EU’s Landmark AI Law Moves Closer to Adoption

The deployment of new artificial intelligence tools such as ChatGPT has intensified regulatory awareness across the European Union, potentially reshaping its forthcoming Artificial Intelligence Act.

The world’s first comprehensive AI regulation is now closer to passage. Two committees of the European Parliament have approved a draft text that includes a “strict control” option aimed at safeguarding privacy, curbing disinformation, and clarifying when AI technologies may be used in ways that directly affect citizens.

First proposed by the European Commission in 2021, the legislation classifies AI systems based on their potential to cause harm or infringe fundamental rights. Parliamentary committees have strengthened the draft by introducing tighter restrictions on biometric identification, facial recognition, and certain routine policing activities.

Risk-Based Classification of AI

Under the proposed EU framework, AI applications are divided into three risk categories:

Unacceptable risk: Systems posing clear threats—such as government-run social scoring tools of the type used in China—would be banned outright.
High risk: Applications such as identity-scanning tools that rank job applicants would be subject to strict legal requirements.
Limited or minimal risk: Systems not explicitly banned or designated as high risk would face lighter regulatory oversight.

The joint vote in the Internal Market and Civil Liberties committees passed with 84 votes in favor, seven against, and 12 abstentions. Dragos Tudorache described the proposal as “likely the most important legislation” of the current Parliament, adding that it positions the EU as a global leader in building human-centric, trustworthy, and safe AI. He noted that any remaining doubts about the need for regulation were swiftly dispelled with the emergence of ChatGPT.

Recent warnings from prominent AI researchers, including Geoffrey Hinton—often referred to as the “godfather of AI”—and Yoshua Bengio, have further amplified concerns over unchecked AI development.

Sarah Chander, senior policy adviser at European Digital Rights (EDRi), stated that Europe is the first regional bloc to make a substantial attempt to regulate AI comprehensively—an enormous challenge given the broad range of systems covered under the umbrella term “AI.”

Transatlantic Tensions and Global Divergence

The proposed legislation has faced strong opposition from major AI technology firms, predominantly based in the United States, potentially deepening transatlantic tensions over emerging technologies.

Despite mounting public debate following the rapid advancement of models such as ChatGPT, the Biden administration has so far refrained from introducing sweeping new AI legislation, instead emphasizing voluntary industry cooperation and strict enforcement of existing laws concerning fraud and privacy violations.

Approaches elsewhere vary considerably. The United Kingdom has adopted a relatively flexible stance. Italy’s data protection authority temporarily banned ChatGPT in early April before restoring access later that month.

Meanwhile, the White House has convened executives from major technology firms—including Microsoft, Google, and OpenAI, the developer of ChatGPT—to discuss potential risks. China has also issued draft rules requiring security assessments for products using generative AI systems.

A Fierce Lobbying Battle in Brussels

The EU’s AI Act has sparked one of the most intense lobbying battles in Brussels’ history. Organizations on both sides have either strongly praised or sharply criticized the draft.

The Washington-based Center for Data Innovation estimates that compliance could cost European businesses €10.9 billion annually, potentially weakening the industry and slowing innovation. In contrast, the Brussels-based Centre for European Policy Studies places annual costs between €176 million and €725 million. The European Commission argues that the long-term societal costs of unregulated AI could far exceed short-term compliance expenditures.

A plenary vote is scheduled for June 12–15, after which negotiations will begin between Parliament, the Council of the EU, and the Commission. DigitalEurope, the largest industry lobby group in Brussels, acknowledged that the draft strikes a reasonable balance but emphasized the need for continued work on technical details and alignment with international partners, including the United States through the Trade and Technology Council.

Expanded Bans and Safeguards

Work on the legislation began in 2018. The current draft classifies AI systems according to risk of harm, irrespective of sector. High-risk uses—such as determining eligibility for government benefits or assigning “social scores”—are strictly prohibited. AI systems that manipulate vulnerable individuals, including children or persons with disabilities, are also banned.

Parliament has expanded the Commission’s list of prohibited or restricted activities to include biometric identification in public spaces, requiring police to obtain judicial authorization before using such technologies. The use of AI to categorize individuals based on gender, race, ethnicity, citizenship, religion, or political orientation would also be prohibited. Predictive policing and AI-based “emotion recognition” systems intended to anticipate criminal behavior are likewise banned.

The Act further requires developers of so-called “foundation models”—the core architectures underpinning advanced AI systems—to register in an EU database and guarantee strong safeguards for fundamental rights. Generative models such as ChatGPT would be required to disclose when content is AI-generated, prevent the production of illegal material, and publish summaries of the data used to train their systems. Violations could result in fines of up to €10 million.

In this context, Sam Altman, CEO of OpenAI, is expected to visit Brussels and other European cities as part of a global tour to engage with users and developers on the future of AI.

Experts caution that Brussels cannot afford to cede AI governance to foreign corporations such as Google. An open letter coordinated by the German research group Laion warned that overly broad “one-size-fits-all” rules risk undermining open research and development, potentially consolidating power in the hands of large U.S. technology firms and driving investment outside Europe.

The letter emphasized that Europe “cannot afford to lose its AI sovereignty,” arguing that eliminating open-source research would leave Europe’s scientific community and economy heavily dependent on a handful of foreign proprietary companies.

To address such concerns, the draft includes exemptions for research and open-source AI models, and promotes the creation of “regulatory sandboxes,” allowing companies to test potentially high-risk products under controlled conditions. Oversight of the Act would fall to a newly established EU AI Office, operating in a manner similar to how data protection authorities have enforced the General Data Protection Regulation (GDPR).

Sources: