The European Parliament adopted the EU Artifical Intelligence Act (“AI Act”) on 13.03.2024. The AI Act introduced the first legal framework to regulate the artificial intelligence. The AI Act aims to improve the functioning of the internal market and promote the uptake of human-centric and trustworthy AI, while ensuring a high level of protection of health, safety, fundamental rights, including democracy, the rule of law and environmental protection, against the harmful effects of AI systems in the EU and supporting innovation.

The AI Act adopts a risk-based approach which defines four levels of risk for AI systems. AI systems are categorized based on their potential risks to fundamental rights, safety, and societal values. Accordingly, the AI Act classifies AI systems into four risk categories: unacceptable risk, high-risk, limited risk, and minimal risk, each subject to varying levels of regulatory requirements. AI systems posing unacceptable risk, such as those designed to manipulate human behaviour or exploit vulnerable groups, are prohibited. AI systems posing high risks (e.g., in healthcare, transportation, law enforcement) are subject to strict requirements, including mandatory risk assessments, high-quality datasets, transparency, and human oversight. AI systems with limited risk do not fall into the high-risk or unacceptable risk categories but still require specific regulatory measures, including ensuring that end-users are aware that they are interacting with AI. Minimal risk systems do not pose significant risks to individuals’ rights or safety; therefore, they require only a few measures.

On the other hand, AI systems using a general-purpose AI model (“GPAI”) are also regulated. GPAI systems display significant generality and are can competently perform a wide range of distinct tasks. GPAI system providers shall prepare technical documentation and information for downstream providers, establish a policy to comply with copyright rules, and publish a summary of the content used for training.

The AI Act applies to providers and deployers offering services in the EU, irrespective of whether those providers are established within the EU. Additionally, it also applies to providers and deployers of AI systems that are located in a third country, if the output produced by the AI system is used within the EU. Therefore, in case the persons or market of the EU are involved, the relevant AI system (including those are provided or exported by Turkish undertakings) will be subject to the AI Act.

The AI Act will enter into force 20 days after its publication in the Official Journal of the EU on 12.07.2024. Unacceptable AI systems will be prohibited after 6 months from the effective date. Obligations and governance rules for GPAI systems will be applicable after 12 months from the effective date. Obligations for high-risk AI systems, as outlined in specific cases listed in the AI Act, will come into effect 24 months after the effective date.

Should you have any inquiries, please do not hesitate to contact us.