The European Union has provisionally agreed on a landmark Artificial Intelligence (AI) Act, marking a significant step towards regulating AI applications, with a particular focus on biometric surveillance. The agreement, reached after intense negotiations, positions Europe as a potential global standard-setter in AI regulation. The Act is expected to take effect early next year and will apply two years later, with some provisions kicking in earlier.
Among other things, the Act takes a notable stance on real-time biometric surveillance in public spaces. It permits governments to use such surveillance only in specific cases, such as locating victims of certain crimes, preventing genuine threats like terrorist attacks, and searching for suspects of severe crimes. This limitation aims to balance public safety concerns with the protection of individual privacy and rights. The Act also bans certain practices, including “cognitive behavioral manipulation”, unsolicited scraping of facial images from the internet or CCTV footage, social scoring, and biometric categorization systems used to infer political, religious, philosophical beliefs, sexual orientation, and race.
The AI Act introduces a risk-based approach to regulation. AI systems identified as high-risk, including many that use biometrics, will have to comply with stringent requirements. These include risk mitigation, high-quality data sets, activity logging, detailed documentation, clear user information, human oversight, and robustness and cybersecurity measures. Additionally, transparency obligations for AI systems, such as ChatGPT, are mandated, requiring technical documentation and detailed summaries of training content.
General-purpose AI systems (GPAI) and high-impact foundation models are addressed with specific rules. These include obligations for model evaluations, systemic risk assessments, adversarial testing, and reporting on incidents and energy efficiency. The Act also establishes a governance framework, with national authorities and a new European AI Office overseeing its implementation and compliance.
Finally, the Act carries significant penalties for non-compliance, with fines ranging from €7.5 million or 1.5 percent of turnover to €35 million or 7 percent of global turnover. The Act’s comprehensive scope, from transparency and accountability to the prohibition of certain high-risk practices, sets a precedent for global AI governance, potentially influencing regulatory approaches beyond Europe.
“By focusing regulation on identifiable risks, today’s agreement will foster responsible innovation in Europe,” said European Commission President Ursula von der Leyen. “By guaranteeing the safety and fundamental rights of people and businesses, it will support the development, deployment and take-up of trustworthy AI in the EU.”
Sources: Reuters, European Commission, European Council
–
December 11, 2023 – by the FindBiometrics Editorial Team
Follow Us