European Regulators Increase Scrutiny of AI Tools
European authorities are taking steps to regulate AI, with the European Parliament blocking AI tools on lawmakers' devices over security risks. Concurrently, Ireland's Data Protection Commission opened an investigation into X's Grok AI, and the UK government is moving to regulate AI chatbots under its Online Safety Act.
- The EU's comprehensive AI Act, which entered into force on August 1, 2024, establishes a risk-based framework, classifying AI systems into unacceptable, high, limited, and minimal risk categories. Prohibited "unacceptable risk" applications include social scoring and cognitive behavioral manipulation, with bans taking effect as of February 2, 2025. - To enforce these rules, the European Commission established the European AI Office on February 21, 2024. This office has the authority to conduct evaluations of general-purpose AI models, request information from providers, and apply sanctions for non-compliance. - The Irish Data Protection Commission's (DPC) investigation into X's Grok AI focuses on the tool's alleged generation of non-consensual sexualized images, including of children. The inquiry is examining whether X complied with GDPR obligations regarding lawful data processing and data protection by design. - The DPC's probe is a "large-scale inquiry" that could result in fines of up to 4% of X's global annual revenue if serious GDPR violations are found. This action runs parallel to a separate investigation by the European Commission under the Digital Services Act. - In the UK, regulator Ofcom has clarified that AI-generated content falls under the Online Safety Act, treating it the same as user-generated content. This means services must conduct risk assessments and implement measures to mitigate harms, particularly for illegal content and material harmful to children. - The UK government intends to amend the Online Safety Act to explicitly cover one-to-one interactions with AI chatbots, requiring providers to implement stronger safety measures like filtering and abuse detection. - High-risk AI systems under the EU AI Act, such as those used in critical infrastructure, medical devices, and law enforcement, face stringent requirements. These include mandatory conformity assessments, technical documentation, and registration in an EU database before they can be marketed. - The European AI Office works with the European Artificial Intelligence Board, composed of representatives from each member state, to ensure consistent application of the AI Act across the EU. It also supports the creation of "regulatory sandboxes" where companies can test AI systems in a controlled environment.
