Two unauthorized versions of the consolidated text regarding the proposed EU Artificial Intelligence Act were leaked online on Monday, signaling ongoing progress in advancing this significant legislation.
Luca Bertuzzi, the Technology Editor at Euractiv, made the decision to publish the final text due to the substantial public interest in the AI Act. The document, spanning 892 pages and presented in four columns, juxtaposes the original European Commission proposal with the mandates from the European Parliament and Council. The fourth column displays the draft consolidated agreement with redlines.
Following Bertuzzi’s announcement, Laura Caroli, a Senior Advisor in the European Parliament, also shared a 258-page consolidated document online.
Anticipation surrounding the release of the text had been building, with Bertuzzi previously indicating a firm deadline for finalizing the consolidated text by Monday, January 22, in preparation for the Telecom Working Party meeting on Wednesday and adoption at the ambassador level (COREPER) on February 2.
As reported by Bertuzzi on Monday, the text was circulated to EU Council members on Sunday afternoon. France is deliberating on the possibility of forming a blocking minority due to concerns about regulating foundation models, aiming to negotiate concessions within the text. The clarity of the situation will depend on the feedback provided by member states at the technical level.
In a recent development, trilogue negotiations faced obstacles when France, Germany, and Italy opposed the proposed approach to regulating foundation models, leading parliamentary officials to temporarily withdraw from negotiations. Progress was eventually made through extensive trilogue sessions in early December, culminating in a political agreement on the AI Act.
The timeline for reaching a consensus on the final text is constrained by upcoming parliamentary elections in June. Bertuzzi highlighted that national delegates will have limited time to review the entire text and will need to focus on key articles.
Key Dates
With the unofficial consolidated text now available, key insights can be gleaned for those monitoring the progress of the AI Act.
Joe Jones, the Research and Insights Director at IAPP, emphasized important dates outlined in the text. The AI Act would come into effect on the 20th day after publication in the EU Official Journal and would be implemented 24 months later, with exceptions for specific provisions.
The law would be phased in gradually, with prohibitions on high-risk AI systems taking effect 6 months after enactment. However, obligations for such systems would not be enforceable until 36 months post-enactment, a detail that may have gone unnoticed during last December’s trilogue meetings.
One year after enactment, obligations concerning general-purpose AI models, penalties for these systems, and the establishment of competent authorities by member states would come into force. Additionally, the European Commission’s implementing act on post-market monitoring and related elements would be applicable 18 months after enactment.
After 24 months, the AI Office must ensure updated classification rules and procedures, member states must communicate penalty regulations to the commission and ensure their implementation, and competent authorities must establish at least one AI regulatory sandbox at the national level.
Governance, Knowledge, and Training Highlights
Isabelle Roccia, CIPP/E, the Managing Director for Europe at IAPP, and Laura Pliauskaite, the European Operations Coordinator, focused on sections related to governance, training, qualifications, and knowledge. While these aspects are integrated throughout the text, several key points stand out.
Various recitals emphasize the importance of AI governance and adequate training. For instance, Recital 9(b) stresses “AI literacy” to equip all relevant actors in the AI value chain with the necessary insights for compliance and enforcement.
Recital 48 underscores the need for high-risk AI systems to allow oversight by natural persons throughout their lifecycle, requiring individuals in these roles to possess the requisite competence, training, and authority.
Recital 58 mandates deployers of high-risk systems to monitor effectively, provide instructions, and maintain records, with personnel fulfilling these duties expected to have appropriate training.
Regarding general-purpose AI systems, Recital 60(q) highlights the continuous assessment and mitigation of systemic risks, including the implementation of risk-management policies with accountability processes.
Several articles within the text elaborate on AI governance and knowledge requirements, such as articles 3, 4, 9, 14, 29, 33, 54, 55, and 59. Article 59(4) specifies that Member states must ensure that national competent authorities receive sufficient technical, financial, and human resources.
This narrative is evolving, and the IAPP will continue to track developments, share updates, and provide comprehensive resources to aid in understanding the obligations and requirements outlined in the EU AI Act.