What you need to know about the EU AI Act

It's now in effect; here's all you need to know and how to prepare

The new EU AI Act is now in effect, and the Cloud Community team have been looking at what the future holds as organisations gear up to meet the requirements of the new legislation.

Starting Thursday 1 August 2024, the EU AI Act is in effect, encompassing all existing and in-development artificial intelligence (AI) systems. Recognised as the first global attempt to regulate AI based on risk assessment, the Act aims to address various levels of AI-related risks.

August 1 marks the beginning of a timeline over the coming months and years, during which companies utilising AI must familiarise themselves with the new regulations and ensure compliance.

So what are the key things British organisations need to know?

The EU AI Act and the UK

The first question to address is how the EU act will apply to UK-based organisations. Unlike the EU's risk classification system and comprehensive legal framework for AI regulation, the UK is currently opting for a 'light touch' approach. This strategy enhances the capabilities of existing regulators without creating a centralised super-regulator. The Confederation of British Industry (CBI) has endorsed this pro-innovation stance, with many of its recommendations reflected in the Government's AI White Paper consultation response.

However, the UK government recognises the eventual need for a more robust legislative framework, especially for managing highly capable general-purpose AI systems. Businesses trading with EU-based customers will also need to be in compliance with the regulations.

How the AI Act evaluates companies based on risk

The EU AI Act classifies AI systems into four risk levels—no risk, minimal risk, high risk, and prohibited AI systems. These risk levels determine the specific regulations and timelines applicable to each company.

Risk categories and regulations:

Prohibited AI Systems: Starting February 2025, the EU will ban AI practices that manipulate users' decision-making or expand facial recognition databases through internet scraping.
High-Risk AI Systems: These include AI that collects biometric data or is used in critical infrastructure and employment decisions. Companies must comply with stringent regulations, including demonstrating human oversight and providing detailed documentation of AI training datasets.
Minimal Risk AI Systems: About 85% of AI companies fall under this category, facing minimal regulation. These systems pose little to no risk and therefore have fewer compliance requirements.
No Risk AI Systems: These systems are not subject to the Act’s requirements due to their negligible risk.

In summary

The EU AI Act is a pioneering effort to regulate AI technologies based on their risk levels. While its implementation poses challenges, it also promises to ensure that AI developments proceed safely and ethically across Europe.

Top 6 security considerations for enterprise AI implementation

Amid the excitement and potential benefits of AI, one crucial aspect that must not be overlooked is data security — in particular, protecting against adversarial attacks and securing AI models. As businesses embrace the power of AI, they must be vigilant in safeguarding sensitive data to avoid potential disasters.

In this blog post, Elastic delve into the insights from two thought-provoking articles to highlight the top six considerations that organisations should focus on while implementing enterprise AI solutions.