An initial reaction to the EU AI Act

I’m done reading the 108 pages of the EU AI act. Yes, I’m that kind of person. Boring, huh?

It’s an awful bureaucratic document, as you’d expect. Still, I think it was worth the effort, as a wake up call on best practices that we should all already have adopted, even if we’re not in scope :)

I’m not a lawyer (thank God), but IMHO AI builders and users should read the following, and start planning:

• Article 2 (Scope): guess what? If you serve traffic to EU users, you’re in (GDPR-style)
• Article 3 (Definitions)
• Article 5 (Prohibited use): hopefully, you’re not doing any of this.
• Article 6 (Classification rules for high-risk AI systems): that’s a lot of customers. Even If you don’t qualify, you’re not completely off the hook, see section (82) on page 37.
• Articles 9 to 12 : risk management, data governance, technical documentation, record keeping.
• Articles 16 to 18 : obligations of providers of high-risk AI systems, quality management system, obligation to draw up technical documentation.
• Article 29 : obligations of users of high-risk AI systems.
• Article 61: Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems.
• Article 64: Access to data and documentation.
• Article 71: Penalties

On a personal level, concerned citizens may want to read sections (8), (9), (18), (21), and (23) on pages 20–22, and come to their own conclusions. Bullish for hats, wigs, and sunglasses 😎

Have you read the whole thing? What caught your eye as an AI practitioner?