View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. AI and automation
January 22, 2024updated 23 Jan 2024 9:37am

Text of EU AI Act leaked amid debate over the timeline for final approval

News of the EU AI Act being leaked comes amid concerns that lawmakers and businesses will not have sufficient time to scrutinise the legislation and iron out differences.

By Greg Noone

The EU AI Act has been leaked almost a day after a version of the text was shared with member states yesterday. According to a LinkedIn post by Euractiv’s technology editor Luca Bertuzzi, who published the 892-page document in its entirety, the legislation is set to be discussed by the EU Council Telecom Working Party later this week and adopted by EU ambassadors on 2 February. This timeline will leave little room for additional scrutiny says Kirsten Rulf, an associate director at Boston Consulting Group and a former AI Act negotiator for the German Federal Chancellery. 

“From my prior experience of negotiating other EU acts, this is an incredibly tight schedule – especially if you have the principle of Ressortprinzip in member nations such as Germany,” Rulf told Tech Monitor. “The debate in the European Parliament will also have to be imminent as the elections are nearing. But businesses need to start planning – if the current pace is maintained, it is highly plausible that the EU AI Act will be ready by the end of this legislative period.”

The interior of the EU Council plenary room, used to illustrate an article about a leaked version of the EU AI Act.
A version of the EU AI Act has been leaked ahead of being scrutinised by the EU Council’s Telecom Working Party. (Photo by Alexandros Michailidis / Shutterstock)

Wrangling over EU AI Act continues

Substantive negotiations over the shape of the EU AI Act concluded in December 2023. In a marathon overnight session, during which tensions temporarily frayed after food and drink for delegates temporarily ran out, member states agreed to new safeguards for foundation models and the use of facial recognition software. However, arguments over the precise wording of the legislation have persisted, with German MEPs arguing that last-minute revisions had led to the introduction of new loopholes for using facial recognition on recorded footage without the consent of a judge. There have also been calls by members of the French National Assembly for regular revisions of the EU AI Act “to take into account the extremely rapid technological developments in this field.”

The EU AI Act will now be scrutinised by the EU Council’s Telecom Working Party, before being voted on by the ‘Committee of the Permanent Representatives of the Governments of the Member States to the European Union’ (COREPER.) At the latter meeting, EU ambassadors will be asked to vote either yes or no to approve the act before its final form is debated by the EU Parliament.

When Tech Monitor reached out to the EU Council for comment, an official confirmed that the text of the EU AI Act leaked earlier today was an unofficial version compiled as a result of technical discussions undertaken by experts from the Council and the European Parliament. They added that allowing member states to consult the text for two weeks before the COREPER vote was an “exceptionally long” time to do so in comparison to previous pieces of legislation and was the plan agreed to by all parties in December. After that, the official added, the draft legislative act will then be subjected to another legal and linguistic review before being adopted by both the EU Council and Parliament by April 2024 “at the latest.”

Businesses urged to prepare now for EU AI Act

The current timeline for adopting the AI Act is necessary if the EU wishes to demonstrate leadership in regulating the technology and do so before the upcoming EU Parliament elections in June, says Professor Philipp Hacker of the European New School for Digital Studies. While there is certainly room for improvement in the legislation, Hacker adds, not least in the regulation of foundation models, it seems unlikely now that further objections to its wording by EU member states will derail the law’s adoption and implementation. “The possibility of France and Germany forming a blocking minority seems unlikely, though it remains a scenario to consider,” he says. “Germany, in particular, would have to spend a lot of political capital and would rightly be perceived as a destructive force in one of the key legislative areas of our time, with massive implications for the economy and safety of the EU and beyond.”

In the meantime, Rulf recommends that businesses should begin preparing now for the AI Act’s implementation. “Organisations are expected to have only six to 12 months to prepare for most rules and restrictions, with providers of high-risk systems being encouraged to comply much before,” she says. “The general-purpose AI providers of foundation models and generative AI applications, meanwhile, need to be ready to comply within the year. These are ambitious timelines, especially as most European companies are still codifying what responsible AI means for them, which is currently in some form of a code of conduct or machine learning risk and governance paper in most of them.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Read more: As the EU and Japan align on AI safety rules, has the UK missed out?

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.