I’m done reading the 108 pages of the EU AI act. Yes, I’m that kind of person. Boring, huh?
It’s an awful bureaucratic document, as you’d expect. Still, I think it was worth the effort, as a wake up call on best practices that we should all already have adopted, even if we’re not in scope :)
I’m not a lawyer (thank God), but IMHO AI builders and users should read the following, and start planning:
- Article 2 (Scope): guess what? If you serve traffic to EU users, you’re in (GDPR-style)
- Article 3 (Definitions)
- Article 5 (Prohibited use): hopefully, you’re not doing any of this.
- Article 6 (Classification rules for high-risk AI systems): that’s a lot of customers. Even If you don’t qualify, you’re not completely off the hook, see section (82) on page 37.
- Articles 9 to 12 : risk management, data governance, technical documentation, record keeping.
- Articles 16 to 18 : obligations of providers of high-risk AI systems, quality management system, obligation to draw up technical documentation.
- Article 29 : obligations of users of high-risk AI systems.
- Article 61: Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems.
- Article 64: Access to data and documentation.
- Article 71: Penalties
On a personal level, concerned citizens may want to read sections (8), (9), (18), (21), and (23) on pages 20–22, and come to their own conclusions. Bullish for hats, wigs, and sunglasses 😎
Have you read the whole thing? What caught your eye as an AI practitioner?