The legislative proposal, known as the Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act), seeks to ensure a uniform legal framework for the development, commercialisation, and use of AI in the European Union. The overarching goal is to safeguard fundamental rights, public health, and safety, while simultaneously guaranteeing the free movement across borders of AI-driven goods and services. To achieve these aims, the Regulation introduces a risk-based approach, identifying the types of AI systems that pose unacceptable or significant risk and subjecting them to proportionate oversight and compliance requirements.

The Commission’s proposal notes that AI is evolving rapidly, offering many benefits in terms of innovative products and services across numerous sectors from healthcare and finance to transport and public services. At the same time, it acknowledges the emergence of new threats that may arise when AI systems malfunction or remain unchecked. Discriminatory outcomes, infringements of privacy, and detrimental effects on personal safety are among the risks addressed by the draft rules. Consequently, there is a pressing need for a balanced regulatory instrument that supports the beneficial aspects of innovation, including international competitiveness, while mitigating the considerable harms that AI technologies may create.

Scope and Application

The Regulation aims to cover most AI systems placed on the EU market or whose use has an impact on natural persons within the Union, irrespective of whether their providers are located within or outside EU borders. It also extends to Union institutions themselves, except for applications strictly dedicated to military purposes. Devices classified under other EU harmonised sectoral legislation, such as machinery or medical devices, will also come under the scope of this Regulation to ensure there are no gaps in security or liability.

Risk-Based Approach and Prohibited Practices

A cornerstone of the proposal is its graduated framework. The stricter the potential for harm to the public, the more stringent the requirements. For instance, the Regulation forbids certain AI “practices” outright for systems considered dangerous to public safety or inconsistent with EU values. Examples include AI applications that use subliminal techniques to manipulate users outside their awareness, exploit vulnerable groups (like children or individuals with disabilities), or engage in what is known as “social scoring” by public authorities. The latter refers to systematically evaluating or classifying persons based on their social behaviour, which may lead to discriminatory consequences or otherwise unacceptable interference with individuals’ rights.

The Regulation also generally bans the use of “real-time” remote biometric identification systems in public spaces for law-enforcement purposes, subject to strictly defined exceptions. The proposal describes these exceptions as narrow, such as efforts to locate missing children or prevent immediate threats to life or public security. Even when allowed, these systems must operate within robust safeguards, including judicial or administrative oversight, to preserve trust and compliance with fundamental rights.

Classification of “High-Risk” AI Systems

Beyond prohibited practices, the Regulation designates certain AI systems as “high-risk,” meaning these systems may significantly affect the health, safety, or fundamental rights of people. The proposal details which systems fall into this category, highlighting areas including:

1. Critical Infrastructure: Where an AI-based malfunction or error could endanger life or disrupt vital societal functions (e.g., management of road traffic, water, gas, and electricity supply).
2. Education and Vocational Training: AI tools used to evaluate students or determine access to opportunities in ways that could perpetuate bias or limit individuals’ prospects.
3. Employment and Workers’ Rights: Systems employed to recruit, promote, or dismiss employees, or to monitor performance, which risk encroaching upon privacy or enabling discriminatory outcomes.
4. Essential Services and Financial Products: For example, AI systems used to grant public benefits or assess individuals’ creditworthiness, access to housing, or utility services.
5. Law Enforcement: Specific uses of AI for predictive policing or for the processing of evidence in criminal investigations or prosecutions, where inaccurate results or data biases carry severe consequences.
6. Migration and Border Control: Deployment of AI in visa applications, asylum requests, or verifying the authenticity of documents holds unique potential for harm, especially when targeting vulnerable groups.
7. Judicial Administration and Democratic Processes: Systems that assist judges in interpreting facts or applying laws in court, affecting the right to a fair trial.

The Regulation clarifies that simply designating a system as “high-risk” does not in itself confer legality. These technologies must still comply with all other applicable EU or Member State legislation on data protection, discrimination, and other fundamental rights. The classification merely triggers the requirements and control measures under this Regulation.

Compliance Requirements for High-Risk AI

These high-risk systems must meet several obligations, including:

• High-Quality Data: Ensuring training datasets are complete, accurate, sufficiently representative, and free from errors that could introduce biases or unsafe conditions.
• Technical Documentation and Record-Keeping: Providers should document their risk management approach, design choices, and post-market monitoring to facilitate audits by authorities.
• Transparency and Disclosure: Clear communication of a system’s AI nature, its capabilities, and limitations so that users understand how to operate it properly and mitigate risks.
• Human Oversight: Implementation of measures to allow knowledgeable human supervisors to monitor, intervene, or override AI decisions, as well as trace any errors back to their source.
• Robustness, accuracy, and cybersecurity: Systems must be tested to withstand unintended or malicious interference and must function reliably within their intended purpose.

If the systems in question are integrated into broader products (e.g., medical devices or machinery), the existing “conformity assessment” rules in sectoral legislation will apply, but these will incorporate this Regulation’s newly introduced AI-specific obligations.

Post-Market Monitoring, Governance, and Enforcement

After a high-risk AI system is placed on the market, the provider must monitor it to detect any unforeseen issues. Serious incidents or malfunctions must be promptly reported to the relevant authorities. Member States are responsible for designating or establishing supervisory bodies with managerial and technological expertise. These bodies will collaborate through the European Artificial Intelligence Board (EAIB), which will harmonise enforcement, provide expert guidance, and promote best practices at the EU level.

Regulatory Sandboxes and Support for SMEs

Innovation friendly provisions encourage the creation of regulatory sandboxes, spaces where new, compliant AI applications can be tested under close supervision. Small and medium-sized enterprises, as well as start-ups, benefit from reduced regulatory burdens, fee exemptions, or support services to help them navigate the compliance process and remain competitive.

Codes of Conduct for Non-High-Risk AI

While the Regulation focuses primarily on high-risk systems and prohibited practices, providers of lower-risk applications are encouraged to adopt voluntary standards or codes of conduct. Such measures may include guidelines aimed at mitigating bias, enhancing environmental sustainability, or promoting accessibility for persons with disabilities. Providers that adhere to these codes can bolster users’ trust and limit potential harm, without incurring the entire set of obligations placed on high-risk AI systems.

Conclusion

In essence, the Artificial Intelligence Act combines assurances of safety, transparency, and accountability with the aspiration to spur AI-related innovation within a harmonised internal market. By prohibiting especially harmful AI practices, regulating high-risk cases, and offering clear compliance pathways, the Regulation aspires to balance individual rights and societal concerns against the commercial and societal benefits promised by AI. This proposal thus underscores the EU’s broader policy of shaping Europe’s digital future in a way that reflects its foundational commitment to human dignity, fairness, and the rule of law.

Recommended Resources

Below are additional resources for deeper insights and ongoing developments:

1. EU Commission White Paper on AI:
   • White Paper on Artificial Intelligence
2. Official Draft of the AI Regulation:
   • Proposal for a Regulation laying down harmonised rules on artificial intelligence
3. Beginner-Friendly AI Law/Policy/Regulation Books:
   • List of Good Beginner-friendly AI Law/Policy/Regulation Books
4. European Digital Strategy:
   • Shaping Europe’s Digital Future