Getty Images/iStockphoto

EU AI Act brings tough rules and big fines to businesses

The EU AI Act, if passed into law, would prohibit certain AI applications and implement transparency requirements for generative artificial intelligence systems.

The European Union's latest move toward advancing its long-debated EU AI Act and setting guardrails around artificial intelligence use indicates that regulation is coming and enterprise businesses need to prepare.

Members of the EU's Parliament and Council on Friday reached a provisional agreement on the EU AI Act, which would regulate AI based on level of risk and impact. Per the agreement, the EU AI Act would ban certain AI applications, but feature exemptions for law enforcement use. It would also establish obligations for AI systems classified as high risk and implement transparency requirements for generative AI.

The EU AI Act is not yet law, as it still needs to be adopted by both the Parliament and Council. However, as proposed, it is the most comprehensive AI regulation to date, Gartner analyst Avivah Litan said in an email. It also stands to affect enterprise businesses using AI with operations in the EU and provides an example to other governments of how to regulate AI, she said.

The EU's action proves that lawmakers are able to regulate AI safety and fairness, Litan said.

"While they will never get it perfectly right, they can make continual progress toward these goals for the better good of society," she said.

EU AI Act's impact on enterprise businesses

The EU AI Act will affect enterprise businesses' use of certain AI tools, which many businesses use for decision-making and processes in areas such as housing, cybersecurity, workforce management and advertising, Litan said.

Within six months of passage of the EU AI Act, businesses would be prohibited from using techniques such as emotion scoring in the workplace, social scoring based on behavior in social media networks, categorization systems using sensitive characteristics such as race and religion, and untargeted scraping of facial images from the internet to create facial recognition databases.

"Over the years, AI-based screening and targeting has utilized many of these now-prohibited methods, and organizations and the vendors who support them will have to overhaul the related AI-based products and processes," Litan said.

The EU AI Act would also create transparency requirements for generative AI systems, meaning that developers would need to provide technical documentation and detailed summaries regarding content used for model training. Litan said that could steer enterprise businesses into more openly protecting their intellectual property.

Should businesses fail to comply with the EU AI Act, they could face fines ranging from $8 million to nearly $38 million, depending on both the infringement and size of the company.

Preparing for AI regulation

The agreement reached between the EU Parliament and Council gives business leaders more certainty that "risk-based and principle-led AI regulation is coming," and companies must start planning their compliance roadmap, Forrester Research analyst Enza Iannopollo said in an email.

It is possible that the U.S. Congress and the U.S. federal government will use the EU AI Act as a template to pass similarly granular rules and regulations, and enforcement mechanisms.
Avivah LitanAnalyst, Gartner

Iannopollo described the advancement of the EU AI Act as good news for both society and businesses.

"For businesses, it starts providing companies with a solid framework for the assessment and mitigation of risks that -- if unchecked -- could hurt customers and curtail businesses' ability to benefit from their investments in the technology," Iannopollo said. "And for society, it helps protect people from potential detrimental outcomes."

Litan said the EU's steps toward AI regulation could affect AI regulation momentum in other countries as well, including the U.S., where Congress could eventually model AI legislation after the EU AI Act. President Joe Biden's executive order on AI issued in October contained similar provisions as the EU AI Act for high-risk AI models.

"It is possible that the U.S. Congress and the U.S. federal government will use the EU AI Act as a template to pass similarly granular rules and regulations, and enforcement mechanisms," she said.

Makenzie Holland is a news writer covering big tech and federal regulation. Prior to joining TechTarget Editorial, she was a general reporter for the Wilmington StarNews and a crime and education reporter at the Wabash Plain Dealer.

Next Steps

Everything you need to know about the new EU AI Act

Dig Deeper on CIO strategy

Cloud Computing
Mobile Computing
Data Center
and ESG