News – 16.11.2023

The EU AI Act as a trailblazer in the regulation of artificial intelligence

Employees smiling on the balcony

Main contact

The European Union is currently drafting an Artificial Intelligence Regulation which is going to be the first comprehensive AI Act in the world. The new AI regulation is important not only in terms of ethical artificial intelligence but also in terms of competitiveness of the EU. The AI regulation aims to ensure the utilization of artificial intelligence in a way that protects the fundamental rights and safety of its users.

In June, The European Parliament gave its position on the rules concerning the use of artificial intelligence in relation to the AI regulation. Next, the European Parliament and The Council of the European Union will continue negotiations on the final wording of the AI regulation. The objective of the AI Act is to reduce and control the challenges and problems brought on by artificial intelligence with legislation. On the other hand, the aim of the regulation is to create a flexible regulatory framework that allows the development of artificial intelligence with citizen’s right to privacy and other fundamental rights in mind. The regulation would apply to both private and public entities within and outside the European Union when an AI system is offered in the single market, or its use will affect people living in the EU. The regulatory framework will respond to the long-acknowledged need to intervene in the development and use of artificial intelligence by legislation. For example, the European Parliament has since 2017 asked the EU to react to the growth of artificial intelligence with a regulatory framework in order to protect, for example, the ethical principles of the Union.

At its best, artificial intelligence produces a wide range of social benefits. Although the risks connected to most AI systems are small, artificial intelligence can have undesired effects. Software’s using AI would be divided into four different risk categories. Prohibited uses for AI would include biometric identification; emotion recognition systems in law enforcement, border control, workplaces and in educational establishments; and proactive policing i.e. the prediction of crimes with profiling, location or earlier behaviour. Additionally, content-producing AI, such as ChatGPT, will have to tell when the content is produced by artificial intelligence. The supervision of artificial intelligence has to be done by humans and not be automatic so that its safety can be ensured. From a data protection perspective, for example, the right of AI systems to process personal data and the use of input personal data in the development of AI systems can be seen as problematic.

The AI regulation will harmonize legislation regarding the utilization, development and deployment of AI within the Union. Risk assessments will be used to identify high-risk AI systems in order to effectively monitor these systems. One of the main motivators behind the AI regulation has been the desire to enable the EU’s position as a trendsetter in the regulation of AI and to ensure that the citizens have a chance to benefit from artificial intelligence. The regulatory framework aims to protect and enhance the fulfilment of the fundamental rights and values of the Union, strengthen the citizens confidence in AI and encourage companies in its development. Additionally, the regulation aims to facilitate investing and innovation, and to promote the development of a legal, safe and reliable application in the single market.

To achieve these goals, the regulation is meant to utilize existing infrastructure in the member states and establish an administrative system that functions at the level of individual member states. Moreover, a European Artificial Intelligence Board will be established at Union level to facilitate co-operation. The AI regulation will become binding once the Council of the European Union and the European Parliament come to an agreement on the wording of the regulation. The goal is to reach a joint position by the end of 2023. The application of the regulation will begin approximately two years after its entry into force.

We have just published a new data protection update. If you want information about current data protection issues, you can order the update by sending email to