At the end of 2023, the European Parliament and the European Commission reached an agreement on the text of the EU AI law. As the document has not yet been finally endorsed by the two institutions and the European Council, the framework within which the new regulation will emerge is already foreseeable. If all goes according to plan, the regulation will enter into force two years after its publication in the Official Journal of the EU. It is expected that the text will be fully implemented in 2026.

Artificial intelligence is a technology that offers great opportunities for innovation, competitiveness, and social prosperity. However, it also brings with it ethical, legal, and social challenges that need to be addressed appropriately. For this reason, a series of AI regulations will enter into force in 2024, creating a common framework for the development and responsible use of AI in the European Union.

If your company uses or develops applications with artificial intelligence, you should be aware of the regulations. In this article, we explain what the regulation consists of, how the risk levels are delineated, and what the areas of application are.

Classification of AI tools according to their risk level 

The AI regulation proposed by the European Union divides applications into four risk levels: prohibited, high, limited, and minimal.

  • Prohibited: AI applications that violate the EU's fundamental values and principles such as human dignity, democracy, or the rule of law. For example, manipulation of human behavior, mass surveillance, or social scoring by a government. These applications are prohibited and may not be developed or used in the EU.
  • High-risk level: These are AI applications that can cause significant harm to individuals or society. This includes AI applications that are used in the areas of public safety, health, education, employment, or access to essential services. This category includes facial recognition systems, medical diagnostic systems, and personnel selection systems. These applications are subject to strict requirements in terms of quality, transparency, human oversight, and accountability.
  • Medium risk level: These are AI applications that may hurt the rights or interests of individuals, but which can be mitigated by appropriate measures. For example, personalized advertising systems, content recommendation systems, or chatbots. These applications must meet certain obligations in terms of transparency of information and user consent.
  • Minimal risk level: These are AI applications that do not pose a significant risk to humans or society or that are already regulated by other standards. For example, video game systems, driver assistance systems, or warehouse management systems. No special requirements apply to these applications, but they must comply with general data protection, consumer, competition, and non-discrimination rules.

What is the scope of the EU AI Act?

The European AI rules apply to all applications developed or used in the EU, regardless of the location or nationality of the providers or users. They also apply to AI applications imported into or exported from the EU if they affect EU citizens or interests.

It is important to clarify that the AI Regulations do not apply to applications used exclusively for military or national security purposes, nor to AI applications developed or used for research, experimentation, testing, or verification purposes.

Obligations of companies that use or develop AI

Companies that use or develop AI applications must comply with the obligations incumbent on them depending on the level of risk of the application. These obligations may vary depending on their role in the AI value chain: Provider, Distributor, User, or Affected Party.

  • Provider: is the natural or legal person who develops an AI application or makes it available to third parties, whether through sale, rental, license, or any other form of distribution. The provider is primarily responsible for compliance with AI regulations and must ensure that the application meets the quality, transparency, human oversight, and accountability requirements that apply to it, depending on the level of risk. In addition, the provider must conduct an AI risk assessment, register the application in a public database, cooperate with regulators, and report any incidents or malfunctions of the application.
  • Distributor: is the natural or legal person who transfers an AI application from a provider to a user without altering or modifying it; the distributor must ensure that the provider has fulfilled its obligations according to the level of risk of the AI and inform the user of the characteristics and functioning of the application. In addition, the distributor must cooperate with the supervisory authorities and report any incident or malfunction of the AI.
  • User: is the natural or legal person who uses an AI application for their purposes or to provide a service to third parties; the user must comply with the instructions and conditions of use established by the provider or distributor of the AI application and monitor the operation of the application appropriately. In addition, the user must cooperate with the supervisory authorities and report any incident or malfunction of the AI.
  • Data subject: is the natural or legal person whose rights or interests may be directly or indirectly affected by the use of an AI application. The data subject has the right to receive clear and comprehensible information about the use of the AI and its effects, to give their free and informed consent where necessary, to exercise control over the application as far as possible, and to demand and receive compensation for any damage caused by the AI.

This regulation aims to ensure the ethical, safe, and reliable development and use of AI in the EU. If you are a company that uses or develops AI solutions, you should be aware of and comply with these rules, depending on the level of risk, scope, and obligations that apply to you, helping to build trust and acceptance of AI among citizens, customers, and partners and seizing the opportunities it can offer for the growth and competitiveness of your business.