The proposed Artificial Intelligence (AI) Act is a ground-breaking legislation that ensures responsible and transparent development and use of AI across the EU. The recent bote of the EU parliament, paves the way for the negotiations amongst the European Council, the European Parliament and the European Commission to finalise the world’s first comprehensive law on Artificial Intelligence.

The Malta Digital Innovation Authority has played a crucial role in shaping Malta’s positions on AI regulation, with over 120 interventions. The aim of the dossier is to protect individuals from potential AI harms and encourages businesses to prioritise safety and trustworthiness in AI technologies. It opens new opportunities for safe innovation and positive impact in various sectors.

A “risk-based approach”

The AI Act introduces restrictions and controls based on the level of risk of AI systems. AI systems not compatible with European values, such as types of social scoring, are deemed as unacceptable.

Technologies defined as “high risk,” such as or AI systems intended to be used for recruitment or selection or access to basic services are allowed but would require conformity assessments. The involvement of accredited third parties to carry out such tasks, facilitates reassurance that controls are independently assessed.

The responsibilities of AI providers operating in high-risk include managing risks, governing data, and providing technical documentation. An impact assessment requirement has been introduced to ensure the performance of fundamental rights impact assessments and to monitor the environmental consequences. Proportionality remains at the core of the risk-based approach.

Regulating deep fakes

With limited exceptions, users of an AI system that generates or manipulates image, audio or video content that appreciably resembles existing persons, objects, places or other entities or events and would falsely appear to a person to be authentic or truthful, shall disclose that the content has been artificially generated or manipulated.

Human oversight

High-risk AI systems should be designed and developed in such a way that natural persons can oversee their functioning. The AI Act will introduce requirements so that appropriate human oversight measures are identified by the provider of the system before its placing on the market or putting into service. These include in-built operational constraints that cannot be overridden by the system itself and responsiveness to the human operator.

Effective and supportive regulators

Regulation requires strong and effective implementation mechanisms that are fit for purpose. Possible mechanisms include a central AI Office and Supervisory Authorities (SA) in Member States. The MDIA is well prepared to take SA responsibilities as Malta is well positioned to regulate innovative technologies thanks to the foresight of creating a dedicated regulator five years ago.

The Act considers both the carrot and the stick. Penalties can reach up to €40 million or an amount equal to up to 7% of a company’s worldwide annual turnover, whichever is higher. These are less than penalties associated with competition law but more than data protection laws which fines are limited to €10 million, or up to 4% of a firm’s global turnover.  Market surveillance authorities will also be tasked with supporting safe innovation through the introduction of regulatory sandboxes. When the Act was still in its infancy, the MDIA had already introduced a technology sandbox on AI back in 2021. Indeed, the Authority already has five applicants on projects and the MDIA is now preparing to extend its sandbox from a technology assurance to a regulatory one.

Concluding remark

We are confident that tripartite meetings, particularly on pending issues such as classification of biometric and implementation mechanisms, will enable an agreement on an acceptable text.

The Act will lead to high level of protection of health, safety and fundamental rights, ensures free movement of AI-based goods and services cross-border and enable safe innovation for the benefit of users. The MDIA remains committed to lead as the national focal point which directs and facilitates the secure and optimal uptake of digital innovation.

Gavril Flores, Chief Officer (Strategy, Policy and Governance) and Dr Annalise

Seguna, Senior Officer (Legal & Research), MDIA.