The EU AI Act - All you need to know

Akshat Gupta

Mar 27, 2024

The European Union's Artificial Intelligence Act (AI Act) represents a milestone in global AI regulation, responding to increasing demands for ethical standards and transparency in AI usage. After extensive drafting and negotiation, the Act has now been provisionally agreed upon, with final compromises reached and adoption by the European Parliament on March 13, 2024. Anticipated to take effect between May and July 2024, the AI Act establishes a comprehensive legal framework to foster trustworthy AI within and beyond Europe, emphasising the respect for fundamental rights, safety, and ethical principles.

Overseen by the newly created EU AI Office, the Act imposes significant penalties for noncompliance - exposing companies to fines of €35 million, or 7 percent of a company's annual revenue, whichever is greater. This compels the stakeholders to understand its implications for their businesses. This blog provides a nuanced exploration of the Act's key provisions, ranging from its rules on high-risk systems to its governance and enforcement mechanisms, offering insights into its potential impact on corporations, individuals and societies alike.


How does it concern me?

AI applications influence what information you see online by predicting what content is engaging to you, capture and analyse data from faces to enforce laws or personalise advertisements, and are used to diagnose and treat cancer. In other words, AI affects many parts of your life.

Like the EU’s General Data Protection Regulation (GDPR) in 2018, the EU AI Act could become a global standard, determining to what extent AI has a positive rather than negative effect on your life wherever you may be. The EU’s AI regulation is already making waves internationally. If you’re a part of an organisation that is leveraging AI/ML techniques to build amazing solutions for real-world problems in or outside the EU, then you will come across this act sooner or later. Why not understand everything there is, right now ?


The AI Act aims to “strengthen Europe’s position as a global hub of excellence in AI from the lab to the market, ensure that AI in Europe respects set values and rules, and harnesses the potential of AI for industrial use.”

- European parliament News


What should I know about the act? 

A risk-based approach 

The cornerstone of the AI Act is a classification system that determines the level of risk an AI technology could pose to the health and safety or fundamental rights of a person. The framework includes four risk tiers: unacceptable, high, limited and minimal.

Source : European Commission

Unacceptable Risk Systems

The EU's AI regulations encompass several key provisions to ensure ethical and responsible AI use. Prohibited AI practices include banning deceptive techniques, exploitation of vulnerabilities, and categorization based on sensitive attributes. Real-time biometric identification in law enforcement requires prior authorization and notification to authorities, with member states having discretion within specified limits. Additionally, reporting obligations mandate annual reports on biometric identification use, ensuring transparency and accountability in AI implementation.


High Risk Systems

The EU identifies various high-risk AI systems across sectors such as critical infrastructure, education, product safety, employment, public services, law enforcement, migration management, and justice administration. These systems are subject to stringent obligations, including risk assessment, high-quality data utilization, activity logging, detailed documentation, transparent deployment, human oversight, and robustness assurance.

High-risk AI systems will be subject to strict obligations before they can be put on the market. We have tried to simplify these for you - 

  • Based on the impact of the application, define the risk-level of the system.

  • Understand the regulatory requirements : Understand the requirements of your system on the basis of your use case and risk level. The standards would be laid out by the AI Office with the help of standardisation bodies like CEN/CENELEC.

  • Risk management system : Evaluation and monitoring of risks posed in application in real-world

  • Data and Data Governance : Ensure data representativeness, correctness and completeness, train-test-validation independence, annotation quality, fairness and bias reduction, data sufficiency and privacy of personal data.

  • Technical Documentation and Transparency to deployers : Maintain and avail necessary information to assess the compliance of the system as per the requirements. Ensure full transparency of crucial information and processes with regulatory bodies as well as consumers of the application.

  • Human Oversight : Enable a synergic ecosystem allowing post production monitoring by humans and intervention capabilities.

  • Accuracy, Robustness and Cybersecurity : Ensure model robustness and continuous data & system integrity checks

  • Quality Management System : End to end system for data and learning management quality.


Limited risk Systems 

Limited risk refers to the risks associated with lack of transparency in AI usage. The AI Act introduces specific transparency obligations to ensure that humans are informed when necessary, fostering trust. For instance, when using AI systems such as chatbots, humans should be made aware that they are interacting with a machine so they can take an informed decision to continue or step back. Providers will also have to ensure that AI-generated content is identifiable. Besides, AI-generated text published with the purpose to inform the public on matters of public interest must be labelled as artificially generated. This also applies to audio and video content constituting deep fakes.

Minimal or no risk

The AI Act allows the free use of minimal-risk AI. This includes applications such as AI-enabled video games or spam filters. The vast majority of AI systems currently used in the EU fall into this category.

General Purpose AI Systems

On a high level, a general-purpose AI model is considered to have systemic risk if its training requires over 10^25 floating point operations (FLOPs), indicating high impact capabilities. These are mainly genAI models. 


The general obligations can be met via self-assessment and can be understood here :

  • Codes of Practice : Use codes of practice to demonstrate compliance until harmonised standards are published.

  • Technical Documentation and Information Sharing : Necessary information to assess the compliance of the system as per the requirements; and continuous access to regulators.

  • Model Evaluation : Model evaluation using standardized protocols and tools, including adversarial testing to identify and mitigate systemic risks.

  • Risk Assessment : Assess and mitigate systemic risks arising from the development or use of AI models



By when do I need to be ready?

6 months 

  • Prohibition on unacceptable risk AI 

12 months 

  • Obligations on providers of general purpose Al models go into effect.

  • Appointment of member state competent authorities.

  • Annual Commission review of, and possible amendments to, the list of prohibited Al.

18 months 

  • Commission implementing act on post-market monitoring.

24 months 

  • Obligations on high-risk Al systems specifically listed in Annex III, which includes Al systems in biometrics, critical infrastructure, education, employment, access to essential public services, law enforcement, immigration and administration of justice.

  • Member states have implemented rules on penalties, including administrative fines.

  • Member state authorities have established at least one operational Al regulatory sandbox.

  • Commission review, and possible amendment of, the list of high-risk Al systems.

36 months 

  • Obligations for high-risk Al systems that are not prescribed in Annex Ill but are intended to be used as a safety component of a product, or the Al is itself a product, and the product is required to undergo a third-party conformity assessment under existing specific EU laws, for example toys, radio equipment, in vitro diagnostic medical devices, civil aviation security and agricultural vehicles.


How does RagaAI help fulfil these obligations ? 

As we’ve seen above, compliance with these complex regulations is a crucial but a cumbersome and technically difficult task. We at RagaAI are using cutting-edge technology to build comprehensive solutions to help you navigate through these complexities and enable automated compliance management for your enterprise AI. These solutions work across all modalities of data.

RagaAI provides comprehensive tests catering to the requirements of the act (laid out objectively), using cutting-edge methods, concrete frameworks and extensive visualisation techniques.

Users can track overall compliance status with global standards put in place by various regulators and policies.

A summary view of various tests and objectives that they comply with. It also shows the risk level ( impact ) and the status of compliance. Doesn’t it look so convenient ?
The website docs enlist and meticulously present the various tests which have been designed to comply with different aspects of regulatory regimes.


Conclusion

The EU AI Act is here to stay and as the specific requirements and standards are laid out over time across all the industries, it is imperative that the AI community is ready with the tools and techniques to comply with these regulations. RagaAI is at the forefront of building these capabilities and helping enterprises ensure full governance of their systems and also comply with globally accepted standards being shaped by revolutionary measures like the EU AI Act.

Get in touch with our Experts

The European Union's Artificial Intelligence Act (AI Act) represents a milestone in global AI regulation, responding to increasing demands for ethical standards and transparency in AI usage. After extensive drafting and negotiation, the Act has now been provisionally agreed upon, with final compromises reached and adoption by the European Parliament on March 13, 2024. Anticipated to take effect between May and July 2024, the AI Act establishes a comprehensive legal framework to foster trustworthy AI within and beyond Europe, emphasising the respect for fundamental rights, safety, and ethical principles.

Overseen by the newly created EU AI Office, the Act imposes significant penalties for noncompliance - exposing companies to fines of €35 million, or 7 percent of a company's annual revenue, whichever is greater. This compels the stakeholders to understand its implications for their businesses. This blog provides a nuanced exploration of the Act's key provisions, ranging from its rules on high-risk systems to its governance and enforcement mechanisms, offering insights into its potential impact on corporations, individuals and societies alike.


How does it concern me?

AI applications influence what information you see online by predicting what content is engaging to you, capture and analyse data from faces to enforce laws or personalise advertisements, and are used to diagnose and treat cancer. In other words, AI affects many parts of your life.

Like the EU’s General Data Protection Regulation (GDPR) in 2018, the EU AI Act could become a global standard, determining to what extent AI has a positive rather than negative effect on your life wherever you may be. The EU’s AI regulation is already making waves internationally. If you’re a part of an organisation that is leveraging AI/ML techniques to build amazing solutions for real-world problems in or outside the EU, then you will come across this act sooner or later. Why not understand everything there is, right now ?


The AI Act aims to “strengthen Europe’s position as a global hub of excellence in AI from the lab to the market, ensure that AI in Europe respects set values and rules, and harnesses the potential of AI for industrial use.”

- European parliament News


What should I know about the act? 

A risk-based approach 

The cornerstone of the AI Act is a classification system that determines the level of risk an AI technology could pose to the health and safety or fundamental rights of a person. The framework includes four risk tiers: unacceptable, high, limited and minimal.

Source : European Commission

Unacceptable Risk Systems

The EU's AI regulations encompass several key provisions to ensure ethical and responsible AI use. Prohibited AI practices include banning deceptive techniques, exploitation of vulnerabilities, and categorization based on sensitive attributes. Real-time biometric identification in law enforcement requires prior authorization and notification to authorities, with member states having discretion within specified limits. Additionally, reporting obligations mandate annual reports on biometric identification use, ensuring transparency and accountability in AI implementation.


High Risk Systems

The EU identifies various high-risk AI systems across sectors such as critical infrastructure, education, product safety, employment, public services, law enforcement, migration management, and justice administration. These systems are subject to stringent obligations, including risk assessment, high-quality data utilization, activity logging, detailed documentation, transparent deployment, human oversight, and robustness assurance.

High-risk AI systems will be subject to strict obligations before they can be put on the market. We have tried to simplify these for you - 

  • Based on the impact of the application, define the risk-level of the system.

  • Understand the regulatory requirements : Understand the requirements of your system on the basis of your use case and risk level. The standards would be laid out by the AI Office with the help of standardisation bodies like CEN/CENELEC.

  • Risk management system : Evaluation and monitoring of risks posed in application in real-world

  • Data and Data Governance : Ensure data representativeness, correctness and completeness, train-test-validation independence, annotation quality, fairness and bias reduction, data sufficiency and privacy of personal data.

  • Technical Documentation and Transparency to deployers : Maintain and avail necessary information to assess the compliance of the system as per the requirements. Ensure full transparency of crucial information and processes with regulatory bodies as well as consumers of the application.

  • Human Oversight : Enable a synergic ecosystem allowing post production monitoring by humans and intervention capabilities.

  • Accuracy, Robustness and Cybersecurity : Ensure model robustness and continuous data & system integrity checks

  • Quality Management System : End to end system for data and learning management quality.


Limited risk Systems 

Limited risk refers to the risks associated with lack of transparency in AI usage. The AI Act introduces specific transparency obligations to ensure that humans are informed when necessary, fostering trust. For instance, when using AI systems such as chatbots, humans should be made aware that they are interacting with a machine so they can take an informed decision to continue or step back. Providers will also have to ensure that AI-generated content is identifiable. Besides, AI-generated text published with the purpose to inform the public on matters of public interest must be labelled as artificially generated. This also applies to audio and video content constituting deep fakes.

Minimal or no risk

The AI Act allows the free use of minimal-risk AI. This includes applications such as AI-enabled video games or spam filters. The vast majority of AI systems currently used in the EU fall into this category.

General Purpose AI Systems

On a high level, a general-purpose AI model is considered to have systemic risk if its training requires over 10^25 floating point operations (FLOPs), indicating high impact capabilities. These are mainly genAI models. 


The general obligations can be met via self-assessment and can be understood here :

  • Codes of Practice : Use codes of practice to demonstrate compliance until harmonised standards are published.

  • Technical Documentation and Information Sharing : Necessary information to assess the compliance of the system as per the requirements; and continuous access to regulators.

  • Model Evaluation : Model evaluation using standardized protocols and tools, including adversarial testing to identify and mitigate systemic risks.

  • Risk Assessment : Assess and mitigate systemic risks arising from the development or use of AI models



By when do I need to be ready?

6 months 

  • Prohibition on unacceptable risk AI 

12 months 

  • Obligations on providers of general purpose Al models go into effect.

  • Appointment of member state competent authorities.

  • Annual Commission review of, and possible amendments to, the list of prohibited Al.

18 months 

  • Commission implementing act on post-market monitoring.

24 months 

  • Obligations on high-risk Al systems specifically listed in Annex III, which includes Al systems in biometrics, critical infrastructure, education, employment, access to essential public services, law enforcement, immigration and administration of justice.

  • Member states have implemented rules on penalties, including administrative fines.

  • Member state authorities have established at least one operational Al regulatory sandbox.

  • Commission review, and possible amendment of, the list of high-risk Al systems.

36 months 

  • Obligations for high-risk Al systems that are not prescribed in Annex Ill but are intended to be used as a safety component of a product, or the Al is itself a product, and the product is required to undergo a third-party conformity assessment under existing specific EU laws, for example toys, radio equipment, in vitro diagnostic medical devices, civil aviation security and agricultural vehicles.


How does RagaAI help fulfil these obligations ? 

As we’ve seen above, compliance with these complex regulations is a crucial but a cumbersome and technically difficult task. We at RagaAI are using cutting-edge technology to build comprehensive solutions to help you navigate through these complexities and enable automated compliance management for your enterprise AI. These solutions work across all modalities of data.

RagaAI provides comprehensive tests catering to the requirements of the act (laid out objectively), using cutting-edge methods, concrete frameworks and extensive visualisation techniques.

Users can track overall compliance status with global standards put in place by various regulators and policies.

A summary view of various tests and objectives that they comply with. It also shows the risk level ( impact ) and the status of compliance. Doesn’t it look so convenient ?
The website docs enlist and meticulously present the various tests which have been designed to comply with different aspects of regulatory regimes.


Conclusion

The EU AI Act is here to stay and as the specific requirements and standards are laid out over time across all the industries, it is imperative that the AI community is ready with the tools and techniques to comply with these regulations. RagaAI is at the forefront of building these capabilities and helping enterprises ensure full governance of their systems and also comply with globally accepted standards being shaped by revolutionary measures like the EU AI Act.

Get in touch with our Experts

The European Union's Artificial Intelligence Act (AI Act) represents a milestone in global AI regulation, responding to increasing demands for ethical standards and transparency in AI usage. After extensive drafting and negotiation, the Act has now been provisionally agreed upon, with final compromises reached and adoption by the European Parliament on March 13, 2024. Anticipated to take effect between May and July 2024, the AI Act establishes a comprehensive legal framework to foster trustworthy AI within and beyond Europe, emphasising the respect for fundamental rights, safety, and ethical principles.

Overseen by the newly created EU AI Office, the Act imposes significant penalties for noncompliance - exposing companies to fines of €35 million, or 7 percent of a company's annual revenue, whichever is greater. This compels the stakeholders to understand its implications for their businesses. This blog provides a nuanced exploration of the Act's key provisions, ranging from its rules on high-risk systems to its governance and enforcement mechanisms, offering insights into its potential impact on corporations, individuals and societies alike.


How does it concern me?

AI applications influence what information you see online by predicting what content is engaging to you, capture and analyse data from faces to enforce laws or personalise advertisements, and are used to diagnose and treat cancer. In other words, AI affects many parts of your life.

Like the EU’s General Data Protection Regulation (GDPR) in 2018, the EU AI Act could become a global standard, determining to what extent AI has a positive rather than negative effect on your life wherever you may be. The EU’s AI regulation is already making waves internationally. If you’re a part of an organisation that is leveraging AI/ML techniques to build amazing solutions for real-world problems in or outside the EU, then you will come across this act sooner or later. Why not understand everything there is, right now ?


The AI Act aims to “strengthen Europe’s position as a global hub of excellence in AI from the lab to the market, ensure that AI in Europe respects set values and rules, and harnesses the potential of AI for industrial use.”

- European parliament News


What should I know about the act? 

A risk-based approach 

The cornerstone of the AI Act is a classification system that determines the level of risk an AI technology could pose to the health and safety or fundamental rights of a person. The framework includes four risk tiers: unacceptable, high, limited and minimal.

Source : European Commission

Unacceptable Risk Systems

The EU's AI regulations encompass several key provisions to ensure ethical and responsible AI use. Prohibited AI practices include banning deceptive techniques, exploitation of vulnerabilities, and categorization based on sensitive attributes. Real-time biometric identification in law enforcement requires prior authorization and notification to authorities, with member states having discretion within specified limits. Additionally, reporting obligations mandate annual reports on biometric identification use, ensuring transparency and accountability in AI implementation.


High Risk Systems

The EU identifies various high-risk AI systems across sectors such as critical infrastructure, education, product safety, employment, public services, law enforcement, migration management, and justice administration. These systems are subject to stringent obligations, including risk assessment, high-quality data utilization, activity logging, detailed documentation, transparent deployment, human oversight, and robustness assurance.

High-risk AI systems will be subject to strict obligations before they can be put on the market. We have tried to simplify these for you - 

  • Based on the impact of the application, define the risk-level of the system.

  • Understand the regulatory requirements : Understand the requirements of your system on the basis of your use case and risk level. The standards would be laid out by the AI Office with the help of standardisation bodies like CEN/CENELEC.

  • Risk management system : Evaluation and monitoring of risks posed in application in real-world

  • Data and Data Governance : Ensure data representativeness, correctness and completeness, train-test-validation independence, annotation quality, fairness and bias reduction, data sufficiency and privacy of personal data.

  • Technical Documentation and Transparency to deployers : Maintain and avail necessary information to assess the compliance of the system as per the requirements. Ensure full transparency of crucial information and processes with regulatory bodies as well as consumers of the application.

  • Human Oversight : Enable a synergic ecosystem allowing post production monitoring by humans and intervention capabilities.

  • Accuracy, Robustness and Cybersecurity : Ensure model robustness and continuous data & system integrity checks

  • Quality Management System : End to end system for data and learning management quality.


Limited risk Systems 

Limited risk refers to the risks associated with lack of transparency in AI usage. The AI Act introduces specific transparency obligations to ensure that humans are informed when necessary, fostering trust. For instance, when using AI systems such as chatbots, humans should be made aware that they are interacting with a machine so they can take an informed decision to continue or step back. Providers will also have to ensure that AI-generated content is identifiable. Besides, AI-generated text published with the purpose to inform the public on matters of public interest must be labelled as artificially generated. This also applies to audio and video content constituting deep fakes.

Minimal or no risk

The AI Act allows the free use of minimal-risk AI. This includes applications such as AI-enabled video games or spam filters. The vast majority of AI systems currently used in the EU fall into this category.

General Purpose AI Systems

On a high level, a general-purpose AI model is considered to have systemic risk if its training requires over 10^25 floating point operations (FLOPs), indicating high impact capabilities. These are mainly genAI models. 


The general obligations can be met via self-assessment and can be understood here :

  • Codes of Practice : Use codes of practice to demonstrate compliance until harmonised standards are published.

  • Technical Documentation and Information Sharing : Necessary information to assess the compliance of the system as per the requirements; and continuous access to regulators.

  • Model Evaluation : Model evaluation using standardized protocols and tools, including adversarial testing to identify and mitigate systemic risks.

  • Risk Assessment : Assess and mitigate systemic risks arising from the development or use of AI models



By when do I need to be ready?

6 months 

  • Prohibition on unacceptable risk AI 

12 months 

  • Obligations on providers of general purpose Al models go into effect.

  • Appointment of member state competent authorities.

  • Annual Commission review of, and possible amendments to, the list of prohibited Al.

18 months 

  • Commission implementing act on post-market monitoring.

24 months 

  • Obligations on high-risk Al systems specifically listed in Annex III, which includes Al systems in biometrics, critical infrastructure, education, employment, access to essential public services, law enforcement, immigration and administration of justice.

  • Member states have implemented rules on penalties, including administrative fines.

  • Member state authorities have established at least one operational Al regulatory sandbox.

  • Commission review, and possible amendment of, the list of high-risk Al systems.

36 months 

  • Obligations for high-risk Al systems that are not prescribed in Annex Ill but are intended to be used as a safety component of a product, or the Al is itself a product, and the product is required to undergo a third-party conformity assessment under existing specific EU laws, for example toys, radio equipment, in vitro diagnostic medical devices, civil aviation security and agricultural vehicles.


How does RagaAI help fulfil these obligations ? 

As we’ve seen above, compliance with these complex regulations is a crucial but a cumbersome and technically difficult task. We at RagaAI are using cutting-edge technology to build comprehensive solutions to help you navigate through these complexities and enable automated compliance management for your enterprise AI. These solutions work across all modalities of data.

RagaAI provides comprehensive tests catering to the requirements of the act (laid out objectively), using cutting-edge methods, concrete frameworks and extensive visualisation techniques.

Users can track overall compliance status with global standards put in place by various regulators and policies.

A summary view of various tests and objectives that they comply with. It also shows the risk level ( impact ) and the status of compliance. Doesn’t it look so convenient ?
The website docs enlist and meticulously present the various tests which have been designed to comply with different aspects of regulatory regimes.


Conclusion

The EU AI Act is here to stay and as the specific requirements and standards are laid out over time across all the industries, it is imperative that the AI community is ready with the tools and techniques to comply with these regulations. RagaAI is at the forefront of building these capabilities and helping enterprises ensure full governance of their systems and also comply with globally accepted standards being shaped by revolutionary measures like the EU AI Act.

Get in touch with our Experts

The European Union's Artificial Intelligence Act (AI Act) represents a milestone in global AI regulation, responding to increasing demands for ethical standards and transparency in AI usage. After extensive drafting and negotiation, the Act has now been provisionally agreed upon, with final compromises reached and adoption by the European Parliament on March 13, 2024. Anticipated to take effect between May and July 2024, the AI Act establishes a comprehensive legal framework to foster trustworthy AI within and beyond Europe, emphasising the respect for fundamental rights, safety, and ethical principles.

Overseen by the newly created EU AI Office, the Act imposes significant penalties for noncompliance - exposing companies to fines of €35 million, or 7 percent of a company's annual revenue, whichever is greater. This compels the stakeholders to understand its implications for their businesses. This blog provides a nuanced exploration of the Act's key provisions, ranging from its rules on high-risk systems to its governance and enforcement mechanisms, offering insights into its potential impact on corporations, individuals and societies alike.


How does it concern me?

AI applications influence what information you see online by predicting what content is engaging to you, capture and analyse data from faces to enforce laws or personalise advertisements, and are used to diagnose and treat cancer. In other words, AI affects many parts of your life.

Like the EU’s General Data Protection Regulation (GDPR) in 2018, the EU AI Act could become a global standard, determining to what extent AI has a positive rather than negative effect on your life wherever you may be. The EU’s AI regulation is already making waves internationally. If you’re a part of an organisation that is leveraging AI/ML techniques to build amazing solutions for real-world problems in or outside the EU, then you will come across this act sooner or later. Why not understand everything there is, right now ?


The AI Act aims to “strengthen Europe’s position as a global hub of excellence in AI from the lab to the market, ensure that AI in Europe respects set values and rules, and harnesses the potential of AI for industrial use.”

- European parliament News


What should I know about the act? 

A risk-based approach 

The cornerstone of the AI Act is a classification system that determines the level of risk an AI technology could pose to the health and safety or fundamental rights of a person. The framework includes four risk tiers: unacceptable, high, limited and minimal.

Source : European Commission

Unacceptable Risk Systems

The EU's AI regulations encompass several key provisions to ensure ethical and responsible AI use. Prohibited AI practices include banning deceptive techniques, exploitation of vulnerabilities, and categorization based on sensitive attributes. Real-time biometric identification in law enforcement requires prior authorization and notification to authorities, with member states having discretion within specified limits. Additionally, reporting obligations mandate annual reports on biometric identification use, ensuring transparency and accountability in AI implementation.


High Risk Systems

The EU identifies various high-risk AI systems across sectors such as critical infrastructure, education, product safety, employment, public services, law enforcement, migration management, and justice administration. These systems are subject to stringent obligations, including risk assessment, high-quality data utilization, activity logging, detailed documentation, transparent deployment, human oversight, and robustness assurance.

High-risk AI systems will be subject to strict obligations before they can be put on the market. We have tried to simplify these for you - 

  • Based on the impact of the application, define the risk-level of the system.

  • Understand the regulatory requirements : Understand the requirements of your system on the basis of your use case and risk level. The standards would be laid out by the AI Office with the help of standardisation bodies like CEN/CENELEC.

  • Risk management system : Evaluation and monitoring of risks posed in application in real-world

  • Data and Data Governance : Ensure data representativeness, correctness and completeness, train-test-validation independence, annotation quality, fairness and bias reduction, data sufficiency and privacy of personal data.

  • Technical Documentation and Transparency to deployers : Maintain and avail necessary information to assess the compliance of the system as per the requirements. Ensure full transparency of crucial information and processes with regulatory bodies as well as consumers of the application.

  • Human Oversight : Enable a synergic ecosystem allowing post production monitoring by humans and intervention capabilities.

  • Accuracy, Robustness and Cybersecurity : Ensure model robustness and continuous data & system integrity checks

  • Quality Management System : End to end system for data and learning management quality.


Limited risk Systems 

Limited risk refers to the risks associated with lack of transparency in AI usage. The AI Act introduces specific transparency obligations to ensure that humans are informed when necessary, fostering trust. For instance, when using AI systems such as chatbots, humans should be made aware that they are interacting with a machine so they can take an informed decision to continue or step back. Providers will also have to ensure that AI-generated content is identifiable. Besides, AI-generated text published with the purpose to inform the public on matters of public interest must be labelled as artificially generated. This also applies to audio and video content constituting deep fakes.

Minimal or no risk

The AI Act allows the free use of minimal-risk AI. This includes applications such as AI-enabled video games or spam filters. The vast majority of AI systems currently used in the EU fall into this category.

General Purpose AI Systems

On a high level, a general-purpose AI model is considered to have systemic risk if its training requires over 10^25 floating point operations (FLOPs), indicating high impact capabilities. These are mainly genAI models. 


The general obligations can be met via self-assessment and can be understood here :

  • Codes of Practice : Use codes of practice to demonstrate compliance until harmonised standards are published.

  • Technical Documentation and Information Sharing : Necessary information to assess the compliance of the system as per the requirements; and continuous access to regulators.

  • Model Evaluation : Model evaluation using standardized protocols and tools, including adversarial testing to identify and mitigate systemic risks.

  • Risk Assessment : Assess and mitigate systemic risks arising from the development or use of AI models



By when do I need to be ready?

6 months 

  • Prohibition on unacceptable risk AI 

12 months 

  • Obligations on providers of general purpose Al models go into effect.

  • Appointment of member state competent authorities.

  • Annual Commission review of, and possible amendments to, the list of prohibited Al.

18 months 

  • Commission implementing act on post-market monitoring.

24 months 

  • Obligations on high-risk Al systems specifically listed in Annex III, which includes Al systems in biometrics, critical infrastructure, education, employment, access to essential public services, law enforcement, immigration and administration of justice.

  • Member states have implemented rules on penalties, including administrative fines.

  • Member state authorities have established at least one operational Al regulatory sandbox.

  • Commission review, and possible amendment of, the list of high-risk Al systems.

36 months 

  • Obligations for high-risk Al systems that are not prescribed in Annex Ill but are intended to be used as a safety component of a product, or the Al is itself a product, and the product is required to undergo a third-party conformity assessment under existing specific EU laws, for example toys, radio equipment, in vitro diagnostic medical devices, civil aviation security and agricultural vehicles.


How does RagaAI help fulfil these obligations ? 

As we’ve seen above, compliance with these complex regulations is a crucial but a cumbersome and technically difficult task. We at RagaAI are using cutting-edge technology to build comprehensive solutions to help you navigate through these complexities and enable automated compliance management for your enterprise AI. These solutions work across all modalities of data.

RagaAI provides comprehensive tests catering to the requirements of the act (laid out objectively), using cutting-edge methods, concrete frameworks and extensive visualisation techniques.

Users can track overall compliance status with global standards put in place by various regulators and policies.

A summary view of various tests and objectives that they comply with. It also shows the risk level ( impact ) and the status of compliance. Doesn’t it look so convenient ?
The website docs enlist and meticulously present the various tests which have been designed to comply with different aspects of regulatory regimes.


Conclusion

The EU AI Act is here to stay and as the specific requirements and standards are laid out over time across all the industries, it is imperative that the AI community is ready with the tools and techniques to comply with these regulations. RagaAI is at the forefront of building these capabilities and helping enterprises ensure full governance of their systems and also comply with globally accepted standards being shaped by revolutionary measures like the EU AI Act.

Get in touch with our Experts

The European Union's Artificial Intelligence Act (AI Act) represents a milestone in global AI regulation, responding to increasing demands for ethical standards and transparency in AI usage. After extensive drafting and negotiation, the Act has now been provisionally agreed upon, with final compromises reached and adoption by the European Parliament on March 13, 2024. Anticipated to take effect between May and July 2024, the AI Act establishes a comprehensive legal framework to foster trustworthy AI within and beyond Europe, emphasising the respect for fundamental rights, safety, and ethical principles.

Overseen by the newly created EU AI Office, the Act imposes significant penalties for noncompliance - exposing companies to fines of €35 million, or 7 percent of a company's annual revenue, whichever is greater. This compels the stakeholders to understand its implications for their businesses. This blog provides a nuanced exploration of the Act's key provisions, ranging from its rules on high-risk systems to its governance and enforcement mechanisms, offering insights into its potential impact on corporations, individuals and societies alike.


How does it concern me?

AI applications influence what information you see online by predicting what content is engaging to you, capture and analyse data from faces to enforce laws or personalise advertisements, and are used to diagnose and treat cancer. In other words, AI affects many parts of your life.

Like the EU’s General Data Protection Regulation (GDPR) in 2018, the EU AI Act could become a global standard, determining to what extent AI has a positive rather than negative effect on your life wherever you may be. The EU’s AI regulation is already making waves internationally. If you’re a part of an organisation that is leveraging AI/ML techniques to build amazing solutions for real-world problems in or outside the EU, then you will come across this act sooner or later. Why not understand everything there is, right now ?


The AI Act aims to “strengthen Europe’s position as a global hub of excellence in AI from the lab to the market, ensure that AI in Europe respects set values and rules, and harnesses the potential of AI for industrial use.”

- European parliament News


What should I know about the act? 

A risk-based approach 

The cornerstone of the AI Act is a classification system that determines the level of risk an AI technology could pose to the health and safety or fundamental rights of a person. The framework includes four risk tiers: unacceptable, high, limited and minimal.

Source : European Commission

Unacceptable Risk Systems

The EU's AI regulations encompass several key provisions to ensure ethical and responsible AI use. Prohibited AI practices include banning deceptive techniques, exploitation of vulnerabilities, and categorization based on sensitive attributes. Real-time biometric identification in law enforcement requires prior authorization and notification to authorities, with member states having discretion within specified limits. Additionally, reporting obligations mandate annual reports on biometric identification use, ensuring transparency and accountability in AI implementation.


High Risk Systems

The EU identifies various high-risk AI systems across sectors such as critical infrastructure, education, product safety, employment, public services, law enforcement, migration management, and justice administration. These systems are subject to stringent obligations, including risk assessment, high-quality data utilization, activity logging, detailed documentation, transparent deployment, human oversight, and robustness assurance.

High-risk AI systems will be subject to strict obligations before they can be put on the market. We have tried to simplify these for you - 

  • Based on the impact of the application, define the risk-level of the system.

  • Understand the regulatory requirements : Understand the requirements of your system on the basis of your use case and risk level. The standards would be laid out by the AI Office with the help of standardisation bodies like CEN/CENELEC.

  • Risk management system : Evaluation and monitoring of risks posed in application in real-world

  • Data and Data Governance : Ensure data representativeness, correctness and completeness, train-test-validation independence, annotation quality, fairness and bias reduction, data sufficiency and privacy of personal data.

  • Technical Documentation and Transparency to deployers : Maintain and avail necessary information to assess the compliance of the system as per the requirements. Ensure full transparency of crucial information and processes with regulatory bodies as well as consumers of the application.

  • Human Oversight : Enable a synergic ecosystem allowing post production monitoring by humans and intervention capabilities.

  • Accuracy, Robustness and Cybersecurity : Ensure model robustness and continuous data & system integrity checks

  • Quality Management System : End to end system for data and learning management quality.


Limited risk Systems 

Limited risk refers to the risks associated with lack of transparency in AI usage. The AI Act introduces specific transparency obligations to ensure that humans are informed when necessary, fostering trust. For instance, when using AI systems such as chatbots, humans should be made aware that they are interacting with a machine so they can take an informed decision to continue or step back. Providers will also have to ensure that AI-generated content is identifiable. Besides, AI-generated text published with the purpose to inform the public on matters of public interest must be labelled as artificially generated. This also applies to audio and video content constituting deep fakes.

Minimal or no risk

The AI Act allows the free use of minimal-risk AI. This includes applications such as AI-enabled video games or spam filters. The vast majority of AI systems currently used in the EU fall into this category.

General Purpose AI Systems

On a high level, a general-purpose AI model is considered to have systemic risk if its training requires over 10^25 floating point operations (FLOPs), indicating high impact capabilities. These are mainly genAI models. 


The general obligations can be met via self-assessment and can be understood here :

  • Codes of Practice : Use codes of practice to demonstrate compliance until harmonised standards are published.

  • Technical Documentation and Information Sharing : Necessary information to assess the compliance of the system as per the requirements; and continuous access to regulators.

  • Model Evaluation : Model evaluation using standardized protocols and tools, including adversarial testing to identify and mitigate systemic risks.

  • Risk Assessment : Assess and mitigate systemic risks arising from the development or use of AI models



By when do I need to be ready?

6 months 

  • Prohibition on unacceptable risk AI 

12 months 

  • Obligations on providers of general purpose Al models go into effect.

  • Appointment of member state competent authorities.

  • Annual Commission review of, and possible amendments to, the list of prohibited Al.

18 months 

  • Commission implementing act on post-market monitoring.

24 months 

  • Obligations on high-risk Al systems specifically listed in Annex III, which includes Al systems in biometrics, critical infrastructure, education, employment, access to essential public services, law enforcement, immigration and administration of justice.

  • Member states have implemented rules on penalties, including administrative fines.

  • Member state authorities have established at least one operational Al regulatory sandbox.

  • Commission review, and possible amendment of, the list of high-risk Al systems.

36 months 

  • Obligations for high-risk Al systems that are not prescribed in Annex Ill but are intended to be used as a safety component of a product, or the Al is itself a product, and the product is required to undergo a third-party conformity assessment under existing specific EU laws, for example toys, radio equipment, in vitro diagnostic medical devices, civil aviation security and agricultural vehicles.


How does RagaAI help fulfil these obligations ? 

As we’ve seen above, compliance with these complex regulations is a crucial but a cumbersome and technically difficult task. We at RagaAI are using cutting-edge technology to build comprehensive solutions to help you navigate through these complexities and enable automated compliance management for your enterprise AI. These solutions work across all modalities of data.

RagaAI provides comprehensive tests catering to the requirements of the act (laid out objectively), using cutting-edge methods, concrete frameworks and extensive visualisation techniques.

Users can track overall compliance status with global standards put in place by various regulators and policies.

A summary view of various tests and objectives that they comply with. It also shows the risk level ( impact ) and the status of compliance. Doesn’t it look so convenient ?
The website docs enlist and meticulously present the various tests which have been designed to comply with different aspects of regulatory regimes.


Conclusion

The EU AI Act is here to stay and as the specific requirements and standards are laid out over time across all the industries, it is imperative that the AI community is ready with the tools and techniques to comply with these regulations. RagaAI is at the forefront of building these capabilities and helping enterprises ensure full governance of their systems and also comply with globally accepted standards being shaped by revolutionary measures like the EU AI Act.

Get in touch with our Experts

Subscribe to our newsletter to never miss an update

Subscribe to our newsletter to never miss an update

Other articles

Exploring Intelligent Agents in AI

Jigar Gupta

Sep 6, 2024

Read the article

Understanding What AI Red Teaming Means for Generative Models

Jigar Gupta

Sep 4, 2024

Read the article

RAG vs Fine-Tuning: Choosing the Best AI Learning Technique

Jigar Gupta

Sep 4, 2024

Read the article

Understanding NeMo Guardrails: A Toolkit for LLM Security

Rehan Asif

Sep 4, 2024

Read the article

Understanding Differences in Large vs Small Language Models (LLM vs SLM)

Rehan Asif

Sep 4, 2024

Read the article

Understanding What an AI Agent is: Key Applications and Examples

Jigar Gupta

Sep 4, 2024

Read the article

Prompt Engineering and Retrieval Augmented Generation (RAG)

Jigar Gupta

Sep 4, 2024

Read the article

Exploring How Multimodal Large Language Models Work

Rehan Asif

Sep 3, 2024

Read the article

Evaluating and Enhancing LLM-as-a-Judge with Automated Tools

Rehan Asif

Sep 3, 2024

Read the article

Optimizing Performance and Cost by Caching LLM Queries

Rehan Asif

Sep 3, 3034

Read the article

LoRA vs RAG: Full Model Fine-Tuning in Large Language Models

Jigar Gupta

Sep 3, 2024

Read the article

Steps to Train LLM on Personal Data

Rehan Asif

Sep 3, 2024

Read the article

Step by Step Guide to Building RAG-based LLM Applications with Examples

Rehan Asif

Sep 2, 2024

Read the article

Building AI Agentic Workflows with Multi-Agent Collaboration

Jigar Gupta

Sep 2, 2024

Read the article

Top Large Language Models (LLMs) in 2024

Rehan Asif

Sep 2, 2024

Read the article

Creating Apps with Large Language Models

Rehan Asif

Sep 2, 2024

Read the article

Best Practices In Data Governance For AI

Jigar Gupta

Sep 22, 2024

Read the article

Transforming Conversational AI with Large Language Models

Rehan Asif

Aug 30, 2024

Read the article

Deploying Generative AI Agents with Local LLMs

Rehan Asif

Aug 30, 2024

Read the article

Exploring Different Types of AI Agents with Key Examples

Jigar Gupta

Aug 30, 2024

Read the article

Creating Your Own Personal LLM Agents: Introduction to Implementation

Rehan Asif

Aug 30, 2024

Read the article

Exploring Agentic AI Architecture and Design Patterns

Jigar Gupta

Aug 30, 2024

Read the article

Building Your First LLM Agent Framework Application

Rehan Asif

Aug 29, 2024

Read the article

Multi-Agent Design and Collaboration Patterns

Rehan Asif

Aug 29, 2024

Read the article

Creating Your Own LLM Agent Application from Scratch

Rehan Asif

Aug 29, 2024

Read the article

Solving LLM Token Limit Issues: Understanding and Approaches

Rehan Asif

Aug 29, 2024

Read the article

Understanding the Impact of Inference Cost on Generative AI Adoption

Jigar Gupta

Aug 28, 2024

Read the article

Data Security: Risks, Solutions, Types and Best Practices

Jigar Gupta

Aug 28, 2024

Read the article

Getting Contextual Understanding Right for RAG Applications

Jigar Gupta

Aug 28, 2024

Read the article

Understanding Data Fragmentation and Strategies to Overcome It

Jigar Gupta

Aug 28, 2024

Read the article

Understanding Techniques and Applications for Grounding LLMs in Data

Rehan Asif

Aug 28, 2024

Read the article

Advantages Of Using LLMs For Rapid Application Development

Rehan Asif

Aug 28, 2024

Read the article

Understanding React Agent in LangChain Engineering

Rehan Asif

Aug 28, 2024

Read the article

Using RagaAI Catalyst to Evaluate LLM Applications

Gaurav Agarwal

Aug 20, 2024

Read the article

Step-by-Step Guide on Training Large Language Models

Rehan Asif

Aug 19, 2024

Read the article

Understanding LLM Agent Architecture

Rehan Asif

Aug 19, 2024

Read the article

Understanding the Need and Possibilities of AI Guardrails Today

Jigar Gupta

Aug 19, 2024

Read the article

How to Prepare Quality Dataset for LLM Training

Rehan Asif

Aug 14, 2024

Read the article

Understanding Multi-Agent LLM Framework and Its Performance Scaling

Rehan Asif

Aug 15, 2024

Read the article

Understanding and Tackling Data Drift: Causes, Impact, and Automation Strategies

Jigar Gupta

Aug 14, 2024

Read the article

RagaAI Dashboard
RagaAI Dashboard
RagaAI Dashboard
RagaAI Dashboard
Introducing RagaAI Catalyst: Best in class automated LLM evaluation with 93% Human Alignment

Gaurav Agarwal

Jul 15, 2024

Read the article

Key Pillars and Techniques for LLM Observability and Monitoring

Rehan Asif

Jul 24, 2024

Read the article

Introduction to What is LLM Agents and How They Work?

Rehan Asif

Jul 24, 2024

Read the article

Analysis of the Large Language Model Landscape Evolution

Rehan Asif

Jul 24, 2024

Read the article

Marketing Success With Retrieval Augmented Generation (RAG) Platforms

Jigar Gupta

Jul 24, 2024

Read the article

Developing AI Agent Strategies Using GPT

Jigar Gupta

Jul 24, 2024

Read the article

Identifying Triggers for Retraining AI Models to Maintain Performance

Jigar Gupta

Jul 16, 2024

Read the article

Agentic Design Patterns In LLM-Based Applications

Rehan Asif

Jul 16, 2024

Read the article

Generative AI And Document Question Answering With LLMs

Jigar Gupta

Jul 15, 2024

Read the article

How to Fine-Tune ChatGPT for Your Use Case - Step by Step Guide

Jigar Gupta

Jul 15, 2024

Read the article

Security and LLM Firewall Controls

Rehan Asif

Jul 15, 2024

Read the article

Understanding the Use of Guardrail Metrics in Ensuring LLM Safety

Rehan Asif

Jul 13, 2024

Read the article

Exploring the Future of LLM and Generative AI Infrastructure

Rehan Asif

Jul 13, 2024

Read the article

Comprehensive Guide to RLHF and Fine Tuning LLMs from Scratch

Rehan Asif

Jul 13, 2024

Read the article

Using Synthetic Data To Enrich RAG Applications

Jigar Gupta

Jul 13, 2024

Read the article

Comparing Different Large Language Model (LLM) Frameworks

Rehan Asif

Jul 12, 2024

Read the article

Integrating AI Models with Continuous Integration Systems

Jigar Gupta

Jul 12, 2024

Read the article

Understanding Retrieval Augmented Generation for Large Language Models: A Survey

Jigar Gupta

Jul 12, 2024

Read the article

Leveraging AI For Enhanced Retail Customer Experiences

Jigar Gupta

Jul 1, 2024

Read the article

Enhancing Enterprise Search Using RAG and LLMs

Rehan Asif

Jul 1, 2024

Read the article

Importance of Accuracy and Reliability in Tabular Data Models

Jigar Gupta

Jul 1, 2024

Read the article

Information Retrieval And LLMs: RAG Explained

Rehan Asif

Jul 1, 2024

Read the article

Introduction to LLM Powered Autonomous Agents

Rehan Asif

Jul 1, 2024

Read the article

Guide on Unified Multi-Dimensional LLM Evaluation and Benchmark Metrics

Rehan Asif

Jul 1, 2024

Read the article

Innovations In AI For Healthcare

Jigar Gupta

Jun 24, 2024

Read the article

Implementing AI-Driven Inventory Management For The Retail Industry

Jigar Gupta

Jun 24, 2024

Read the article

Practical Retrieval Augmented Generation: Use Cases And Impact

Jigar Gupta

Jun 24, 2024

Read the article

LLM Pre-Training and Fine-Tuning Differences

Rehan Asif

Jun 23, 2024

Read the article

20 LLM Project Ideas For Beginners Using Large Language Models

Rehan Asif

Jun 23, 2024

Read the article

Understanding LLM Parameters: Tuning Top-P, Temperature And Tokens

Rehan Asif

Jun 23, 2024

Read the article

Understanding Large Action Models In AI

Rehan Asif

Jun 23, 2024

Read the article

Building And Implementing Custom LLM Guardrails

Rehan Asif

Jun 12, 2024

Read the article

Understanding LLM Alignment: A Simple Guide

Rehan Asif

Jun 12, 2024

Read the article

Practical Strategies For Self-Hosting Large Language Models

Rehan Asif

Jun 12, 2024

Read the article

Practical Guide For Deploying LLMs In Production

Rehan Asif

Jun 12, 2024

Read the article

The Impact Of Generative Models On Content Creation

Jigar Gupta

Jun 12, 2024

Read the article

Implementing Regression Tests In AI Development

Jigar Gupta

Jun 12, 2024

Read the article

In-Depth Case Studies in AI Model Testing: Exploring Real-World Applications and Insights

Jigar Gupta

Jun 11, 2024

Read the article

Techniques and Importance of Stress Testing AI Systems

Jigar Gupta

Jun 11, 2024

Read the article

Navigating Global AI Regulations and Standards

Rehan Asif

Jun 10, 2024

Read the article

The Cost of Errors In AI Application Development