By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept
Table of Contents
Title I: General Provisions
Art. 1 Subject MatterArt. 2 ScopeArt. 3 DefinitionsArt. 4 Implementing Acts
Title IA: General Purpose AI Systems
Art. 4a Compliance of General Purpose AI Systems with this RegulationArt. 4b AI LiteracyArt. 4c Exceptions to Article 4b
Title II: Prohibited Artificial Intelligence Practices
Art. 5 Prohibited Artificial Intelligence Practices
Title III: Classification of AI Systems as High-Risk
Chapter 1: Classification of AI Systems as High-Risk
Art. 6 Classification Rules for High-Risk AI Systems
Art. 7 Amendments to Annex IIIChapter 2: Requirements for High-Risk AI Systems
Art. 8 Compliance with the Requirements
Art. 9 Risk Management System
Art. 10 Data and Data Governance
Art. 11 Technical Documentation
Art. 12 Record-Keeping
Art. 13 Transparency and Provision of Information to Deployers
Art. 14 Human Oversight
Art. 15 Accuracy, Robustness and Cybersecurity
Chapter 3: Obligations of Providers and Users of High-Risk AI Systems and Other Parties
Art. 16 Obligations of Providers of High-Risk AI Systems
Art. 17 Quality Management System
Art. 18 Documentation Keeping
Art. 19 Conformity Assessment
Art. 20 Automatically Generated Logs
Art. 21 Corrective Actions and Duty of Information
Art. 22 Duty of Information
Art. 23 Cooperation with Competent Authorities
Art. 23a Conditions for Other Persons to be Subject to the Obligations of a Provider
Art. 24 [Deleted]
Art. 25 Authorised Representatives
Art. 26 Obligations of Importers
Art. 27 Obligations of Distributors
Art. 28 Responsibilities along the AI Value Chain
Art. 29 Obligations of Deployers of High-Risk AI Systems
Art. 29a Fundamental Rights Impact Assessment for High-Risk AI Systems
Chapter 4: Notifying Authorities and Notified Bodies
Art. 30 Notifying Authorities
Art. 31 Application of a Conformity Assessment Body for Notification
Art. 32 Notification Procedure
Art. 33 Requirements Relating to Notified BodiesArt. 33a Presumption of Conformity with Requirements Relating to Notified BodiesArt. 34 Subsidiaries of and Subcontracting by Notified Bodies
Art. 34a Operational Obligations of Notified Bodies
Art. 35 Identification Numbers and Lists of Notified Bodies Designated under this Regulation
Art. 36 Changes to Notifications
Art. 37 Challenge to the Competence of Notified Bodies
Art. 38 Coordination of Notified Bodies
Art. 39 Conformity Assessment Bodies of Third Countries
Chapter 5: Standards, Conformity Assessment, Certification, Registration
Art. 40 Harmonised Standards and Standardisation Deliverables
Art. 41 Common Specifications
Art. 42 Presumption of Conformity with Certain Requirements
Art. 43 Conformity Assessment
Art. 44 Certificates
Art. 45 Appeal Against Decisions of Notified Bodies
Art. 46 Information Obligations of Notified Bodies
Art. 47 Derogation from Conformity Assessment Procedure
Art. 48 EU Declaration of Conformity
Art. 49 CE Marking of Conformity
Art. 50 [Deleted]Art. 51 Registration
Title IV: Transparency Obligations for Providers and Deployers of Certain AI Systems
Art. 52 Transparency Obligations for Providers and Users of Certain AI Systems and GPAI Models
Title VIIIa: General Purpose AI Models
Chapter 1: Classification Rules
Art. 52a Classification of General Purpose AI Models as General Purpose AI Models with Systemic RiskArt. 52b ProcedureChapter 2: Obligations for Providers of General Purpose AI Models
Art. 52c Obligations for Providers of General Purpose AI ModelsArt. 52ca Authorised RepresentativeChapter 3: Obligations for Providers of General Purpose AI Models with Systemic Risk
Art. 52d Obligations for Providers of General Purpose AI Models with Systemic RiskArt. 52e Codes of Practice
Title V: Measures in Support of Innovation
Art. 53 AI Regulatory SandboxesArt. 53a Modalities and Functioning of AI Regulatory SandboxesArt. 54 Further Processing of Personal Data for Developing Certain AI Systems in the Public Interest in the AI Regulatory SandboxArt. 54a Testing of High-Risk AI Systems in Real World Conditions Outside AI Regulatory SandboxesArt. 54b Informed Consent to Participate in Testing in Real World Conditions Outside AI Regulatory SandboxesArt. 55 Measures for Deployers, in Particular SMEs, including Start-UpsArt. 55a Derogations for Specific Operators
Title VI: Governance
Art. 55b Governance at Union LevelChapter 1: European Artificial Intelligence Board
Art. 56 Establishment of the European Artificial Intelligence BoardArt. 57 [Deleted]
Art. 58 Tasks of the BoardArt. 58a Advisory ForumChapter 1A: Scientific Panel of Independent Experts
Art. 58b Scientific Panel of Independent ExpertsArt. 58c Access to the Pool of Experts by the Member StatesChapter 2: National Competent Authorities
Art. 59 Designation of National Competent Authorities and Single Point of Contact
Title VII: EU Database for High-Risk AI Systems Listed in Annex III
Art. 60 EU Database for High-Risk AI Systems Listed in Annex III
Title VIII: Post-Market Monitoring, Information Sharing, Market Surveillance
Chapter 1: Post-Market Monitoring
Art. 61 Post-Market Monitoring by Providers and Post-Market Monitoring Plan for High-Risk AI SystemsChapter 2: Sharing of Information on Serious Incidents
Art. 62 Reporting of Serious IncidentsChapter 3: Enforcement
Art. 63 Market Surveillance and Control of AI Systems in the Union MarketArt. 63a Mutual Assistance, Market Surveillance and Control of General Purpose AI SystemsArt. 63b Supervision of Testing in Real World Conditions by Market Surveillance AuthoritiesArt. 64 Powers of Authorities Protecting Fundamental RightsArt. 65 Procedure for Dealing with AI Systems Presenting a Risk at National LevelArt. 65a Procedure for Dealing with AI Systems Classified by the Provider as a Not High-Risk in Application of Annex IIIArt. 66 Union Safeguard ProcedureArt. 67 Compliant AI Systems Which Present a RiskArt. 68 Formal Non-ComplianceArt. 68a Union Testing Facilities in the Area of Artificial IntelligenceChapter 3b: Remedies
Art. 68b Right to Lodge a Complaint with a Market Surveillance AuthorityArt. 68c A Right to Explanation of Individual Decision-MakingArt. 68d Amendment to Directive (EU) 2020/1828Art. 68e Reporting of Breaches and Protection of Reporting PersonsChapter 3c: Supervision, Investigation, Enforcement and Monitoring in Respect of Providers of General Purpose AI Models
Art. 68f Enforcement of Obligations on Providers of General Purpose AI ModelsArt. 68g Monitoring ActionsArt. 68h Alerts of Systemic Risks by the Scientific PanelArt. 68i Power to Request Documentation and InformationArt. 68j Power to Conduct EvaluationsArt. 68k Power to Request MeasuresArt. 68m Procedural Rights of Economic Operators of the General Purpose AI Model
Title IX: Codes of Conduct
Art. 69 Codes of Conduct for Voluntary Application of Specific Requirements
Title X: Confidentiality and Penalties
Art. 70 Confidentiality
Art. 71 PenaltiesArt. 72 Administrative Fines on Union Institutions, Agencies and BodiesArt. 72a Fines for Providers of General Purpose AI Models
Title XI: Delegation of Power and Committee Procedure
Art. 73 Exercise of the DelegationArt. 74 Committee Procedure
Title XII: Final Provisions
Art. 75 Amendment to Regulation (EC) No 300/2008Art. 76 Amendment to Regulation (EU) No 167/2013Art. 77 Amendment to Regulation (EU) No 168/2013Art. 78 Amendment to Directive 2014/90/EUArt. 79 Amendment to Directive (EU) 2016/797Art. 80 Amendment to Regulation (EU) 2018/858Art. 81 Amendment to Regulation (EU) 2018/1139Art. 82 Amendment to Regulation (EU) 2019/2144Art. 82a Guidelines from the Commission on the Implementation of this RegulationArt. 83 AI Systems Already Placed on the Market or Put into ServiceArt. 84 Evaluation and ReviewArt. 85 Entry into Force and Application
Privacy Policy | Liability

Article 3

Definitions

Updated on April 10th 2024 based on the version and article numbering approved by the EU Parliament on March 13th 2024.

For the purposes of this Regulation, the following definitions apply:

(1) ‘AI system’ means a machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments;

(2) ‘risk’ means the combination of the probability of an occurrence of harm and the severity of that harm;

(3) ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge;

(4)deployer means a natural or legal person, public authority, agency or other body using an AI system under its authority except where the AI system is used in the course of a personal non-professional activity;

(5) ‘authorised representative’ means a natural or legal person located or established in the Union who has received and accepted a written mandate from a provider of an AI system or a general-purpose AI model to, respectively, perform and carry out on its behalf the obligations and procedures established by this Regulation;

(6) ‘importer’ means a natural or legal person located or established in the Union that places on the market an AI system that bears the name or trademark of a natural or legal person established in a third country;

(7) ‘distributor’ means a natural or legal person in the supply chain, other than the provider or the importer, that makes an AI system available on the Union market;

(8) ‘operator’ means a provider, product manufacturer, deployer, authorised representative, importer or distributor;

(9) ‘placing on the market’ means the first making available of an AI system or a general purpose AI model on the Union market;

(10) ‘making available on the market’ means the supply of an AI system or a general-purpose AI model for distribution or use on the Union market in the course of a commercial activity, whether in return for payment or free of charge;

(11) ‘putting into service’ means the supply of an AI system by the provider for first use directly to the deployer or for own use in the Union for its intended purpose;

(12) ‘intended purpose’ means the use for which an AI system is intended by the provider, including the specific context and conditions of use, as specified in the information supplied by the provider in the instructions for use, promotional or sales materials and statements, as well as in the technical documentation;

(13) ‘reasonably foreseeable misuse’ means the use of an AI system in a way that is not in accordance with its intended purpose, but which may result from reasonably foreseeable human behaviour or interaction with other systems, including other AI systems;

(14) ‘safety component’ means a component of a product or of a system which fulfils a safety function for that product or system, or the failure or malfunctioning of which endangers the health and safety of persons or property;

(15) ‘instructions for use’ means the information provided by the provider to inform the deployer of in particular an AI system’s intended purpose and proper use;

(16) ‘recall of an AI system’ means any measure aiming to achieve the return to the provider or taking out of service or disabling the use of an AI system made available to deployers;

(17) ‘withdrawal of an AI system’ means any measure aiming to prevent an AI system in the supply chain being made available on the market;

(18) ‘performance of an AI system’ means the ability of an AI system to achieve its intended purpose;

(19) ‘notifying authority’ means the national authority responsible for setting up and carrying out the necessary procedures for the assessment, designation and notification of conformity assessment bodies and for their monitoring;

(20) ‘conformity assessment’ means the process of demonstrating whether the requirements set out in Chapter II, Section 2 relating to a high-risk AI system have been fulfilled;

(21) ‘conformity assessment body’ means a body that performs third-party conformity assessment activities, including testing, certification and inspection;

(22) ‘notified body’ means a conformity assessment body notified in accordance with this Regulation and other relevant Union harmonisation legislation as listed in Section B of Annex I;

(23) ‘substantial modification’ means a change to an AI system after its placing on the market or putting into service which is not foreseen or planned in the initial conformity assessment carried out by the provider and as a result of which the compliance of the AI system with the requirements set out in Chapter II, Section 2 is affected or results in a modification to the intended purpose for which the AI system has been assessed;

(24) ‘CE marking’ means a marking by which a provider indicates that an AI system is in conformity with the requirements set out in Chapter II, Section 2 and other applicable Union harmonisation legislation listed in Annex I, providing for its affixing;

(25) ‘post-market monitoring system’ means all activities carried out by providers of AI systems to collect and review experience gained from the use of AI systems they place on the market or put into service for the purpose of identifying any need to immediately apply any necessary corrective or preventive actions;

(26) ‘market surveillance authority’ means the national authority carrying out the activities and taking the measures pursuant to Regulation (EU) 2019/1020;

(27) ‘harmonised standard’ means a harmonised standard as defined in Article 2(1), point (c), of Regulation (EU) No 1025/2012;

(28) ‘common specification’ means a set of technical specifications as defined in Article 2, point (4) of Regulation (EU) No 1025/2012, providing means to comply with certain requirements established under this Regulation;

(29) ‘training data’ means data used for training an AI system through fitting its learnable parameters;

(30) ‘validation data’ means data used for providing an evaluation of the trained AI system and for tuning its non-learnable parameters and its learning process in order, inter alia, to prevent underfitting or overfitting;

(31) ‘validation data set’ means a separate data set or part of the training data set, either as a fixed or variable split;

(32) ‘testing data’ means data used for providing an independent evaluation of the AI system in order to confirm the expected performance of that system before its placing on the market or putting into service;

(33) ‘input data’ means data provided to or directly acquired by an AI system on the basis of which the system produces an output;

(34) ‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, such as facial images or dactyloscopic data;

(35) ‘biometric identification’ means the automated recognition of physical, physiological, behavioural, or psychological human features for the purpose of establishing the identity of a natural person by comparing biometric data of that individual to biometric data of individuals stored in a database;

(36) ‘biometric verification’ means the automated, one-to-one verification, including authentication, of the identity of natural persons by comparing their biometric data to previously provided biometric data;

(37) ‘special categories of personal data’ means the categories of personal data referred to inArticle 9(1) of Regulation (EU) 2016/679, Article 10 of Directive (EU) 2016/680 and Article 10(1) of Regulation (EU) 2018/1725;

(38) ‘sensitive operational data’ means operational data related to activities of prevention, detection, investigation or prosecution of criminal offences, the disclosure of which could jeopardise the integrity of criminal proceedings;

(39) ‘emotion recognition system’ means an AI system for the purpose of identifying or inferring emotions or intentions of natural persons on the basis of their biometric data;

(40) ‘biometric categorisation system’ means an AI system for the purpose of assigning natural persons to specific categories on the basis of their biometric data, unless it is ancillary to another commercial service and strictly necessary for objective technical reasons;

(41) ‘remote biometric identification system’ means an AI system for the purpose of identifying natural persons, without their active involvement, typically at a distance through the comparison of a person’s biometric data with the biometric data contained in a reference database;

(42) ‘real-time remote biometric identification system’ means a remote biometric identification system whereby the capturing of biometric data, the comparison and the identification all occur without a significant delay and comprises not only instant identification, but also limited short delays in order to avoid circumvention;

(43) ‘post remote biometric identification system’ means a remote biometric identification system other than a real-time remote biometric identification system;

(44) ‘publicly accessible space’ means any publicly or privately owned physical place accessible to an undetermined number of natural persons, regardless of whether certain conditions for access may apply, and regardless of the potential capacity restrictions;

(45) ‘law enforcement authority’ means:

  1. any public authority competent for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security; or
  2. any other body or entity entrusted by Member State law to exercise public authority and public powers for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;

(46) ‘law enforcement’ means activities carried out by law enforcement authorities or on their behalf for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and preventing threats to public security;

(47) ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and AI governance carried out by the European Artificial Intelligence Office established by Commission Decision of 24.1.2024; references in this Regulation to the AI Office shall be construed as references to the Commission;

(48) ‘national competent authority’ means a notifying authority or a market surveillance authority;;

(49) ‘serious incident’ means an incident or malfunctioning of an AI system that directly or indirectly leads to any of the following:

  1. the death of a person, or serious harm to a person’s health;
  2. a serious and irreversible disruption of the management or operation of critical infrastructure.
  3. the infringement of obligations under Union law intended to protect fundamental rights;
  4. serious harm to property or the environment;

(50) ‘personal data’ means personal data as defined in Article 4, point (1), of Regulation(EU) 2016/679;(51) ‘non-personal data’ means data other than personal data as defined in Article 4, point(1), of Regulation (EU) 2016/679;

(52) ‘profiling’ means profiling as defined in Article 4, point (4), of Regulation (EU)2016/679 or, in the case of law enforcement authorities, as defined in Article 3, point (4)of Directive (EU) 2016/680 or, in the case of Union institutions, bodies, offices or agencies, as defined in Article 3, point (5) of Regulation (EU) 2018/1725;

(53) ‘real-world testing plan’ means a document that describes the objectives, methodology, geographical, population and temporal scope, monitoring, organisation and conduct oftesting in real-world conditions;

(54) ‘sandbox plan’ means a document agreed between the participating provider and the competent authority describing the objectives, conditions, timeframe, methodology and requirements for the activities carried out within the sandbox;

(55) ‘AI regulatory sandbox’ means a controlled framework set up by a competent authority which offers providers or prospective providers of AI systems the possibility to develop, train, validate and test, where appropriate in real-world conditions, an innovative AI system, pursuant to a sandbox plan for a limited time under regulatory supervision;

(56) ‘AI literacy’ means skills, knowledge and understanding that allows providers, deployers and affected persons, taking into account their respective rights and obligations in the context of this Regulation, to make an informed deployment of AI systems, as well as to gain awareness about the opportunities and risks of AI and possible harm it can cause;

(57) ‘testing in real-world conditions’ means the temporary testing of an AI system for its intended purpose in real-world conditions outside a laboratory or otherwise simulated environment, with a view to gathering reliable and robust data and to assessing and verifying the conformity of the AI system with the requirements of this Regulation and it is not considered to be placing the AI system on the market or putting it into service within the meaning of this Regulation, provided that all the conditions laid down in Article 57 or 60 are fulfilled;

(58) ‘subject’, for the purpose of real-world testing, means a natural person who participates in testing in real-world conditions;

(59) ‘informed consent’ means a subject's freely given, specific, unambiguous and voluntary expression of his or her willingness to participate in a particular testing in real-world conditions, after having been informed of all aspects of the testing that are relevant to the subject's decision to participate;

(60) ‘deep fake’ means AI-generated or manipulated image, audio or video content that resembles existing persons, objects, places or other entities or events and would falsely appear to a person to be authentic or truthful;

(61) ‘widespread infringement’ means any act or omission contrary to Union law protecting the interest of individuals, which:

  1. has harmed or is likely to harm the collective interests of individuals residing in at least two Member States other than the Member State in which:
    (i) the act or omission originated or took place;
    (ii) the provider concerned, or, where applicable, its authorised representative is located or established; or
    (iii) the deployer is established, when the infringement is committed by the deployer;
    (b) has caused, causes or is likely to cause harm to the collective interests of individuals and has common features, including the same unlawful practice or the same interest being infringed, and is occurring concurrently, committed by the same operator, in at least three Member States;

(62) ‘critical infrastructure’ means critical infrastructure as defined in Article 2, point (4), of Directive (EU) 2022/2557;

(63) ‘general-purpose AI model’ means an AI model, including where such an AI model is trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable of competently performing a wide range of distinct tasks regardless of the way the model is placed on the market and that can be integrated into a variety of downstream systems or applications, except AI models that are used for research, development or prototyping activities before they are released on the market;

(64) ‘high-impact capabilities’ means capabilities that match or exceed the capabilities recorded in the most advanced general-purpose AI models;

(65) ‘systemic risk’ means a risk that is specific to the high-impact capabilities of general purpose AI models, having a significant impact on the Union market due to their reach, or due to actual or reasonably foreseeable negative effects on public health, safety, public security, fundamental rights, or the society as a whole, that can be propagated at scale across the value chain;

(66) ‘general-purpose AI system’ means an AI system which is based on a general-purposeAI model, that has the capability to serve a variety of purposes, both for direct use aswell as for integration in other AI systems;

(67) ‘floating-point operation’ or ‘FLOP’ means any mathematical operation or assignment involving floating-point numbers, which are a subset of the real numbers typically represented on computers by an integer of fixed precision scaled by an integer exponent of a fixed base;

(68) ‘downstream provider’ means a provider of an AI system, including a general-purposeAI system, which integrates an AI model, regardless of whether the model is provided by themselves and vertically integrated or provided by another entity based on contractual relations.

[Previous version]

Updated on Feb 6th 2024 based on the version endorsed by the Coreper I on Feb 2nd

For the purpose of this Regulation, the following definitions apply:

(1) ‘AI system‘ is a machine-based system designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments;

(1a) ‘risk’ means the combination of the probability of an occurrence of harm and the severity of that harm;

(2) ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general purpose AI model or that has an AI system or a general purpose AI model developed and places them on the market or puts the system into service under its own name or trademark, whether for payment or free of charge;

(4) ‘deployer means any natural or legal person, public authority, agency or other body using an AI system under its authority except where the AI system is used in the course of a personal non-professional activity;

(5) ‘authorised representative’ means any natural or legal person located or established in the Union who has received and accepted a written mandate from a provider of an AI system or a general-purpose AI model to, respectively, perform and carry out on its behalf the obligations and procedures established by this Regulation;

(6) ‘importer’ means any natural or legal person located or established in the Union that places on the market an AI system that bears the name or trademark of a natural or legal person established outside the Union;

(7) ‘distributor’ means any natural or legal person in the supply chain, other than the provider or the importer, that makes an AI system available on the Union market;

(8) ‘operator’ means the provider, the product manufacturer, the deployer, the authorised representative, the importer or the distributor;

(9) ‘placing on the market’ means the first making available of an AI system or a general purpose AI model on the Union market;

(10) ‘making available on the market’ means any supply of an AI system or a general purpose AI model for distribution or use on the Union market in the course of a commercial activity, whether in return for payment or free of charge;

(11) ‘putting into service’ means the supply of an AI system for first use directly to the deployer or for own use in the Union for its intended purpose;

(12) ‘intended purpose’ means the use for which an AI system is intended by the provider, including the specific context and conditions of use, as specified in the information supplied by the provider in the instructions for use, promotional or sales materials and statements, as well as in the technical documentation;

(13) ‘reasonably foreseeable misuse’ means the use of an AI system in a way that is not in accordance with its intended purpose, but which may result from reasonably foreseeable human behaviour or interaction with other systems, including other AI systems;

(14) ‘safety component of a product or system’ means a component of a product or of a system which fulfils a safety function for that product or system, or the failure or malfunctioning of which endangers the health and safety of persons or property;

(15) ‘instructions for use’ means the information provided by the provider to inform the user of in particular an AI system’s intended purpose and proper use;

(16) ‘recall of an AI system’ means any measure aimed at achieving the return to the provider or taking it out of service or disabling the use of an AI system made available to deployers;

(17) ‘withdrawal of an AI system’ means any measure aimed at preventing an AI system in the supply chain being made available on the market;

(18) ‘performance of an AI system’ means the ability of an AI system to achieve its intended purpose;

(19) ‘notifying authority’ means the national authority responsible for setting up and carrying out the necessary procedures for the assessment, designation and notification of conformity assessment bodies and for their monitoring;

(20) ‘conformity assessment’ means the process of demonstrating whether the requirements set out in Title III, Chapter 2 of this Regulation relating to a high-risk AI system have been fulfilled;

(21) ‘conformity assessment body’ means a body that performs third-party conformity assessment activities, including testing, certification and inspection;

(22) ‘notified body’ means a conformity assessment body notified in accordance with this Regulation and other relevant Union harmonisation legislation;

(23) ‘substantial modification’ means a change to the AI system after its placing on the market or putting into service which is not foreseen or planned in the initial conformity assessment by the provider and as a result of which the compliance of the AI system with the requirements set out in Title III, Chapter 2 of this Regulation is affected or results in a modification to the intended purpose for which the AI system has been assessed;

(24) ‘CE marking of conformity’ (CE marking) means a marking by which a provider indicates that an AI system is in conformity with the requirements set out in Title III, Chapter 2 of this Regulation and other applicable Union legislation harmonising the conditions for the marketing of products (‘Union harmonisation legislation’) providing for its affixing;

(25) ‘post-market monitoring system’ means all activities carried out by providers of AI systems to collect and review experience gained from the use of AI systems they place on the market or put into service for the purpose of identifying any need to immediately apply any necessary corrective or preventive actions;

(26) ‘market surveillance authority’ means the national authority carrying out the activities and taking the measures pursuant to Regulation (EU) 2019/1020;

(27) ‘harmonised standard’ means a European standard as defined in Article 2(1)(c) of Regulation (EU) No 1025/2012;

(28) ‘common specification’ means a set of technical specifications, as defined in point 4 of Article 2 of Regulation (EU) No 1025/2012 providing means to comply with certain requirements established under this Regulation;

(29) ‘training data’ means data used for training an AI system through fitting its learnable parameters;

(30) ‘validation data’ means data used for providing an evaluation of the trained AI system and for tuning its non-learnable parameters and its learning process, among other things, in order to prevent underfitting or overfitting; whereas the validation dataset is a separate dataset or part of the training dataset, either as a fixed or variable split;

(31) ‘testing data’ means data used for providing an independent evaluation of the AI system in order to confirm the expected performance of that system before its placing on the market or putting into service;

(32) ‘input data’ means data provided to or directly acquired by an AI system on the basis of which the system produces an output;

(33) ‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, such as facial images or dactyloscopic data;

(33a) ‘biometric identification’ means the automated recognition of physical, physiological, behavioural, and psychological human features for the purpose of establishing an individual’s identity by comparing biometric data of that individual to stored biometric data of individuals in a database;

(33c) ‘biometric verification’ means the automated verification of the identity of natural persons by comparing biometric data of an individual to previously provided biometric data (one-to-one verification, including authentication);

(33d) ‘special categories of personal data’ means the categories of personal data referred to in Article 9(1) of Regulation (EU) 2016/679, Article 10 of Directive (EU) 2016/680 and Article 10(1) of Regulation (EU) 2018/1725;

(33e) ‘sensitive operational data’ means operational data related to activities of prevention, detection, investigation and prosecution of criminal offences, the disclosure of which can jeopardise the integrity of criminal proceedings;

(34) ‘emotion recognition system’ means an AI system for the purpose of identifying or inferring emotions or intentions of natural persons on the basis of their biometric data;

(35) ‘biometric categorisation system’ means an AI system for the purpose of assigning natural persons to specific categories on the basis of their biometric data unless ancillary to another commercial service and strictly necessary for objective technical reasons;

(36) ‘remote biometric identification system’ means an AI system for the purpose of identifying natural persons, without their active involvement, typically at a distance through the comparison of a person’s biometric data with the biometric data contained in a reference database;

(37) ‘‘real-time’ remote biometric identification system’ means a remote biometric identification system whereby the capturing of biometric data, the comparison and the identification all occur without a significant delay. This comprises not only instant identification, but also limited short delays in order to avoid circumvention;

(38) ‘‘post’ remote biometric identification system’ means a remote biometric identification system other than a ‘real-time’ remote biometric identification system;

(39) ‘publicly accessible space’ means any publicly or privately owned physical place accessible to an undetermined number of natural persons, regardless of whether certain conditions for access may apply, and regardless of the potential capacity restrictions;

(40) ‘law enforcement authority’ means:

(a) any public authority competent for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security; or

(b) any other body or entity entrusted by Member State law to exercise public authority and public powers for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminalpenalties, including the safeguarding against and the prevention of threats to public security;

(41) ‘law enforcement’ means activities carried out by law enforcement authorities or on their behalf for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;

(42) ‘Artificial Intelligence Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems, general purpose AI models and AI governance. References in this Regulation to the Artificial Intelligence office shall be understood as references to the Commission;

(43) ‘national competent authority’ means any of the following: the notifying authority and the market surveillance authority. As regards AI systems put into service or used by EU institutions, agencies, offices and bodies, any reference to national competent authorities or market surveillance authorities in this Regulation shall be understood as referring to the European Data Protection Supervisor;

(44) ‘serious incident’ means any incident or malfunctioning of an AI system that directly or indirectly leads to any of the following:

  1. the death of a person or serious damage to a person’s health;
  2. a serious and irreversible disruption of the management and operation of critical infrastructure;

(ba) breach of obligations under Union law intended to protect fundamental rights; (bb) serious damage to property or the environment.

(44a) 'personal data' means personal data as defined in Article 4, point (1) of Regulation (EU) 2016/679;

(44c) ‘non-personal data’ means data other than personal data as defined in point (1) of Article 4 of Regulation (EU) 2016/679;

(be) ‘profiling’ means any form of automated processing of personal data as defined in point (4) of Article 4 of Regulation (EU) 2016/679; or in the case of law enforcement authorities – in point 4 of Article 3 of Directive (EU) 2016/680 or, in the case of Union institutions, bodies, offices or agencies, in point 5 Article 3 of Regulation (EU) 2018/1725;

(bf) ‘real world testing plan’ means a document that describes the objectives, methodology, geographical, population and temporal scope, monitoring, organisation and conduct of testing in real world conditions;

(44 eb)‘sandbox plan’ means a document agreed between the participating provider and the competent authority describing the objectives, conditions, timeframe, methodology and requirements for the activities carried out within the sandbox;

(bg) 'AI regulatory sandbox’ means a concrete and controlled framework set up by a competent authority which offers providers or prospective providers of AI systems the possibility to develop, train, validate and test, where appropriate in real world conditions, an innovative AI system, pursuant to a sandbox plan for a limited time under regulatory supervision;

(bh) ‘AI literacy’ refers to skills, knowledge and understanding that allows providers, users and affected persons, taking into account their respective rights and obligations in the context of this Regulation, to make an informed deployment of AI systems, as well as to gain awareness about the opportunities and risks of AI and possible harm it can cause;

(bi) ‘testing in real world conditions’ means the temporary testing of an AI system for its intended purpose in real world conditions outside of a laboratory or otherwise simulated environment with a view to gathering reliable and robust data and to assessing and verifying the conformity of the AI system with the requirements of this Regulation; testing in real world conditions shall not be considered as placing the AI system on the market or putting it into service within the meaning of this Regulation, provided that all conditions under Article 53 or Article 54a are fulfilled;

(bj) ‘subject’ for the purpose of real world testing means a natural person who participates in testing in real world conditions;

(bk) ‘informed consent’ means a subject's freely given, specific, unambiguous and voluntary expression of his or her willingness to participate in a particular testing in real world conditions, after having been informed of all aspects of the testing that are relevant to the subject's decision to participate;

(bl) "deep fake" means AI generated or manipulated image, audio or video content that resembles existing persons, objects, places or other entities or events and would falsely appear to a person to be authentic or truthful;

(44e) ‘widespread infringement’ means any act or omission contrary to Union law that protects the interest of individuals:

  1. which has harmed or is likely to harm the collective interests of individuals residing in at least two Member States other than the Member State, in which:
    (i) the act or omission originated or took place;
    (ii) the provider concerned, or, where applicable, its authorised representative is established; or
    (iii) the deployer is established, when the infringement is committed by the deployer;
  2. which protects the interests of individuals, that have caused, cause or are likely to cause harm to the collective interests of individuals and that have common features, including the same unlawful practice, the same interest being infringed and that are occurring concurrently, committed by the same operator, in at least three Member States;

(44h) ‘critical infrastructure’ means an asset, a facility, equipment, a network or a system, or a part of thereof, which is necessary for the provision of an essential service within the meaning of Article 2(4) of Directive (EU) 2022/2557;

(44b) ‘general purpose AI model’ means an AI model, including when trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable to competently perform a wide range of distinct tasks regardless of the way the model is placed on the market and that can be integrated into a variety of downstream systems or applications. This does not cover AI models that are used before release on the market for research, development and prototyping activities;

(44c) ‘high-impact capabilities’ in general purpose AI models means capabilities that match or exceed the capabilities recorded in the most advanced general purpose AI models;

(44d) ‘systemic risk at Union level’ means a risk that is specific to the high-impact capabilities of general-purpose AI models, having a significant impact on the internal market due to its reach, and with actual or reasonably foreseeable negative effects on public health, safety, public security, fundamental rights, or the society as a whole, that can be propagated at scale across the value chain;

(44e) ‘general purpose AI system’ means an AI system which is based on a general purpose AI model, that has the capability to serve a variety of purposes, both for direct use as well as for integration in other AI systems;

(44f) ’floating-point operation’ means any mathematical operation or assignment involving floating-point numbers, which are a subset of the real numbers typically represented on computers by an integer of fixed precision scaled by an integer exponent of a fixed base;

(44g) ‘downstream provider’ means a provider of an AI system, including a general- purpose AI system, which integrates an AI model, regardless of whether the model is provided by themselves and vertically integrated or provided by another entity based on contractual relations.

Article 1
Article 2
Article 3
Article 4
Article 4a
Article 4b
Article 4c
Article 5
Article 6
Article 7
Article 8
Article 9
Article 10
Article 11
Article 12
Article 13
Article 14
Article 15
Article 16
Article 17
Article 18
Article 19
Article 20
Article 21
Article 22
Article 23
Article 23a
Article 24
Article 25
Article 26
Article 27
Article 28
Article 29
Article 29a
Article 30
Article 31
Article 32
Article 33
Article 33a
Article 34
Article 34a
Article 35
Article 36
Article 37
Article 38
Article 39
Article 40
Article 41
Article 42
Article 43
Article 44
Article 45
Article 46
Article 47
Article 48
Article 49
Article 50
Article 51
Article 52
Article 52a
Article 52b
Article 52c
Article 52ca
Article 52d
Article 52e
Article 53
Article 53a
Article 54
Article 54a
Article 54b
Article 55
Article 55a
Article 55b
Article 56
Article 57
Article 58
Article 58a
Article 58b
Article 58c
Article 59
Article 60
Article 61
Article 62
Article 63
Article 63a
Article 63b
Article 64
Article 65
Article 65a
Article 66
Article 67
Article 68
Article 68a
Article 68b
Article 68c
Article 68d
Article 68e
Article 68f
Article 68g
Article 68h
EU AI Act Table of Contents
Report error

Report error

Please keep in mind that this form is only for feedback and suggestions for improvement.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
© EUAIAct.com. All rights reserved.