In our previous article, we delved into the phased implementation of the EU Artificial Intelligence Act (“AI Act”). Since its publication on 12 July in the Official Journal of the European Union, several noteworthy changes have been made from the previous draft. While some refinements were expected to address potentially ambiguous articles, GTG has identified substantial modifications that merit attention. This article aims to highlight the significant changes made to the Act.
The published version of the AI Act includes general updates such as the implementation of specific dates and terminology changes, for example, replacing “Compliance” with “Accordance” and “Place” with “Space.” Beyond these minor adjustments, here are the most critical changes:
Article 2(2): The updated Act has narrowed the scope of high-risk AI systems. It removed the mention of high-risk systems under Annex III, focusing only on those classified by Article 6(1). This change clarifies the regulatory framework for high-risk AI systems related to products covered by Union harmonization legislation listed in Section B of Annex I.
Article 2(12): Originally, the AI Act applied to AI systems released under free and open-source licenses, with exceptions for those classified as high-risk, prohibited AI practices, or those under transparency obligations. The revised text reverses this, stating that the Act does not apply to AI systems released under such licenses, while maintaining the same exceptions.
Article 3(47): The revised definition of the AI Office now includes its role in contributing to the implementation, monitoring, and supervision of general-purpose AI models, in addition to AI systems. This change broadens the scope and clarifies the language regarding AI governance.
Article 3(48): The definition of ‘National competent authority’ is expanded to include AI systems used by Union institutions, agencies, offices, and bodies. References to national competent authorities in this context now mean the European Data Protection Supervisor, clarifying regulatory oversight.
Article 3(52): The definition of ‘profiling’ is simplified by removing references to the Data Protection Law Enforcement Directive and Regulation 2018/1725. It now solely aligns with Article 4(4) of the GDPR, narrowing its scope and clarifying its application.
Article 53(4): The revised article specifies that compliance with European harmonized standards grants a presumption of conformity, as long as these standards cover the required obligations.
Article 55(1): This revision broadens the obligations for providers of general-purpose AI. In addition to the requirements in Article 53, they must also comply with those in Article 54. Similar changes are reflected in Article 93(1)(a).
Article 60(c): A detailed clarification is added for the registration requirements of high-risk AI systems. For example, providers of certain high-risk AI systems must register testing in real-world conditions in the secure non-public section of the EU database, following specific requirements. This includes a Union-wide unique identification number and necessary information as specified.
Authors: Dr Ian Gauci & J.J. Galea
Need Help Complying with the AI Act?
With the imminent enforcement of the AI Act, compliance can seem daunting. GTG is here to assist. For further clarification or assistance, please contact Dr Ian Gauci.