Resource Center  >  Blog

Europe Takes a Historic Leap in AI Regulation with the Landmark AI Act

December 25, 2023
Nedim Maric

On December 8, 2023, the European Union took a bold step in the realm of technology regulation by agreeing on a groundbreaking new law, called the AI Act, to regulate artificial intelligence. This move marks one of the world’s first comprehensive legislative efforts to put checks on the use of a technology that’s rapidly reshaping society and the economy.

Understanding the AI Act

The AI Act, which is not yet available, sets a new global benchmark for managing the potential benefits and risks associated with artificial intelligence. This legislation is not just about leveraging AI’s potential in driving innovation but also about mitigating its risks – from job automation to the proliferation of misinformation and threats to national security.

Focus on High-Risk Applications

EU policymakers have zeroed in on AI’s riskiest applications, particularly those employed by companies and governments in crucial sectors like law enforcement and essential services like water and energy. General-purpose AI systems, which power tools like the ChatGPT chatbot, will now be subjected to stringent transparency requirements. The legislation mandates clear disclosure when chatbots and software generating deepfakes are involved, ensuring users are aware of AI’s involvement.

Regulating Facial Recognition and Other AI Tools

In a significant move, the use of facial recognition software by police and governments will be tightly regulated, with exceptions only for specific safety and national security scenarios. Violating these regulations could lead to hefty fines, up to 7% of global sales.

Challenges and Effectiveness of the AI Act

While the AI Act is a regulatory breakthrough, its effectiveness remains a question. The implementation of many policy aspects will take 12 to 24 months – a considerable timeframe given the rapid pace of AI development. Moreover, the final language of the policy and its balancing act between fostering innovation and ensuring safety was a contentious issue until the last stages of negotiation.

The Road to Agreement

The agreement, reached after intense negotiations in Brussels, is not yet public as technical details are still being finalized. The AI Act now awaits votes in the European Parliament and the European Council. This exhaustive legislative process reflects the high stakes and complexities involved in regulating a technology as influential and pervasive as AI.

Global Context and Urgency

The urgency to regulate AI gained momentum with the advent of technologies like ChatGPT, which highlighted AI’s advancing capabilities. This global phenomenon has prompted actions beyond Europe, with the U.S. administration focusing on AI’s national security implications. Meanwhile, other countries like Britain, Japan, and China have adopted varied stances on AI regulation.

Europe’s Pioneering Role in AI Regulation

The EU has been at the forefront of AI regulation, having initiated discussions around what would become the AI Act as early as 2018. The region’s approach to tech regulation mirrors that of the healthcare or banking industries, with comprehensive laws on data privacy, competition, and content moderation already in place.

Evolving Legislation in the Face of Technological Advances

Originally drafted in 2021, the AI Act had to be continually updated to keep pace with technological breakthroughs, especially regarding general-purpose AI models like those behind ChatGPT. The final agreement adopts a “risk-based approach” to AI regulation, focusing on applications with the greatest potential for societal and individual harm.

Impact on AI Development and Usage

This legislation will profoundly impact not just major AI developers like Google, Meta, Microsoft, and OpenAI, but also myriad businesses and governmental functions that integrate AI into their operations. The focus will be on ensuring that AI tools, especially in sensitive areas like hiring, education, and healthcare, are developed and deployed with due diligence, ensuring they do not perpetuate biases or cause unintended harm.

Enforcement Challenges and Global Implications

Enforcing the AI Act across 27 nations will be a colossal task, requiring significant expertise and resources. The act’s implementation will likely see legal challenges, testing its robustness and effectiveness. This legislation will be closely observed worldwide, setting a precedent for how AI is regulated globally.


The AI Act marks a pivotal moment in the journey of AI from an unregulated frontier to a technology governed by principles of safety, transparency, and accountability. As AI continues to permeate every aspect of our lives, the balance between innovation and regulation will be crucial. The EU, with its AI Act, sets a path for the rest of the world to follow, initiating a new era of tech governance where human welfare and technological advancement go hand in hand.

The Role of AI in Application Security

Wednesday, March 6th 9:00 am PT

In today’s interconnected digital landscape, data exchange plays a pivotal role in web applications. Extensible Markup Language (XML) is a

See more

In the previous segment of our blog series, we looked at the operations of Ryuk and Conti ransomware groups, shedding light on their tactics and impact. In this section, we turn our attention to Maze and Lockbit, two formidable players in the cyber threat landscape, exploring their collaborative dynamics, unique characteristics, and the evolving strategies that define their ransomware campaigns. 

See more

Part 1 of 2 In the dynamic landscape of cyber threats, the battle between ethical and malicious actors has escalated

See more
Get Started
Read Bright Security reviews on G2