解讀歐盟人工智能法案（英）-畢馬威

DecodingtheEUAIActUnderstandingtheAIAct’simpactandhowyoucanrespondKPMG.MaketheDifference.KPMGInternational|/trustedaiContents17Nextstepsscope?2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct2Introduction?2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct3Arti?cialIntelligence(AI)isofferingnewbene?tstosocietyandbusinesses,aimingtotransformtheworkplaceandmajorindustriesalongtheway.Simplyput,theraceisontoembracetheremarkableandevolvingpowerofAIandautomation.OrganizationalleadershipshoulddriveinitiativesinlinewiththeAIAct,companybrand,valuesandrisktolerancetopromoteresponsibleuseofAI.Thiscanhelppromoteethicaldevelopment,regulatorycompliance,riskmitigationandstakeholdertrust.AsKPMG’sGlobalTechReport2023reveals,mostglobalexecutives(62percent)reportanincreaseinperformanceorpro?tabilityfromdigitaltransformationinitiativesrelatedtoAIandmachinelearningoverthepast24months.And68percentsaythesetechnologieswillplaya‘vital’roleinhelpingthemachievetheirbusinessobjectivesoverthenextthreeyears,while57percentbelieveAIandmachinelearningwillbe‘important’inmeetingshort-termobjectives.Inresponse,theEuropeanUnion(EU)hasreachedaground-breakingprovisionalagreementonacomprehensiveArti?cialIntelligenceAct(AIAct)thattakesarisk-basedapproachtoprotectingfundamentalrights,democracy,theruleoflawandenvironmentalDavidRowlandsGlobalAILeaderKPMGInternationalsustainability.Thoughit'sexpectedtobecomelaw1in2024,withcomplianceexpectedby2025,thislegislation—the?rstofitskind—isanticipatedtoemergeasthede-factonewglobalstandardforAIregulation.ButastheworldwideAIproliferationinbusinessandoureverydaylivesunfolds,thereisacriticalneedforguardrailsandlegislationtodealwithsigni?cantnewrisksregardingtheappropriateandethicaluse,developmentanddistributionofAI.AccordingtoTrustinarti?cialintelligence,aglobalsurveyconductedbyAIshouldbedevelopedandusedwithafocusonsafetyandethics,turningtechnologicaladvancementintoapositiveforceforsociety.TheEUAIActwillhelpfosterinnovationwhileprotectingend-users.WiththeintroductionoftheAIAct,theEUaimstostrikeabalancebetweenfosteringAIadoptionandensuringindividuals’righttoresponsible,ethicalandtrustworthyuseofAI.Inthispaper,weexplorewhattheAIActmaymeantoyourorganizationandexamineKPMGAustraliaandtheUniversityofQueensland,threethestructureoftheAIAct,theobligationsitimposes,in?vepeoplearewaryabouttrustingAIsystems,and71percentexpectAItoberegulated.Morerecently,CEOsfromglobaltechgiantscalledforgreaterAIregulationatameetingonCapitolHilltoprotectpeoplefromtheworsteffectsofAI.thetimelinesforcomplianceandtheactionplanthatorganizationsshouldconsider.LaurentGobbiGlobalTrustedAILeaderKPMGInternational1EuropeanParliament.(December9,2023).Arti?cialIntelligenceAct:dealoncomprehensiverulesfortrustworthyAI[Pressrelease].?2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct4Executivesummary?2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct5TheAIActaimstoregulatetheethicaluseofAIHigh-riskAIsystemsarepermittedbutsubjecttothemoststringentobligations.Theseobligationswillaffectnotonlyusersbutalsoso-called‘providers’ofAIsystems.Theterm‘provider’intheAIActcoversdevelopingbodiesofAIsystems,includingorganizationsthatdevelopAIsystemsforstrictlyinternaluse.Itisimportanttoknowthatanorganizationcanbebothauserandaprovider.on,mayhavetoadheretotransparencyrequirements.Additionally,high-impactGPAImodels,whichpossessadvancedcomplexity,capabilities,andperformance,willfacemorestringentobligations.ThisapproachwillhelpmitigatesystemicrisksthatmayariseduetoAIholdsimmensepromisetoexpandthehorizonofwhatisachievableandtoimpacttheworldforourbene?t—butmanagingAI’srisksandpotentialknownandunknownnegativeconsequenceswillbecritical.TheAIActissettobe?nalizedin2024andaimstoensurethatAIsystemsaresafe,respectfundamentalrights,fosterAIinvestment,improvegovernance,andencourageaharmonizedsingleEUmarketforAI.thesemodels'widespreaduse.5TheAIActdoesnotaffect?existingUnionlawProviderswilllikelyneedtoensurecompliancewithstrictstandardsconcerningriskmanagement,dataquality,transparency,humanoversight,androbustness.ExistingUnionlaws,forexample,onpersonaldata,productsafety,consumerprotection,socialpolicy,andnationallaborlawandpractice,continuetoapply,aswellasUnionsectorallegislativeactsrelatingtoproductsafety.CompliancewiththeAIActwillnotrelieveorganizationsfromtheirpre-existinglegalobligationsintheseareas.MostAIsystemsneedtocomplywiththeAIActbythe?rsthalfof2026UsersareresponsibleforoperatingtheseAIsystemswithintheAIAct’slegalboundariesandaccordingtotheprovider'sspeci?cinstructions.Thisincludesobligationsontheintendedpurposeandusecases,datahandling,humanoversightandmonitoring.TheAIAct'sde?nitionofAIisanticipatedtobebroadandincludevarioustechnologiesandsystems.Asaresult,organizationsarelikelytobesigni?cantlyimpactedbytheAIAct.Mostoftheobligationsareexpectedtotakeeffectinearly2026.However,prohibitedAIsystemswillhavetobephasedoutsixmonthsaftertheAIActcomesintoforce.TherulesforgoverningUnderstandingtheAIAct’simpacton?yourorganizationwillbepivotaltosuccessGuardrailsforgeneralAIsystemsNewprovisionshavebeenaddedtoaddresstherecentadvancementsingeneral-purposeAI(GPAI)models,general-purposeAIareexpectedtoapplyinearly2025.2includinglargegenerativeAImodels.Thesemodels4OrganizationsshouldtakethetimetocreateamapoftheAIsystemstheydevelopanduseandcategorizetheirrisklevelsasde?nedintheAIAct.IfanyoftheirAIsystemsfallintothelimited,highorunacceptableriskcategory,theywillneedtoassesstheAIAct’simpactontheirorganization.Itisimperativetounderstandthisimpact—andhowtorespond—assoonaspossible.canbeusedforavarietyoftasksandcanbeintegratedintoalargenumberofAIsystems,includinghigh-risksystems,andareincreasinglybecomingthebasisformanyAIsystemsintheEU.ToaccountforthewiderangeoftasksAIsystemscanaccomplishandtherapidexpansionoftheircapabilities,itwasagreedthatGPAIsystems,andthemodelstheyarebasedProvidersandusersofhigh-riskAIsystemsfacestringentobligationsTheAIActappliesarisk-basedapproach,dividingAIsystemsintodifferentrisklevels:unacceptable,high,limitedandminimalrisk.32345EuropeanCommission.(December12,2023).Arti?cialIntelligence—QuestionsandAnswers[Pressrelease].EuropeanCouncil.(December9,202).Arti?cialIntelligenceActTrilogue:Pressconference—Part4.[Video].EuropeanParliament.(March2023).General-purposearti?cialintelligence[Backgroundmaterial].EuropeanCommission.(December12,2023).Arti?cialIntelligence—QuestionsandAnswers[Pressrelease].?2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct6ExaminingtheAIAct’simpactandscope?2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct7TheEuropeanCommission(EC)proposedtheAIActinApril2021.AsofDecember2023,theEuropeanParliament,theEuropeanCouncilandtheEuropeanCommissionhavereachedaprovisionalagreementtomaketheAIActlaw.TheproposedAIActisexpectedtoreshapehowwethinkaboutandmanageAIsimilarlytowhathashappenedindataprivacyoverthelastcoupleofyears.Throughourlens:ThepotentialimpactoftheAIActExpectedtobecomelawin2024,theAIActwilllikelyhaveanimmediatewide-rangingimpactonanybusinessoperatingintheEUthatoffersAIproducts,servicesorsystems.Thelawintroducesade?nitionforAIintheEU,categorizesAIsystemsbyrisk,laysoutextensiverequirementsandnecessarysafeguardingmechanismsforAIsystems,andestablishestransparencyobligations.Stimulatethepositive?Carryoutconformityassessmentsandpost-marketmonitoringforhigh-riskAIsystems.?Stimulateinnovationthroughregulatorysandboxeswheresmallandmedium-sizedenterprisescantesttheirAIsystemswithoutimminentregulatoryscrutiny.?Establisheffectiveoversightandenforcementmechanisms.Manageandreducerisks?Promoteharmonizationofstandards,codesofconductandcerti?cation.Whatitaimstodo????ProhibitunacceptablerisksinAIsystems.Avoidfundamentalrightsviolations.???OffergreatertransparencyregardingAIsystems.Createalevelplaying?eldforthoseinvolved.TheECaimstobalancepromotingAIdevelopmentandboostinginnovationwithmanagingemergingriskseffectively.Thisisre?ectedintheobjectivesofPreventtheuseofsubliminalorunethicaltechniquesthatmightin?uenceordistortaperson’sbehaviorinsuchawaythatitcausesharmtothatpersonoranotherperson.SafeguardfundamentalrightsandprovidelegalcertaintyforindividualsresidingintheEU.theproposal:6????EnsuringthatAIsystemsontheEUmarketaresafeandrespectpublicrightsandvalues.Adoptbestpractices??Minimizebiasthatcouldresultinunfairorinadequateoutcomes.ProvidinglegalcertaintytofacilitateinvestmentandinnovationinAIsystems.?CategorizeyourAIsystemsandunderstandtheassociatedrisks.Restricttheexploitationofvulnerablepeopleorgroupsduetotheirage,disability,politicalopinionorotherfactors.Enhancinggovernanceandeffectiveenforcementofethicsandsafetyrequirements.?Imposemorestringentrequirementsforhigh-riskAIsystems(obligatoryriskmanagement,datagovernance,technicaldocumentation,etc.).FacilitatingthedevelopmentofasingleEUmarketforlawful,safe,trustworthyAIapplicationswhilepreventingmarketfragmentation.6EuropeanCommission.(April21,2021).ProposalforaRegulationoftheEuropeanParliamentandoftheCouncil,“LayingDownHarmonisedRulesonArti?cialIntelligence(Arti?cialIntelligenceAct)andAmendingCertainUnionLegislativeAct.”?2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct8Toachievetheseobjectives,theAIActappliesarisk-basedapproach.Thisallowsforestablishingspeci?cminimumrequirementstoaddresstherisksandproblems?linkedtoAIsystemswithoutundulyconstrainingorhinderingtechnologicaldevelopmentordisproportionatelyincreasingcostsrelatingtoplacingAI?systemsonthemarket.Whatisnotcovered?affected,andtheyshoulddevelopawarenessandknowledge.Giventhebroadde?nitionofAIandthecurrentpaceofproliferation,organizationsshouldtakeaholisticapproach.Seniorexecutivesshouldcollaborateonpurposefulinnovationanddevelopment,riskmanagement,andgovernanceofAIsystemstoachievecompliancewiththeAIAct.?AIsystemsdevelopedorusedexclusivelyformilitarypurposes.?AIsystemsusedbypublicauthoritiesorinternationalorganizationsinnon-UnioncountrieswhenusedforlawenforcementorjudicialcooperationwiththeEUunderaframeworkofinternationalagreements.HowitwillbeenforcedandwhatarethepenaltiesWhowillbeaffected???AIsystemsdevelopedandusedforthesolepurposeofscienti?cresearchanddiscovery.Mostorganizations,bothinsideandoutsidetheEU,aredevelopingorusingAIsystemsthatwilllikelyqualifyasAIunderthescopeoftheAIAct.Giventheshortimplementationperiod,however,organizationsshouldgainaprofoundunderstandingoftheAIsystemstheyaredevelopingand/ordeployingandhowtheymeasureuptotheAIAct’srequirements.TheEChasproposedastructureforenforcingAIproviderrequirementsbyestablishinganArti?cialIntelligenceBoardandExpertGroup.BothpartiessitattheEUlevelandareresponsiblefor:AIsystemsintheresearch,testing,anddevelopmentphasebeforebeingplacedonthemarketorputintoservice(thisincludesfreeand?open-sourceAIcomponents).?Contributingtoeffectivecollaborationwithnationalsupervisoryauthorities.?PeopleusingAIforpersonaluse.??Providingrecommendationsforbestpractices.Ensuringconsistentapplicationoftheregulation.Whatpartiesarecovered?InthesamewaytheGeneralDataProtectionRegulation(GDPR)isenforced,theECunderstandsthatnon-EuropeanentitiessellingtheirproductsinEuropeanmarketsshouldberegulatedsimilarlytothememberstates.TheEUisexpectedtobethecentergroundforglobalAIstandards,withdivergenceintheUSandpossiblytheUK.LiketheGDPR,theAIActwillhaveandextra-territorialeffect.?AnyproviderplacingAIsystemsonthemarketorputtingthemintoservicewithintheEU,regardlessoflocation.EachmemberstatewillbeexpectedtocreateordesignateaNationalCompetentAuthoritytoensuretheimplementationoftheregulationandtosafeguardtheobjectivityandimpartialityoftheiractivities.?AnyproviderofAIsystemslocatedoutsidetheEU,whosesystemoutputcanorisintendedforuseintheEU.TheEU’sproposedregulationwilllikelyhaveafar-reachingimpactonallorganizationsleveragingthevastpowerofAI,andtheconsequencesofnoncompliancecouldrangefromrestrictingmarketaccesstosigni?cant?nesdependingonthelevelofnoncompliance.Finesmayrangefrom35millioneurosor7?percentofglobalturnoverto7.5millionor1.5?percentofturnover,dependingontheinfringement??AnyproviderofAIsystemslocatedintheEU.Whoisaffectedinyourorganization?AnyimporterordistributorplacingAIsystemsonthemarketormakingthemavailablewithintheEU.Executiveswhomanagecompliance,datagovernanceandthedevelopment,deploymentand??ProductmanufacturersplacingproductswithAIsystemsonthemarketorputtingthemintoservicewithintheEUundertheirnameortrademark.useofAItechnologieswilllikelyseetheirrolesandresponsibilitiesimpactedbytheAIAct.Beyondseniorrolesintheorganization,theBoardofDirectorsandvariousGovernanceCommitteesmayalsobeandsizeofthecompany.7UsersofAIproductsandserviceswithintheEU.7EuropeanParliament.(December9,2023).Arti?cialIntelligenceAct:dealoncomprehensiverulesfortrustworthyAI[Pressrelease].?2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct9TrackingtheEU’slegislativejourneyWhenwillitapply?MostoftheobligationsoutlinedintheAIActareexpectedtobecomeeffectivebythe?rsthalfof2026.Prohibitionsareanticipatedtotakeeffectbytheendof2024,andobligationsregardinggeneral-purposeAI(GPAI)areexpectedtotakeeffectasearlyas2025.GPAIreferstoAIsystemsthatperformgenerallyapplicablefunctions,suchasimageandspeechrecognition,audioandvideogeneration,patterndetection,questionanswering,translationandothers,butcanhaveawiderangeofpossibleuses,bothintendedandunintended.Thesesystemsmaybeutilizedashigh-riskAIsystemsorincorporatedascomponentsofotherhigh-riskAIsystems.Spring2026The?nalAIActtakeseffectinitsentirety.Late2024Mid2025Prohibitionson‘unacceptablerisk’AIsystemswillapply.Severalobligationstogeneral-purposeAIwillapply.June2023–December2023FinalAIActnegotiationsoccurbetweentheCouncil,Commission,andParliament.A?provisionalagreementto?nalizetheproposedrulesisreachedinDecember2023.WearehereThe?naltextisexpectedinthe?rsthalfof2024.December2022TheCouncilhasadopteditscommonposition(‘generalapproach’)ontheAIAct.June2023TheParliamentadoptstheirnegotiationpositionforthedraftAIAct.April2021TheEuropeanCommissionunveilsaproposalforanewArti?cialIntelligenceAct.?2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct10UnravellingtheAIAct’skeycomponents?2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct11TheAIActisacomprehensivedocumentdesignedtohelpprovideaclearde?nitionofarti?cialintelligence,enablingEU-widealignmentandconsistencywithotherUnionlawsandregulations.TheAIAct'sprimarygoalistoestablishauniformandhorizontallegalframeworktopromotetheuptakeofAIsystemswhileprovidingahighlevelofprotectionagainsttheirharmfuleffects.ThisframeworkcanhelptobuildtrustinAItechnologyandgiveindividualsandorganizationsgreatercon?denceinusingit.De?ningarti?cialintelligencethaninitiallyanticipated,extendingsigni?cantlybeyondourmorerecentunderstandingofadvancedandgenerativeAI.TheAIAct'sde?nedscopehasseveralexemptionsforAIsystems,suchasthoseusedformilitaryordefensepurposesandlimitedexemptionsforfreeandopen-sourcesystems.TheAIActappliesabroadde?nitionofanAIsystemderivedfromtherecentlyupdatedOrganisationforEconomicCo-operationandDevelopment(OECD)de?nition.WhiletheAIAct’stextisnotyetpubliclyavailable,theOECDde?nitionisasfollows:AIriskframeworkandrequirements“AnAIsystemisamachine-basedsystemthat,forexplicitorimplicitobjectives,infers,fromtheinputitreceives,howtogenerateoutputssuchaspredictions,content,recommendations,ordecisionsthatcanin?uencephysicalorvirtualenvironments.DifferentAIsystemsvaryintheirlevelsofautonomyandTheAIActde?nesaframeworktounderstandtherisksassociatedwithAI.Itclassi?esAIsystemsbasedontheirpotentialrisksanddividesthemintodifferentcategoriesdependingonthedatatheycapture,andthedecisionsoractionstakenwiththatdata.adaptivenessafterdeployment.”8EUobligationswillvarydependingonthecategoryofAIbeingused.Whileanagreementonthecontexthasbeenreached,the?naltextoftheregulationsisnotyetavailable.However,thefollowingsectionssummarizetheobligationsstipulatedundertheAIAct,basedonthepubliclyThisde?nitionisdeliberatelykeptbroadtocoverthewholespectrum,fromsimplertechnologiesandsystemsfocusingonsingle-usecasestoadvancedapplicationsofdeeplearningandgenerativeAI.Asaresult,theAIAct'sscopebecamemuchwideravailable?information.98NotethattheearliestversionoftheAIActde?nesAIsystemsassystemsthatweredevelopedusingoneofthefollowingtechniquesandapproaches:(a)Machinelearningapproaches,includingsupervised,unsupervised,andreinforcementlearning,usingawidevarietyofmethods,includingdeeplearning.(b)Logic-andknowledge-basedapproaches,includingknowledgerepresentation,inductive(logic)programming,knowledgebases,inferenceanddeductiveengines,(symbolic)reasoningandexpertsystems.(c)Statisticalapproaches,Bayesianestimation,searchandoptimizationmethods.9EuropeanCommission.(April21,2021).ProposalforaRegulationoftheEuropeanParliamentandoftheCouncil,“LayingDownHarmonisedRulesonArti?cialIntelligence(Arti?cialIntelligenceAct)andAmendingCertainUnionLegislativeAct.”?2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct12TheAIActtakesarisk-basedapproachExamplesofunacceptable-riskAIsystems??Behavioralmanipulation.ExploitationofvulnerableProhibitedcharacteristicsofpeople.ContraveneUnionvalues,likefundamentalrights.??Socialscoringbypublicauthorities.Real-timeremotebiometricidenti?cationforlawenforcement.UnacceptableriskExamplesofhigh-riskAIsystems:???Evaluationofeligibilitytocredit,healthorlifeinsuranceorpublicbene?ts.Analysesofjobapplicationsorevaluationofcandidates.HighriskConformityassessmentHighrisktohealth,safety,environmentandProductsafetycomponents.fundamentalrights.Examplesoflimited-riskAIsystems:??AIsystemsthatinteractwithconsumers.GenerativeAI*:AIsystemsgeneratingormanipulatingcontent(image,audioorvideo).LimitedriskMinimalriskTransparencyobligationRiskofimpersonationordeception.Examplesofminimal-riskAIsystems:??Spam?lters.AI-enabledvideogames.NoobligationsNohighrisks.*Furtherspeci?cobligationstogenerativeAIandfoundationmodelswillapplyoutsideofthisrisk-basedapproach?2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct13Unacceptable-riskAIsystemsundertheEU’sproductsafetylegislation.Thisincludestoys,aviation,cars,medicaldevicesandelevators.2)AIsystemsfallingintospeci?careasthatwillhavetobeWhataretheobligationsrelatedtothiscategory?SincetheAIsystemsinthiscategoryareconsideredhigh-risk,theyaresubjecttothemoststringentregulatoryrequirements:WhichAIsystemsarecovered?AIsystemsthatenablemanipulation,exploitationandsocialcontrolpracticesareseenasposinganunacceptablerisk.This?categoryprohibitsAIforthefollowingpurposes:registeredinanEUdatabase.8Theseinclude:??Criticalinfrastructure,suchasthesupplyofutilities.?Adequateriskmanagementtoidentify,evaluateandmitigaterisksduringthelifecycleoftheAIsystem.Thisobligationwill,ineffect,requireimplementingadedicatedriskmanagementsystemandthecompletingdocumentedriskassessments,whichmustbecompletedEducationalandvocationaltraining,forexample,automatedscoringof—orexclusionfrom—exams.???ManipulationthatharmsorislikelytoharmanAIuseroranotherperson.??Employment,workersmanagementandaccesstoself-employment,forexample,automatedrecruitmentandapplicationtriage.Exploitingvulnerabilitiesofaspeci?cgroupofpersons.continuously;theymustbelivingdocuments.Socialscoringleadingtodetrimentalorunfavorabletreatmentinsocialcontexts.Accesstoessentialprivateandpublicservicesandbene?ts(e.g.healthcare),creditworthinessevaluationofnaturalpersons,andriskassessmentandpricinginrelationtolifeandhealthinsurance.?Appropriatedatagovernanceandmanagementpractices(training,validationandtesting)toensuredatasetquality.Thisisakeyobligationtohelpensurethatdatasetsdonotleadtodiscriminationorinaccurateresults.Notably,sensitivepersonaldatamustnotbeincludedunlessincludedtoensurethatbothinputsandoutputsarenotdiscriminatory.??Indiscriminatescrapingoffacialimages.Emotionrecognitionsoftwareintheworkplaceandeducation(withsomeexceptions).???Law-enforcementsystemsthatmayinterferewithfundamentalrights,suchasautomatedriskscoringregardingpotentialoffenders,deepfakedetectionsoftwareandevidencereliabilityscoring.?UseofAIthatcategorizespersonsbasedonsensitivetraitssuchasrace,politicalopinionsorreligiousbeliefs.Migration,asylumandbordercontrolmanagement,forexample,veri?cationofauthenticityoftraveldocumentsandvisaandasylumapplicationexaminations.?Technicaldocumentationmustdemonstratecompliancewithobligationsandallowforcomplianceassessments.??Predictivepolicingonindividuals(riskscoringforcommittingfuturecrimesbasedonpersonaltraits).Remotebiometricidenti?cationofpeople(partialbanwithsomeexceptionsinlawenforcement).??Loggingofeventstoensuretraceabilityofthesystem’sfunctioning.Administrationofjusticeanddemocraticprocesses,forexample,legalinterpretationtoolsto?assistjudicialauthorities.Whataretheobligationsrelatedtothiscategory?SincetheAIsystemsinthiscategoryposeanunacceptablerisk,theiruseisprohibited.Recordkeepingregardingtracingandmonitoringhigh-risksituations,conformingtostandards,andensuringthattheAIsystems’outputhasnotledtoanydiscriminatoryeffects.Mostorganizationsusethesehigh-riskAIsystems,suchasAIforrecruitmentpurposes.High-riskAIsystems??Minimumloggingmustincludeusage,dataandpersonnelidenti?cation.ItisalsoimportanttonotethattheCommissioncanaddmoreusestothehigh-riskAIsystemscategorythroughdelegatedacts.Thisisdiscussedfurtherinthe‘Nextsteps’sectionofthisreport.WhichAIsystemsarecovered?AIsystemsthatnegativelyaffectsafetyorfundamentalrightswillbeconsideredhighriskandwillbedividedintotwocategories:1)AIsystemsthatareusedinproductsfallingRegistrationintheEUdatabaseforhigh-riskAIsystems.8EuropeanParliament.(December19,2023).EUAIAct:?rstregulationonarti?cialintelligence.?2024CopyrightownedbyoneormoreoftheKPMGInternationalentities.KPMGInternationalentitiesprovidenoservicestoclients.Allrightsreserved.DecodingtheEUAIAct14?Transparencyobligationstoenablecorrect?AIinterpretationanduse,accompaniedbyinstructionsinanappropriatedigitalformat.Whataretheobligationsofthedeployers?????Complyingwithregistrationrequirementsiftheuserisapublicauthority.Deployersofhigh-riskAIsystems,including