EU Reaches Agreement on AI Act Text: How it Impacts Employers
European Union policymakers have reached a significant milestone in the development of the world’s first comprehensive legislation focused on artificial intelligence (AI). On February 2, 2024, an agreement was reached on the final text of the Artificial Intelligence Act (AI Act), offering much-needed guidance to employers regarding their obligations related to notice requirements, human oversight, and other aspects of AI integration in the workplace.
This agreement follows a provisional agreement made in December 2023 and the recent leak of the purported final draft of the AI Act. The final text of the act appears to have stricter provisions for employers compared to the original draft. While some procedural formalities and a formal vote are still required, publication in the Official Journal of the European Union will mark the entry into force of the AI Act. The act will become effective twenty-four months after that, except for some exceptional cases. However, compliance with the AI Act is expected to be challenging for employers, especially considering that EU member states may introduce their own regulations with shorter compliance windows. Portugal, for instance, has already established notice obligations for employers utilizing AI in the workplace.
The AI Act employs a four-tiered, risk-based approach to regulate AI, whereby higher-risk AI tools are subject to more stringent rules. AI tools intended for workplace use generally fall into the high-risk category, making them subject to significant regulatory requirements. While most obligations lie with those responsible for creating AI tools, employers also carry certain responsibilities.
In general, under the AI Act, employers must:
– Ensure transparency by providing clear and understandable information about the AI system’s capabilities, limitations, and intended purpose to both employees and potential users.
– Implement mechanisms for human oversight to minimize risks and ensure that AI systems are under effective human control.
– Conduct proper documentation, including keeping records of AI systems’ activity, performance, and outcomes, as well as details related to any significant incidents or malfunctions.
– Adhere to specific requirements related to data protection, such as limiting data collection to what is necessary for the AI system’s intended purpose and ensuring secure storage of data.
Additional requirements may apply depending on factors such as the employer’s industry, the AI system’s functionality, and the extent of the employer’s control over the inputted data.
The AI Act has implications for any employer utilizing AI systems whose output is intended for use within the European Union. Even employers without a physical presence in the EU might have compliance obligations if they, for example, offer job postings to EU candidates or engage independent contractors or contingent workers within the EU.
Similar to the General Data Protection Regulation (GDPR), the AI Act imposes significant penalties for noncompliance. Penalties range from €7.5 million (approximately USD $8 million) or 1.5 percent of a company’s total global annual turnover (whichever is higher) to €35 million (approximately USD $38 million) or 7 percent of a company’s total global annual turnover (whichever is higher).
The AI Act represents a comprehensive framework regulating AI across various sectors, including law enforcement, commercial products, education, employment, and more. Legal experts and policy scholars anticipate that the act will have a similar impact on AI as the GDPR had on data privacy.
Employers utilizing AI tools, especially those operating across borders, should closely monitor these developments and assess proactive compliance measures to ensure adherence to the AI Act’s requirements.
