Human-Centric Artificial Intelligence?

February 10, 2025

Article 102 TFEU: The Prohibition of Abuse of Dominant Position

Supreme Court Upholds Consumer Rights in Landmark Vehicle Defect Case

The “Ultra Vires” Doctrine in Company Law

On 12 June 2024, Regulation 2024/1689, also known as the European AI Act, was published in the Official Journal of the European Union (EU), establishing a unified framework of harmonised rules governing the use and operation of Artificial Intelligence (AI) systems within the internal market.

AI refers to the branch of computer science that develops computational systems and/or machines that mimic human cognitive abilities. Specifically, article 3 of Chapter 1 (General Provisions) defines an AI system as “a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments”.

As stated in the recitals, the purpose of the AI Act is twofold. Firstly, it promotes the adoption of a human-centric and trustworthy AI while ensuring a high level of protection of health and safety, fundamental rights and EU values from the risks posed by AI. Secondly, it seeks to foster investment, innovation, and competitiveness in the AI sector by ensuring “the free movement, cross-border, of AI-based goods and services, thus preventing Member States from imposing restrictions on the development, marketing and use of AI systems, unless explicitly authorised by this Regulation.”

The Regulation consists of 180 recitals, 113 articles, and 13 annexes. A key provision is found in Article 5, Chapter II, which outlines prohibited AI practices. These include manipulative or deceptive practices that may distort an individual’s or group’s conscious decision-making, causing potential or actual harm. Additionally, the Regulation bans AI systems that exploit sensitive characteristics of individuals or groups, such as age, disability, economic status, or social position, as well as those that infer conclusions based on biometric data—including race, political opinions, religious beliefs, and sexual orientation. Among other prohibitions, the Regulation bans AI-based profiling of citizens by public authorities and AI systems for remote biometric identification of individuals in real-time in public spaces for law enforcement purposes, except in cases explicitly permitted by the Regulation.

Risk Categories Under the AI Act

Beyond outright prohibitions, the Regulation classifies AI systems based on the level of risk they pose, with some being subject to oversight while others face fewer restrictions. Article 6, Chapter III outlines the risk-based approach, categorising AI systems as high-risk, specific/limited risk, and minimal risk:

High-Risk AI Systems: These include applications such as autonomous driving. Due to the high potential risk of harm to human life, safety, or fundamental rights of natural persons, strict regulations govern their transparency and require human oversight.
Specific/Limited Risk AI Systems: This category covers systems like chatbots, which require transparency obligations, including user disclosures regarding their content.
Minimal/No-Risk AI Systems: These do not require regulation or restrictions. An example is spam filtering notifications.

Enforcement and Penalties

The Regulation designates oversight authorities at both EU and national levels to monitor compliance. At the EU level, key bodies include the European Artificial Intelligence Office (AI Office) and the European Artificial Intelligence Board (AI Board). Member States are required to establish or assign national authorities responsible for supervising AI systems, ensuring close and reciprocal cooperation between the EU and national regulators.

Regarding penalties, Chapter XII of the Regulation sets out significant administrative fines for non-compliance:

Up to €35 million or 7% of global annual turnover, whichever is higher, for non-compliance with the prohibition of AI practices as outlined in Article 5 of the Act.
Up to €15 million or 3% of global annual turnover for breaches of regulatory obligations by operators or notified bodies, whichever is higher.
Up to €7.5 million or 1% of global annual turnover, whichever is higher, for providing inaccurate, incomplete, or misleading information about AI systems to notified bodies or national authorities in violation of the EU AI Act.

Glossary: Key terms as defined in the Act

‘AI system’: “a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.” (Article 3(1), chapter 1)
‘biometric data’: “personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, such as facial images or dactyloscopic data.”
‘biometric identification’: “the automated recognition of physical, physiological, behavioural, or psychological human features for the purpose of establishing the identity of a natural person by comparing biometric data of that individual to biometric data of individuals stored in a database.”

Author:

Mairi Tsiachmatioti

Trainee Lawyer

mairi.tsiachmatioti@patsalides.com.cy