The European Parliament has approved a draft of the EU's AI Act, taking a major step toward what could be the first comprehensive set of regulations for AI in the West.
However, the legislation did not pass unanimously, with the final vote at 499 in favor, 28 against, and 93 abstentions. While today’s vote marks a huge step forward in the regulation of AI technology, the draft legislation is still subject to change, with each EU country needing to agree on the bill before it becomes law.
Members of the European Parliament reached an initial agreement on its AI Act back in April, after a number of last-minute amendments were added relating to the regulation of generative AI and large language models, such as ChatGPT. This includes a requirement for generative AI systems like to comply with transparency requirements by disclosing if content was AI-generated, and helping to distinguish deep-fake images from real ones.
Some of the more controversial rules that are expected to see some backlash include the total ban on biometric surveillance in public settings and so-called “social scoring” systems, which classify people based on their social behavior, socioeconomic status, and personal characteristics.
Ban on AI for biometric use is controversial
Members of Parliament that make up the center-right European People’s Party faction of the body have argued that a total ban on biometric use could hamper crime-solving and counter-terrorism efforts.
The legislation also states that AI systems that pose significant harm to people’s health, safety, fundamental rights or the environment will be classified as “high risk,” along with any AI systems that could be used to influence voters and the outcome of elections.
“The AI Act will set the tone worldwide in the development and governance of artificial intelligence, ensuring that this technology, set to radically transform our societies through the massive benefits it can offer, evolves and is used in accordance with the European values of democracy, fundamental rights, and the rule of law,” said EU co-rapporteur Dragos Tudorache, in comments published alongside the Parliament's announcement.
Companies that develop and use EU systems, including those situated outside the EU but which offer AI systems and services to EU citizens, will need to take note of the progression of the AI Act, said Tim Wright, tech and AI regulation partner at UK law firm Fladgate.
Drawing comparisons to when the EU's GDPR came into force, Wright said that companies should not leave their planning, preparation and implementation until the last minute, as the rules are complex and organisations that fall under their scope need to ensure they can meet the EU’s compliance timetable.
“Just as with GDPR, non-compliance with the AI Act will come at significant cost, with failure to meet data governance and high-risk AI transparency obligations attracting penalties of up to €20 million [US422 million] or 4% of global turnover,” Wright said, noting that this is double the penalty for failing to meet most other EU obligations.
To date, China is the only major industrialised country that has passed laws relating to generative AI, requiring AI firms to submit security assessments to the government before launching their AI tools to the public. Additionally, any content generated by generative AI must be in line with the country’s core socialist values and failure to comply with the rules will results in providers being fined, having their services suspended, or facing criminal investigations.