The EU AI Act - All you need to know
Akshat Gupta
Mar 27, 2024
The European Union's Artificial Intelligence Act (AI Act) represents a milestone in global AI regulation, responding to increasing demands for ethical standards and transparency in AI usage. After extensive drafting and negotiation, the Act has now been provisionally agreed upon, with final compromises reached and adoption by the European Parliament on March 13, 2024. Anticipated to take effect between May and July 2024, the AI Act establishes a comprehensive legal framework to foster trustworthy AI within and beyond Europe, emphasising the respect for fundamental rights, safety, and ethical principles.
Overseen by the newly created EU AI Office, the Act imposes significant penalties for noncompliance - exposing companies to fines of €35 million, or 7 percent of a company's annual revenue, whichever is greater. This compels the stakeholders to understand its implications for their businesses. This blog provides a nuanced exploration of the Act's key provisions, ranging from its rules on high-risk systems to its governance and enforcement mechanisms, offering insights into its potential impact on corporations, individuals and societies alike.
How does it concern me?
AI applications influence what information you see online by predicting what content is engaging to you, capture and analyse data from faces to enforce laws or personalise advertisements, and are used to diagnose and treat cancer. In other words, AI affects many parts of your life.
Like the EU’s General Data Protection Regulation (GDPR) in 2018, the EU AI Act could become a global standard, determining to what extent AI has a positive rather than negative effect on your life wherever you may be. The EU’s AI regulation is already making waves internationally. If you’re a part of an organisation that is leveraging AI/ML techniques to build amazing solutions for real-world problems in or outside the EU, then you will come across this act sooner or later. Why not understand everything there is, right now ?
The AI Act aims to “strengthen Europe’s position as a global hub of excellence in AI from the lab to the market, ensure that AI in Europe respects set values and rules, and harnesses the potential of AI for industrial use.”
- European parliament News
What should I know about the act?
A risk-based approach
The cornerstone of the AI Act is a classification system that determines the level of risk an AI technology could pose to the health and safety or fundamental rights of a person. The framework includes four risk tiers: unacceptable, high, limited and minimal.
Source : European Commission
Unacceptable Risk Systems
The EU's AI regulations encompass several key provisions to ensure ethical and responsible AI use. Prohibited AI practices include banning deceptive techniques, exploitation of vulnerabilities, and categorization based on sensitive attributes. Real-time biometric identification in law enforcement requires prior authorization and notification to authorities, with member states having discretion within specified limits. Additionally, reporting obligations mandate annual reports on biometric identification use, ensuring transparency and accountability in AI implementation.
High Risk Systems
The EU identifies various high-risk AI systems across sectors such as critical infrastructure, education, product safety, employment, public services, law enforcement, migration management, and justice administration. These systems are subject to stringent obligations, including risk assessment, high-quality data utilization, activity logging, detailed documentation, transparent deployment, human oversight, and robustness assurance.
High-risk AI systems will be subject to strict obligations before they can be put on the market. We have tried to simplify these for you -
Based on the impact of the application, define the risk-level of the system.
Understand the regulatory requirements : Understand the requirements of your system on the basis of your use case and risk level. The standards would be laid out by the AI Office with the help of standardisation bodies like CEN/CENELEC.
Risk management system : Evaluation and monitoring of risks posed in application in real-world
Data and Data Governance : Ensure data representativeness, correctness and completeness, train-test-validation independence, annotation quality, fairness and bias reduction, data sufficiency and privacy of personal data.
Technical Documentation and Transparency to deployers : Maintain and avail necessary information to assess the compliance of the system as per the requirements. Ensure full transparency of crucial information and processes with regulatory bodies as well as consumers of the application.
Human Oversight : Enable a synergic ecosystem allowing post production monitoring by humans and intervention capabilities.
Accuracy, Robustness and Cybersecurity : Ensure model robustness and continuous data & system integrity checks
Quality Management System : End to end system for data and learning management quality.
Limited risk Systems
Limited risk refers to the risks associated with lack of transparency in AI usage. The AI Act introduces specific transparency obligations to ensure that humans are informed when necessary, fostering trust. For instance, when using AI systems such as chatbots, humans should be made aware that they are interacting with a machine so they can take an informed decision to continue or step back. Providers will also have to ensure that AI-generated content is identifiable. Besides, AI-generated text published with the purpose to inform the public on matters of public interest must be labelled as artificially generated. This also applies to audio and video content constituting deep fakes.
Minimal or no risk
The AI Act allows the free use of minimal-risk AI. This includes applications such as AI-enabled video games or spam filters. The vast majority of AI systems currently used in the EU fall into this category.
General Purpose AI Systems
On a high level, a general-purpose AI model is considered to have systemic risk if its training requires over 10^25 floating point operations (FLOPs), indicating high impact capabilities. These are mainly genAI models.
The general obligations can be met via self-assessment and can be understood here :
Codes of Practice : Use codes of practice to demonstrate compliance until harmonised standards are published.
Technical Documentation and Information Sharing : Necessary information to assess the compliance of the system as per the requirements; and continuous access to regulators.
Model Evaluation : Model evaluation using standardized protocols and tools, including adversarial testing to identify and mitigate systemic risks.
Risk Assessment : Assess and mitigate systemic risks arising from the development or use of AI models
By when do I need to be ready?
6 months
Prohibition on unacceptable risk AI
12 months
Obligations on providers of general purpose Al models go into effect.
Appointment of member state competent authorities.
Annual Commission review of, and possible amendments to, the list of prohibited Al.
18 months
Commission implementing act on post-market monitoring.
24 months
Obligations on high-risk Al systems specifically listed in Annex III, which includes Al systems in biometrics, critical infrastructure, education, employment, access to essential public services, law enforcement, immigration and administration of justice.
Member states have implemented rules on penalties, including administrative fines.
Member state authorities have established at least one operational Al regulatory sandbox.
Commission review, and possible amendment of, the list of high-risk Al systems.
36 months
Obligations for high-risk Al systems that are not prescribed in Annex Ill but are intended to be used as a safety component of a product, or the Al is itself a product, and the product is required to undergo a third-party conformity assessment under existing specific EU laws, for example toys, radio equipment, in vitro diagnostic medical devices, civil aviation security and agricultural vehicles.
How does RagaAI help fulfil these obligations ?
As we’ve seen above, compliance with these complex regulations is a crucial but a cumbersome and technically difficult task. We at RagaAI are using cutting-edge technology to build comprehensive solutions to help you navigate through these complexities and enable automated compliance management for your enterprise AI. These solutions work across all modalities of data.
RagaAI provides comprehensive tests catering to the requirements of the act (laid out objectively), using cutting-edge methods, concrete frameworks and extensive visualisation techniques.
Users can track overall compliance status with global standards put in place by various regulators and policies.
A summary view of various tests and objectives that they comply with. It also shows the risk level ( impact ) and the status of compliance. Doesn’t it look so convenient ?
The website docs enlist and meticulously present the various tests which have been designed to comply with different aspects of regulatory regimes.
Conclusion
The EU AI Act is here to stay and as the specific requirements and standards are laid out over time across all the industries, it is imperative that the AI community is ready with the tools and techniques to comply with these regulations. RagaAI is at the forefront of building these capabilities and helping enterprises ensure full governance of their systems and also comply with globally accepted standards being shaped by revolutionary measures like the EU AI Act.
Get in touch with our Experts
The European Union's Artificial Intelligence Act (AI Act) represents a milestone in global AI regulation, responding to increasing demands for ethical standards and transparency in AI usage. After extensive drafting and negotiation, the Act has now been provisionally agreed upon, with final compromises reached and adoption by the European Parliament on March 13, 2024. Anticipated to take effect between May and July 2024, the AI Act establishes a comprehensive legal framework to foster trustworthy AI within and beyond Europe, emphasising the respect for fundamental rights, safety, and ethical principles.
Overseen by the newly created EU AI Office, the Act imposes significant penalties for noncompliance - exposing companies to fines of €35 million, or 7 percent of a company's annual revenue, whichever is greater. This compels the stakeholders to understand its implications for their businesses. This blog provides a nuanced exploration of the Act's key provisions, ranging from its rules on high-risk systems to its governance and enforcement mechanisms, offering insights into its potential impact on corporations, individuals and societies alike.
How does it concern me?
AI applications influence what information you see online by predicting what content is engaging to you, capture and analyse data from faces to enforce laws or personalise advertisements, and are used to diagnose and treat cancer. In other words, AI affects many parts of your life.
Like the EU’s General Data Protection Regulation (GDPR) in 2018, the EU AI Act could become a global standard, determining to what extent AI has a positive rather than negative effect on your life wherever you may be. The EU’s AI regulation is already making waves internationally. If you’re a part of an organisation that is leveraging AI/ML techniques to build amazing solutions for real-world problems in or outside the EU, then you will come across this act sooner or later. Why not understand everything there is, right now ?
The AI Act aims to “strengthen Europe’s position as a global hub of excellence in AI from the lab to the market, ensure that AI in Europe respects set values and rules, and harnesses the potential of AI for industrial use.”
- European parliament News
What should I know about the act?
A risk-based approach
The cornerstone of the AI Act is a classification system that determines the level of risk an AI technology could pose to the health and safety or fundamental rights of a person. The framework includes four risk tiers: unacceptable, high, limited and minimal.
Source : European Commission
Unacceptable Risk Systems
The EU's AI regulations encompass several key provisions to ensure ethical and responsible AI use. Prohibited AI practices include banning deceptive techniques, exploitation of vulnerabilities, and categorization based on sensitive attributes. Real-time biometric identification in law enforcement requires prior authorization and notification to authorities, with member states having discretion within specified limits. Additionally, reporting obligations mandate annual reports on biometric identification use, ensuring transparency and accountability in AI implementation.
High Risk Systems
The EU identifies various high-risk AI systems across sectors such as critical infrastructure, education, product safety, employment, public services, law enforcement, migration management, and justice administration. These systems are subject to stringent obligations, including risk assessment, high-quality data utilization, activity logging, detailed documentation, transparent deployment, human oversight, and robustness assurance.
High-risk AI systems will be subject to strict obligations before they can be put on the market. We have tried to simplify these for you -
Based on the impact of the application, define the risk-level of the system.
Understand the regulatory requirements : Understand the requirements of your system on the basis of your use case and risk level. The standards would be laid out by the AI Office with the help of standardisation bodies like CEN/CENELEC.
Risk management system : Evaluation and monitoring of risks posed in application in real-world
Data and Data Governance : Ensure data representativeness, correctness and completeness, train-test-validation independence, annotation quality, fairness and bias reduction, data sufficiency and privacy of personal data.
Technical Documentation and Transparency to deployers : Maintain and avail necessary information to assess the compliance of the system as per the requirements. Ensure full transparency of crucial information and processes with regulatory bodies as well as consumers of the application.
Human Oversight : Enable a synergic ecosystem allowing post production monitoring by humans and intervention capabilities.
Accuracy, Robustness and Cybersecurity : Ensure model robustness and continuous data & system integrity checks
Quality Management System : End to end system for data and learning management quality.
Limited risk Systems
Limited risk refers to the risks associated with lack of transparency in AI usage. The AI Act introduces specific transparency obligations to ensure that humans are informed when necessary, fostering trust. For instance, when using AI systems such as chatbots, humans should be made aware that they are interacting with a machine so they can take an informed decision to continue or step back. Providers will also have to ensure that AI-generated content is identifiable. Besides, AI-generated text published with the purpose to inform the public on matters of public interest must be labelled as artificially generated. This also applies to audio and video content constituting deep fakes.
Minimal or no risk
The AI Act allows the free use of minimal-risk AI. This includes applications such as AI-enabled video games or spam filters. The vast majority of AI systems currently used in the EU fall into this category.
General Purpose AI Systems
On a high level, a general-purpose AI model is considered to have systemic risk if its training requires over 10^25 floating point operations (FLOPs), indicating high impact capabilities. These are mainly genAI models.
The general obligations can be met via self-assessment and can be understood here :
Codes of Practice : Use codes of practice to demonstrate compliance until harmonised standards are published.
Technical Documentation and Information Sharing : Necessary information to assess the compliance of the system as per the requirements; and continuous access to regulators.
Model Evaluation : Model evaluation using standardized protocols and tools, including adversarial testing to identify and mitigate systemic risks.
Risk Assessment : Assess and mitigate systemic risks arising from the development or use of AI models
By when do I need to be ready?
6 months
Prohibition on unacceptable risk AI
12 months
Obligations on providers of general purpose Al models go into effect.
Appointment of member state competent authorities.
Annual Commission review of, and possible amendments to, the list of prohibited Al.
18 months
Commission implementing act on post-market monitoring.
24 months
Obligations on high-risk Al systems specifically listed in Annex III, which includes Al systems in biometrics, critical infrastructure, education, employment, access to essential public services, law enforcement, immigration and administration of justice.
Member states have implemented rules on penalties, including administrative fines.
Member state authorities have established at least one operational Al regulatory sandbox.
Commission review, and possible amendment of, the list of high-risk Al systems.
36 months
Obligations for high-risk Al systems that are not prescribed in Annex Ill but are intended to be used as a safety component of a product, or the Al is itself a product, and the product is required to undergo a third-party conformity assessment under existing specific EU laws, for example toys, radio equipment, in vitro diagnostic medical devices, civil aviation security and agricultural vehicles.
How does RagaAI help fulfil these obligations ?
As we’ve seen above, compliance with these complex regulations is a crucial but a cumbersome and technically difficult task. We at RagaAI are using cutting-edge technology to build comprehensive solutions to help you navigate through these complexities and enable automated compliance management for your enterprise AI. These solutions work across all modalities of data.
RagaAI provides comprehensive tests catering to the requirements of the act (laid out objectively), using cutting-edge methods, concrete frameworks and extensive visualisation techniques.
Users can track overall compliance status with global standards put in place by various regulators and policies.
A summary view of various tests and objectives that they comply with. It also shows the risk level ( impact ) and the status of compliance. Doesn’t it look so convenient ?
The website docs enlist and meticulously present the various tests which have been designed to comply with different aspects of regulatory regimes.
Conclusion
The EU AI Act is here to stay and as the specific requirements and standards are laid out over time across all the industries, it is imperative that the AI community is ready with the tools and techniques to comply with these regulations. RagaAI is at the forefront of building these capabilities and helping enterprises ensure full governance of their systems and also comply with globally accepted standards being shaped by revolutionary measures like the EU AI Act.
Get in touch with our Experts
The European Union's Artificial Intelligence Act (AI Act) represents a milestone in global AI regulation, responding to increasing demands for ethical standards and transparency in AI usage. After extensive drafting and negotiation, the Act has now been provisionally agreed upon, with final compromises reached and adoption by the European Parliament on March 13, 2024. Anticipated to take effect between May and July 2024, the AI Act establishes a comprehensive legal framework to foster trustworthy AI within and beyond Europe, emphasising the respect for fundamental rights, safety, and ethical principles.
Overseen by the newly created EU AI Office, the Act imposes significant penalties for noncompliance - exposing companies to fines of €35 million, or 7 percent of a company's annual revenue, whichever is greater. This compels the stakeholders to understand its implications for their businesses. This blog provides a nuanced exploration of the Act's key provisions, ranging from its rules on high-risk systems to its governance and enforcement mechanisms, offering insights into its potential impact on corporations, individuals and societies alike.
How does it concern me?
AI applications influence what information you see online by predicting what content is engaging to you, capture and analyse data from faces to enforce laws or personalise advertisements, and are used to diagnose and treat cancer. In other words, AI affects many parts of your life.
Like the EU’s General Data Protection Regulation (GDPR) in 2018, the EU AI Act could become a global standard, determining to what extent AI has a positive rather than negative effect on your life wherever you may be. The EU’s AI regulation is already making waves internationally. If you’re a part of an organisation that is leveraging AI/ML techniques to build amazing solutions for real-world problems in or outside the EU, then you will come across this act sooner or later. Why not understand everything there is, right now ?
The AI Act aims to “strengthen Europe’s position as a global hub of excellence in AI from the lab to the market, ensure that AI in Europe respects set values and rules, and harnesses the potential of AI for industrial use.”
- European parliament News
What should I know about the act?
A risk-based approach
The cornerstone of the AI Act is a classification system that determines the level of risk an AI technology could pose to the health and safety or fundamental rights of a person. The framework includes four risk tiers: unacceptable, high, limited and minimal.
Source : European Commission
Unacceptable Risk Systems
The EU's AI regulations encompass several key provisions to ensure ethical and responsible AI use. Prohibited AI practices include banning deceptive techniques, exploitation of vulnerabilities, and categorization based on sensitive attributes. Real-time biometric identification in law enforcement requires prior authorization and notification to authorities, with member states having discretion within specified limits. Additionally, reporting obligations mandate annual reports on biometric identification use, ensuring transparency and accountability in AI implementation.
High Risk Systems
The EU identifies various high-risk AI systems across sectors such as critical infrastructure, education, product safety, employment, public services, law enforcement, migration management, and justice administration. These systems are subject to stringent obligations, including risk assessment, high-quality data utilization, activity logging, detailed documentation, transparent deployment, human oversight, and robustness assurance.
High-risk AI systems will be subject to strict obligations before they can be put on the market. We have tried to simplify these for you -
Based on the impact of the application, define the risk-level of the system.
Understand the regulatory requirements : Understand the requirements of your system on the basis of your use case and risk level. The standards would be laid out by the AI Office with the help of standardisation bodies like CEN/CENELEC.
Risk management system : Evaluation and monitoring of risks posed in application in real-world
Data and Data Governance : Ensure data representativeness, correctness and completeness, train-test-validation independence, annotation quality, fairness and bias reduction, data sufficiency and privacy of personal data.
Technical Documentation and Transparency to deployers : Maintain and avail necessary information to assess the compliance of the system as per the requirements. Ensure full transparency of crucial information and processes with regulatory bodies as well as consumers of the application.
Human Oversight : Enable a synergic ecosystem allowing post production monitoring by humans and intervention capabilities.
Accuracy, Robustness and Cybersecurity : Ensure model robustness and continuous data & system integrity checks
Quality Management System : End to end system for data and learning management quality.
Limited risk Systems
Limited risk refers to the risks associated with lack of transparency in AI usage. The AI Act introduces specific transparency obligations to ensure that humans are informed when necessary, fostering trust. For instance, when using AI systems such as chatbots, humans should be made aware that they are interacting with a machine so they can take an informed decision to continue or step back. Providers will also have to ensure that AI-generated content is identifiable. Besides, AI-generated text published with the purpose to inform the public on matters of public interest must be labelled as artificially generated. This also applies to audio and video content constituting deep fakes.
Minimal or no risk
The AI Act allows the free use of minimal-risk AI. This includes applications such as AI-enabled video games or spam filters. The vast majority of AI systems currently used in the EU fall into this category.
General Purpose AI Systems
On a high level, a general-purpose AI model is considered to have systemic risk if its training requires over 10^25 floating point operations (FLOPs), indicating high impact capabilities. These are mainly genAI models.
The general obligations can be met via self-assessment and can be understood here :
Codes of Practice : Use codes of practice to demonstrate compliance until harmonised standards are published.
Technical Documentation and Information Sharing : Necessary information to assess the compliance of the system as per the requirements; and continuous access to regulators.
Model Evaluation : Model evaluation using standardized protocols and tools, including adversarial testing to identify and mitigate systemic risks.
Risk Assessment : Assess and mitigate systemic risks arising from the development or use of AI models
By when do I need to be ready?
6 months
Prohibition on unacceptable risk AI
12 months
Obligations on providers of general purpose Al models go into effect.
Appointment of member state competent authorities.
Annual Commission review of, and possible amendments to, the list of prohibited Al.
18 months
Commission implementing act on post-market monitoring.
24 months
Obligations on high-risk Al systems specifically listed in Annex III, which includes Al systems in biometrics, critical infrastructure, education, employment, access to essential public services, law enforcement, immigration and administration of justice.
Member states have implemented rules on penalties, including administrative fines.
Member state authorities have established at least one operational Al regulatory sandbox.
Commission review, and possible amendment of, the list of high-risk Al systems.
36 months
Obligations for high-risk Al systems that are not prescribed in Annex Ill but are intended to be used as a safety component of a product, or the Al is itself a product, and the product is required to undergo a third-party conformity assessment under existing specific EU laws, for example toys, radio equipment, in vitro diagnostic medical devices, civil aviation security and agricultural vehicles.
How does RagaAI help fulfil these obligations ?
As we’ve seen above, compliance with these complex regulations is a crucial but a cumbersome and technically difficult task. We at RagaAI are using cutting-edge technology to build comprehensive solutions to help you navigate through these complexities and enable automated compliance management for your enterprise AI. These solutions work across all modalities of data.
RagaAI provides comprehensive tests catering to the requirements of the act (laid out objectively), using cutting-edge methods, concrete frameworks and extensive visualisation techniques.
Users can track overall compliance status with global standards put in place by various regulators and policies.
A summary view of various tests and objectives that they comply with. It also shows the risk level ( impact ) and the status of compliance. Doesn’t it look so convenient ?
The website docs enlist and meticulously present the various tests which have been designed to comply with different aspects of regulatory regimes.
Conclusion
The EU AI Act is here to stay and as the specific requirements and standards are laid out over time across all the industries, it is imperative that the AI community is ready with the tools and techniques to comply with these regulations. RagaAI is at the forefront of building these capabilities and helping enterprises ensure full governance of their systems and also comply with globally accepted standards being shaped by revolutionary measures like the EU AI Act.
Get in touch with our Experts
The European Union's Artificial Intelligence Act (AI Act) represents a milestone in global AI regulation, responding to increasing demands for ethical standards and transparency in AI usage. After extensive drafting and negotiation, the Act has now been provisionally agreed upon, with final compromises reached and adoption by the European Parliament on March 13, 2024. Anticipated to take effect between May and July 2024, the AI Act establishes a comprehensive legal framework to foster trustworthy AI within and beyond Europe, emphasising the respect for fundamental rights, safety, and ethical principles.
Overseen by the newly created EU AI Office, the Act imposes significant penalties for noncompliance - exposing companies to fines of €35 million, or 7 percent of a company's annual revenue, whichever is greater. This compels the stakeholders to understand its implications for their businesses. This blog provides a nuanced exploration of the Act's key provisions, ranging from its rules on high-risk systems to its governance and enforcement mechanisms, offering insights into its potential impact on corporations, individuals and societies alike.
How does it concern me?
AI applications influence what information you see online by predicting what content is engaging to you, capture and analyse data from faces to enforce laws or personalise advertisements, and are used to diagnose and treat cancer. In other words, AI affects many parts of your life.
Like the EU’s General Data Protection Regulation (GDPR) in 2018, the EU AI Act could become a global standard, determining to what extent AI has a positive rather than negative effect on your life wherever you may be. The EU’s AI regulation is already making waves internationally. If you’re a part of an organisation that is leveraging AI/ML techniques to build amazing solutions for real-world problems in or outside the EU, then you will come across this act sooner or later. Why not understand everything there is, right now ?
The AI Act aims to “strengthen Europe’s position as a global hub of excellence in AI from the lab to the market, ensure that AI in Europe respects set values and rules, and harnesses the potential of AI for industrial use.”
- European parliament News
What should I know about the act?
A risk-based approach
The cornerstone of the AI Act is a classification system that determines the level of risk an AI technology could pose to the health and safety or fundamental rights of a person. The framework includes four risk tiers: unacceptable, high, limited and minimal.
Source : European Commission
Unacceptable Risk Systems
The EU's AI regulations encompass several key provisions to ensure ethical and responsible AI use. Prohibited AI practices include banning deceptive techniques, exploitation of vulnerabilities, and categorization based on sensitive attributes. Real-time biometric identification in law enforcement requires prior authorization and notification to authorities, with member states having discretion within specified limits. Additionally, reporting obligations mandate annual reports on biometric identification use, ensuring transparency and accountability in AI implementation.
High Risk Systems
The EU identifies various high-risk AI systems across sectors such as critical infrastructure, education, product safety, employment, public services, law enforcement, migration management, and justice administration. These systems are subject to stringent obligations, including risk assessment, high-quality data utilization, activity logging, detailed documentation, transparent deployment, human oversight, and robustness assurance.
High-risk AI systems will be subject to strict obligations before they can be put on the market. We have tried to simplify these for you -
Based on the impact of the application, define the risk-level of the system.
Understand the regulatory requirements : Understand the requirements of your system on the basis of your use case and risk level. The standards would be laid out by the AI Office with the help of standardisation bodies like CEN/CENELEC.
Risk management system : Evaluation and monitoring of risks posed in application in real-world
Data and Data Governance : Ensure data representativeness, correctness and completeness, train-test-validation independence, annotation quality, fairness and bias reduction, data sufficiency and privacy of personal data.
Technical Documentation and Transparency to deployers : Maintain and avail necessary information to assess the compliance of the system as per the requirements. Ensure full transparency of crucial information and processes with regulatory bodies as well as consumers of the application.
Human Oversight : Enable a synergic ecosystem allowing post production monitoring by humans and intervention capabilities.
Accuracy, Robustness and Cybersecurity : Ensure model robustness and continuous data & system integrity checks
Quality Management System : End to end system for data and learning management quality.
Limited risk Systems
Limited risk refers to the risks associated with lack of transparency in AI usage. The AI Act introduces specific transparency obligations to ensure that humans are informed when necessary, fostering trust. For instance, when using AI systems such as chatbots, humans should be made aware that they are interacting with a machine so they can take an informed decision to continue or step back. Providers will also have to ensure that AI-generated content is identifiable. Besides, AI-generated text published with the purpose to inform the public on matters of public interest must be labelled as artificially generated. This also applies to audio and video content constituting deep fakes.
Minimal or no risk
The AI Act allows the free use of minimal-risk AI. This includes applications such as AI-enabled video games or spam filters. The vast majority of AI systems currently used in the EU fall into this category.
General Purpose AI Systems
On a high level, a general-purpose AI model is considered to have systemic risk if its training requires over 10^25 floating point operations (FLOPs), indicating high impact capabilities. These are mainly genAI models.
The general obligations can be met via self-assessment and can be understood here :
Codes of Practice : Use codes of practice to demonstrate compliance until harmonised standards are published.
Technical Documentation and Information Sharing : Necessary information to assess the compliance of the system as per the requirements; and continuous access to regulators.
Model Evaluation : Model evaluation using standardized protocols and tools, including adversarial testing to identify and mitigate systemic risks.
Risk Assessment : Assess and mitigate systemic risks arising from the development or use of AI models
By when do I need to be ready?
6 months
Prohibition on unacceptable risk AI
12 months
Obligations on providers of general purpose Al models go into effect.
Appointment of member state competent authorities.
Annual Commission review of, and possible amendments to, the list of prohibited Al.
18 months
Commission implementing act on post-market monitoring.
24 months
Obligations on high-risk Al systems specifically listed in Annex III, which includes Al systems in biometrics, critical infrastructure, education, employment, access to essential public services, law enforcement, immigration and administration of justice.
Member states have implemented rules on penalties, including administrative fines.
Member state authorities have established at least one operational Al regulatory sandbox.
Commission review, and possible amendment of, the list of high-risk Al systems.
36 months
Obligations for high-risk Al systems that are not prescribed in Annex Ill but are intended to be used as a safety component of a product, or the Al is itself a product, and the product is required to undergo a third-party conformity assessment under existing specific EU laws, for example toys, radio equipment, in vitro diagnostic medical devices, civil aviation security and agricultural vehicles.
How does RagaAI help fulfil these obligations ?
As we’ve seen above, compliance with these complex regulations is a crucial but a cumbersome and technically difficult task. We at RagaAI are using cutting-edge technology to build comprehensive solutions to help you navigate through these complexities and enable automated compliance management for your enterprise AI. These solutions work across all modalities of data.
RagaAI provides comprehensive tests catering to the requirements of the act (laid out objectively), using cutting-edge methods, concrete frameworks and extensive visualisation techniques.
Users can track overall compliance status with global standards put in place by various regulators and policies.
A summary view of various tests and objectives that they comply with. It also shows the risk level ( impact ) and the status of compliance. Doesn’t it look so convenient ?
The website docs enlist and meticulously present the various tests which have been designed to comply with different aspects of regulatory regimes.
Conclusion
The EU AI Act is here to stay and as the specific requirements and standards are laid out over time across all the industries, it is imperative that the AI community is ready with the tools and techniques to comply with these regulations. RagaAI is at the forefront of building these capabilities and helping enterprises ensure full governance of their systems and also comply with globally accepted standards being shaped by revolutionary measures like the EU AI Act.
Get in touch with our Experts
The European Union's Artificial Intelligence Act (AI Act) represents a milestone in global AI regulation, responding to increasing demands for ethical standards and transparency in AI usage. After extensive drafting and negotiation, the Act has now been provisionally agreed upon, with final compromises reached and adoption by the European Parliament on March 13, 2024. Anticipated to take effect between May and July 2024, the AI Act establishes a comprehensive legal framework to foster trustworthy AI within and beyond Europe, emphasising the respect for fundamental rights, safety, and ethical principles.
Overseen by the newly created EU AI Office, the Act imposes significant penalties for noncompliance - exposing companies to fines of €35 million, or 7 percent of a company's annual revenue, whichever is greater. This compels the stakeholders to understand its implications for their businesses. This blog provides a nuanced exploration of the Act's key provisions, ranging from its rules on high-risk systems to its governance and enforcement mechanisms, offering insights into its potential impact on corporations, individuals and societies alike.
How does it concern me?
AI applications influence what information you see online by predicting what content is engaging to you, capture and analyse data from faces to enforce laws or personalise advertisements, and are used to diagnose and treat cancer. In other words, AI affects many parts of your life.
Like the EU’s General Data Protection Regulation (GDPR) in 2018, the EU AI Act could become a global standard, determining to what extent AI has a positive rather than negative effect on your life wherever you may be. The EU’s AI regulation is already making waves internationally. If you’re a part of an organisation that is leveraging AI/ML techniques to build amazing solutions for real-world problems in or outside the EU, then you will come across this act sooner or later. Why not understand everything there is, right now ?
The AI Act aims to “strengthen Europe’s position as a global hub of excellence in AI from the lab to the market, ensure that AI in Europe respects set values and rules, and harnesses the potential of AI for industrial use.”
- European parliament News
What should I know about the act?
A risk-based approach
The cornerstone of the AI Act is a classification system that determines the level of risk an AI technology could pose to the health and safety or fundamental rights of a person. The framework includes four risk tiers: unacceptable, high, limited and minimal.
Source : European Commission
Unacceptable Risk Systems
The EU's AI regulations encompass several key provisions to ensure ethical and responsible AI use. Prohibited AI practices include banning deceptive techniques, exploitation of vulnerabilities, and categorization based on sensitive attributes. Real-time biometric identification in law enforcement requires prior authorization and notification to authorities, with member states having discretion within specified limits. Additionally, reporting obligations mandate annual reports on biometric identification use, ensuring transparency and accountability in AI implementation.
High Risk Systems
The EU identifies various high-risk AI systems across sectors such as critical infrastructure, education, product safety, employment, public services, law enforcement, migration management, and justice administration. These systems are subject to stringent obligations, including risk assessment, high-quality data utilization, activity logging, detailed documentation, transparent deployment, human oversight, and robustness assurance.
High-risk AI systems will be subject to strict obligations before they can be put on the market. We have tried to simplify these for you -
Based on the impact of the application, define the risk-level of the system.
Understand the regulatory requirements : Understand the requirements of your system on the basis of your use case and risk level. The standards would be laid out by the AI Office with the help of standardisation bodies like CEN/CENELEC.
Risk management system : Evaluation and monitoring of risks posed in application in real-world
Data and Data Governance : Ensure data representativeness, correctness and completeness, train-test-validation independence, annotation quality, fairness and bias reduction, data sufficiency and privacy of personal data.
Technical Documentation and Transparency to deployers : Maintain and avail necessary information to assess the compliance of the system as per the requirements. Ensure full transparency of crucial information and processes with regulatory bodies as well as consumers of the application.
Human Oversight : Enable a synergic ecosystem allowing post production monitoring by humans and intervention capabilities.
Accuracy, Robustness and Cybersecurity : Ensure model robustness and continuous data & system integrity checks
Quality Management System : End to end system for data and learning management quality.
Limited risk Systems
Limited risk refers to the risks associated with lack of transparency in AI usage. The AI Act introduces specific transparency obligations to ensure that humans are informed when necessary, fostering trust. For instance, when using AI systems such as chatbots, humans should be made aware that they are interacting with a machine so they can take an informed decision to continue or step back. Providers will also have to ensure that AI-generated content is identifiable. Besides, AI-generated text published with the purpose to inform the public on matters of public interest must be labelled as artificially generated. This also applies to audio and video content constituting deep fakes.
Minimal or no risk
The AI Act allows the free use of minimal-risk AI. This includes applications such as AI-enabled video games or spam filters. The vast majority of AI systems currently used in the EU fall into this category.
General Purpose AI Systems
On a high level, a general-purpose AI model is considered to have systemic risk if its training requires over 10^25 floating point operations (FLOPs), indicating high impact capabilities. These are mainly genAI models.
The general obligations can be met via self-assessment and can be understood here :
Codes of Practice : Use codes of practice to demonstrate compliance until harmonised standards are published.
Technical Documentation and Information Sharing : Necessary information to assess the compliance of the system as per the requirements; and continuous access to regulators.
Model Evaluation : Model evaluation using standardized protocols and tools, including adversarial testing to identify and mitigate systemic risks.
Risk Assessment : Assess and mitigate systemic risks arising from the development or use of AI models
By when do I need to be ready?
6 months
Prohibition on unacceptable risk AI
12 months
Obligations on providers of general purpose Al models go into effect.
Appointment of member state competent authorities.
Annual Commission review of, and possible amendments to, the list of prohibited Al.
18 months
Commission implementing act on post-market monitoring.
24 months
Obligations on high-risk Al systems specifically listed in Annex III, which includes Al systems in biometrics, critical infrastructure, education, employment, access to essential public services, law enforcement, immigration and administration of justice.
Member states have implemented rules on penalties, including administrative fines.
Member state authorities have established at least one operational Al regulatory sandbox.
Commission review, and possible amendment of, the list of high-risk Al systems.
36 months
Obligations for high-risk Al systems that are not prescribed in Annex Ill but are intended to be used as a safety component of a product, or the Al is itself a product, and the product is required to undergo a third-party conformity assessment under existing specific EU laws, for example toys, radio equipment, in vitro diagnostic medical devices, civil aviation security and agricultural vehicles.
How does RagaAI help fulfil these obligations ?
As we’ve seen above, compliance with these complex regulations is a crucial but a cumbersome and technically difficult task. We at RagaAI are using cutting-edge technology to build comprehensive solutions to help you navigate through these complexities and enable automated compliance management for your enterprise AI. These solutions work across all modalities of data.
RagaAI provides comprehensive tests catering to the requirements of the act (laid out objectively), using cutting-edge methods, concrete frameworks and extensive visualisation techniques.
Users can track overall compliance status with global standards put in place by various regulators and policies.
A summary view of various tests and objectives that they comply with. It also shows the risk level ( impact ) and the status of compliance. Doesn’t it look so convenient ?
The website docs enlist and meticulously present the various tests which have been designed to comply with different aspects of regulatory regimes.
Conclusion
The EU AI Act is here to stay and as the specific requirements and standards are laid out over time across all the industries, it is imperative that the AI community is ready with the tools and techniques to comply with these regulations. RagaAI is at the forefront of building these capabilities and helping enterprises ensure full governance of their systems and also comply with globally accepted standards being shaped by revolutionary measures like the EU AI Act.
Get in touch with our Experts
Subscribe to our newsletter to never miss an update
Subscribe to our newsletter to never miss an update
Other articles
Exploring Intelligent Agents in AI
Jigar Gupta
Sep 6, 2024
Read the article
Understanding What AI Red Teaming Means for Generative Models
Jigar Gupta
Sep 4, 2024
Read the article
RAG vs Fine-Tuning: Choosing the Best AI Learning Technique
Jigar Gupta
Sep 4, 2024
Read the article
Understanding NeMo Guardrails: A Toolkit for LLM Security
Rehan Asif
Sep 4, 2024
Read the article
Understanding Differences in Large vs Small Language Models (LLM vs SLM)
Rehan Asif
Sep 4, 2024
Read the article
Understanding What an AI Agent is: Key Applications and Examples
Jigar Gupta
Sep 4, 2024
Read the article
Prompt Engineering and Retrieval Augmented Generation (RAG)
Jigar Gupta
Sep 4, 2024
Read the article
Exploring How Multimodal Large Language Models Work
Rehan Asif
Sep 3, 2024
Read the article
Evaluating and Enhancing LLM-as-a-Judge with Automated Tools
Rehan Asif
Sep 3, 2024
Read the article
Optimizing Performance and Cost by Caching LLM Queries
Rehan Asif
Sep 3, 3034
Read the article
LoRA vs RAG: Full Model Fine-Tuning in Large Language Models
Jigar Gupta
Sep 3, 2024
Read the article
Steps to Train LLM on Personal Data
Rehan Asif
Sep 3, 2024
Read the article
Step by Step Guide to Building RAG-based LLM Applications with Examples
Rehan Asif
Sep 2, 2024
Read the article
Building AI Agentic Workflows with Multi-Agent Collaboration
Jigar Gupta
Sep 2, 2024
Read the article
Top Large Language Models (LLMs) in 2024
Rehan Asif
Sep 2, 2024
Read the article
Creating Apps with Large Language Models
Rehan Asif
Sep 2, 2024
Read the article
Best Practices In Data Governance For AI
Jigar Gupta
Sep 22, 2024
Read the article
Transforming Conversational AI with Large Language Models
Rehan Asif
Aug 30, 2024
Read the article
Deploying Generative AI Agents with Local LLMs
Rehan Asif
Aug 30, 2024
Read the article
Exploring Different Types of AI Agents with Key Examples
Jigar Gupta
Aug 30, 2024
Read the article
Creating Your Own Personal LLM Agents: Introduction to Implementation
Rehan Asif
Aug 30, 2024
Read the article
Exploring Agentic AI Architecture and Design Patterns
Jigar Gupta
Aug 30, 2024
Read the article
Building Your First LLM Agent Framework Application
Rehan Asif
Aug 29, 2024
Read the article
Multi-Agent Design and Collaboration Patterns
Rehan Asif
Aug 29, 2024
Read the article
Creating Your Own LLM Agent Application from Scratch
Rehan Asif
Aug 29, 2024
Read the article
Solving LLM Token Limit Issues: Understanding and Approaches
Rehan Asif
Aug 29, 2024
Read the article
Understanding the Impact of Inference Cost on Generative AI Adoption
Jigar Gupta
Aug 28, 2024
Read the article
Data Security: Risks, Solutions, Types and Best Practices
Jigar Gupta
Aug 28, 2024
Read the article
Getting Contextual Understanding Right for RAG Applications
Jigar Gupta
Aug 28, 2024
Read the article
Understanding Data Fragmentation and Strategies to Overcome It
Jigar Gupta
Aug 28, 2024
Read the article
Understanding Techniques and Applications for Grounding LLMs in Data
Rehan Asif
Aug 28, 2024
Read the article
Advantages Of Using LLMs For Rapid Application Development
Rehan Asif
Aug 28, 2024
Read the article
Understanding React Agent in LangChain Engineering
Rehan Asif
Aug 28, 2024
Read the article
Using RagaAI Catalyst to Evaluate LLM Applications
Gaurav Agarwal
Aug 20, 2024
Read the article
Step-by-Step Guide on Training Large Language Models
Rehan Asif
Aug 19, 2024
Read the article
Understanding LLM Agent Architecture
Rehan Asif
Aug 19, 2024
Read the article
Understanding the Need and Possibilities of AI Guardrails Today
Jigar Gupta
Aug 19, 2024
Read the article
How to Prepare Quality Dataset for LLM Training
Rehan Asif
Aug 14, 2024
Read the article
Understanding Multi-Agent LLM Framework and Its Performance Scaling
Rehan Asif
Aug 15, 2024
Read the article
Understanding and Tackling Data Drift: Causes, Impact, and Automation Strategies
Jigar Gupta
Aug 14, 2024
Read the article
Introducing RagaAI Catalyst: Best in class automated LLM evaluation with 93% Human Alignment
Gaurav Agarwal
Jul 15, 2024
Read the article
Key Pillars and Techniques for LLM Observability and Monitoring
Rehan Asif
Jul 24, 2024
Read the article
Introduction to What is LLM Agents and How They Work?
Rehan Asif
Jul 24, 2024
Read the article
Analysis of the Large Language Model Landscape Evolution
Rehan Asif
Jul 24, 2024
Read the article
Marketing Success With Retrieval Augmented Generation (RAG) Platforms
Jigar Gupta
Jul 24, 2024
Read the article
Developing AI Agent Strategies Using GPT
Jigar Gupta
Jul 24, 2024
Read the article
Identifying Triggers for Retraining AI Models to Maintain Performance
Jigar Gupta
Jul 16, 2024
Read the article
Agentic Design Patterns In LLM-Based Applications
Rehan Asif
Jul 16, 2024
Read the article
Generative AI And Document Question Answering With LLMs
Jigar Gupta
Jul 15, 2024
Read the article
How to Fine-Tune ChatGPT for Your Use Case - Step by Step Guide
Jigar Gupta
Jul 15, 2024
Read the article
Security and LLM Firewall Controls
Rehan Asif
Jul 15, 2024
Read the article
Understanding the Use of Guardrail Metrics in Ensuring LLM Safety
Rehan Asif
Jul 13, 2024
Read the article
Exploring the Future of LLM and Generative AI Infrastructure
Rehan Asif
Jul 13, 2024
Read the article
Comprehensive Guide to RLHF and Fine Tuning LLMs from Scratch
Rehan Asif
Jul 13, 2024
Read the article
Using Synthetic Data To Enrich RAG Applications
Jigar Gupta
Jul 13, 2024
Read the article
Comparing Different Large Language Model (LLM) Frameworks
Rehan Asif
Jul 12, 2024
Read the article
Integrating AI Models with Continuous Integration Systems
Jigar Gupta
Jul 12, 2024
Read the article
Understanding Retrieval Augmented Generation for Large Language Models: A Survey
Jigar Gupta
Jul 12, 2024
Read the article
Leveraging AI For Enhanced Retail Customer Experiences
Jigar Gupta
Jul 1, 2024
Read the article
Enhancing Enterprise Search Using RAG and LLMs
Rehan Asif
Jul 1, 2024
Read the article
Importance of Accuracy and Reliability in Tabular Data Models
Jigar Gupta
Jul 1, 2024
Read the article
Information Retrieval And LLMs: RAG Explained
Rehan Asif
Jul 1, 2024
Read the article
Introduction to LLM Powered Autonomous Agents
Rehan Asif
Jul 1, 2024
Read the article
Guide on Unified Multi-Dimensional LLM Evaluation and Benchmark Metrics
Rehan Asif
Jul 1, 2024
Read the article
Innovations In AI For Healthcare
Jigar Gupta
Jun 24, 2024
Read the article
Implementing AI-Driven Inventory Management For The Retail Industry
Jigar Gupta
Jun 24, 2024
Read the article
Practical Retrieval Augmented Generation: Use Cases And Impact
Jigar Gupta
Jun 24, 2024
Read the article
LLM Pre-Training and Fine-Tuning Differences
Rehan Asif
Jun 23, 2024
Read the article
20 LLM Project Ideas For Beginners Using Large Language Models
Rehan Asif
Jun 23, 2024
Read the article
Understanding LLM Parameters: Tuning Top-P, Temperature And Tokens
Rehan Asif
Jun 23, 2024
Read the article
Understanding Large Action Models In AI
Rehan Asif
Jun 23, 2024
Read the article
Building And Implementing Custom LLM Guardrails
Rehan Asif
Jun 12, 2024
Read the article
Understanding LLM Alignment: A Simple Guide
Rehan Asif
Jun 12, 2024
Read the article
Practical Strategies For Self-Hosting Large Language Models
Rehan Asif
Jun 12, 2024
Read the article
Practical Guide For Deploying LLMs In Production
Rehan Asif
Jun 12, 2024
Read the article
The Impact Of Generative Models On Content Creation
Jigar Gupta
Jun 12, 2024
Read the article
Implementing Regression Tests In AI Development
Jigar Gupta
Jun 12, 2024
Read the article
In-Depth Case Studies in AI Model Testing: Exploring Real-World Applications and Insights
Jigar Gupta
Jun 11, 2024
Read the article
Techniques and Importance of Stress Testing AI Systems
Jigar Gupta
Jun 11, 2024
Read the article
Navigating Global AI Regulations and Standards
Rehan Asif
Jun 10, 2024
Read the article