Artificial Intelligence for Products

The regulation represents a groundbreaking regulatory framework aimed at addressing the complexities and risks associated with artificial intelligence (AI) technologies. As the first comprehensive legislation of its kind globally, the AI Act categorizes AI applications based on their risk levels and establishes clear obligations for deployers, developers and users within the European Union.

Legislative Progress

The Act was officially published in the EU official Journal July 2024, and became effective as of 2024 August 1st. It establishes several key timelines affecting products already placed or to be placed on or put into service in the EU market incorpoating AI and machine learning based algorithms. After the initial enforcement, the following key timelines can be observed which needed to be carefully monitred by any stakeholders from deployers of AI systems to the deisgnated Notified Bodies in order to ensure compliance of the products.

Objectives and Structure of EU AI Act

The AI Act aims to ensure that AI systems are developed and used in a manner that respects fundamental rights and safety while fostering innovation. It categorizes AI applications into three risk levels and establishes clear obligations for providers and deployers of high-risk AI systems, including requirements for safety assessments and compliance with existing laws protecting fundamental rights throughout the lifecycle of these systems.

High-Risk AI Systems

This new regulation aims to ensure the safety and reliability of AI technology across industries, to increase transparency and to lay down a general framework for the future of trustworthy AI systems placed on the EU market. It introduces a risk-based approach, the respective obligations imposed on operators and the potential penalties for failure to meet the requirements.

The Act defines ‘AI system’ as “means a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.”

The definition originates from the definition provided by OECD and while it does not limit the scope to certain technologies or the application of the AI it aims to provide a comprehensive coverage expecting that in the future more yet to be invented algorithm and technologies will come forth.

High-Risk AI Systems (Art. 6): High-risk AI systems, such as those used in critical infrastructure, education, employment, and law enforcement and a large set of AI-enabled medical devices must meet stringent requirements for risk management, data governance, transparency, and human oversight. Based on the regulation regardless of whether the AI is a component of a product or a product on its own in case the conditions set out in the AI Act Art (6) are met the product will become a High-Risk AI System.

Manufacturers who create products which include AI components are responsible for ensuring that these products comply with relevant regulations when they are marketed in the EU. If a manufacturer integrates an AI system into a product that already mandates a conformity assessment, they are classified as a "provider" under the AI Act when the product is made available in the EU under their name or trademark.

Obligations Under the EU AI Act

1. Compliance with Regulations: Deployers of any AI system are responsible ensuring compliance with requirements set out in the AI Act, particularly if the system is classified as high-risk. This includes conducting risk assessments and ensuring transparency about how the AI operates.
2. Documentation and Labeling: They are required to maintain proper documentation (technical file) demonstrating compliance with the AI Act and to label their products appropriately, including providing contact information for accountability.
3. Liability: Under the revised EU Product Liability Directive, product manufacturers can be held liable for damages caused by defective products, including those with integrated AI systems. This means they are the first point of redress for consumers who experience harm due to product failures.

Conformity Assessment

Products that meet with the definition of High-Risk AI are to follow mainly 2 major categories:

1. Products which are already regulated under other sectorial regulations
2. Products which are not yet covered by other sector specific legislation

Sectoral legislation for conformity assessment procedures, applicable to products listed in AI Act Annex I, must be followed. Where gaps exist with the AI Act, manufacturers of medical devices are expected to adequately address them, and these will be assessed by designated Notified Bodies. (EU AI Act Art 43. §3)

For example, Medical Devices which are covered by the existing EU MDR/ IVDR are prominently face with the necessary compliance with the AI Act, where conformity assessment procedure will follow the sectorial processes while ensuring AIA specific considerations are also sufficiently included and covered where gaps are present.

Products which are not regulated under EU wide sector specific legislation are also object for AI Act, and these include their usage in certain biometric identification, critical infrastructure (e.g. the supply of water, gas, heating or electricity), education and vocational training, employment, law enforcement, etc. (in Annex III).

Impact on Innovation

The obligations imposed by the AI Act may affect how manufacturers approach product development, necessitating a balance between innovation and regulatory compliance. Early adaptation during the design and development of AI Systems is crucial to ensure on time market access.

Impacts on AI-enabled Medical Device

Medical device manufacturers exporting AI-enabled devices to the EU shall comply with the European AI Act to maintain market access and avoid penalties. The AI Act potentially applies to Software as a Medical Device (SaMD) and any AI-integrated / AI-enabled medical device classified as high-risk. Similar to the EU MDR/IVDR, the AI Act mandates conformity assessments, detailed technical documentation, and vigilance systems which are on top of existing EU MDR/IVDR requirements, while allowing the utilization of existing procedures and frameworks. Regular audits by notified bodies ensure that AI-specific aspects and regulatory requirements are met, following a structure aligned with the New Legislative Framework.

Impacts on Consumer Electronics or Smart Household appliances

Manufacturers of consumer electronics and smart household appliances will need to comply with specific requirements based on the risk level of the AI system used (e.g., high-risk AI systems). Compliance includes conforming to transparency, documentation, and risk management requirements. Authorities will have the power to oversee compliance and enforce regulations. This means regular market surveillance and potential penalties for non-compliance. Companies might need to invest in continuous monitoring and reporting systems to stay compliant. While ensuring compliance with the AI Act might increase development costs and timelines, it also promotes product innovation. Compliance with the AI Act could also enhance consumer trust, knowing they are built with safety, transparency, and ethical considerations in mind. This could potentially boost marketability and consumer acceptance of AI-powered consumer electronics and smart household appliances.

TÜV Rheinland is committed to fostering innovation while ensuring the development of safe and trustworthy AI. As the EU AI Act enters into force, businesses can rely on TÜV Rheinland's expertise and experience to navigate the regulatory changes, mitigate risks, and unlock the full potential of AI technologies while maintaining compliance with the new regulations.