EU Extends Compliance Deadline for High-Risk AI Companies by 16 Months

The European Commission has unveiled a significant initiative aimed at streamlining digital regulations, fostering innovation while reducing administrative burdens for major technology companies. This proposal, introduced in Brussels, seeks to enhance efficiency by allowing companies to allocate more time to development rather than paperwork. A notable aspect of the initiative is the proposed delay in the enforcement of restrictions on high-risk artificial intelligence (AI) systems, extending the grace period by up to 16 months.

The forthcoming European AI regulation, set to take effect in August 2024, categorizes AI systems based on their associated risks to citizens. These classifications determine the obligations and requirements each system must fulfill. For instance, AI applications classified as harmless, such as spam, face no restrictions, whereas those that are deemed to pose unacceptable risks are outright banned. This latter category includes systems designed to manipulate human consciousness, exploit vulnerabilities, or infer sensitive attributes such as emotions, race, or political opinions.

High-risk AI applications require stringent supervision, including remote biometric identification systems and tools affecting critical infrastructure, education, employment, and law enforcement. The proposed extension delays the implementation deadline for compliance from August 2026 to December 2027. The rationale provided by Brussels for this postponement is the necessity of establishing clear standards dictating acceptable use of these technologies, which have yet to be finalized.

Officials from the Commission stress that this is not a modification of the already established AI regulations, and they emphasize the intention to ensure full compliance with the AI law. They argue that achieving “legal certainty” about the regulation's application is essential for its successful implementation and aims to clarify the broader framework of the EU's digital regulations.

Vice President Henna Virkkunen emphasized the need for a “flexible calendar,” addressing concerns about potential concessions to external pressures faced by the Commission, particularly from large technology firms. She highlighted the importance of supporting European startups and SMEs, which are notably active in developing high-risk AI models; these entities require adequate time for testing compliance with proposed standards before launching into the market.

Critics, including former MEP Ibán García del Blanco, voice concerns that the Commission's plans may yield to demands from major digital platforms, labeling it a deviation from necessary security standards rather than a simplification of procedures. García del Blanco warns that such adjustments may undermine the delicate balance between technological advancement and the protection of citizens' rights, reflecting poorly on the EU's commitment to a human-centric AI governance model.

Ella Jakubowska, a policy officer at the think tank EDRi, raises questions about the beneficiaries of this extensive deregulation, urging scrutiny of its potential impact on privacy and worker protections.

Updates on Data and Cookie Regulations

The digital regulations recast also introduces advancements regarding data protection. The Commission aims to implement additional measures to facilitate the training of AI models, increasing access to relevant data through initiatives like “data laboratories.” This effort is designed to bolster the capabilities of European AI companies.

Furthermore, the proposal includes a modernization of cookie regulations aimed at enhancing user experience online. This includes reducing the frequency of cookie banners and enabling users to provide or revoke consent with a single click, while allowing their preferences to be saved.