One of the most current news this year, which turned out to be equally interesting to both legal experts and IT industry professionals, was the adoption of the European Union's Artificial Intelligence Act ("AI Act") as the first regulatory framework regarding artificial intelligence ("AI") adopted at the EU level. The aim of the AI Act is to bring the European Union ("EU") to the forefront of the artificial intelligence race, while simultaneously ensuring the protection of human rights, the environment, the rule of law, and democracy.
Although its implementation has not yet begun, the AI Act is expected to clarify some of the uncertainties related to the application of AI for EU member states (and those on the path to becoming members) and provide a solid foundation for the creation of national regulations on this topic.
Summary of the content of AI Act
The AI Act is based on a risk analysis arising from the application of AI – AI is divided into four categories depending on the severity of the risk it can lead to:
a) unacceptable risk – this includes tools that use AI for the purpose of classifying individuals based on their behaviour or characteristics, which would consequently lead to their social "grading" and potentially unfavourable treatment. In other words, AI must not be used for so-called social scoring. Uses of AI that fall into this category are prohibited;
b) high risk – this group includes, for example, AI systems that process personal data with the aim of profiling individuals, such as systems used in the candidate selection process for employment;
c) limited risk – this category includes chatbots and content generated using AI;
d) minimal risk – this category includes, for example, AI used in the creation of email spam filters or video games based on AI technologies.
Among other things, adoption of the AI Act is recognized as significant because it achieves the “reconciliation” of two opposing aims:
The AI Act applies not only to entities physically located in the EU but also to those located in non-EU countries that use AI within the EU territory. In this regard, a parallel can be drawn between the AI Act and the GDPR, which defines the geographic scope of application based on the same principle.
Penalties for Non-Compliance with the AI Act
Entities that fail to comply with the obligations prescribed by the AI Act will face high penalties. The strictest penalties will be imposed on those using systems categorized as unacceptable: for them, fines can reach up to 35 million euros or up to 7% of the total global annual revenue of the company, whichever amount is greater.
For violations of other provisions of the AI Act, the maximum penalty amounts to 15 million euros, or 3% of the total global annual revenue of the company, whichever amount is greater. The “mildest” consequence is for providing incorrect or incomplete information regarding AI to the competent authorities, in which case the penalty can be as high as the greater of the following two amounts: 7 million euros or up to 1% of the total global annual revenue of the company.
Situation in Serbia
When it comes to the domestic regulations, Serbia has been working on creating a legal framework for the use of artificial intelligence for several years now. The first step towards this goal was the adoption of the Artificial Intelligence Development Strategy in the Republic of Serbia for the period 2020 to 2025, which was adopted in 2019. Bearing in mind the rapid development and increase in the use of AI in Serbia since the adoption of the first Strategy, the need to improve the Strategy arose as early as the beginning of 2024. Consequently, development of a new Artificial Intelligence Development Strategy in the Republic of Serbia for the period 2025 to 2030 (available only in Serbian) has begun, and it is expected to be adopted during 2024.
In addition to the Strategies, it is also worth mentioning that the draft Law on Artificial Intelligence of the Republic of Serbia is currently being prepared by a special working group within the Ministry of Science, Technological Development and Innovation. The adoption of this law is announced for the first half of 2025, and it is expected that such legislation will address numerous questions related to the application of this technology and create an adequate ground for its further development and safe use.