AI risks categorization

The AI Act defines three risk categories related to the use of AI: high, limited and minimal. They refer to the impact that artificial intelligence solutions can have on people’s lives. In each case, requirements are set regarding data quality, operational transparency, supervision and responsibility of solution providers and users.

High-risk category. It concerns solutions that have a significant impact on human life or basic human rights. These include, for example, biometric systems, transport, health care, education and recruitment. Entrepreneurs will have to meet high requirements regarding compliance, transparency, cybersecurity, risk reduction and human supervision. It will also be necessary to introduce standards for data sets used for AI training.

Limited risk category. These are solutions that have less impact on people, but require transparency of action. There are, for example, chatbots, voice assistants and systems providing recommendations. Transparency requirements for entrepreneurs are lower. In the case of, for example, deepfakes and other content generators, there is a need to mark content so that users know that they were created using artificial intelligence.

Minimal risk category. This category is not subject to specific requirements and includes, among others: computer games, filters for graphics and photos, and interactive toys.

When AI cannot be used

The new legal regulations also indicate areas in which the use of AI will be unacceptable. Generally speaking, they refer to situations where unfair or unfavorable treatment of persons or social groups occurs. This includes, among others:

• Predictive policing applications

These are systems that allow the police and other services to predict criminal behavior based on algorithms. They were banned due to numerous cases of incorrect indications, leading to the arrest of innocent people, and at the same time, low effectiveness in identifying the perpetrators of actual crimes.

• Biometric tools for real-time emotion analysis

The use or development of tools that detect human emotions is not allowed in areas such as workplaces, schools or police applications. This is due to commonly criticized aspects of such systems, e.g. projecting cultural biases into systems. However, the act may be modified in this respect, as some systems of this type may have useful and potentially harmless applications.

• Social scoring solutions

Social scoring involves assigning points to citizens based on their behavior. This solution is used in China and the AI Act strongly opposes it hence the provision banning it.

• Real-time biometric identification systems

In this case, certain exceptions are provided for in the detection of serious crimes, such as child kidnapping. Serious crimes are those punishable by more than 3 years in prison in a given member state.

Consequences of the AI Act

It should be noted that the AI Act is not yet applicable law in the EU. The act must be approved by all member states, which may be difficult considering, among others, the opposition of France, Germany and Italy, which argue that the AI Act could stifle innovation.

However, if the law comes into force, there is a chance that it will become a model for other markets, just like the GDPR standard. The question is how the United States, where the largest companies dealing with these technologies are based, will react to the AI Act. We should rather expect their opposition to possible attempts to introduce similar legislation and strong lobbying against them.

For companies deeply involved in the creation and implementation of new technologies in IT projects, embracing artificial intelligence is an irreversible trend. This perspective has permeated businesses across various scales, industries, and geographical locations. While the establishment of a legal framework for this potent tool is crucial, valid concerns about the potential hindrance to innovation due to the AI Act have surfaced. Regardless of when the AI Act officially comes into effect, European-based companies should proactively consider the outlined guidelines in their operations. As our company operates in both Europe and the United States, it presents an intriguing opportunity to compare the regulatory impacts on the development opportunities of IT projects – says Michał Jaremek, Board Member RITS Professional Services.

At the same time, it should be noted that the AI Act is a step in the right direction, as the lack of any legal regulations regarding artificial intelligence is a dangerous situation. It encourages abuse and poses a serious danger to citizens. However, it is important not to kill innovation by actually creating new laws.

If you’re curious about how we support our business partners in their IT projects, be sure to check out our  section: Case studies | RITS Professional Services.