解读欧盟人工智能法案（英）-毕马威

DecodingtheEUAIActUnderstandingtheAIAct’simpactandhowyoucanrespondKPMG.MaketheDifference.KPMGInternational|/trustedaiContents17Nextstepsscope©2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct2Introduction©2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct3ArtificialIntelligence(AI)isofferingnewbenefitstosocietyandbusinesses,aimingtotransformtheworkplaceandmajorindustriesalongtheway.Simplyput,theraceisontoembracetheremarkableandevolvingpowerofAIandautomation.OrganizationalleadershipshoulddriveinitiativesinlinewiththeAIAct,companybrand,valuesandrisktolerancetopromoteresponsibleuseofAI.Thiscanhelppromoteethicaldevelopment,regulatorycompliance,riskmitigationandstakeholdertrust.AsKPMG’sGlobalTechReport2023reveals,mostglobalexecutives(62percent)reportanincreaseinperformanceorprofitabilityfromdigitaltransformationinitiativesrelatedtoAIandmachinelearningoverthepast24months.And68percentsaythesetechnologieswillplaya‘vital’roleinhelpingthemachievetheirbusinessobjectivesoverthenextthreeyears,while57percentbelieveAIandmachinelearningwillbe‘important’inmeetingshort-termobjectives.Inresponse,theEuropeanUnion(EU)hasreachedaground-breakingprovisionalagreementonacomprehensiveArtificialIntelligenceAct(AIAct)thattakesarisk-basedapproachtoprotectingfundamentalrights,democracy,theruleoflawandenvironmentalDavidRowlandsGlobalAILeaderKPMGInternationalsustainability.Thoughit'sexpectedtobecomelaw1in2024,withcomplianceexpectedby2025,thislegislation—thefirstofitskind—isanticipatedtoemergeasthede-factonewglobalstandardforAIregulation.ButastheworldwideAIproliferationinbusinessandoureverydaylivesunfolds,thereisacriticalneedforguardrailsandlegislationtodealwithsignificantnewrisksregardingtheappropriateandethicaluse,developmentanddistributionofAI.AccordingtoTrustinartificialintelligence,aglobalsurveyconductedbyAIshouldbedevelopedandusedwithafocusonsafetyandethics,turningtechnologicaladvancementintoapositiveforceforsociety.TheEUAIActwillhelpfosterinnovationwhileprotectingend-users.WiththeintroductionoftheAIAct,theEUaimstostrikeabalancebetweenfosteringAIadoptionandensuringindividuals’righttoresponsible,ethicalandtrustworthyuseofAI.Inthispaper,weexplorewhattheAIActmaymeantoyourorganizationandexamineKPMGAustraliaandtheUniversityofQueensland,threethestructureoftheAIAct,theobligationsitimposes,infivepeoplearewaryabouttrustingAIsystems,and71percentexpectAItoberegulated.Morerecently,CEOsfromglobaltechgiantscalledforgreaterAIregulationatameetingonCapitolHilltoprotectpeoplefromtheworsteffectsofAI.thetimelinesforcomplianceandtheactionplanthatorganizationsshouldconsider.LaurentGobbiGlobalTrustedAILeaderKPMGInternational1EuropeanParliament.(December9,2023).ArtificialIntelligenceAct:dealoncomprehensiverulesfortrustworthyAI[Pressrelease].©2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct4Executivesummary©2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct5TheAIActaimstoregulatetheethicaluseofAIHigh-riskAIsystemsarepermittedbutsubjecttothemoststringentobligations.Theseobligationswillaffectnotonlyusersbutalsoso-called‘providers’ofAIsystems.Theterm‘provider’intheAIActcoversdevelopingbodiesofAIsystems,includingorganizationsthatdevelopAIsystemsforstrictlyinternaluse.Itisimportanttoknowthatanorganizationcanbebothauserandaprovider.on,mayhavetoadheretotransparencyrequirements.Additionally,high-impactGPAImodels,whichpossessadvancedcomplexity,capabilities,andperformance,willfacemorestringentobligations.ThisapproachwillhelpmitigatesystemicrisksthatmayariseduetoAIholdsimmensepromisetoexpandthehorizonofwhatisachievableandtoimpacttheworldforourbenefit—butmanagingAI’srisksandpotentialknownandunknownnegativeconsequenceswillbecritical.TheAIActissettobefinalizedin2024andaimstoensurethatAIsystemsaresafe,respectfundamentalrights,fosterAIinvestment,improvegovernance,andencourageaharmonizedsingleEUmarketforAI.thesemodels'widespreaduse.5TheAIActdoesnotaffectꢀexistingUnionlawProviderswilllikelyneedtoensurecompliancewithstrictstandardsconcerningriskmanagement,dataquality,transparency,humanoversight,androbustness.ExistingUnionlaws,forexample,onpersonaldata,productsafety,consumerprotection,socialpolicy,andnationallaborlawandpractice,continuetoapply,aswellasUnionsectorallegislativeactsrelatingtoproductsafety.CompliancewiththeAIActwillnotrelieveorganizationsfromtheirpre-existinglegalobligationsintheseareas.MostAIsystemsneedtocomplywiththeAIActbythefirsthalfof2026UsersareresponsibleforoperatingtheseAIsystemswithintheAIAct’slegalboundariesandaccordingtotheprovider'sspecificinstructions.Thisincludesobligationsontheintendedpurposeandusecases,datahandling,humanoversightandmonitoring.TheAIAct'sdefinitionofAIisanticipatedtobebroadandincludevarioustechnologiesandsystems.Asaresult,organizationsarelikelytobesignificantlyimpactedbytheAIAct.Mostoftheobligationsareexpectedtotakeeffectinearly2026.However,prohibitedAIsystemswillhavetobephasedoutsixmonthsaftertheAIActcomesintoforce.TherulesforgoverningUnderstandingtheAIAct’simpactonꢀyourorganizationwillbepivotaltosuccessGuardrailsforgeneralAIsystemsNewprovisionshavebeenaddedtoaddresstherecentadvancementsingeneral-purposeAI(GPAI)models,general-purposeAIareexpectedtoapplyinearly2025.2includinglargegenerativeAImodels.Thesemodels4OrganizationsshouldtakethetimetocreateamapoftheAIsystemstheydevelopanduseandcategorizetheirrisklevelsasdefinedintheAIAct.IfanyoftheirAIsystemsfallintothelimited,highorunacceptableriskcategory,theywillneedtoassesstheAIAct’simpactontheirorganization.Itisimperativetounderstandthisimpact—andhowtorespond—assoonaspossible.canbeusedforavarietyoftasksandcanbeintegratedintoalargenumberofAIsystems,includinghigh-risksystems,andareincreasinglybecomingthebasisformanyAIsystemsintheEU.ToaccountforthewiderangeoftasksAIsystemscanaccomplishandtherapidexpansionoftheircapabilities,itwasagreedthatGPAIsystems,andthemodelstheyarebasedProvidersandusersofhigh-riskAIsystemsfacestringentobligationsTheAIActappliesarisk-basedapproach,dividingAIsystemsintodifferentrisklevels:unacceptable,high,limitedandminimalrisk.32345EuropeanCommission.(December12,2023).ArtificialIntelligence—QuestionsandAnswers[Pressrelease].EuropeanCouncil.(December9,202).ArtificialIntelligenceActTrilogue:Pressconference—Part4.[Video].EuropeanParliament.(March2023).General-purposeartificialintelligence[Backgroundmaterial].EuropeanCommission.(December12,2023).ArtificialIntelligence—QuestionsandAnswers[Pressrelease].©2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct6ExaminingtheAIAct’simpactandscope©2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct7TheEuropeanCommission(EC)proposedtheAIActinApril2021.AsofDecember2023,theEuropeanParliament,theEuropeanCouncilandtheEuropeanCommissionhavereachedaprovisionalagreementtomaketheAIActlaw.TheproposedAIActisexpectedtoreshapehowwethinkaboutandmanageAIsimilarlytowhathashappenedindataprivacyoverthelastcoupleofyears.Throughourlens:ThepotentialimpactoftheAIActExpectedtobecomelawin2024,theAIActwilllikelyhaveanimmediatewide-rangingimpactonanybusinessoperatingintheEUthatoffersAIproducts,servicesorsystems.ThelawintroducesadefinitionforAIintheEU,categorizesAIsystemsbyrisk,laysoutextensiverequirementsandnecessarysafeguardingmechanismsforAIsystems,andestablishestransparencyobligations.Stimulatethepositive•Carryoutconformityassessmentsandpost-marketmonitoringforhigh-riskAIsystems.•Stimulateinnovationthroughregulatorysandboxeswheresmallandmedium-sizedenterprisescantesttheirAIsystemswithoutimminentregulatoryscrutiny.•Establisheffectiveoversightandenforcementmechanisms.Manageandreducerisks•Promoteharmonizationofstandards,codesofconductandcertification.Whatitaimstodo?•••ProhibitunacceptablerisksinAIsystems.Avoidfundamentalrightsviolations.•••OffergreatertransparencyregardingAIsystems.Createalevelplayingfieldforthoseinvolved.TheECaimstobalancepromotingAIdevelopmentandboostinginnovationwithmanagingemergingriskseffectively.ThisisreflectedintheobjectivesofPreventtheuseofsubliminalorunethicaltechniquesthatmightinfluenceordistortaperson’sbehaviorinsuchawaythatitcausesharmtothatpersonoranotherperson.SafeguardfundamentalrightsandprovidelegalcertaintyforindividualsresidingintheEU.theproposal:6••••EnsuringthatAIsystemsontheEUmarketaresafeandrespectpublicrightsandvalues.Adoptbestpractices••Minimizebiasthatcouldresultinunfairorinadequateoutcomes.ProvidinglegalcertaintytofacilitateinvestmentandinnovationinAIsystems.•CategorizeyourAIsystemsandunderstandtheassociatedrisks.Restricttheexploitationofvulnerablepeopleorgroupsduetotheirage,disability,politicalopinionorotherfactors.Enhancinggovernanceandeffectiveenforcementofethicsandsafetyrequirements.•Imposemorestringentrequirementsforhigh-riskAIsystems(obligatoryriskmanagement,datagovernance,technicaldocumentation,etc.).FacilitatingthedevelopmentofasingleEUmarketforlawful,safe,trustworthyAIapplicationswhilepreventingmarketfragmentation.6EuropeanCommission.(April21,2021).ProposalforaRegulationoftheEuropeanParliamentandoftheCouncil,“LayingDownHarmonisedRulesonArtificialIntelligence(ArtificialIntelligenceAct)andAmendingCertainUnionLegislativeAct.”©2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct8Toachievetheseobjectives,theAIActappliesarisk-basedapproach.ThisallowsforestablishingspecificminimumrequirementstoaddresstherisksandproblemsꢀlinkedtoAIsystemswithoutundulyconstrainingorhinderingtechnologicaldevelopmentordisproportionatelyincreasingcostsrelatingtoplacingAIꢀsystemsonthemarket.Whatisnotcovered?affected,andtheyshoulddevelopawarenessandknowledge.GiventhebroaddefinitionofAIandthecurrentpaceofproliferation,organizationsshouldtakeaholisticapproach.Seniorexecutivesshouldcollaborateonpurposefulinnovationanddevelopment,riskmanagement,andgovernanceofAIsystemstoachievecompliancewiththeAIAct.•AIsystemsdevelopedorusedexclusivelyformilitarypurposes.•AIsystemsusedbypublicauthoritiesorinternationalorganizationsinnon-UnioncountrieswhenusedforlawenforcementorjudicialcooperationwiththeEUunderaframeworkofinternationalagreements.HowitwillbeenforcedandwhatarethepenaltiesWhowillbeaffected?••AIsystemsdevelopedandusedforthesolepurposeofscientificresearchanddiscovery.Mostorganizations,bothinsideandoutsidetheEU,aredevelopingorusingAIsystemsthatwilllikelyqualifyasAIunderthescopeoftheAIAct.Giventheshortimplementationperiod,however,organizationsshouldgainaprofoundunderstandingoftheAIsystemstheyaredevelopingand/ordeployingandhowtheymeasureuptotheAIAct’srequirements.TheEChasproposedastructureforenforcingAIproviderrequirementsbyestablishinganArtificialIntelligenceBoardandExpertGroup.BothpartiessitattheEUlevelandareresponsiblefor:AIsystemsintheresearch,testing,anddevelopmentphasebeforebeingplacedonthemarketorputintoservice(thisincludesfreeandꢀopen-sourceAIcomponents).•Contributingtoeffectivecollaborationwithnationalsupervisoryauthorities.•PeopleusingAIforpersonaluse.••Providingrecommendationsforbestpractices.Ensuringconsistentapplicationoftheregulation.Whatpartiesarecovered?InthesamewaytheGeneralDataProtectionRegulation(GDPR)isenforced,theECunderstandsthatnon-EuropeanentitiessellingtheirproductsinEuropeanmarketsshouldberegulatedsimilarlytothememberstates.TheEUisexpectedtobethecentergroundforglobalAIstandards,withdivergenceintheUSandpossiblytheUK.LiketheGDPR,theAIActwillhaveandextra-territorialeffect.•AnyproviderplacingAIsystemsonthemarketorputtingthemintoservicewithintheEU,regardlessoflocation.EachmemberstatewillbeexpectedtocreateordesignateaNationalCompetentAuthoritytoensuretheimplementationoftheregulationandtosafeguardtheobjectivityandimpartialityoftheiractivities.•AnyproviderofAIsystemslocatedoutsidetheEU,whosesystemoutputcanorisintendedforuseintheEU.TheEU’sproposedregulationwilllikelyhaveafar-reachingimpactonallorganizationsleveragingthevastpowerofAI,andtheconsequencesofnoncompliancecouldrangefromrestrictingmarketaccesstosignificantfinesdependingonthelevelofnoncompliance.Finesmayrangefrom35millioneurosor7ꢀpercentofglobalturnoverto7.5millionor1.5ꢀpercentofturnover,dependingontheinfringement••AnyproviderofAIsystemslocatedintheEU.Whoisaffectedinyourorganization?AnyimporterordistributorplacingAIsystemsonthemarketormakingthemavailablewithintheEU.Executiveswhomanagecompliance,datagovernanceandthedevelopment,deploymentand••ProductmanufacturersplacingproductswithAIsystemsonthemarketorputtingthemintoservicewithintheEUundertheirnameortrademark.useofAItechnologieswilllikelyseetheirrolesandresponsibilitiesimpactedbytheAIAct.Beyondseniorrolesintheorganization,theBoardofDirectorsandvariousGovernanceCommitteesmayalsobeandsizeofthecompany.7UsersofAIproductsandserviceswithintheEU.7EuropeanParliament.(December9,2023).ArtificialIntelligenceAct:dealoncomprehensiverulesfortrustworthyAI[Pressrelease].©2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct9TrackingtheEU’slegislativejourneyWhenwillitapply?MostoftheobligationsoutlinedintheAIActareexpectedtobecomeeffectivebythefirsthalfof2026.Prohibitionsareanticipatedtotakeeffectbytheendof2024,andobligationsregardinggeneral-purposeAI(GPAI)areexpectedtotakeeffectasearlyas2025.GPAIreferstoAIsystemsthatperformgenerallyapplicablefunctions,suchasimageandspeechrecognition,audioandvideogeneration,patterndetection,questionanswering,translationandothers,butcanhaveawiderangeofpossibleuses,bothintendedandunintended.Thesesystemsmaybeutilizedashigh-riskAIsystemsorincorporatedascomponentsofotherhigh-riskAIsystems.Spring2026ThefinalAIActtakeseffectinitsentirety.Late2024Mid2025Prohibitionson‘unacceptablerisk’AIsystemswillapply.Severalobligationstogeneral-purposeAIwillapply.June2023–December2023FinalAIActnegotiationsoccurbetweentheCouncil,Commission,andParliament.AꢀprovisionalagreementtofinalizetheproposedrulesisreachedinDecember2023.WearehereThefinaltextisexpectedinthefirsthalfof2024.December2022TheCouncilhasadopteditscommonposition(‘generalapproach’)ontheAIAct.June2023TheParliamentadoptstheirnegotiationpositionforthedraftAIAct.April2021TheEuropeanCommissionunveilsaproposalforanewArtificialIntelligenceAct.©2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct10UnravellingtheAIAct’skeycomponents©2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct11TheAIActisacomprehensivedocumentdesignedtohelpprovideacleardefinitionofartificialintelligence,enablingEU-widealignmentandconsistencywithotherUnionlawsandregulations.TheAIAct'sprimarygoalistoestablishauniformandhorizontallegalframeworktopromotetheuptakeofAIsystemswhileprovidingahighlevelofprotectionagainsttheirharmfuleffects.ThisframeworkcanhelptobuildtrustinAItechnologyandgiveindividualsandorganizationsgreaterconfidenceinusingit.Definingartificialintelligencethaninitiallyanticipated,extendingsignificantlybeyondourmorerecentunderstandingofadvancedandgenerativeAI.TheAIAct'sdefinedscopehasseveralexemptionsforAIsystems,suchasthoseusedformilitaryordefensepurposesandlimitedexemptionsforfreeandopen-sourcesystems.TheAIActappliesabroaddefinitionofanAIsystemderivedfromtherecentlyupdatedOrganisationforEconomicCo-operationandDevelopment(OECD)definition.WhiletheAIAct’stextisnotyetpubliclyavailable,theOECDdefinitionisasfollows:AIriskframeworkandrequirements“AnAIsystemisamachine-basedsystemthat,forexplicitorimplicitobjectives,infers,fromtheinputitreceives,howtogenerateoutputssuchaspredictions,content,recommendations,ordecisionsthatcaninfluencephysicalorvirtualenvironments.DifferentAIsystemsvaryintheirlevelsofautonomyandTheAIActdefinesaframeworktounderstandtherisksassociatedwithAI.ItclassifiesAIsystemsbasedontheirpotentialrisksanddividesthemintodifferentcategoriesdependingonthedatatheycapture,andthedecisionsoractionstakenwiththatdata.adaptivenessafterdeployment.”8EUobligationswillvarydependingonthecategoryofAIbeingused.Whileanagreementonthecontexthasbeenreached,thefinaltextoftheregulationsisnotyetavailable.However,thefollowingsectionssummarizetheobligationsstipulatedundertheAIAct,basedonthepubliclyThisdefinitionisdeliberatelykeptbroadtocoverthewholespectrum,fromsimplertechnologiesandsystemsfocusingonsingle-usecasestoadvancedapplicationsofdeeplearningandgenerativeAI.Asaresult,theAIAct'sscopebecamemuchwideravailableꢀinformation.98NotethattheearliestversionoftheAIActdefinesAIsystemsassystemsthatweredevelopedusingoneofthefollowingtechniquesandapproaches:(a)Machinelearningapproaches,includingsupervised,unsupervised,andreinforcementlearning,usingawidevarietyofmethods,includingdeeplearning.(b)Logic-andknowledge-basedapproaches,includingknowledgerepresentation,inductive(logic)programming,knowledgebases,inferenceanddeductiveengines,(symbolic)reasoningandexpertsystems.(c)Statisticalapproaches,Bayesianestimation,searchandoptimizationmethods.9EuropeanCommission.(April21,2021).ProposalforaRegulationoftheEuropeanParliamentandoftheCouncil,“LayingDownHarmonisedRulesonArtificialIntelligence(ArtificialIntelligenceAct)andAmendingCertainUnionLegislativeAct.”©2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct12TheAIActtakesarisk-basedapproachExamplesofunacceptable-riskAIsystems••Behavioralmanipulation.ExploitationofvulnerableProhibitedcharacteristicsofpeople.ContraveneUnionvalues,likefundamentalrights.••Socialscoringbypublicauthorities.Real-timeremotebiometricidentificationforlawenforcement.UnacceptableriskExamplesofhigh-riskAIsystems:•••Evaluationofeligibilitytocredit,healthorlifeinsuranceorpublicbenefits.Analysesofjobapplicationsorevaluationofcandidates.HighriskConformityassessmentHighrisktohealth,safety,environmentandProductsafetycomponents.fundamentalrights.Examplesoflimited-riskAIsystems:••AIsystemsthatinteractwithconsumers.GenerativeAI*:AIsystemsgeneratingormanipulatingcontent(image,audioorvideo).LimitedriskMinimalriskTransparencyobligationRiskofimpersonationordeception.Examplesofminimal-riskAIsystems:••Spamfilters.AI-enabledvideogames.NoobligationsNohighrisks.*FurtherspecificobligationstogenerativeAIandfoundationmodelswillapplyoutsideofthisrisk-basedapproach©2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct13Unacceptable-riskAIsystemsundertheEU’sproductsafetylegislation.Thisincludestoys,aviation,cars,medicaldevicesandelevators.2)AIsystemsfallingintospecificareasthatwillhavetobeWhataretheobligationsrelatedtothiscategory?SincetheAIsystemsinthiscategoryareconsideredhigh-risk,theyaresubjecttothemoststringentregulatoryrequirements:WhichAIsystemsarecovered?AIsystemsthatenablemanipulation,exploitationandsocialcontrolpracticesareseenasposinganunacceptablerisk.ThisꢀcategoryprohibitsAIforthefollowingpurposes:registeredinanEUdatabase.8Theseinclude:••Criticalinfrastructure,suchasthesupplyofutilities.•Adequateriskmanagementtoidentify,evaluateandmitigaterisksduringthelifecycleoftheAIsystem.Thisobligationwill,ineffect,requireimplementingadedicatedriskmanagementsystemandthecompletingdocumentedriskassessments,whichmustbecompletedEducationalandvocationaltraining,forexample,automatedscoringof—orexclusionfrom—exams.•••ManipulationthatharmsorislikelytoharmanAIuseroranotherperson.••Employment,workersmanagementandaccesstoself-employment,forexample,automatedrecruitmentandapplicationtriage.Exploitingvulnerabilitiesofaspecificgroupofpersons.continuously;theymustbelivingdocuments.Socialscoringleadingtodetrimentalorunfavorabletreatmentinsocialcontexts.Accesstoessentialprivateandpublicservicesandbenefits(e.g.healthcare),creditworthinessevaluationofnaturalpersons,andriskassessmentandpricinginrelationtolifeandhealthinsurance.•Appropriatedatagovernanceandmanagementpractices(training,validationandtesting)toensuredatasetquality.Thisisakeyobligationtohelpensurethatdatasetsdonotleadtodiscriminationorinaccurateresults.Notably,sensitivepersonaldatamustnotbeincludedunlessincludedtoensurethatbothinputsandoutputsarenotdiscriminatory.••Indiscriminatescrapingoffacialimages.Emotionrecognitionsoftwareintheworkplaceandeducation(withsomeexceptions).•••Law-enforcementsystemsthatmayinterferewithfundamentalrights,suchasautomatedriskscoringregardingpotentialoffenders,deepfakedetectionsoftwareandevidencereliabilityscoring.•UseofAIthatcategorizespersonsbasedonsensitivetraitssuchasrace,politicalopinionsorreligiousbeliefs.Migration,asylumandbordercontrolmanagement,forexample,verificationofauthenticityoftraveldocumentsandvisaandasylumapplicationexaminations.•Technicaldocumentationmustdemonstratecompliancewithobligationsandallowforcomplianceassessments.••Predictivepolicingonindividuals(riskscoringforcommittingfuturecrimesbasedonpersonaltraits).Remotebiometricidentificationofpeople(partialbanwithsomeexceptionsinlawenforcement).••Loggingofeventstoensuretraceabilityofthesystem’sfunctioning.Administrationofjusticeanddemocraticprocesses,forexample,legalinterpretationtoolstoꢀassistjudicialauthorities.Whataretheobligationsrelatedtothiscategory?SincetheAIsystemsinthiscategoryposeanunacceptablerisk,theiruseisprohibited.Recordkeepingregardingtracingandmonitoringhigh-risksituations,conformingtostandards,andensuringthattheAIsystems’outputhasnotledtoanydiscriminatoryeffects.Mostorganizationsusethesehigh-riskAIsystems,suchasAIforrecruitmentpurposes.High-riskAIsystems••Minimumloggingmustincludeusage,dataandpersonnelidentification.ItisalsoimportanttonotethattheCommissioncanaddmoreusestothehigh-riskAIsystemscategorythroughdelegatedacts.Thisisdiscussedfurtherinthe‘Nextsteps’sectionofthisreport.WhichAIsystemsarecovered?AIsystemsthatnegativelyaffectsafetyorfundamentalrightswillbeconsideredhighriskandwillbedividedintotwocategories:1)AIsystemsthatareusedinproductsfallingRegistrationintheEUdatabaseforhigh-riskAIsystems.8EuropeanParliament.(December19,2023).EUAIAct:firstregulationonartificialintelligence.©2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct14•TransparencyobligationstoenablecorrectꢀAIinterpretationanduse,accompaniedbyinstructionsinanappropriatedigitalformat.Whataretheobligationsofthedeployers?••••Complyingwithregistrationrequirementsiftheuserisapublicauthority.Deployersofhigh-riskAIsystems,including