EU AI Act Applicability Assessment & Compliance Checker

The AIA defines ‘AI System’ as a machine-based system that operates autonomously exhibiting post-deployment adaptiveness, and generates outputs like predictions, content, recommendations, or decisions from input to influence physical or virtual environments. If you deal with AI systems as defined under AIA, the AIA may apply to you.

The AIA directly impacts businesses established within the EU. 

If you are established and operate in the EU, you will be subject to the AIA’s requirements.

The AIA applies extraterritorially, impacting entities outside the EU. 

If you are established outside the EU but target the EU market, you will be subject to the AIA’s requirements.

If you develop AI systems and place them on the market or put them into service under your name or trademark, you are a ‘Provider’ under the AIA and must comply with the applicable requirements.

If you use AI systems under your authority for commercial activities, you are a ‘Deployer’ under the AIA and must comply with the applicable requirements.

If you place AI systems on the market that bear the name or trademark of persons established outside of the EU, you are an ‘Importer’ under AIA and must comply with the applicable requirements.

If you make the AI systems available on the EU market, you are a ‘Distributor’ under the AIA and must comply with the applicable requirements.

If you place on the market or put into service AI systems together with your product under your name or trademark, you are a ‘Product Manufacturer’ under the AIA and must comply with the applicable requirements.

If you have signed a written agreement with a ‘Provider’, established outside of the EU, to act on its behalf in the EU, you are an ‘Authorized Representative’ under the AIA and must comply with the applicable requirements.

The AI system may fall under the following categories: 

• High-Risk AI System: The AI system poses a high risk if it is: (a) a safety component of a product or itself is a product listed in Annex II of the AIA and is required to undergo a conformity assessment; or (b) used for purposes listed in Annex III of the AIA, e.g., biometrics, critical infrastructure, educational and vocational training, employment, workers management, administration of justice, etc.
•  GPAI System: The GPAI system is an AI system that is based on a GPAI model and can serve a variety of purposes e.g., AlphaStar, Codex, DALL•E 2, GPT-3, MuZero, PaLM, Wu Dao 2.0, etc.
• GPAI System with Systemic Risk: GPAI system with systemic risk is a GPAI system that has high-impact capabilities or the cumulative amount of compute used for its training measured in floating point operations (FLOPs) is greater than 10^25.

As per Article 28 of the AIA, any distributor, importer, deployer, or other third party is to be treated as a ‘Provider’ of a high-risk AI system if they fulfill the following conditions:

• You place your name or trademark on a high-risk AI system already on the market or in service.
• You make substantial modifications to a high-risk AI system already on the market or in service, ensuring it remains high-risk.
• You alter the intended purpose of an AI system already on the market or in service, resulting in it becoming a high-risk AI system.

If you fulfill the above conditions, you are a ‘Provider of a high-risk AI system’ under the AIA and must comply with the applicable requirements.

The AIA excludes the following AI systems from its scope:

1. AI systems whose output is used in the EU exclusively for military, defense, or national security purposes.
2. AI systems used in the framework of international cooperation or agreements for law enforcement and judicial cooperation with the EU or with one or more EU member states.
3. AI systems or AI models, including their output, specifically developed and put into service for the sole purpose of scientific research and development.
4. AI systems used in the course of purely personal non-professional activity