The EU AI Act: Enforcing Unacceptable Risk Provisions on a Global Scale

The EU's Bold Step: AI Act's Unacceptable Risk Provisions Now in Action

In a groundbreaking initiative, the European Union launched the world's first comprehensive legislation addressing artificial intelligence risk management with the introduction of the EU AI Act on August 1, 2024. This pivotal regulation distinguishes itself by establishing a risk-based framework to govern AI systems.

As of February 2, 2025, the EU ratified its initial major provisions, specifically targeting 'unacceptable risk' AI systems. The enforcement of these measures not only prohibits the use and marketing of such high-risk systems within the EU but also imposes strict penalties on violators, with financial repercussions reaching EUR 35,000,000 and up to 7% of global annual turnover.

Prohibited Activities Under the Act

The Act bans several activities considered to pose excessive risks, which include:

• Varied manipulative, subliminal, and deceptive techniques that prove harmful
• The exploitation of vulnerabilities that can lead to harm
• Practices of unacceptable social scoring
• Individual crime risk assessment and prediction, except under specified circumstances
• Scraping of internet or CCTV content for the development or expansion of facial recognition systems
• Use of emotion recognition in educational and workplace settings, apart from select exceptions
• Biometric categorization aimed at deducing specific sensitive categories, with some exclusions
• Real-time remote biometric identification in public areas for law enforcement, with certain exceptions

Global Implications and Reactions

The introduction of these rules is a significant move impacting companies worldwide. Fiona Ghosh, a partner at Ashurst, highlighted the potential global ripple effects, observing: "As Europe's AI regulatory framework evolves through the phased implementation of the AI Act, other regions, notably the US, may increasingly deviate from regulatory approaches."

Moreover, despite the absence of corresponding US federal AI laws, the EU AI Act applies to all providers and users of AI systems, even those based outside the EU. Marcus Evans of Norton Rose Fulbright elaborated, "The AI Act's reach is worldwide. It impacts any entity offering, importing, or using AI in the EU, regardless of their national location. Hence, any overseas company employing AI for activities such as EU-based recruitment would fall under these regulations."

Preparing for Future Compliance

February 2, 2025, also signals the deadline for compliance with the Act's literacy requirements, designed to enhance organizational proficiency in handling AI systems. Matt Worsfold, a risk advisory partner at Ashurst, urged businesses, "Consider this a cue to draft compliance strategies. With 18 months leading up to more comprehensive deadlines, it's crucial for organizations to begin their audit of potential AI systems and applications. This task is considerable due to past procurement and development practices, often lacking centralized documentation and requiring engagement with third-party stakeholders."

By crossing into the realm of AI regulation, the EU establishes a precedence, challenging international companies to align with its AI risk approach. This development signifies a forward step towards responsible AI deployment worldwide.