While artificial intelligence has not quite yet achieved singularity, the last fortnight brought about a substantial update to the AI regulatory landscape. As of February 2, Chapters I and II of the EU AI Act have entered into force. This includes Article 5, which prohibits certain AI systems whose use may intrude upon an individual’s privacy. This includes certain AI systems relating to emotion recognition in the workplace, subliminal manipulation, and predictive policing. Separately, EU AI Act obligations relating to AI literacy have also gone into effect.
Notably, while these provisions of the EU AI Act are technically effective, there has yet to be established a supervisory authority to enforce these provisions. Further still, there are no administrative fines or sanctions provisions yet applicable.
Does this mean that the now-effective provisions of the EU AI Act are an empty prohibition? Not quite. Below are two nuances to keep in mind when analyzing the EU AI Act’s impact:
Consider GDPR Authorities
Many of the prohibited AI systems under Article 5 likely each involve the processing of personal data in some capacity. With the enactment of Chapters I and II of the EU AI Act, the enumerated practices are officially prohibited by law, which could, in turn, render the AI system unable to satisfy the “lawfulness” requirement under Article 5(1) of the GDPR. As such, GDPR authorities could take the position that a provider or deployer of an AI system violating the EU AI Act, which currently has little teeth (as aforementioned), has also violated the GDPR, which certainly has teeth!
‘AI Act Compliance’ Provisions In a Client’s Contract Could Lead to a Claim for Breach of Contract
Also consider compliance with law provisions in an agreement. Many companies are negotiating contracts with compliance with law provisions that are specifically tailored to AI compliance. This could mean that, notwithstanding the lack of a clear enforcement authority under the EU AI Act, contractually promising compliance with the EU AI Act could implicate breach-of-contract issues if a provider, or one of its vendors, is violating the contract by implementing an AI system that has been prohibited under the EU AI Act.
While this recent update describes a relatively discrete set of EU AI Act prohibitions, it is a small step forward in what is likely to be a strenuous year for AI compliance.