: Systems that can operate with fewer restrictions, but must comply with transparency obligations.

Supervision and sanctions

The Artificial Intelligence Regulation establishes competent bodies in each Member State to supervise compliance with the Regulation. In Spain, the Spanish Artificial Intelligence Supervisory Agency, (Agencia Española de Supervisión de la Inteligencia Artificial, “AESIA”) has already been set up. At European level, the European Artificial Intelligence Office will monitor general purpose models and use its expertise to support the implementation of the Regulation, contributing to the consistent application of the Regulation in all Member States, including the creation of advisory bodies at EU level.

In terms of penalties, the Regulation provides that the most serious infringements can be up to EUR 35 million or 7% of the annual turnover of the offending company.

In short, EU AI regulation seeks a balance between control and promotion of technological development, with a focus on protection of rights and security.

Entry into force and staggered implementation

The Artificial Intelligence Regulation foresees a staggered implementation schedule, including the following dates as the most relevant milestones:

2 August 2026: This is the date on which the Artificial Intelligence Regulation will officially enter into force. From this day, the Regulation will be applicable in all EU Member States, establishing a legal framework for the regulation of AI.

2 February 2025: From this date, specific bans will be implemented on certain artificial intelligence practices considered unacceptable or high-risk practices that may violate fundamental rights. This measure aims to prevent the use of technologies that may cause harm to individuals or society.

2 August 2025: On this date, regulations related to supervisory bodies and high-risk systems will start to apply. This includes the designation of entities in charge of overseeing compliance with the regulation and ensuring that AI systems that are considered high-risk comply with the established standards.

2 August 2027: This date marks the start of the implementation of specific regulations for high-risk AI systems, which require security assessments. These systems will have to undergo evaluation and certification processes to ensure that they operate in a safe and ethical manner, thereby protecting users and society at large.

This staggered approach allows companies and organisations to gradually adapt to new regulations, ensuring that they have sufficient time to comply with the established requirements.

Impact and challenges

The implementation of the Artificial Intelligence Regulation will have a significant impact on the development and use of these systems in the EU. Businesses and organisations will need to adapt their practices and processes to comply with the requirements, which may pose technical, organisational and economic challenges. One of the main challenges will be to strike a balance between innovation and regulation, as well as to ensure effective oversight and enforcement of the Regulation along the entire value chain of AI systems.

Conclusion

Regulation (EU) 2024/1689 on Artificial Intelligence represents an important step forward in the regulation of this emerging technology. By establishing clear principles and requirements, it seeks to ensure that the development and use of AI systems is conducted in a responsible manner that respects the rights of individuals. However, the effective implementation and enforcement of this Regulation will remain a challenge in the coming years, requiring the collaboration and commitment of all actors involved, from companies and organisations to public authorities and civil society. It is essential that this challenge is addressed in a proactive and coordinated manner, with the aim of harnessing the benefits of artificial intelligence while mitigating its risks.

In this context of technical and regulatory changes, the Digital Law department of Belzuz Abogados, S.L.P., can offer specialised advice to its clients on the implementation and use of artificial intelligence systems, in line with the requirements set out in Regulation (EU) 2024/1689. Our team of experts in law and technology is prepared to guide companies and organisations in regulatory compliance, risk management and the adoption of best practices in the development and deployment of AI solutions.

 

Igor Orozco Román  Igor Orozco Román


Departamento Direito Comercial e Societário | Madrid (Espanha)

 

Belzuz Abogados SLP

A presente Nota Informativa destina-se a ser distribuída entre Clientes e Colegas e a informaçăo nela contida é prestada de forma geral e abstracta, năo devendo servir de base para qualquer tomada de decisăo sem assistęncia profissional qualificada e dirigida ao caso concreto. O conteúdo desta Nota Informativa năo pode ser utilizada, ainda que parcialmente, para outros fins, nem difundida a terceiros sem a autorizaçăo prévia desta Sociedade. O objectivo desta advertęncia é evitar a incorrecta ou desleal utilizaçăo deste documento e da informaçăo, questőes e conclusőes nele contidas.

Madrid

Belzuz Abogados - Despacho de Madrid

Nuñez de Balboa 115 bis 1

  28006 Madrid

+34 91 562 50 76

+34 91 562 45 40

Este endereço de email está protegido contra piratas. Necessita ativar o JavaScript para o visualizar.

Lisboa

Belzuz Advogados - Escritório de Lisboa

Av. Duque d´Ávila, 141 – 1º Dtº

  1050-081 Lisboa

+351 21 324 05 30

+351 21 347 84 52

Este endereço de email está protegido contra piratas. Necessita ativar o JavaScript para o visualizar.

Porto

Belzuz Advogados - Escritório do Porto

Rua Julio Dinis 204, Off 314

  4050-318 Porto

+351 22 938 94 52

+351 22 938 94 54

Este endereço de email está protegido contra piratas. Necessita ativar o JavaScript para o visualizar.

Associações

  • 1_insuralex
  • 3_chambers-2024
  • 4_cle
  • 5_chp
  • 6_aeafa