On June 14, 2023, an overwhelming majority of the European Parliament (Parliament) recently voted to pass the Artificial Intelligence Act (AI Act), marking another major step toward the legislation becoming law. As we previously reported, the AI Act regulates artificial intelligence (AI) systems according to risk level and imposes highly prescriptive requirements on systems considered to be high-risk. The AI Act has a broad extraterritorial scope, sweeping into its purview providers and deployers of AI systems regardless of whether they are established in the EU. Businesses serving the EU market and selling AI-derived products or deploying AI systems in their operations should continue preparing for compliance.

Now, the Parliament, Council, and Commission have embarked on the trilogue, a negotiation among the three bodies to arrive at a final version for ratification by the Parliament and Council. They aim for ratification before the end of 2023 with the AI Act to come into force two (or possibly three) years later.

In our recent advisory, we summarize the major changes introduced by the Parliament and guide businesses on preparing for compliance with the substantial new mandates the legislation will impose.

Key Takeaways

  • The Parliament’s action kicks off the trilogue to resolve differences among the three versions of the legislation, with the target of producing a final version by year end.
  • The Parliament adopted the OECD definition of “AI system.”
  • The Parliament added provisions regulating general purpose AI (in contrast, the Council left regulation to future development by the Commission), foundation models, and generative AI. These provisions likely will be the basis for trilogue negotiations on these topics because they are more advanced than the earlier proposals from the Council or the Commission.
  • The Parliament proposed different lists of prohibited practices and high-risk use cases, as well as modified requirements for high-risk uses.
  • The Parliament increased the maximum fine for violations of the prohibitions of certain AI uses to €40 million or, if the offender is a company, up to 7% of its global annual revenue for the preceding financial year, whichever is higher. However, the Parliament decreased the maximum fine for violations of provisions other than those related to prohibited practices, data governance, and transparency to €10 million or 2% of global annual revenue, whichever is higher.
  • For a practical approach to preparing for compliance, see A Practical Approach to Compliance in the advisory.