AI development companies (OpenAI, Amazon, Google, IBM and others) will no longer be able to access AI through APIs. If the same models are released in Europe without a special license, open source software developers or program distributors such as GitHub can face huge penalties.

Details of new rules not yet adopted

According to the new law, developers Save AI projects and core models and clearly state the functionality they plan to implement. If the actual functionality exceeds the declared, the license may be revoked. This will obviously cause problems for many open source projects. Registration also requires disclosure of data sources used for AI training, computing resources, training time, performance metrics, and Red Teaming performance prepared to repel cyberattacks.

Companies will have to do expensive risk testing. The list of risks is ambiguous and includes potential problems with the environment, democracy and the observance of rights. According to the planned steps, EU countries will assess the risks based on the size of the applicant organisation, but tests have not yet been developed.

AI Law also requires monitoring system performance after release. If models have unexpected capabilities, a recertification procedure will be required..

The new rules will significantly limit the use of APIs for building AI-based services. If new capabilities are discovered while using the API, they must be provided with confidential information to a third party for approval and licensing. The same will need to be done after each update and addition of new functions.

Responsibility

The broad jurisdiction of EU law covers AI providers located outside the EU or creating products for use in the EU. So, if a US open source software developer publishes a model or code on GitHub using the API and that code becomes available in the EU, both the developer and GitHub will be responsible for publishing the unlicensed model.

Because it would be very complex and expensive to create, the restrictions of the new law may make use of the API available to enterprise customers only.

Companies violating the “AI Law” will pay fines of between 2% and 4% of their global gross income, and individuals up to 20 million euros. EU’s small and medium-sized businesses are not threatened with these penalties. Compliance with the new law is not required if artificial intelligence is used for the research and development of environmentally friendly energy systems or for clean energy production.