European Union negotiators finalized an agreement on Friday regarding the world’s first comprehensive regulations on artificial intelligence. This milestone paves the way for the legal oversight of AI technology, which has the potential to transform daily life while also sparking concerns about existential threats to humanity.
The negotiators, representing the European Parliament and the 27 member states of the bloc, successfully resolved significant differences on contentious issues such as generative AI and the use of facial recognition surveillance by law enforcement. They concluded a provisional political pact for the Artificial Intelligence Act.
European Commissioner Thierry Breton announced the agreement via Twitter just before midnight, declaring, “Deal! The EU is the first continent to establish clear guidelines for AI.”
This achievement followed extensive closed-door discussions throughout the week, including a marathon 22-hour session and subsequent deliberations on Friday. The urgency to secure a political victory for this landmark legislation was evident. However, several civil society organizations expressed cautious optimism, awaiting further refinement of the technical specifics in the weeks ahead. They raised concerns that the agreement may not sufficiently protect individuals from potential harm posed by AI systems.
Daniel Friedlaender, the head of the European office of the Computer and Communications Industry Association, an advocacy group for the tech industry, noted, “Today’s political deal signals the start of crucial technical work on the details of the AI Act, which are still pending.”
The EU took an early lead in the global race to establish AI regulations by unveiling the initial draft of its regulatory framework in 2021. The recent surge in generative AI prompted European officials to swiftly update the proposal, positioning it as a potential global model.
While the European Parliament is yet to vote on the act early next year, the completion of the agreement makes this step a mere formality, as stated by Brando Benifei, an Italian legislator involved in the negotiations. He expressed satisfaction with the outcome, recognizing the need for compromises while overall viewing it as highly positive. Enforcement of the law is not anticipated until at least 2025, with severe financial penalties of up to 35 million euros ($38 million) or 7% of a company’s global revenue for violations.
Generative AI systems like OpenAI’s ChatGPT have garnered widespread attention for their ability to produce human-like text, images, and music. However, concerns have been raised about the risks posed by this rapidly advancing technology to employment, privacy, copyright protection, and even human life.
Countries such as the U.S., U.K., China, and coalitions like the Group of 7 major democracies have introduced their own AI regulation proposals, albeit trailing Europe in this initiative.
Anu Bradford, a professor at Columbia Law School specializing in EU law and digital regulation, highlighted that robust EU regulations could serve as a compelling model for other governments navigating AI governance. She anticipated that AI companies subject to EU rules would likely extend these obligations beyond the continent to streamline operations across various markets.
Initially focused on addressing risks associated with specific AI functions based on their risk levels, the AI Act was expanded to cover foundation models—advanced systems that underpin general-purpose AI services such as ChatGPT and Google’s Bard chatbot.
Foundation models, also referred to as large language models, are trained on vast datasets comprising online content and images. These models empower generative AI systems to produce innovative outputs, distinguishing them from traditional rule-based AI.
Companies developing foundation models will need to provide technical documentation, comply with EU copyright regulations, and disclose the training data used. Advanced foundation models posing “systemic risks” will undergo additional scrutiny, including risk assessment, mitigation measures, incident reporting, cybersecurity protocols, and energy efficiency disclosures.
Researchers have raised concerns about the potential misuse of powerful foundation models by major tech companies to amplify online disinformation, cyberattacks, or even the development of bioweapons.
Rights groups have emphasized the lack of transparency regarding the training data for these models, highlighting the risks they pose to daily life as foundational elements for AI-driven services.
One of the most debated issues revolved around AI-driven facial recognition surveillance systems, with negotiators eventually reaching a compromise after intense discussions.
While European lawmakers initially pushed for a complete ban on public deployment of facial scanning and other remote biometric identification systems due to privacy concerns, member state governments secured exemptions to allow law enforcement use in combating serious crimes like child exploitation and terrorism.
Rights groups have expressed concerns about these exemptions and other significant loopholes in the AI Act, including insufficient safeguards for AI systems used in migration and border control, as well as the option for developers to opt-out of classifying their systems as high risk.
Daniel Leufer, a senior policy analyst at Access Now, a digital rights organization, noted, “Regardless of the victories in these final negotiations, significant flaws will persist in this final text.”
