Navigating the EU AI Act: A Practical Handbook by White & Case LLP

Understanding the EU AI Act: A Practical Guide

The European Union has established a landmark regulation, the EU AI Act, aiming to govern artificial intelligence systems. This comprehensive legislation seeks to ensure that AI systems deployed within the EU are safe, transparent, ethical, and non-discriminatory. White & Case LLP, recognizing the significant impact this Act will have on businesses, has published a detailed handbook to demystify its provisions and offer practical guidance.

The Scope and Objectives of the EU AI Act

The EU AI Act categorizes AI systems based on their risk level, applying stricter rules to those deemed to pose a higher risk. The primary objective is to foster trust in AI technologies while promoting innovation and investment. The Act covers a wide range of AI applications, from general-purpose AI models to specific high-risk systems used in critical sectors such as healthcare, employment, and law enforcement. Understanding where your AI systems fall within this risk-based framework is the first crucial step for compliance.

Key Pillars of the EU AI Act

The regulation is built upon several key pillars designed to ensure responsible AI development and deployment:

Risk-Based Approach

The cornerstone of the Act is its risk-based methodology. AI systems are classified into different categories:

• Unacceptable Risk: AI systems in this category are prohibited. Examples include social scoring by governments and manipulative AI techniques that exploit vulnerabilities.
• High Risk: These systems are subject to stringent requirements before they can be placed on the market or put into service. This category includes AI used in critical infrastructure, education, employment, essential services, law enforcement, and medical devices. Compliance measures include risk management systems, data governance, technical documentation, transparency, human oversight, and robust cybersecurity.
• Limited Risk: AI systems in this category have specific transparency obligations. For instance, users must be informed when they are interacting with an AI system, such as a chatbot.
• Minimal or No Risk: The vast majority of AI systems fall into this category, with no additional obligations beyond existing legislation. The Act encourages the development and adoption of voluntary codes of conduct for these systems.

General-Purpose AI (GPAI) Models

The Act introduces specific provisions for General-Purpose AI (GPAI) models, including foundational models. These models, which can be adapted for various downstream applications, are subject to transparency requirements. GPAI models with systemic risk, identified based on factors like the number of users or computing power used in training, face even more rigorous obligations, including conducting model evaluations, assessing and mitigating systemic risks, and reporting serious incidents.

Transparency and Information Obligations

Transparency is a critical element. Providers of AI systems must ensure that users are adequately informed about the capabilities, limitations, and potential risks associated with the AI they are using. For systems involving deepfakes or synthetic content, clear labeling is mandatory to prevent deception.

Data Governance

The quality and integrity of data used to train AI systems are paramount, especially for high-risk applications. The Act mandates robust data governance practices to minimize bias and ensure the data is representative and relevant to the intended use of the AI system.

Human Oversight

Ensuring meaningful human oversight is a key requirement for high-risk AI systems. This means that AI systems should be designed to allow for human intervention, control, and the ability to override AI-driven decisions, particularly in critical contexts.

Compliance Strategies for Businesses

Navigating the EU AI Act requires a proactive and strategic approach. White & Case LLP