AI Legislation Series: A simple guide to the EU's Artificial Intelligence Act.

The European Union’s (EU) Artificial Intelligence Act (AI Act) officially came into force on 1 August 2024 and is the world’s first comprehensive legal framework governing AI systems. 

It adopts a risk-based approach that categorises AI applications by their potential impact on safety and people’s rights. By adopting a risk-based regulation model, the rules focuson where the biggest problems are that could seriously impact people, with less focus on things that pose little danger. 

While the Act primarily targets the EU internal market, its extraterritorial reach means that organisations outside the EU, including Australian businesses, will be affected if they develop or supply AI systems used within the EU.  

What is the danger scale? 

The EU AI Act classifies AI systems into risk categories and applies corresponding regulatory obligations to each: 

1. Unacceptable Risk: These AI practices are prohibited outright due to their potential to seriously threaten individual rights or public safety. For instance, AI systems that engage in social scoring—assigning reputational scores to individuals that can limit access to services—or exploit vulnerabilities through manipulative tactics, are banned. Think a Black Mirror TV episode. This category represents the EU’s commitment to preemptively halt harmful AI uses. 

 2. High Risk: AI systems in this category are used in sensitive areas where erroneous or biased decisions can lead to significant harm. Examples include AI employed in healthcare for diagnostic support, education for admissions decisions, recruitment in employment, border control in migration management, and law enforcement for suspect identification. Such systems must meet strict requirements regarding data quality, transparency, human oversight, robustness, and undergo conformity assessments before deployment. 

3. Limited Risk: AI systems like chatbots or content recommendation engines that interact with users fall under this group. They must adhere to transparency guidelines, which generally require informing users that they are engaging with an AI system, ensuring clear communication without misleading individuals. 

4. Minimal Risk: The majority of everyday AI applications, such as spam filters, language translation tools, and video games, are placed here. These face minimal regulatory interference to encourage continued innovation and adoption. 

Compliance, Oversight, and Enforcement 

The EU AI Act sets up several layers of oversight and enforcement. Each EU country picks its own main authority to make sure organisations follow the rules, handle necessary registrations, and look into any possible violations. These national authorities are guided and coordinated by the European Artificial Intelligence Board, which helps make sure the rules are applied the same way across all EU countries. For high-risk AI, conformity assessments by notified or certification bodies are mandatory to verify adherence to the Act’s standards before market entry. 

Non-compliance carries significant penalties. Entities breaching prohibitions on unacceptable AI systems may face fines up to €35 million or 7% of global turnover, whichever is higher. Other infringements can attract penalties up to €15 million or 3% of global turnover. The Act also takes into account the economic scale of organisations, offering proportionality for SMEs and startups. 

Implications for Australia 

Although designed for the EU, the AI Act’s extraterritorial scope means Australian companies that develop, deploy, or distribute AI systems intended for use in the EU must comply with its requirements. This includes manufacturers exporting products embedded with AI components, software providers offering AI services to EU clients, and any organisation whose AI outputs are used by EU-based businesses or consumers. 

In 2024 the Australian Government consulted on the need for mandatory guardrails for AI in high risk settings. It noted, that Australia's current regulatory system is not fit for purpose to respond to the distinct risks that AI poses. 

If Australia adopted a similar risk-based framework to the EU, there would be benefits in harmonisation with the EU, establishing a baseline of protection for citizen’s rights and promoting innovation and public trust. This type of umbrella legislation would complement Australia’s existing and emerging AI-specific laws, such as the Criminal Code Amendment (Deepfake Sexual Material) Act 2024. There need not be an either or with this legislative approach. And while the systems and laws of the EU differ to Australia, adoption of a broad, regulatory structure that addresses AI risks across sectors and use cases would advance Australia ‘s current AI guardrails significantly. 

Sources 

[1] EU regulates AI: will Australia follow suit? - Insight https://www.minterellison.com/articles/eu-regulates-ai-will-australia-follow-suit 

[2] Europe's AI Act takes effect: What Australian businesses ... https://piperalderman.com.au/insight/europes-ai-act-takes-effect-what-australian-businesses-need-to-know-for-their-use-of-ai/ 

[3] The EU's AI Act & Its Impact on Australia https://privacy108.com.au/insights/eu-ai-act-impact-on-australia/ 

[4] What lessons can Australia learn from the EU Artificial ... https://lsj.com.au/articles/what-lessons-can-australia-learn-from-the-eu-artificial-intelligence-act/ 

[5] The EU AI Act and the Impact on Australia and New Zealand https://hamiltonlocke.com.au/the-worlds-first-ai-rulebook-the-eu-ai-act-and-the-impact-on-australia-and-new-zealand/ 

[6] AI Watch: Global regulatory tracker - Australia https://www.whitecase.com/insight-our-thinking/ai-watch-global-regulatory-tracker-australia 

[7] SHOULD AUSTRALIA FOLLOW EUROPE'S APPROACH ... https://anujolt.org/api/v1/articles/129799-should-australia-follow-europe-s-approach-to-ai-standards-and-regulation.pdf 

[8] Australia and the EU should work with the South Pacific on AI https://www.aspistrategist.org.au/australia-and-the-eu-should-work-with-the-south-pacific-on-ai/ 

[9] Navigating the legal landscape: AI in Australia https://www.ashurst.com/en/insights/navigating-the-legal-landscape-ai-in-australia/ 

[10] How are AI regulatory developments in the EU and US ... https://www.governanceinstitute.com.au/news_media/how-are-ai-regulatory-developments-in-the-eu-and-us-influencing-ai-policy-making-in-australia/ 

[11] AI Act https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai 

[12] EU Artificial Intelligence Act | Up-to-date developments and ... https://artificialintelligenceact.eu 

[13] The EU AI Act: A Quick Guide https://www.simmons-simmons.com/en/publications/clyimpowh000ouxgkw1oidakk/the-eu-ai-act-a-quick-guide 

[14] Introducing mandatory guardrails for AI in high-risk settings: proposals paper https://consult.industry.gov.au/ai-mandatory-guardrails 

*This blog was produced with assitance from AI. All sources have been verified.