European lawmakers and officials have announced a groundbreaking compromise on the regulation of artificial intelligence (AI), making the European Union the first in the world to comprehensively regulate this nascent technology. The agreement, reached after intermittent negotiations since June and a marathon 22-hour session, requires final approval from the European Parliament and the European Council. The EU aims to position itself as a pioneer in setting global standards for AI, with penalties for noncompliance including fines of up to 7% of global revenue.
The regulatory framework addresses various aspects of AI, such as the ban on certain applications like social scoring and a tiered-based approach for high-risk systems, including those with potential election influence. Notably, the compromise prohibits mass scraping of images for facial recognition algorithms. While the full details of the deal are not yet known, it is expected to have a global impact, as the EU often leads in approving cutting-edge regulations, whereas the United States is yet to have a comprehensive AI regulation.
The agreement also tackles real-time biometric recognition in public, allowing it with prior judicial authorization for specific cases. However, there are concerns and criticisms of the deal. European Digital Rights (EDRi) has raised objections, citing loopholes and criticizing the ban on emotional recognition systems for workplaces and educational settings while omitting policing and border contexts. Some aspects of the regulation will not take effect for a year or more, prompting concerns that potentially harmful algorithms could gain traction in European society before full enforcement.
The deal has implications for AI developers, particularly concerning foundation models like OpenAI’s GPT series, which will be subject to evaluations, risk assessments, adversarial testing, and reporting requirements. Despite the historic nature of the agreement, enforcement may take years, following a pattern seen with previous major technological laws like the General Data Protection Regulation (GDPR). The establishment of national AI authorities by some European countries signals a step towards enforcement, yet critics anticipate challenges and court rulings before the full extent of the AI Act is applied.
