The EU's Artificial Intelligence Act (AI Act) introduces a framework for categorizing AI systems as either low-risk, high-risk, or prohibited. The AI Act prohibits AI systems that violate human dignity, freedom, equality, and privacy. Eight key AI practices are prohibited by the EU AI Act, including those that involve subliminal, manipulative, or deceptive AI techniques, exploitative systems that significantly distort behavior, AI systems used for classification or scoring of people based on behavior or personality characteristics, predictive policing based solely on AI profiling, AI systems for real-time remote biometric identification in publicly accessible spaces for law enforcement purposes, and AI technologies aimed at inferring or interpreting individuals' emotional states in workplaces and educational settings. Non-compliance with these prohibitions can result in significant administrative fines of up to €35,000,000 or up to 7% of an offender's global annual turnover. The rules on prohibited practices will be the first to start applying six months after the Act's publication in the Official Journal. The implications of using a prohibited AI system under the EU AI Act include hefty penalties.

The EU AI Act imposes distinct and stringent obligations on providers of general-purpose AI (GPAI) models due to their adaptability and potential systemic risks. GPAI models are defined by their broad functionality and ability to perform various tasks without domain-specific tuning. GPAI models with high-impact capabilities are designated as GPAI models with systemic risk (GPAISR) and subject to additional obligations for risk management and cybersecurity. The Act allows for exemptions for free and open licenses, while GPAISR providers can rely on codes of practice for compliance until harmonized EU standards are established. The rules on GPAI models are expected to become applicable 12 months after the enforcement of the Act.

The European Parliament has approved the EU AI Act, but it still needs approval from the Council of the European Union. The Act must undergo further scrutiny before becoming law and will be published in the Official Journal of the EU before becoming enforceable. The application of the Act's provisions will be phased, with some provisions likely to apply before the end of this year. Businesses should start preparing for the Act's enforcement.

The EU AI Act, which is the world's first comprehensive legal framework governing AI across use cases, aims to protect fundamental rights and prevent harm by regulating AI use within the European Union. It categorizes AI systems and assigns different responsibilities to different parties based on their risk level. Prohibited AI systems are banned, high-risk systems are subject to rigorous design and operational requirements, while minimal-risk systems are not subjected to any mandatory regulatory framework. The Act also delineates transparency obligations for limited-risk AI systems. Furthermore, GPAI models have a dedicated chapter in the Act, and providers of such models are subject to additional and more rigorous technical requirements if their models carry systemic risk. Failure to comply with the Act's provisions can result in hefty penalties depending on the role of the infringer and the seriousness of the infringement. It is crucial for organizations to determine the level of regulatory risk their systems pose and develop a risk management framework to prevent potential future harm.

The EU has proposed the Harmonised Rules on Artificial Intelligence (EU AI Act) to lead the world in AI regulation and build trust in AI systems. The Act sets out a risk-based approach for AI systems, defines three levels of risk, and subjects certain AI systems to transparency obligations. The Act also introduces a three-tiered model of penalties for violators, with the heftiest fines imposed on those who violate the prohibition of specific AI systems. The EU AI Act has gone through an extended consultation process and has been subject to amendments throughout. Penalties can be issued to providers, deployers, importers, distributors, and notified bodies. The EU AI Act emphasizes proportionality and offers lower penalties for SMEs and startups. There is no union-wide central authority for imposing fines on AI operators, so penalties depend on the national legal system of Member States. The fines for providers of GPAI models and Union bodies are imposed by the Commission and the European Data Protection Supervisor, respectively.