Lawyers at Mason Hayes & Curran (MHC) say that fines under the EU’s new regulations on artificial intelligence (AI) could be even more significant than those imposed for breaches of GDPR rules on privacy.
Partner and head of AI Brian McElligott says that non-compliance with the AI Act can lead to fines ranging from €7.5 million (1.5 % of turnover) to €35 million (7% of global turnover), depending on the infringement and size of the company.
“To put these figures in context, the maximum fines under the GDPR are €20 million, or 4% of worldwide turnover,” he writes in the firm’s Artificial Intelligence Review, a guide to the current state and future direction of AI regulation in the EU and the wider world.
Rights assessment
The text of the AI Act, agreed by the European Parliament and EU Council late last year, is not expected to be published for some months yet, according to the review.
McElligott (pictured) highlights the introduction of a fundamental-rights impact assessment for high-risk AI systems as one of the main changes to the European Commission’s original proposal secured by MEPs.
“In addition, EU citizens will have the right to launch complaints about AI systems and receive explanations about decisions based on high-risk AI systems that impact their rights,” he states, adding that the precise parameters and contours of these rights are yet to be established.
McElligott also highlights a ban on the use of biometric categorisation systems agreed in the act, but adds that exceptions allowing law-enforcement agencies to use these systems in limited circumstances have been re-introduced, having earlier been removed by MEPs.
Differing philosophies
The review says that governments in the EU, US, and Britain appear to be coalescing around more concrete proposals for the regulation of artificial intelligence (AI), despite differing philosophies.
McElligott contrasts the EU approach with that taken by Britain, which has committed to abstaining from implementing new legislation for the time being, relying instead on existing regulations with an AI-specific overlay.
The US, he adds, has pushed for national AI standards through executive orders, but has also adopted some AI-specific rules at the state level, both through comprehensive privacy legislation and for specific AI-related use cases.
“As a result, these three territories are putting forward three different approaches to the regulation of AI,” he states.
McElligott argues, however, that the EU legislation, which has the potential to be the world’s first comprehensive regulation of AI, could “set the global standard” in the same way as GDPR has done for data protection.
The MHC review also looks at the regulation of fintech AI in the EU, the WHO's views on AI in healthcare, and the impact of AI on the built-environment sector. It also explores the intersection of AI with intellectual-property law.