On Wednesday, Parliament greenlit the Artificial Intelligence Act, ensuring safety and adherence to basic rights while fostering innovation.
The legislation, finalized in negotiations with member states in December 2023, received MEPs’ approval with 523 votes in favor, 46 against, and 49 abstentions.
It aims to safeguard fundamental rights, democracy, the rule of law, and environmental sustainability from high-risk AI, all while promoting innovation and positioning Europe as a frontrunner in the field. The act sets out responsibilities for AI based on its potential risks and impact levels.
Prohibited Uses
The new regulations forbid certain AI applications that jeopardize citizens’ rights. These include biometric categorization systems based on sensitive traits and the untargeted collection of facial images from the internet or CCTV footage to build facial recognition databases. Other prohibited uses include emotion recognition in workplaces and schools, social scoring, predictive policing solely based on profiling or assessing individual traits, and AI that manipulates human behavior or exploits vulnerabilities.
Exemptions for Law Enforcement
In principle, the use of biometric identification systems (RBI) by law enforcement is prohibited, except in narrowly defined situations listed in the legislation. Real-time RBI can only be used under strict conditions, such as limited time and geographical scope, and subject to specific prior judicial or administrative authorization. Post-facto use of such systems (“post-remote RBI”) is considered high-risk and requires judicial authorization linked to a criminal offense, such as a targeted search for a missing person or preventing a terrorist attack.
Obligations for High-Risk Systems
The regulations also outline obligations for other high-risk AI systems due to their potential significant harm to health, safety, fundamental rights, the environment, democracy, and the rule of law. Examples of high-risk AI applications include critical infrastructure, education and vocational training, employment, essential private and public services (e.g., healthcare, banking), certain law enforcement systems, migration and border management, justice, and democratic processes (e.g., election influence). These systems must assess and mitigate risks, maintain usage logs, ensure transparency and accuracy, and provide human oversight. Citizens have the right to lodge complaints about AI systems and receive explanations about decisions made by high-risk AI systems affecting their rights.
Transparency Requirements
General-purpose AI (GPAI) systems and the models they are based on must meet transparency requirements, including compliance with EU copyright law and the publication of detailed summaries of the content used for training. More powerful GPAI models that could pose systemic risks will face additional requirements, such as model evaluations, assessment and mitigation of systemic risks, and reporting on incidents.
Additionally, artificial or manipulated images, audio, or video content (“deepfakes”) must be clearly labeled as such.
Measures to Support Innovation and SMEs
The regulations require the establishment of regulatory sandboxes and real-world testing at the national level to develop and train innovative AI before it is placed on the market. These measures aim to make AI development accessible to SMEs and startups.
Statements
During the plenary debate on Tuesday, Internal Market Committee co-rapporteur Brando Benifei (S&D, Italy) stated: “We finally have the world’s first binding law on artificial intelligence, reducing risks, creating opportunities, combating discrimination, and ensuring transparency. Thanks to Parliament, unacceptable AI practices will be banned in Europe, and the rights of workers and citizens will be protected. The AI Office will now be set up to support companies in complying with the rules before they come into force. We have ensured that human beings and European values are at the very center of AI development.”
Civil Liberties Committee co-rapporteur Dragos Tudorache (Renew, Romania) added: “The EU has delivered. We have linked the concept of artificial intelligence to the fundamental values that underpin our societies. However, much work lies ahead that goes beyond the AI Act itself. AI will push us to rethink the social contract at the heart of our democracies, our education models, labor markets, and the way we conduct warfare. The AI Act is a starting point for a new model of governance built around technology. We must now focus on putting this law into practice.”
Next Steps
The regulation is undergoing a final review by lawyer-linguists and is expected to be formally adopted before the end of the legislature through the corrigendum procedure. The law also requires formal endorsement by the Council.
It will come into force twenty days after its publication in the official Journal and will be fully applicable 24 months after its entry into force. Certain provisions, such as bans on prohibited practices, will apply six months after the entry into force date; codes of practice will apply nine months after entry into force; general-purpose AI rules, including governance, will apply 12 months after entry into force; and obligations for high-risk systems will apply 36 months after entry into force.
Background
The Artificial Intelligence Act directly responds to citizens’ proposals from the Conference on the Future of Europe (COFE), particularly proposal 12(10) on enhancing the EU’s competitiveness in strategic sectors, proposal 33(5) on a safe and trustworthy society, including countering disinformation