The EU AI Act: What you need to know

The EU AI Act introduces a risk-based approach to AI regulation, by categorizing AI applications into four separate levels: Unacceptable Risk, High-Risk, Limited Risk, or Minimal Risk. The Act ensures that the higher the risk, the stricter the governance. This stratification demands rigorous awareness and compliance from AI providers and users, especially in areas of high-risk AI like medical devices, transportation, and law enforcement.

Though created in the EU, the act has global reach, applicable to any organization that provides or deploys AI systems that affect people in the EU.

The Act raises critical concerns regarding the development of open-source AI. While the Act aims to foster responsible AI development, experts suggest a more balanced approach to avoid stifling innovation in open-source AI, crucial for transparency and democratization in the AI landscape.

The Act doesn’t shy away from imposing hefty penalties for non-compliance — but enforcement doesn’t begin until 2025. Violations, particularly in unacceptable and high-risk categories, could lead to fines as high as 7% of global sales, underscoring the EU's commitment to deterrence and enforcing these regulations.

As the EU finalizes the AI Act, it's not just reshaping its own policy landscape but also setting a precedent and tone for global AI regulation. This Act will likely influence AI policies worldwide, including in the US, emphasizing the need for responsible, transparent, and ethical AI development. The key will be to ensure these global regulations are complementary and harmonized to the highest degree possible.

The EU AI Act marks a critical juncture in AI governance. It reflects a growing recognition of the need for robust regulatory frameworks in the digital age while balancing the imperatives of innovation and ethical responsibility. As the world watches, this Act could well become a blueprint for future AI regulation globally. While many of the technical details are still being hammered out and questions remain, Elastic® looks forward to continuing to work with the EU on implementing responsible AI.

Because the act will not be enforced until 2025, organizations have time to thoughtfully prepare — and align teams, processes, and technology behind the new regulations.

1. Understand and track all your organization’s AI use cases, and map them to the risk levels outlined in the act.

2. Develop and begin to implement internal AI governance, processes, and policies at your organization.

3. Ensure you have full visibility into and access to all data — of all types, from all sources. As you use, or consider using, your data with AI applications, you’ll need to know what types of data are used and where.