By Ari Syrquin

The new EU regulation governing AI ¹(the “EU AI Act”) is a comprehensive legislative initiative aimed at regulating the use and development of artificial intelligence (AI) technologies across the European Union. Adopted in April 2021, it represents the first global attempt to legislate AI usage in a thorough and structured manner. The Act aims to ensure that AI systems are used ethically, transparently, and in a way that protects individual rights. It came into force on 1 August 2024, with provisions that shall come into operation gradually over the following 6 to 36 months

The EU AI Act imposes clear requirements on organizations operating in various sectors such as healthcare, finance, and transportation, mandating compliance in areas like oversight, transparency, data security, and privacy protection. These obligations apply not only to EU-based businesses but also to any entity offering AI services to EU citizens — including companies outside the EU.

Examples of Compliance Requirements

Human Oversight:

o Systems must be designed to enable effective human intervention and prevent or minimize risks.
o Organizations must ensure that human operators can understand and override the AI’s output where necessary

Post-Market Monitoring Plan:

o Providers of high-risk systems must establish continuous monitoring mechanisms to detect and address malfunctioning or risks during deployment.

Logging Requirements:

o Systems must automatically log operations to ensure traceability and accountability during audits or investigations

Transparency Requirements:

Applies to both high-risk and certain non-high-risk systems (especially generative AI and deepfakes).

User Disclosure:

o Users must be informed that they are interacting with an AI system unless this is obvious from the context.

Emotion Recognition, Biometric Categorization & Deepfakes:

o Systems must disclose their nature, purpose, and functioning if they manipulate emotions or generate synthetic content.

Generative AI (e.g., ChatGPT-type models):

o Providers must:
– Label AI-generated content clearly.
– Publish summaries of copyrighted data used in training.
– Implement safeguards to prevent the generation of illegal content.

Consequences of Non-Compliance:

The EU AI Act sets out tiered administrative fines, inspired by the GDPR model. Penalties vary based on the nature and severity of the breach.

1. Prohibited AI Practices (e.g., social scoring, subliminal manipulation, real-time biometric surveillance):

• Fine: up to €35 million or 7% of total worldwide annual turnover (whichever is higher).Non-Compliance with High-Risk AI Obligations (e.g., lack of human oversight, missing conformity assessment, failure in risk management).
• Fine: up to €15 million or 3% of annual global turnover.

2. Non-Compliance with Transparency Obligations (e.g., failure to label synthetic content, no disclosure to users):

• Fine: up to €7.5 million or 1.5% of global turnover.

How We Can Help Israeli Clients Comply with the EU AI Act

The EU AI Act will apply to Israeli companies that develop or deploy AI systems intended for the European market. The EU AI Act introduces a risk-based classification system for AI, where obligations vary depending on the potential risk posed to individuals or society and we are able to help our clients navigate these requirements and mitigate legal risks.

Key Stages Where Legal Support Is Essential

Risk Assessment and Categorization

The EU AI Act categorizes AI systems into low, medium, and high-risk levels. JST&Co. can help our clients determine the appropriate classification for their systems. Based on the risk level, we can identify specific compliance obligations, such as algorithmic transparency, risk management practices, and documentation requirements.

Agreements with Technology Providers

If an AI system is supplied by a third-party provider outside the EU, then it is essential to ensure that the contractual agreements with the EU based parties meet certain EU AI Act requirements. JST&Co.’s lawyers can draft or amend agreements to ensure that the agreements meet these requirements.

Privacy and Data Protection Compliance

One of the core components of the EU AI Act is the protection of users’ personal data. We have the expertise in privacy law and data protection (particularly GDPR compliance) can help ensure that the AI system aligns with these standards, which are integral to the Act.

Developing Transparency and Oversight Mechanisms

Transparency in how an AI system functions is a central pillar of the EU AI Act and we can advise on creating reporting protocols and explanatory tools that provide users and regulators with clear information about how AI decisions are made — especially in systems that significantly impact individuals.

Preparation for Regulatory Reporting and Certification

Companies may be required to submit reports to EU regulators or seek certifications, particularly for high-risk AI systems. We can assist in preparing these documents and ensuring all regulatory requirements are met, reducing the risk of non-compliance.

Risk Management and Legal Strategy

AI systems must incorporate ongoing risk management procedures. We can help clients design policies that manage both operational and legal risks — such as misuse of AI technologies or violations of individual rights.

Should you require any assistance in connection with the new requirements and standards, or if you need to determine whether the EU AI Act will apply to your business, feel free to contact us for further information and assistance.

Ari Syrquin, Adv. is Chairman of the International Relations Committee of the Tel Aviv District Bar Association.

The information presented in this article is for general information purposes only and does not constitute legal, professional or any other advice.

1. The Regulation’s full name is (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act) ↩︎

Picture on this page and on the Home Page are provided courtesy of Freepik.