The European Union Artificial Intelligence Act: Part One – Scope and Prohibited Systems

The European Union recently enacted its new artificial intelligence regulation, the (“EU AI Act”).  The new law is expected to have a substantial impact on the AI industry, including on companies outside of the EU, much as the GDPR did.

Overall, the EU AU Act follows a risk-based approach and contains several categories of AI systems.  High risk systems are subject to the most stringent requirements, while AI systems presenting less risk are subject to lighter regulation.  But certain uses of AI systems are entirely prohibited.  Additionally, special rules apply to general purpose AI systems and foundation models.

In this article we begin to examine the key elements of the EU AI Act.  Due to the size and complexity of the EU AI Act, we will analyze it over the course of several installments.

Who it Applies To

The EU AI act applies to providers of AI systems or general-purpose AI models that are placed on the EU market, or are put into service or used in the EU.  A “provider” is an organization that (i) develops an AI system or a general purpose AI model, and (ii) places the system or model on the market or puts the system into service under its own name.  The EU AI Act applies to providers regardless of whether or not they charge a fee for the AI system.  As with the GDPR, the EU AI Act is “extraterritorial” – that is, it applies even if the organization is established in a third country.  And it applies to providers’ authorized representatives that are outside the EU.

The EU AI Act also applies to organization located in the EU that use an AI system (“deployers”). 

Additionally, it applies to providers and deployers of AI systems if they are located outside the EU if the output produced by the AI system is used in the EU.  This aspect has raised some concerns in connection with generative AI systems.  If an AI system created by a U.S.-based provider creates content for a U.S.-based customer that is posted online and accessed in the EU, it could make the provider subject to EU AI Act.

Finally, the EU AI Act applies to importers and distributors of AI systems and product manufacturers placing on the market or putting into service an AI system as part of their products.

Prohibited AI Systems

The EU AI Act bans the use of AI systems for certain things, including (i) subliminal, manipulative or deceptive techniques by materially distorting a person’s behavior by appreciably impairing the person’s ability to make an informed decision; (ii) biometric categorization that uses certain sensitive characteristics such as race, political opinions, trade union membership, religious or philosophical beliefs, sex life or sexual orientation; (iii) social credit systems; (iv) untargeted scraping of facial images from the Internet or CCTV systems for facial recognition; and (v) emotion-recognition systems for use at work and in education.

In our next article, we will look at the next risk category, high-risk AI systems.

About The Authors
Tagged with: , , , , ,
Posted in Artificial Intelligence
About Cyber Law Monitor
In the new digital world, individuals and businesses are almost entirely dependent on computer technology and electronic communications to function on a daily basis. Although the power of modern technology is a source of opportunity and inspiration—it also poses huge challenges, from protecting privacy and securing proprietary data to adhering to fast-changing statutory and regulatory requirements. The Cyber Law Monitor blog covers privacy, data security, technology, and cyber space. It tracks major legal and policy developments and provides analysis of current events.
Subscribe For Updates


Cozen O’Connor Blogs