The digital age has ushered in an era where Artificial Intelligence ("AI") has
become an integral tool for interaction and governance. However, numerous
instances of privacy breaches, algorithm bias and misinformation have prompted
an international narrative towards regulating AI.
While recognizing the need for
regulation, policymakers and regulators also acknowledge the importance of not
stifling innovation and development, considering that the full potential of AI
remains largely unexplored. Several countries have made efforts to establish a
framework for AI regulation, and the European Union ("EU") stands at the
forefront with its proposed legislation.
Background and Rationale for the Regulation: The proposed EU Artificial
Intelligence Act 2023 ("EU AI Act") acknowledges that AI can enhance
operations, improve predictions, and personalize service delivery if regulated,
thereby supporting socially and economically beneficial outcomes. This
recognition forms the basis of the EU AI Act, ensuring that the development of
AI does not harm individual rights. By optimizing AI applications, the EU aims
to strike a balance between harnessing AI's potential and mitigating probable
Summary of the EU AI Act
The Act classifies AI into three categories (stated below) and heavily regulates
high-risk AI systems with high compliance thresholds. For small scale startups
and providers, a voluntary code of conduct is proposed. Table 1.1 and 1.2
provide an overview of the proposed compliances and regulations. The Act also
envisages a European Artificial Intelligence Board for contributing to 'uniform
administrative practices in Member States.'
Categories of AI
- Prohibited AI practices.
- The Act lists down the usage and conditions of prohibition barring some
- High risk AI.
- The Act focuses on regulating this.
- Minimal / low risk AI.
Table 1.2 | High Risk AI Systems
||Overview of prohibited AI practices under
||AI that deploys subliminal techniques to mentally
distort a person's behavior
||Causes or is likely to cause harm to another
person (physical or psychological)
||AI that materially exploits any vulnerabilities
of a specific group
||Social scoring when
||Satisfies two factors, broadly when detrimental
to natural persons
||Use of real-time remote biometric identification
systems in publicly accessing spaces
||Three exceptions, has conditions and compliance
requirements if used
||AI system is intended to be used as a safety
component of a product, or is itself a product
||Reference to annexure II and III
||Required to undergo a conformity assessment
before being placed in the market
||Transparency and information to users
||Mechanism for human oversight
|Obligations of Providers
||Quality management systems in compliance with the
||Technical documentation for high-risk AI systems
||Ensure conformity assessment prior to placing it
on the market
||Information to national authorities � procedures
laid down in the Act
||Compliance with registration obligations under
||Take necessary corrective actions if AI is not in
conformity with laid down compliances
||Keep automatically generated logs when under
||Obligations given for importers, distributors,
users and any third party under the Act
||Certification, conformity assessment and
adherence to standards set by the Act
||Post-market monitoring obligations
||When AI systems intend to interact
with natural persons, additional disclosures to be made depending on the
nature of AI (with some exceptions)
||The Act designates notifying
authorities and notified bodies. The procedure for reporting to them is also
The EU is known for taking a proactive approach towards data protection, and it
is now extending its regulatory influence on the field of AI. The so-called
Brussels effect, where EU regulations have a global impact due to the size
and influence of its market, is expected to extend to AI regulation as well. By
setting a precedent and providing a comprehensive framework, the EU is
positioning itself as a frontrunner in shaping the global AI landscape.
How can India adapt?
The EU AI Act is poised to heavily regulate high-risk AI systems, and although
it is yet to be enforced, the Act is progressing towards implementation. The
notion that certain AI systems should only be permitted in exceptional cases is
a step in the right direction.
While the United States envisions a federal-level act, it remains a distant
reality as many states have proposed their own regulations, and federal-level
assessments are ongoing. Additionally, there is a vast unchartered territory of
AI that requires regulation within a controlled environment. However, USA has
identified five principles that should guide the usage of AI.
The bedrock of AI regulation appears to be common: ethical usage of AI with a
view to protect individual rights and mitigate possible risks.
While India is in the process of finalizing a comprehensive data protection
framework, it has refrained from regulating AI, at present. This appears to be
plausible given the lack of international regulations and uncertainties
surrounding AI's future. However, it is crucial to note that the underlying
principle of protecting the rights of citizens in the digital age is fundamental
to democracy and international standing. Therefore, it is essential to adopt an
internationally accepted principle-based approach to regulate AI.
Among other developments, the Ministry of Electronics and Information Technology
("MeitY") has recently issued a rationale presentation for the yet to be
proposed Digital India Act, highlighting ethical usage of AI. It positions AI
as an intermediary, hinting at the potential categorization of AI under future
One of the key challenges faced by regulators is striking a balance between
regulating AI and fostering innovation. Recognizing this dilemma, stakeholders
have put forth their agenda for limited regulation to ensure that innovation and
development in the AI field are not hindered. Large industry players like Meta
and OpenAI have supported the EU AI Act in taking a risk-based approach towards
AI. OpenAI, in its white paper has also stated certain compliances such as
informing natural persons that they are interacting with an AI, to be already in
place by them.
The EU AI Act has the potential to reshape the AI landscape by introducing
enforceable regulations that address the ethical, legal, and technical aspects
of AI systems. Moreover, the Act's influence is likely to extend beyond the
Union's borders, as it sets precedents that may be adopted by other
jurisdictions. The Act represents a significant step towards harnessing the
potential of AI while safeguarding individual rights.