33 lines
1.5 KiB
Org Mode
33 lines
1.5 KiB
Org Mode
:PROPERTIES:
|
|
:ID: auto-eu-ai-act
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title: EU AI Act
|
|
#+filetags: :passepartout:compliance:framework:eu:
|
|
|
|
** EU AI Act
|
|
|
|
First comprehensive AI regulation globally (effective August 2026). Risk-based
|
|
tiers: unacceptable (banned), high-risk (conformity assessment), limited
|
|
(transparency), minimal (code of conduct). High-risk systems require: risk
|
|
management, data governance, technical documentation, transparency, human
|
|
oversight, accuracy/robustness/cybersecurity. Third-party conformity assessment
|
|
for some high-risk systems (notified bodies).
|
|
|
|
Who must comply: Providers and deployers of AI systems in the EU. Extraterritorial
|
|
if the AI system output is used in the EU. Scope covers GPAI (general-purpose AI)
|
|
with additional obligations for systemic-risk GPAI.
|
|
|
|
Penalties: Up to 35M EUR or 7% of global turnover (higher than GDPR).
|
|
|
|
Why it matters: The EU AI Act's conformity assessment requirement creates an
|
|
instant certification market. Passepartout's gate stack can serve as the
|
|
human oversight and accuracy/robustness infrastructure for any AI system
|
|
deployed through it. The [[file:verification-monopoly.org][verification monopoly]] argument applies at maximum
|
|
force: an ACL2-verified gate stack is the most defensible approach to AI Act
|
|
compliance. First-mover advantage: the regulation takes effect August 2026.
|
|
No certification body or tool vendor has an ACL2-based compliance pipeline.
|
|
First to market captures the standard-setting role.
|
|
|
|
** DORA (Digital Operational Resilience Act)
|