Understanding the EU AI Act and Its Implications: A Focus on Article 5

The EU AI Act, a landmark regulation aimed at governing artificial intelligence technologies across the European Union, officially came into force on 1 August 2024. With a two-year implementation period, most of its provisions will become enforceable by August 2026, during which time supplementary legislation, standards, and guidance will be rolled out to support organizations in meeting compliance requirements. However, one significant provision—the ban on prohibited AI systems detailed in Article 5—takes effect much sooner, on 2 February 2025.

‍

Overview of the EU AI Act

‍
The EU AI Act is the first comprehensive regulatory framework for AI, aimed at ensuring that AI systems used within the EU are safe, transparent, and respect fundamental rights. The legislation classifies AI systems into three risk categories:

‍

1. ‍Prohibited AI Practices: AI systems that pose unacceptable risks and are banned outright.
2. ‍High-Risk AI Systems:AI applications in sensitive areas, such as healthcare and law enforcement, subject to stringent compliance requirements.
3. ‍Low- and Minimal-Risk AI Systems: AI technologies with fewer restrictions but encouraged to follow voluntary codes of conduct.

This tiered approach balances innovation with the need for oversight, providing clear rules for businesses while protecting citizens from harmful applications of AI.

Key Provisions of Article 5: Prohibited AI Systems

Article 5 identifies specific AI practices that are deemed to pose intolerable risks to individuals and societal values. These practices are banned outright and apply universally, regardless of the role or identity of the operator. Prohibited AI systems include:

• ‍Social Scoring Systems: The use of AI for scoring individuals based on their social behavior by public or private actors.‍
• Emotion Recognition AI in Specific Contexts: Systems used to infer emotions in workplaces or educational institutions.‍
• Untargeted Data Scraping for Facial Recognition: AI systems that create or expand facial recognition databases by scraping images from the internet or CCTV footage without proper consent.‍
• Predictive Criminal Profiling: AI systems that assess or predict the likelihood of a person committing a criminal offense solely based on profiling or personality traits.‍
• Biometric Categorization: Systems deducing sensitive attributes such as race, political opinions, sexual orientation, or religious beliefs based on biometric data.

Additionally, other prohibited practices include deploying manipulative, deceptive, or subliminal techniques, exploiting vulnerabilities related to age, disability, or social circumstances, and using real-time remote biometric identification systems in public spaces for law enforcement purposes (except in narrowly defined cases).

‍

Compliance Challenges for AI Providers

The broad scope of Article 5 presents significant compliance challenges, especially for platform service providers offering general-purpose AI technologies (e.g., Google Cloud AI AutoML, Microsoft Azure Machine Learning, TensorFlow, and Amazon SageMaker). While most use cases for these platforms are legitimate, providers face the challenge of ensuring their systems are not misused for prohibited practices. To mitigate this risk, many providers are:

• Developing Codes of Conduct to guide customer compliance.
• Updating customer contracts to explicitly prohibit the use of their technologies for banned practices.
• Working with regulators to provide clarity on compliance expectations.

Enforcement and Penalties

Non-compliance with Article 5 can lead to severe penalties, including fines of up to the higher of €35 million or 7% of global annual turnover. These steep penalties underscore the importance of understanding and adhering to the rules.

‍

The Path Forward: Guidance and Stakeholder Collaboration

To aid compliance, the EU's AI Office initiated a public consultation in November 2024, seeking input from AI providers, deployers, and other stakeholders regarding prohibited practices. The feedback will inform the development of Guidelines on Article 5 Compliance, expected to be published in early 2025. These guidelines will offer clarity on:

• Specific scenarios where an AI system falls within the scope of Article 5.
• Examples of compliant and non-compliant practices.

With the February 2025 deadline for Article 5 enforcement looming, these guidelines are eagerly anticipated to provide clarity and practical steps for businesses to ensure compliance.

‍

Preparing for February 2025

Organizations developing or deploying AI systems in the EU must:

‍

1. Conduct a thorough review of their AI systems to identify potential non-compliance with Article 5.
2. Implement internal policies and controls to prevent prohibited practices.
3. Engage with legal and compliance experts to stay informed about evolving regulations and guidance.

As the regulatory landscape evolves, staying proactive and informed is key to navigating the complexities of the EU AI Act and fostering responsible AI innovation. Keep an eye out for updates from the EU AI Office as the compliance deadline for Article 5 approaches.

‍

Other Resources

See our past post on the EU AI Act transparency requirements here - www.cosmhq.com/resources-posts/understanding-the-eu-ai-acts-transparency-requirements-for-general-purpose-ai

‍

‍

_{Disclaimer - https://www.cosmhq.com/disclaimer}