Countdown for businesses to comply with leaked EU AI Act draft begins

An alleged draft of the European Union’s Artificial Intelligence Act has been leaked online on Monday, shedding light on how and exactly when Europe will regulate contentious issues such as biometric surveillance.

The 892-page draft was posted online by Euractiv Technology Editor Luca Bertuzzi. The document was shared with EU countries yesterday afternoon, ahead of a discussion scheduled for Wednesday within the Telecom Working Party, an EU Council technical body focused on regulating the IT sector. The meeting will be followed by a formal adoption at the ambassador level on February 2nd, according to the journalist’s post published on LinkedIn.

Comments from stakeholders to Tech Monitor suggest a shorter timeline for implementation than previously understood. An EU Council representative says the final reviews are expected to be completed and the Act given final approval by the Council and Parliament by April of the year, if not earlier. A consultant and former negotiator on the Act for Germany tells the publication that businesses should be ready to comply within 6 to 12 months, and high-risk system providers are encouraged to prepare even earlier.

The use of facial recognition surveillance by law enforcement has proved one of the largest stumbling blocks in the negotiations for the AI Act. The EU Council has advocated for a number of exceptions for law enforcement while some European lawmakers are seeking to ban the technology altogether.

The current draft reflects previous changes made by EU lawmakers.

The document states that the use of AI systems for “real-time” remote biometric identification in publicly accessible spaces for law enforcement should therefore be prohibited, except in “exhaustively listed and narrowly defined situations where the use is strictly necessary to achieve a substantial public interest, the importance of which outweighs the risks.”

Those situations involve the search for certain victims of crime, including missing people; certain threats to the life or physical safety of natural persons, or a terrorist attack. Another situation involves localization and identification of suspects of criminal offenses deemed serious, the document states.

The document continues to note that “real-time” remote biometric identification systems in publicly accessible spaces should only be authorized if the law enforcement authority has completed a fundamental rights impact assessment. Law enforcement agencies will need authorization from a judicial authority to use “real-time” remote biometric identification in public.

Exceptions are allowed only in the case of an emergency with appropriate safeguards and conditions.

Article Topics

AI Act  |  biometric identification  |  biometrics  |  EU  |  facial recognition  |  legislation