There are only a few days left for the European Union’s Artificial Intelligence Act to enter into force across all 27 EU Member States on 2 August 2024. It is the first comprehensive horizontal legal framework for the regulation of AI systems across the EU. The non-compliance with the EU AI Act will be met with a maximum financial penalty of up to EUR 35 million or 7 percent of worldwide annual turnover, whichever is higher.
The new law lays down a uniform framework for the development, the placing on the market, the putting into service and the use of artificial intelligence systems (AI systems) in the EU “in accordance with Union values, to promote the uptake of human centric and trustworthy artificial intelligence (AI) while ensuring a high level of protection of health, safety, fundamental rights as enshrined in the Charter of Fundamental Rights of the European Union (the ‘Charter’), including democracy, the rule of law and environmental protection, to protect against the harmful effects of AI systems in the Union, and to support innovation. This Regulation ensures the free movement, cross-border, of AI-based goods and services, thus preventing Member States from imposing restrictions on the development, marketing and use of AI systems, unless explicitly authorised by this Regulation” as stated in article 1.
The new rules establish obligations for providers and users depending on the level of risk from artificial intelligence. It offers a classification for AI systems with different requirements and obligations tailored on a ‘risk-based approach’. Some AI systems presenting ‘unacceptable’ risks are prohibited. A wide range of ‘high-risk’ AI systems that can have a detrimental impact on people’s health, safety or on their fundamental rights are authorised, but subject to a set of requirements and obligations to gain access to the EU market. AI systems posing limited risks because of their lack of transparency will be subject to information and transparency requirements, while AI systems presenting only minimal risk for people will not be subject to further obligations.
Not applicable on Free and open source software (FOSS)
This Regulation does not apply to AI systems released under free and open source licences, unless they are placed on the market or put into service as high-risk AI systems or as an AI system that falls under Article 5 or 50.”However, this exception does not apply to commercial products, as per Recital 113: “For the purposes of this Regulation, AI components that are provided against a price or otherwise monetised, including through the provision of technical support or other services, including through a software platform, related to the AI component, or the use of personal data for reasons other than exclusively for improving the security, compatibility or interoperability of the software, with the exception of transactions between microenterprises, should not benefit from the exceptions provided to free and open-source AI components.”
Art. 25(4): “The provider of a high-risk AI system and the third party that supplies an AI system, tools, services, components, or processes that are used or integrated in a high-risk AI system shall, by written agreement, specify the necessary information, capabilities, technical access and other assistance based on the generally acknowledged state of the art, in order to enable the provider of the high-risk AI system to fully comply with the obligations set out in this Regulation. This paragraph shall not apply to third parties making accessible to the public tools, services, processes, or components, other than general-purpose AI models, under a free and open-source licence.”
The regulation also provides specific rules for general purpose AI (GPAI) models and lays down more stringent requirements for GPAI models with ‘high-impact capabilities’ that could pose a systemic risk and have a significant impact on the internal market.
According to Art. 53(2), the General-purpose AI (GPAI) obligations do not apply to providers of models released under an open source licence, as long as they aren’t high-risk: “The obligations set out in paragraph 1, points (a) and (b), shall not apply to providers of AI models that are released under a free and open-source licence that allows for the access, usage, modification, and distribution of the model, and whose parameters, including the weights, the information on the model architecture, and the information on model usage, are made publicly available. This exception shall not apply to general-purpose AI models with systemic risks.”
Similarly, providers of GPAI models released under an open source licence don’t need to appoint an EU representative, as long as the models aren’t high-risk (Art. 54(6)): “The obligation set out in this Article shall not apply to providers of general-purpose AI models that are released under a free and open-source licence that allows for the access, usage, modification, and distribution of the model, and whose parameters, including the weights, the information on the model architecture, and the information on model usage, are made publicly available, unless the general-purpose AI models present systemic risks.“
The Regulation also contains more detailed references to FOSS and its interactions with the Act under Recitals 102-104. It is unquestionably a good thing to have a harmonised system, however, for the FOSS community, this exemption also allows continued innovation and collaboration in the tech community without imposing the same level of regulation required for commercial or high-risk AI systems. Harmonising innovation and trust suggests a regulatory approach that balances the need for innovation (through FOSS) with the necessity of trust and safety in AI technologies.
The enforcement of most of its provisions will commence on 2 August 2026. (for the full timeline, please refer to Art. 113). Non-compliance with the EU AI Act will be met with a maximum financial penalty of up to EUR 35 million or 7 percent of worldwide annual turnover, whichever is higher.
Martel, at work to promote a human-centric digital landscape
Through its projects, Martel acknowledges a human-centric and trustworthy AI regulatory framework with the recognition of FOSS’s unique role in innovation. Through their projects, different teams try to highlight the importance of creating a regulatory environment that supports both responsible AI development and the continued growth of open-source projects. This balance is key for fostering a sustainable AI ecosystem that benefits society at large.
