Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation
Guidelines on certification and identifying certification criteria
AI Act Definitions and Terminology
While 'AI Act Scope and Definitions' exists, a more granular topic specifically focused on the definitional content and terminology would better capture the nuanced nature of how the AI Act defines key concepts like 'AI system,' 'high-risk,' 'provider,' 'deployer,' and other foundational terms that are essential for understanding and implementing the regulation.
AI Act definitions AI system definition key terms terminology definitional framework regulatory definitions defined terms glossary
Overview
Legal Framework
The foundational definitions for the EU AI Act are established in Article 3. This article provides the precise legal meaning for over two dozen critical terms, including 'AI system', 'provider', 'deployer', and 'general-purpose AI model'. The definition of an 'AI system' is particularly crucial, as it determines the entire regulation's scope. It is a broad, technology-neutral definition centered on machine-based systems that, for explicit or implicit objectives, generate outputs such as predictions, content, recommendations, or decisions that influence real or virtual environments. Key actor definitions, such as 'provider' (the entity developing an AI system) and 'deployer' (the entity using it under its authority), establish the chain of obligations.
Practical Application
The practical interpretation hinges on the Annex I to the Act, which provides a definitive list of techniques and approaches that qualify a system as AI under the Article 3 definition. This list includes machine learning, logic- and knowledge-based approaches, and statistical methods. For determining 'high-risk' status, organizations must cross-reference the system's intended purpose with the exhaustive list of use-cases in Annex III. The European Commission's guidance, including future implementing acts and the work of the AI Office for general-purpose AI models, will be authoritative in interpreting these terms. The broad 'deployer' definition means both private companies and public authorities using AI are subject to obligations.
Key Considerations
- Conduct an internal assessment against Annex I to confirm if your software/system falls under the 'AI system' definition, as this triggers all subsequent compliance steps.
- Map your AI system's intended purpose against the specific use-cases in Annex III to definitively determine if it is classified as 'high-risk', as this status imposes the most stringent requirements.
- Clearly identify your role in the AI value chain (e.g., provider, deployer, importer, distributor) as defined in Article 3, as obligations are role-specific. A single entity can occupy multiple roles.
Guidance (10)
Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679
Guidelines on codes of conduct and monitoring bodies
Guidelines 03/2022 on Deceptive design patterns in social media platform interfaces: how to recognise and avoid them
Guidelines on deceptive design patterns in social media platform interfaces: how to recognise and avoid them
These Guidelines offer practical recommendations to social media providers as controllers of social media, designers and users of social media platforms on how to assess and avoid so-called 'deceptive design patterns' in social media interfaces that infringe on GDPR requirements. To this end, the EDPB recommends that controllers make use of interdisciplinary teams, consisting, among others, of designers, data protection officers and decision-makers. It is important to note ...
ARTICLE 29 DATA PROTECTION WORKING PARTY
Guidelines on transparency
Richtsnoeren 1/2019 voor gedragscodes en toezichthoudende organen in de zin van Verordening 2016/679
guidelines gedragscodes en toezichthoudende organen
Richtsnoeren 3/2022 betreffende het herkennen en vermijden van misleidende ontwerppatronen in de interfaces van socialemediaplatforms
guidelines misleidende ontwerppatronen
Deze richtsnoeren bieden praktische aanbevelingen aan aanbieders van sociale media als verwerkingsverantwoordelijken van sociale media, ontwerpers en gebruikers van socialemediaplatforms, over het beoordelen en vermijden van zogenaamde 'misleidende ontwerp patronen' in de interfaces van sociale media die inbreuk maken op de vereisten van de AVG. Daartoe beveelt de EDPB aan dat verwerkingsverantwoordelijken gebruikmaken van interdisciplinaire teams, bestaande uit onder meer ontwerpers, func...
GROEP GEGEVENSBESCHERMING ARTIKEL 29
guidelines transparantie
Versiegeschiedenis
Richtsnoeren van 1/2018 voor certificering en het vaststellen van certificeringscriteria overeenkomstig de artikelen 42 en 43 van de verordening
guidelines certificering
Guidelines 02/2024 on Article 48 GDPR
Article 48 GDPR provides that: ' Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State, without prejudice to other grounds for transfer...