The EU AI Act: What you need to know

The European Union’s new legislation is the first of its kind — and has global reach


On December 8, 2023, the European Union made a significant step in digital governance by introducing the first set of comprehensive artificial intelligence (AI) regulations. This legislation, poised for a European Parliament vote by early 2024, is first out of the gate in regulating AI. As organizations look to comply with this act (and the additional regulations likely to come on its heels), one thing is for sure: The ability to have access and insight into all data will be essential. And the stakes have never been higher.

Risk-based approach: A new paradigm

The EU AI Act introduces a risk-based approach to AI regulation, by categorizing AI applications into four separate levels: Unacceptable Risk, High-Risk, Limited Risk, or Minimal Risk. The Act ensures that the higher the risk, the stricter the governance. This stratification demands rigorous awareness and compliance from AI providers and users, especially in areas of high-risk AI like medical devices, transportation, and law enforcement.

Global impact

Though created in the EU, the act has global reach, applicable to any organization that provides or deploys AI systems that affect people in the EU.

Open-source AI

The Act raises critical concerns regarding the development of open-source AI. While the Act aims to foster responsible AI development, experts suggest a more balanced approach to avoid stifling innovation in open-source AI, crucial for transparency and democratization in the AI landscape.

Penalties and enforcement

The Act doesn’t shy away from imposing hefty penalties for non-compliance — but enforcement doesn’t begin until 2025. Violations, particularly in unacceptable and high-risk categories, could lead to fines as high as 7% of global sales, underscoring the EU's commitment to deterrence and enforcing these regulations.

A catalyst for future AI policies

As the EU finalizes the AI Act, it's not just reshaping its own policy landscape but also setting a precedent and tone for global AI regulation. This Act will likely influence AI policies worldwide, including in the US, emphasizing the need for responsible, transparent, and ethical AI development. The key will be to ensure these global regulations are complementary and harmonized to the highest degree possible.

Looking toward the future

The EU AI Act marks a critical juncture in AI governance. It reflects a growing recognition of the need for robust regulatory frameworks in the digital age while balancing the imperatives of innovation and ethical responsibility. As the world watches, this Act could well become a blueprint for future AI regulation globally. While many of the technical details are still being hammered out and questions remain, Elastic® looks forward to continuing to work with the EU on implementing responsible AI.

How organizations can prepare

Because the act will not be enforced until 2025, organizations have time to thoughtfully prepare — and align teams, processes, and technology behind the new regulations.

  1. Understand and track all your organization’s AI use cases, and map them to the risk levels outlined in the act.

  2. Develop and begin to implement internal AI governance, processes, and policies at your organization.

  3. Ensure you have full visibility into and access to all data — of all types, from all sources. As you use, or consider using, your data with AI applications, you’ll need to know what types of data are used and where.

To learn more about how Elastic can help address security and privacy concerns with AI

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

In this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.

Elastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.