The digital age has ushered in an era where Artificial Intelligence ("AI") has become an integral tool for interaction and governance. However, numerous instances of privacy breaches, algorithm bias and misinformation have prompted an international narrative towards regulating AI.

While recognizing the need for regulation, policymakers and regulators also acknowledge the importance of not stifling innovation and development, considering that the full potential of AI remains largely unexplored. Several countries have made efforts to establish a framework for AI regulation, and the European Union ("EU") stands at the forefront with its proposed legislation.

Background and Rationale for the Regulation: The proposed EU Artificial Intelligence Act 2023[1] ("EU AI Act") acknowledges that AI can enhance operations, improve predictions, and personalize service delivery if regulated, thereby supporting socially and economically beneficial outcomes. This recognition forms the basis of the EU AI Act, ensuring that the development of AI does not harm individual rights. By optimizing AI applications, the EU aims to strike a balance between harnessing AI's potential and mitigating probable risks.

Summary of the EU AI Act

The Act classifies AI into three categories (stated below) and heavily regulates high-risk AI systems with high compliance thresholds. For small scale startups and providers, a voluntary code of conduct is proposed. Table 1.1 and 1.2 provide an overview of the proposed compliances and regulations. The Act also envisages a European Artificial Intelligence Board for contributing to 'uniform administrative practices in Member States.'

Categories of AI

1. Prohibited AI practices.
   
   1. The Act lists down the usage and conditions of prohibition barring some exceptions.
2. High risk AI.
   
   1. The Act focuses on regulating this.
3. Minimal / low risk AI.

S. No	Overview of prohibited AI practices under article 5	Corresponding elements
1	AI that deploys subliminal techniques to mentally distort a person's behavior	Causes or is likely to cause harm to another person (physical or psychological)
2	AI that materially exploits any vulnerabilities of a specific group
3	Social scoring when	Satisfies two factors, broadly when detrimental to natural persons
4	Use of real-time remote biometric identification systems in publicly accessing spaces	Three exceptions, has conditions and compliance requirements if used

Table 1.2 | High Risk AI Systems

Classification	AI system is intended to be used as a safety component of a product, or is itself a product	Reference to annexure II and III	Required to undergo a conformity assessment before being placed in the market
Requirements	Risk management	Data governance	Record keeping	Technical documentation	Transparency and information to users	Cybersecurity	Mechanism for human oversight
Obligations of Providers	Quality management systems in compliance with the Act	Technical documentation for high-risk AI systems	Ensure conformity assessment prior to placing it on the market	Information to national authorities – procedures laid down in the Act	Compliance with registration obligations under the Act	Take necessary corrective actions if AI is not in conformity with laid down compliances	Keep automatically generated logs when under their control
Other Obligations	Obligations given for importers, distributors, users and any third party under the Act	Certification, conformity assessment and adherence to standards set by the Act	Post-market monitoring obligations	When AI systems intend to interact with natural persons, additional disclosures to be made depending on the nature of AI (with some exceptions)		The Act designates notifying authorities and notified bodies. The procedure for reporting to them is also given

Brussel's Effect

The EU is known for taking a proactive approach towards data protection, and it is now extending its regulatory influence on the field of AI. The so-called Brussels effect[2], where EU regulations have a global impact due to the size and influence of its market, is expected to extend to AI regulation as well. By setting a precedent and providing a comprehensive framework, the EU is positioning itself as a frontrunner in shaping the global AI landscape.

How can India adapt?

The EU AI Act is poised to heavily regulate high-risk AI systems, and although it is yet to be enforced, the Act is progressing towards implementation. The notion that certain AI systems should only be permitted in exceptional cases is a step in the right direction.

While the United States envisions a federal-level act, it remains a distant reality as many states have proposed their own regulations, and federal-level assessments are ongoing. Additionally, there is a vast unchartered territory of AI that requires regulation within a controlled environment. However, USA has identified five principles that should guide the usage of AI[3].

The bedrock of AI regulation appears to be common: ethical usage of AI with a view to protect individual rights and mitigate possible risks.

While India is in the process of finalizing a comprehensive data protection framework, it has refrained from regulating AI, at present. This appears to be plausible given the lack of international regulations and uncertainties surrounding AI's future. However, it is crucial to note that the underlying principle of protecting the rights of citizens in the digital age is fundamental to democracy and international standing. Therefore, it is essential to adopt an internationally accepted principle-based approach to regulate AI.

Among other developments, the Ministry of Electronics and Information Technology ("MeitY") has recently issued a rationale presentation for the yet to be proposed Digital India Act[4], highlighting ethical usage of AI. It positions AI as an intermediary, hinting at the potential categorization of AI under future Indian regulations.

Stakeholder Comments

One of the key challenges faced by regulators is striking a balance between regulating AI and fostering innovation. Recognizing this dilemma, stakeholders have put forth their agenda for limited regulation to ensure that innovation and development in the AI field are not hindered. Large industry players like Meta and OpenAI have supported the EU AI Act in taking a risk-based approach towards AI. OpenAI, in its white paper[5] has also stated certain compliances such as informing natural persons that they are interacting with an AI, to be already in place by them.

Conclusion
The EU AI Act has the potential to reshape the AI landscape by introducing enforceable regulations that address the ethical, legal, and technical aspects of AI systems. Moreover, the Act's influence is likely to extend beyond the Union's borders, as it sets precedents that may be adopted by other jurisdictions. The Act represents a significant step towards harnessing the potential of AI while safeguarding individual rights.


End-Notes:

• https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52021PC0206
• https://scholarship.law.columbia.edu/books/232/
• https://www.whitehouse.gov/ostp/ai-bill-of-rights/
• https://www.meity.gov.in/writereaddata/files/DIA_Presentation%2009.03.2023%20Final.pdf
• https://www.documentcloud.org/documents/23850240-ares20226851313-openai_aia_white-paper