New EU Regulation about Artificial Intelligence 2024/1689

More and more machines, sites or electrical equipment make use of self-learning algorithms to increase the usability for customers and users. In relation to product safety this represents a novelty: the behaviour of products does no longer necessarily possess a certain functional range when being placed on the market. Due to self-learning software components this functional range can face modifications or upgrades.

To face these challenges the EU Commission has submitted a legislative proposal for a concept dealing with Artificial Intelligence (AI) on a European scale. This proposal promotes the use of AI and intends to take all risks into account that might emerge together with AI systems. At the end of this legislative initiative there shall be a regulation with harmonized specifications. These rules are supposed to regulate the development, placing on the market as well as the application of such AI systems in the EU.

“On Artificial Intelligence, trust is a must, not a nice to have. With these landmark rules, the EU is spearheading the development of new global norms to make sure AI can be trusted “, states Margrethe Vestager, Executive Vice-President for a Europe fit for the Digital Age.
 

Link and effective dates

• The new AI Regulation was originally intended to complement the new Machinery Regulation (EU) 2023/1230. Therefore, both drafts had the same issue date, but the Machinery Regulation was published earlier, on 2023-06-29.
• On 9 December 2023, the European Parliament and the Council reached a political agreement on the Artificial Intelligence Act (AI Act). This must now be formally approved, after which it can be published in the Official Journal of the EU.
• On 13 March, the EU Parliament voted by a large majority in favour of the compromise text negotiated in December 2023
• On 12 July 2024 the regulation the regulation was published in the Official Journal of the EU. It will enter into force 20 days after publication in the EU Official Journal, it will be binding from 2 August 2026. 

Contents of the regulation (selection)

Background: Control requirements for artificial intelligence

In recent years AI systems have undergone a rapid technical development. The EU Commission has made a call for action to launch a harmonized European regulation to counter the challenges caused by AI systems. This involves a common European framework that considers positive aspects as well as possible risks of such systems. The targets are to protect both fundamental rights as well as users to establish a legal basis for the rapidly developing field of AI.
 

Risk Classifications

With the new regulation, the legislator is taking a risk-based approach. This states that "the nature and content of such rules shall be tailored to the intensity and scale of the risks that AI systems may pose". This means that AI systems that pose an unacceptable risk to human safety would be strictly prohibited. This includes systems that use subliminal or intentionally manipulative techniques, exploit human vulnerabilities or are used for social scoring (classifying people based on their social behaviour, socio-economic status or personal characteristics)

• Minimal risk
• High-risk
• Unacceptable risk
• Specific transparency risk

AI systems with an unacceptable risk are therefore banned as they pose a safety threat to users. If a system poses a high risk, strict requirements must be met before it can be authorised on the market. In the case of a low risk, the regulation merely points out possible dangers; in the case of a minimal risk, there should be as little interference as possible in the free use of such systems. In the case of a specific transparency risk, users must be informed if biometric categorisation or emotion recognition systems are used.
 

High-risk AI

In the new Comprmiss proposal of May 2023, MEPs expanded the classification of high-risk areas to include hazards to health, safety, fundamental rights or the environment. They also added AI systems used to influence voters in political campaigns and in recommendation systems used by social media platforms (with more than 45 million users under the Digital Services Act) to the list of high-risk areas.
 

Fines

Companies that do not comply with the regulations will face fines. The fines amount to EUR 35 million or 7 % of annual global turnover (whichever is higher) for violations of prohibited AI applications, EUR 15 million or 3 % for violations of other obligations and EUR 7.5 million or 1 % for providing false information. For SMEs and start-ups, more proportionate upper limits for fines are provided for offences against the AI Act.
 

General purpose AI

The AI Act introduces special rules for general purpose AI models to ensure transparency along the value chain. For very powerful models that could pose systemic risks, there will be additional binding obligations in terms of risk management and monitoring of serious incidents. These new obligations will be operationalised through codes of conduct developed by industry, academia, civil society and other stakeholders together with the Commission.
 

Interaction with the new Machinery Regulation (EU) 2023/1230

The future AI Regulation and Machinery Regulation 2023/1230 are intended to complement each other. The AI Regulation primarily covers safety risks emanating from AI systems that control safety functions of a machine. As a complement, the Machinery Regulation is intended to ensure the integration of the AI system into the overall machine so as not to jeopardize machine safety as a whole. 

Furthermore, the European Commission underlines that manufacturers must conduct only one declaration of conformity for both regulations.
 

Standardisation request for harmonised standards under the AI Act

The regulation envisages a key role for harmonised standards in ensuring compliance with the provisions of the AI Regulation. According to Article 40 (1), harmonised standards are to be developed specifically for high-risk systems or general-purpose AI models, which will subsequently be published as references in the Official Journal of the European Union. On 14 January 2025, the European Commission published a draft standardisation mandate to the standardisation organisations CEN and CENELEC. This document already communicates details for future technical standards of this kind to ensure security, transparency and protection of fundamental rights in connection with the application of the AI Act throughout the EU.

With regard to the requirements profile, harmonised standards must therefore meet the following technical aspects:

• Risk management systems for AI (Article 9 AI Act).
• Data quality and governance (Article 10).
• Logging and documentation requirements (Article 12).
• Transparency and information requirements for users (Article 13).
• Human oversight (human control of AI) (Article 14).
• Defining accuracy, robustness and cybersecurity (Article 15).
• Quality management and conformity assessment (Article 17).

You can open and download the draft standardisation mandate (so far only available in English) for the AI Act via the following link:

Draft standardisation request for the AI Act

The Technical Committee CEN/CLC JTC 21 ‘Artificial Intelligence’ and its subgroups, led by Danish Standards, are primarily responsible for developing the harmonised standards. The schedule for developing the harmonised standards provides the following rough framework:

• August 2025: Publication of first draft standards (prENs)
• August 2026: Publication of final standards by CEN/CENELEC, followed by implementation as national standards
   

The following European standards, which are expected to be used to meet the requirements of the AI Act, have been published to date:

• EN ISO/IEC 23894:2024 – Information technology - Artificial intelligence - Guidance on risk management
• EN ISO/IEC 22989:2023 – Information technology - Artificial intelligence - Artificial intelligence concepts and terminology
• CEN/CLC ISO/IEC/TR 24027:2023 – Information technology - Artificial intelligence (AI) - Bias in AI systems and AI aided decision making
• EN ISO/IEC 8183:2024 – Information technology - Artificial intelligence - Data life cycle framework
• EN ISO/IEC 12792 – Artificial intelligence - Transparency taxonomy of AI systems
• ISO/IEC TS 6254 - Objectives and approaches for explainability of ML models and AI systems
• ISO/IEC TS 8200 - Controllability of automated artificial intelligence systems
• ETSI TS 104 223 - Securing Artificial Intelligence (SAI); Baseline Cyber Security Requirements for AI Models and Systems

Artificial Intelligence in mechanical engineering

An initial attempt to integrate the limits of mechanical learning into machinery is the recently published ISO/TR 22100-5:2021-01 „Safety of machinery - Relationship with ISO 12100 - Part 5: Implications of artificial intelligence machine learning“. The contents of this technical report can also be found in the draft standard for the new EN ISO 12100, which addresses the unintended, self-developing behaviour of AI in the ‘risk assessment’ section.

The technical report ISO/IEC TR 5469:2024 ‘Artificial intelligence – Functional safety and AI systems’ establishes for the first time a basis for the development and control of AI-based safety-related functions.
It describes the properties, associated risk factors, available methods and processes for using AI within a safety related function to realize the functionality. The document also describes the use of AI systems to design and develop safety related functions. 
 

Prospects

The regulation was published in the Official Journal of the EU on 12 July 2024 and will enter into force 20 days later on 1 August 2024. It will become binding 2 years after publication on 2 August 2026, although there will be exceptions for individual provisions: 

• Prohibited practices in the AI sector in accordance with Article 5 of the regulation (e.g. emotion recognition and social scoring) from 2 February 2025
• AI models with a general purpose (for governance and sanctions) from 2 August 2025
• Certain high-risk systems according to Article 6 (1) from 2 August 2027

For a detailed overview of the various implementation dates, please refer to the timeline of the artificial intelligence act.

• Implementing Regulation (EU) 2025/454 lays down the provisions for the establishment and functioning of a scientific panel of independent experts in the field of artificial intelligence to support the enforcement of the AI Regulation (EU) 2024/1689.
• The EU Commission's FAQ page on AI literacy explains the AI Act's requirements for AI literacy under Article 4, which stipulates that companies must ensure that all persons involved with AI systems – both internally and externally – have sufficient AI literacy.
• The FAQ page ‘General-Purpose AI Models’ explains the requirements of the AI Act for providers of AI models for general purposes, including requirements for technical documentation, copyright compliance, transparency regarding training data and the handling of systemic risks.The EU Commission's FAQ page on AI literacy explains the AI Act's requirements for ‘AI literacy’ under Article 4, which requires companies to ensure that all persons involved with AI systems – both internally and externally – have sufficient AI literacy.

Posted on: 2025-05-27 (Last amendment)