1
Q
What is an article in the EU AI Act?
A
- Sets rules, rights, obligations
- Has direct legal effect
2
Q
What is an annex in the EU AI Act?
A
- Adds technical detail
- Has legal value
3
Q
What is the purpose of recitals in EU legislation?
A
- Explain context and goals
- Help interpret articles’ intent
4
Q
What are 3 objectives of the EU AI Act?
A
- Ensure AI is safe, trustworthy, transparent
- Respect rights
- Enable innovation
5
Q
What are the exceptions to the EU AI Act’s scope?
A
- Military
- National security
- Open source (non-high risk)
- Public authorities abroad
- R&D
6
Q
What are the primary features of an AI system under the EU AI Act?
A
- Machine-based system with autonomy and adaptability
- Infers objectives
- Generates outputs
- Influences environments
7
Q
How is an AI system different from an AI model?
A
- An AI model is a component
- The system includes additional functionality and environment interaction
8
Q
What is a General Purpose AI (GPAI) model?
A
- Trained on large data
- Self-supervised
- General capabilities
- Used in many applications
AKA “foundation model”
9
Q
Who is considered a ‘provider’ under the EU AI Act?
A
- Develops or commissions development of an AI system or GPAI
- Markets or deploys system on their name, trademark
Most heavily regulated AI operator
10
Q
Who is a ‘deployer’ in the EU AI Act?
A
Individual or organization that uses an AI system under its authority.
11
Q
Who qualifies as an ‘importer’ under the EU AI Act?
A
- Located in EU
- Places AI system on EU market
- System bears third-country entity’s name or trademark
12
Q
What is a ‘distributor’ under the EU AI Act?
A
Makes AI system available in EU after importation and market placement.
13
Q
How can a product manufacturer become classified as a separate AI operator (e.g., provider, deployer)?
A
Puts AI system on market or uses it operationally with their product.
Depending on the use case, a product manufacturer may become provider or deployer.
14
Q
Who is an ‘authorized representative’ under the EU AI Act?
A
- A person or company in the EU appointed in writing by a provider
- Act on provider’s behalf
- Carries out provider’s compliance duties
15
Q
Can one AI system have multiple providers?
A
Yes
A single AI system may be linked to multiple providers.
16
Q
What is the risk-based approach in the EU AI Act?
A
Identify, assess, and mitigate risk based on impact and organizational risk appetite.
17
Q
How does the EU AI Act define ‘risk’?
A
Severity of harm combined with probability of occurrence (Article 3(2)).
18
Q
What is a Market Surveillance Authority?
A
National body responsible for monitoring and enforcing product compliance and safety.
19
Q
What are the 4 risk levels in the EU AI Act?
A
- Unacceptable (banned)
- High (mandatory requirements)
- Limited (transparency requirements)
- Minimal (voluntary requirements)
20
Q
What are prohibited or unacceptable risk AI systems under the EU AI Act?
A
- Systems considered too dangerous
- Not explicitly defined but examples are provided
21
Q
What mnemonic helps remember unacceptable risk examples?
A
Six Mummies Eagerly Pat Elephant’s Under Belly.
Social credit scoring, behavior manipulation, emotion recognition in work/education, exploitative targeting, predictive policing, untargeted facial image scraping, biometric categorization/ID.
22
Q
What is the exception to the biometric identification AI system ban in public spaces?
A
Law enforcement in real-time with pre-authorization for specific, serious purposes.
Example purposes: victim searches, threat prevention, and prosecution of serious crimes like terrorism, child exploitation, murder, drug trafficking.
23
Q
Where in the EU AI Act can you find the definition and examples for ‘high-risk’ systems?
A
Meets Article 6(1) criteria or is listed in Annex III.
24
Q
What are the EU AI Act’s Article 6(1) criteria?
A
- AI is a safety component in or is itself a product under EU law, and
- Requires third-party conformity assessment
25
What sectors are covered in **Annex III**?
* Biometric ID
* Critical infrastructure
* Migration
* Education
* Employment
* Essential public services
* Administration of justice
* Law enforcement
26
What **mnemonic** helps remember **Annex III** high-risk areas?
BC MEEEAL
## Footnote
Biometrics, Critical infrastructure, Migration, Education, Employment, Essential services, Administration of justice, Law enforcement
27
What types of AI systems fall under the "**limited / transparency** requirements" and are covered under Article 50?
* Systems with **direct human interaction**
* **Content** generation
* **Biometric** recognition
## Footnote
Examples: Chatbots, digital assistants, ChatGPT, Dall·E, deepfakes, emotion and facial recognition.
28
What are the transparency requirements for Article 50 AI systems?
* **Inform users** they’re interacting with AI
* **Mark outputs** in machine-readable format
* Process data **lawfully**
29
Which law must be followed for **personal data processing** under Article 50?
General Data Protection Regulation
| (GDPR)
30
What does Article 16 require from high-risk AI providers?
Affix CE marking, perform conformity assessment, register system in EU database, declare conformity, comply with accessibility rules.
31
What are the **major requirements** for **high-risk systems**, pursuant to Articles 9-15?
* Risk management
* Data governance
* Technical documentation
* Record keeping
* Transparency
* Human oversight
* Accuracy, robustness, and cybersecurity
32
What **mnemonic** helps remember the **major requirements** for **high-risk systems**?
(Bob) Ross draws tripping robots triggering happy accident.
## Footnote
Risk management, data governance, technical documentation, record keeping, transparency, human oversight, accuracy, robustness, and cybersecurity
33
What are the **Articles 17-22 requirements** for **providers**?
* Quality-management systems
* Document keeping
* Logs
* Corrective actions
* Cooperation with authorities
* Authorized representatives
34
What **mnemonic** helps remember Articles 17-22?
Queen dislikes luxurious cactus cake, really.
## Footnote
Quality-management systems, document keeping, logs, corrective actions, cooperation with authorities, authorized representatives
35
What is **AI literacy**, pursuant to the EU AI Act?
Skills, knowledge, and understanding to make **informed decisions**, **interpret outputs**, and **understand AI risks and opportunities**.
36
What are **basic concepts** covered in **AI literacy**?
* Machine learning
* Deep learning
* Neural networks
* Historical context
* Applications
37
What **technical foundations** are included in **AI literacy**?
* Algorithms
* Data
* Model training
38
What **practical skills** are part of **AI literacy**?
* Using AI for research and creativity
* Prompt engineering
* Evaluating outputs
39
What **critical evaluation topics** are part of **AI literacy**?
* Technology presence
* Reliability
* Identification of bias, risks, and benefits
40
What **ethical considerations** are part of **AI literacy**?
* Bias
* Fairness
* Privacy
* Transparency
* Explainability
* Societal impacts
41
What **data governance practices** are required under Article 10?
* Data provenance
* Data's original purpose
* Preparation processes
* Mitigation of data quality issues
42
When is **processing of special categories of data** allowed under the GDPR?
* Explicit consent
* Employment, social security, social law
* Vital interest
* Not-for-profit
* Publicly available
* Legal obligation
* Substantial public interest
* Health, social care
* Public health
* Archiving, research, statistics
43
Under what conditions does the EU AI Act permit **processing of special categories of data**?
For bias detection and mitigation in datasets.
44
What does '**product presenting a risk**' mean?
**Potential to harm**:
* Individuals
* Environment
* Public safety, or
* Other public interests
45
What does '**substantial modification**' mean under Article 3(23)?
**Post-market change** not foreseen in original assessment.
46
What are some **human oversight activities** under Article 14?
* Understand system's limitations
* Monitor
* Detect anomalies
* Manage bias
* Interpret outputs
* Intervene as appropriate
47
How must systems **ensure robustness** and **security**?
* Resist **unseen data**
* Avoid **bias** loops
* **Withstand attacks** and adversarial inputs
48
What is the purpose of the **quality-management system** (QMS) in Article 17?
**Ensure compliance** with the EU AI Act through documented policies, procedures, and life cycle oversight.
49
What are the responsibilities of an **authorized representative**?
* Appointed by non-EU providers
* Verify compliance
* Manage documentation
* Cooperate with authorities
50
What is **GPAI** with **systemic risk**?
A **subset** of GPAI with **high-impact capabilities** identified by technical tools, benchmarks, officials, and panels.
51
How is **systemic risk** currently **defined** for GPAI?
**Training computation** exceeds **10^25 FLOPs**.
52
How does the definition of GPAI with systemic risk **differ** from AI systems?
Determined by **computing power**, not use case.
53
What other **systemic risk indicators** are listed in Annex XIII?
* Number of parameters
* Dataset quality/size
* Input-output modalities
* Number of users
54
What **documentation** must **GPAI providers** produce regardless of risk?
* Technical documentation
* Transparency details
* EU copyright compliance
* Training data summary
55
What must **non-EU GPAI providers** do under the EU AI Act?
**Appoint an EU representative** with a written mandate.
56
What is required in **GPAI technical documentation**?
* Model use
* Architecture
* Parameters
* Data sources
* Training methods
* FLOPs
* Energy use
57
When are **GPAI providers exempt** from documentation and transparency?
If models are:
* Open source
* Adaptable without restriction
* Architecture and usage are publicly disclosed
58
What are **codes of practice** for GPAI?
**Voluntary interim compliance measures** until harmonized standards are developed.
59
What are the **2 levels of enforcement** in the AI Act?
1. National level (MSAs and sector-specific authorities)
2. EU-wide (EDPS and AI Office)
60
What are the **responsibilities** of the **EU AI Office**?
* Monitor GPAI
* Facilitate codes of practice
* Coordinate investigations
* Support national authorities
61
What **individual rights** are granted under the EU AI Act?
* Right to **file complaints** with MSAs
* **Request explanation** of AI output decision-making
62
What are the **fines for prohibited AI systems** under the EU AI Act?
**Up to 35 million Euros** or **7% of global annual turnover**, whichever is higher.
63
What are the **fines for non-prohibited violations** related to AI systems?
**Up to 15 million Euros** or **3%** of global annual turnover.
64
What is the **fine** for providing **misleading information**?
**Up to 7.5 million Euros** or **1%** of global annual turnover.
65
What are the **fines** for **GPAI model violations**?
**Up to 15 million Euros** or **3%** of global annual turnover.
66
What **due diligence** must **authorized representatives** perform?
* Verify EU declaration of conformity
* Technical documentation
* Name, address, and contact details
67
What is a **notified body** under the EU AI Act?
**Independent organization** designated by a member state to **assess product conformity pre-market**.
68
What is a **Fundamental Rights Impact Assessment**?
| (FRIA)
**Assessment** deployers must perform **for high-risk AI use** in public or sensitive services.
69
What must a **FRIA include**?
* Use description
* Purpose
* Frequency
* Affected groups
* Risks and mitigations
* Oversight
* Governance
70
When can a deployer, importer, distributor, or third party **become a provider** under the EU AI Act?
When they **rebrand**, **substantially modify**, or **convert** a non-high-risk system to high-risk post-market.
71
What happens when an entity **modifies** an AI system and **becomes the provider**?
The **original provider is no longer responsible** but must cooperate.
## Footnote
e.g., technical access
72
When is a **product manufacturer** considered a provider?
If the high-risk AI is a safety component **deployed under the manufacturer’s name** or **trademark**.
AIGP
flashcards
Decks in class (8)
# Cards
