By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept
Table of Contents
Chapter I: General Provisions
Art. 1 Subject MatterArt. 2 ScopeArt. 3 DefinitionsArt. 4 AI Literacy
Chapter II: Prohibited AI Practices
Art. 5 Prohibited AI Practices
Chapter III: High-Risk AI Systems
Section 1: Classification of AI Systems as High-Risk
Art. 6 Classification Rules for High-Risk AI Systems
Art. 7 Amendments to Annex IIISection 2: Requirements for High-Risk AI Systems
Art. 8 Compliance with the Requirements
Art. 9 Risk Management System
Art. 10 Data and Data Governance
Art. 11 Technical Documentation
Art. 12 Record-Keeping
Art. 13 Transparency and Provision of Information to Deployers
Art. 14 Human Oversight
Art. 15 Accuracy, Robustness and Cybersecurity
Section 3: Obligations of Providers and Deployers of High-Risk AI Systems and Other Parties
Art. 16 Obligations of Providers of High-Risk AI Systems
Art. 17 Quality Management System
Art. 18 Documentation Keeping
Art. 19 Automatically Generated Logs
Art. 20 Corrective Actions and Duty of Information
Art. 21 Cooperation with Competent Authorities
Art. 22 Authorised Representatives of Providers of High-Risk AI Systems
Art. 23 Obligations of Importers
Art. 24 Obligations of Distributors
Art. 25 Responsibilities along the AI Value Chain
Art. 26 Obligations of Deployers of High-Risk AI Systems
Art. 27 Fundamental Rights Impact Assessment for High-Risk AI Systems
Section 4: Notifying Authorities and Notified Bodies
Art. 28 Notifying Authorities
Art. 29 Application of a Conformity Assessment Body for Notification
Art. 30 Notification Procedure
Art. 31 Requirements Relating to Notified Bodies
Art. 32 Presumption of Conformity with Requirements Relating to Notified Bodies
Art. 33 Subsidiaries of Notified Bodies and SubcontractingArt. 34 Operational Obligations of Notifed Bodies
Art. 35 Identification Numbers and Lists of Notified Bodies
Art. 36 Changes to Notifications
Art. 37 Challenge to the Competence of Notified Bodies
Art. 38 Coordination of Notified Bodies
Art. 39 Conformity Assessment Bodies of Third Countries
Section 5: Standards, Conformity Assessment, Certificates, Registration
Art. 40 Harmonised Standards and Standardisation Deliverables
Art. 41 Common Specifications
Art. 42 Presumption of Conformity with Certain Requirements
Art. 43 Conformity Assessment
Art. 44 Certificates
Art. 45 Information Obligations of Notified Bodies
Art. 46 Derogation from Conformity Assessment Procedure
Art. 47 EU Declaration of Conformity
Art. 48 CE Marking
Art. 49 Registration
Chapter IV: Transparency Obligations for Providers and Deployers of Certain AI Systems
Art. 50 Transparency Obligations for Providers and Users of Certain AI Systems
Chapter V: General-Purpose AI Models
Section 1: Classification Rules
Art. 51 Classification of General-Purpose AI Models as General-Purpose AI Models with Systemic Risk
Art. 52 ProcedureSection 2: Obligations for Providers of General Purpose AI Models
Art. 53 Obligations for Providers of General-Purpose AI ModelsArt. 54 Further Processing of Personal Data for Developing Certain AI Systems in the Public Interest in the AI Regulatory SandboxSection 3: Obligations for Providers of General Purpose AI Models with Systemic Risk
Art. 55 Obligations for Providers of General-Purpose AI Models with Systemic RiskSection 4: Codes of Practice
Art. 56 Codes of Practice
Chapter VI: Measures in Support of Innovation
Art. 57 AI Regulatory Sandboxes
Art. 58 Detailed Arrangements for, and Functioning of, AI Regulatory SandboxesArt. 59 Further Processing of Personal Data for Developing Certain AI Systems in the Public Interest in the AI Regulatory SandboxArt. 60 Testing of High-Risk AI Systems in Real World Conditions outside AI Regulatory SandboxesArt. 61 Informed Consent to Participate in Testing in Real World Conditions Outside AI Regulatory SandboxesArt. 62 Measures for Providers and Deployers, in Particular SMEs, including Start-UpsArt. 63 Derogations for Specific Operators
Chapter VII: Governance
Section 1: Governance at Union Level
Art. 64 AI OfficeArt. 65 Establishment and Structure of the European Artificial Intelligence BoardArt. 66 Tasks of the BoardArt. 67 Advisory ForumArt. 68 Scientific Panel of Independent ExpertsArt. 69 Access to the Pool of Experts by the Member StatesSection 2: National Competent Authorities
Art. 70 Designation of National Competent Authorities and Single Points of Contact
Chapter VIII: EU Database for High-Risk Systems
Art. 71 EU Database for High-Risk AI Systems Listed in Annex III
Chapter IX: Post-Market Monitoring, Information Sharing and Market Surveillance
Section 1: Post-Market Monitoring
Art. 72 Post-Market Monitoring by Providers and Post-Market Monitoring Plan for High-Risk AI SystemsSection 2: Sharing of Information on Serious Incidents
Art. 73 Reporting of Serious IncidentsSection 3: Enforcement
Art. 74 Market Surveillance and Control of AI Systems in the Union MarketArt. 75 Mutual Assistance, Market Surveillance and Control of General-Purpose AI SystemsArt. 76 Supervision of Testing in Real World Conditions by Market Surveillance AuthoritiesArt. 77 Powers of Authorities Protecting Fundamental RightsArt. 78 ConfidentialityArt. 79 Procedure at National Level for Dealing with AI Systems Presenting a RiskArt. 80 Procedure for Dealing with AI Systems Classified by the Provider as Non-High-Risk in Application of Annex IIIArt. 81 Union Safeguard ProcedureArt. 82 Compliant AI Systems which Present a RiskArt. 83 Formal Non-ComplianceArt. 84 Union AI Testing Support StructuresSection 4: Remedies
Art. 85 Right to Lodge a Complaint with a Market Surveillance AuthorityArt. 86 Right to Explanation of Individual Decision-MakingArt. 87 Reporting of Infringements and Protection of Reporting PersonsSection 5: Supervision, Investigation, Enforcement and Monitoring in Respect of Providers of General-Purpose AI Models
Art. 88 Enforcement of the Obligations of Providers of General-Purpose AI ModelsArt. 89 Monitoring ActionsArt. 90 Alerts of Systemic Risks by the Scientific PanelArt. 91 Power to Request Documentation and InformationArt. 92 Power to Conduct EvaluationsArt. 93 Power to Request MeasuresArt. 94 Procedural Rights of Economic Operators of the General-Purpose AI Model
Chapter X: Codes of Conduct and Guidelines
Art. 95 Codes of Conduct for Voluntary Application of Specific RequirementsArt. 96 Guidelines from the Commission on the Implementation of this Regulation
Chapter XI: Delegation of Power and Committee Procedure
Art. 97 Exercise of the DelegationArt. 98 Committee Procedure
Chapter XII: Penalties
Art. 99 PenaltiesArt. 100 Administrative Fines on Union Institutions, Bodies, Offices and AgenciesArt. 101 Fines for Providers of General-Purpose AI Models
Chapter XIII: Final Provisions
Art. 102 Amendment to Regulation (EC) No 300/2008Art. 103 Amendment to Regulation (EU) No 167/2013Art. 104 Amendment to Regulation (EU) No 168/2013Art. 105 Amendment to Directive 2014/90/EUArt. 106 Amendment to Directive (EU) 2016/797Art. 107 Amendment to Regulation (EU) 2018/858Art. 108 Amendment to Regulation (EU) 2018/1139Art. 109 Amendment to Regulation (EU) 2019/2144Art. 110 Amendment to Directive (EU) 2020/1828Art. 111 AI Systems Already Placed on the Market or Put into Service and General-Purpose AI Models Already Placed on the MarkedArt. 112 Evaluation and ReviewArt. 113 Entry into Force and Application
Privacy Policy | Liability

Article 5

Prohibited AI Practices

1.   The following AI practices shall be prohibited:

(a)

the placing on the market, the putting into service or the use of an AI system that deploys subliminal techniques beyond a person’s consciousness or purposefully manipulative or deceptive techniques, with the objective, or the effect of materially distorting the behaviour of a person or a group of persons by appreciably impairing their ability to make an informed decision, thereby causing them to take a decision that they would not have otherwise taken in a manner that causes or is reasonably likely to cause that person, another person or group of persons significant harm;

(b)

the placing on the market, the putting into service or the use of an AI system that exploits any of the vulnerabilities of a natural person or a specific group of persons due to their age, disability or a specific social or economic situation, with the objective, or the effect, of materially distorting the behaviour of that person or a person belonging to that group in a manner that causes or is reasonably likely to cause that person or another person significant harm;

(c)

the placing on the market, the putting into service or the use of AI systems for the evaluation or classification of natural persons or groups of persons over a certain period of time based on their social behaviour or known, inferred or predicted personal or personality characteristics, with the social score leading to either or both of the following:

(i)

detrimental or unfavourable treatment of certain natural persons or groups of persons in social contexts that are unrelated to the contexts in which the data was originally generated or collected;

(ii)

detrimental or unfavourable treatment of certain natural persons or groups of persons that is unjustified or disproportionate to their social behaviour or its gravity;

(d)

the placing on the market, the putting into service for this specific purpose, or the use of an AI system for making risk assessments of natural persons in order to assess or predict the risk of a natural person committing a criminal offence, based solely on the profiling of a natural person or on assessing their personality traits and characteristics; this prohibition shall not apply to AI systems used to support the human assessment of the involvement of a person in a criminal activity, which is already based on objective and verifiable facts directly linked to a criminal activity;

(e)

the placing on the market, the putting into service for this specific purpose, or the use of AI systems that create or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage;

(f)

the placing on the market, the putting into service for this specific purpose, or the use of AI systems to infer emotions of a natural person in the areas of workplace and education institutions, except where the use of the AI system is intended to be put in place or into the market for medical or safety reasons;

(g)

the placing on the market, the putting into service for this specific purpose, or the use of biometric categorisation systems that categorise individually natural persons based on their biometric data to deduce or infer their race, political opinions, trade union membership, religious or philosophical beliefs, sex life or sexual orientation; this prohibition does not cover any labelling or filtering of lawfully acquired biometric datasets, such as images, based on biometric data or categorizing of biometric data in the area of law enforcement;

(h)

the use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for the purposes of law enforcement, unless and in so far as such use is strictly necessary for one of the following objectives:

(i)

the targeted search for specific victims of abduction, trafficking in human beings or sexual exploitation of human beings, as well as the search for missing persons;

(ii)

the prevention of a specific, substantial and imminent threat to the life or physical safety of natural persons or a genuine and present or genuine and foreseeable threat of a terrorist attack;

(iii)

the localisation or identification of a person suspected of having committed a criminal offence, for the purpose of conducting a criminal investigation or prosecution or executing a criminal penalty for offences referred to in Annex II and punishable in the Member State concerned by a custodial sentence or a detention order for a maximum period of at least four years.

Point (h) of the first subparagraph is without prejudice to Article 9 of Regulation (EU) 2016/679 for the processing of biometric data for purposes other than law enforcement.

2.   The use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for the purposes of law enforcement for any of the objectives referred to in paragraph 1, first subparagraph, point (h), shall be deployed for the purposes set out in that point only to confirm the identity of the specifically targeted individual, and it shall take into account the following elements:

(a)

the nature of the situation giving rise to the possible use, in particular the seriousness, probability and scale of the harm that would be caused if the system were not used;

(b)

the consequences of the use of the system for the rights and freedoms of all persons concerned, in particular the seriousness, probability and scale of those consequences.

In addition, the use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for the purposes of law enforcement for any of the objectives referred to in paragraph 1, first subparagraph, point (h), of this Article shall comply with necessary and proportionate safeguards and conditions in relation to the use in accordance with the national law authorising the use thereof, in particular as regards the temporal, geographic and personal limitations. The use of the ‘real-time’ remote biometric identification system in publicly accessible spaces shall be authorised only if the law enforcement authority has completed a fundamental rights impact assessment as provided for in Article 27 and has registered the system in the EU database according to Article 49. However, in duly justified cases of urgency, the use of such systems may be commenced without the registration in the EU database, provided that such registration is completed without undue delay.

3.   For the purposes of paragraph 1, first subparagraph, point (h) and paragraph 2, each use for the purposes of law enforcement of a ‘real-time’ remote biometric identification system in publicly accessible spaces shall be subject to a prior authorisation granted by a judicial authority or an independent administrative authority whose decision is binding of the Member State in which the use is to take place, issued upon a reasoned request and in accordance with the detailed rules of national law referred to in paragraph 5. However, in a duly justified situation of urgency, the use of such system may be commenced without an authorisation provided that such authorisation is requested without undue delay, at the latest within 24 hours. If such authorisation is rejected, the use shall be stopped with immediate effect and all the data, as well as the results and outputs of that use shall be immediately discarded and deleted.

The competent judicial authority or an independent administrative authority whose decision is binding shall grant the authorisation only where it is satisfied, on the basis of objective evidence or clear indications presented to it, that the use of the ‘real-time’ remote biometric identification system concerned is necessary for, and proportionate to, achieving one of the objectives specified in paragraph 1, first subparagraph, point (h), as identified in the request and, in particular, remains limited to what is strictly necessary concerning the period of time as well as the geographic and personal scope. In deciding on the request, that authority shall take into account the elements referred to in paragraph 2. No decision that produces an adverse legal effect on a person may be taken based solely on the output of the ‘real-time’ remote biometric identification system.

4.   Without prejudice to paragraph 3, each use of a ‘real-time’ remote biometric identification system in publicly accessible spaces for law enforcement purposes shall be notified to the relevant market surveillance authority and the national data protection authority in accordance with the national rules referred to in paragraph 5. The notification shall, as a minimum, contain the information specified under paragraph 6 and shall not include sensitive operational data.

5.   A Member State may decide to provide for the possibility to fully or partially authorise the use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for the purposes of law enforcement within the limits and under the conditions listed in paragraph 1, first subparagraph, point (h), and paragraphs 2 and 3. Member States concerned shall lay down in their national law the necessary detailed rules for the request, issuance and exercise of, as well as supervision and reporting relating to, the authorisations referred to in paragraph 3. Those rules shall also specify in respect of which of the objectives listed in paragraph 1, first subparagraph, point (h), including which of the criminal offences referred to in point (h)(iii) thereof, the competent authorities may be authorised to use those systems for the purposes of law enforcement. Member States shall notify those rules to the Commission at the latest 30 days following the adoption thereof. Member States may introduce, in accordance with Union law, more restrictive laws on the use of remote biometric identification systems.

6.   National market surveillance authorities and the national data protection authorities of Member States that have been notified of the use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for law enforcement purposes pursuant to paragraph 4 shall submit to the Commission annual reports on such use. For that purpose, the Commission shall provide Member States and national market surveillance and data protection authorities with a template, including information on the number of the decisions taken by competent judicial authorities or an independent administrative authority whose decision is binding upon requests for authorisations in accordance with paragraph 3 and their result.

7.   The Commission shall publish annual reports on the use of real-time remote biometric identification systems in publicly accessible spaces for law enforcement purposes, based on aggregated data in Member States on the basis of the annual reports referred to in paragraph 6. Those annual reports shall not include sensitive operational data of the related law enforcement activities.

8.   This Article shall not affect the prohibitions that apply where an AI practice infringes other Union law.

Article 1
Article 2
Article 3
Article 4
Article 5
Article 6
Article 7
Article 8
Article 9
Article 10
Article 11
Article 12
Article 13
Article 14
Article 15
Article 16
Article 17
Article 18
Article 19
Article 20
Article 21
Article 22
Article 23
Article 24
Article 25
Article 26
Article 27
Article 28
Article 29
Article 30
Article 31
Article 32
Article 33
Article 34
Article 35
Article 36
Article 37
Article 38
Article 39
Article 40
Article 41
Article 42
Article 43
Article 44
Article 45
Article 46
Article 47
Article 48
Article 49
Article 50
Article 51
Article 52
Article 53
Article 54
Article 55
Article 56
Article 57
Article 58
Article 59
Article 60
Article 61
Article 62
Article 63
Article 64
Article 65
Article 66
Article 67
Article 68
Article 69
Article 70
Article 71
Article 72
Article 73
Article 74
Article 75
Article 76
Article 77
Article 78
Article 79
Article 80
Article 81
Article 82
Article 83
Article 84
Article 85
Article 86
Article 87
Article 88
Article 89
Article 90
Article 91
Article 92
Article 93
Article 94
Article 95
Article 96
Article 97
Article 98
Article 99
Article 100
Article 101
Article 102
Article 103
Article 104
Article 105
Article 106
Article 107
Article 108
Article 109
Article 110
Article 111
Article 112
Article 113
EU AI Act Table of Contents
Report error

Report error

Please keep in mind that this form is only for feedback and suggestions for improvement.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
© EUAIAct.com. All rights reserved.

DISCLAIMER: The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the convenience of the reader, user or browser; Holistic AI does not recommend or endorse the contents of the third-party sites.

Readers of this website should contact their attorney to obtain advice with respect to any particular legal matter. No reader, user, or browser of this site should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client relationship between the reader, user, or browser and website authors, contributors, contributing law firms, or committee members and their respective employers.

The views expressed at, or through, this site are those of the individual authors writing in their individual capacities only – not those of their respective employers, Holistic AI, or committee/task force as a whole. All liability with respect to actions taken or not taken based on the contents of this site are hereby expressly disclaimed. The content on this posting is provided "as is;" no representations are made that the content is error-free.