Chris Buck.
Chris Buck, associate partner at Franklins Solicitors, explains how, despite Brexit, European Union legislation on Artifical Intelligence will affect UK businesses.
………………………………….
Published in association with
.
THE EU Artificial Intelligence Act is legislation that has recently been passed by the EU Parliament to govern the supply and use of all AI systems in the EU.
The Act was published in the Official Journal of the European Union on July 12 and came into effect on August 1 this year. However, most of its provisions apply only from August 2, 2026, although some will take effect in early February 2025.
Nevertheless, the European Commission encourages organisations to adopt the AI Pact voluntarily before the AI Act starts to apply. The AI Pact is expected to be launched during the transitional period between the Act coming into force and the start of its application.
The Act takes a horizontal approach in its application and applies to all AI systems generally, instead of setting out specific rules for each sector.
The Act establishes a legal framework for the development, supply and use of AI in the EU and contains the following rules:
- Rules for the supply and use of AI systems in all member states.
- Extraterritorial provisions for operators based outside the EU.
- Prohibitions on certain AI practices considered dangerous.
- Technical requirements for AI systems presenting high risk of harm.
- Operator requirements for organisations at different levels in the high-risk AI supply chain.
- Specific rules for providers of general-purpose AI models. This includes provisions to protect copyright works.
- Requirements for certain AI systems to be completely transparent when those systems interact directly with humans or generate certain content.
- Market surveillance rules as monitoring the AI’s abilities to learn is important.
- Measures to support innovation, help SMEs and start-ups.
Article 2(3) to 2(12) of the Act set out the sectors which would be excluded from its application. These include:
- Systems used exclusively for military, defence or national security purposes.
- Systems used by third country public authorities or international organisations for compliance with international agreements or judicial cooperation with the EU or a member state.
- Systems used for the sole purpose of scientific research and development.
- Systems used for purely personal activity by natural persons.
- Systems released under free and open-source licences unless placed on the market or used as a high-risk AI system.
Article 5 of Chapter 2 of the Act sets out the AI activities which are prohibited under the Act. These are as follows:
- Systems which contain subliminal techniques and would ultimately manipulate or distort the behaviour of a person by impairing that person’s ability to make an informed decision and therefore causing or be likely to cause harm.
- Systems which would exploit a person’s vulnerabilities due to their age, disability or social or economic situation with a view to distort that person’s behaviour and cause harm.
- Systems used for social scoring based on known or predicted personality and which causes detrimental treatment unjustified or unrelated to the context or their social behaviour.
- Systems which assess the risk of a person to commit a crime or re-offend.
- Systems that create or expand facial recognition databases through untargeted scraping or facial images from the internet or CCTV.
- Systems used for emotion recognition in the workplace or educational instructions. There is however an exception for medical or safety reasons.
- Systems with biometric categorisation used to infer characteristics, such as race, political opinions or religion.
- Systems using real-time, remote biometric identification in publicly accessible spaces for law enforcement purposes. This however does not apply when searching for victims of abduction, preservation of life and finding suspects of certain criminal activities.
The Act applies to all businesses within the EU, albeit its scope is extra-territorial. This means that all businesses in the UK which develop AI systems for the EU market will fall under the Act’s regulations. It is therefore necessary for UK companies to act now in order to comply with the Act’s requirements. Businesses would need to:
- Assess the impact of the Act on compliance.
- Categorise and create an inventory of AI systems.
- Identify prohibited AI systems and take action as necessary.
- Review and update the AI governance model with a view to align with the Act.
- Develop comprehensive risk management procedures.
- Ensure robust data management practices.
- Ensure that proper control protocols are in place.
- Understand internal and external dependencies related to AI systems.
Notwithstanding this, the UK government acknowledges that legislative action will need to be taken in the future in response to the ever-expanding AI technologies. The Act will undeniably bring new compliance challenges for businesses and businesses need to address these challenges.
To discuss how your business can remain compliant, contact Chris Buck, associate partner in the Franklins Solicitors Business Services team at Christopher.buck@franklins-sols.co.uk or 01908 660966.
………………………………….
Stay connected with local business through Business MK. Join our exclusive community for the latest news, insights, updates, features and thought leadership. Stay informed – subscribe now at bit.ly/3MZiqzQ. Unsubscribe at any time.