An initial reaction to the EU AI Act

Julien Simon
2 min readJan 9, 2024

--

I’m done reading the 108 pages of the EU AI act. Yes, I’m that kind of person. Boring, huh?

It’s an awful bureaucratic document, as you’d expect. Still, I think it was worth the effort, as a wake up call on best practices that we should all already have adopted, even if we’re not in scope :)

I’m not a lawyer (thank God), but IMHO AI builders and users should read the following, and start planning:

  • Article 2 (Scope): guess what? If you serve traffic to EU users, you’re in (GDPR-style)
  • Article 3 (Definitions)
  • Article 5 (Prohibited use): hopefully, you’re not doing any of this.
  • Article 6 (Classification rules for high-risk AI systems): that’s a lot of customers. Even If you don’t qualify, you’re not completely off the hook, see section (82) on page 37.
  • Articles 9 to 12 : risk management, data governance, technical documentation, record keeping.
  • Articles 16 to 18 : obligations of providers of high-risk AI systems, quality management system, obligation to draw up technical documentation.
  • Article 29 : obligations of users of high-risk AI systems.
  • Article 61: Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems.
  • Article 64: Access to data and documentation.
  • Article 71: Penalties

On a personal level, concerned citizens may want to read sections (8), (9), (18), (21), and (23) on pages 20–22, and come to their own conclusions. Bullish for hats, wigs, and sunglasses 😎

Have you read the whole thing? What caught your eye as an AI practitioner?

--

--