EU AI Act - Roles, Key Articles and Mapping with ISO 42001

The EU AI Act establishes several key roles and responsibilities to ensure the effective implementation of its provisions and to promote the safe and ethical use of artificial intelligence throughout the European Union. Here are the primary roles defined under the EU AI Act:

1. Providers

• Definition: Providers are individuals or organisations that develop or place AI systems on the market or put them into service within the EU. This includes both developers and manufacturers of AI systems.
• Responsibilities:
  • Ensure compliance with the requirements of the EU AI Act, particularly for high-risk AI systems.
  • Maintain proper documentation and provide necessary information about the AI system to users and authorities.
  • Conduct risk assessments and implement risk management measures.

2. Users

• Definition: Users are individuals or organisations that use AI systems in their operations, regardless of whether they develop the AI system themselves or acquire it from a provider.
• Responsibilities:
  • Ensure that the use of the AI system complies with the EU AI Act and any applicable national regulations.
  • Provide feedback on the AI system's performance and any potential risks encountered during its use.
  • Implement necessary oversight to ensure that the AI system operates within specified parameters.

3. Notified Bodies

• Definition: Notified bodies are independent organisations designated by EU member states to assess the conformity of high-risk AI systems with the requirements of the EU AI Act.
• Responsibilities:
  • Carry out conformity assessments of high-risk AI systems.
  • Issue certificates of conformity for systems that meet the required standards.
  • Provide guidance to providers on compliance and best practices.

4. National Authorities

• Definition: Each EU member state will designate national authorities responsible for the supervision and enforcement of the EU AI Act.
• Responsibilities:
  • Monitor compliance with the AI Act within their jurisdiction.
  • Handle incident reporting and investigations related to AI systems.
  • Facilitate cooperation among member states to ensure a unified approach to AI regulation.

5. European Artificial Intelligence Board (EAIB)

• Definition: The EAIB is a new body proposed under the EU AI Act to facilitate cooperation and coordination among member states and ensure consistent implementation of the Act.
• Responsibilities:
  • Provide guidance on the interpretation and enforcement of the AI Act.
  • Develop and update technical standards and guidelines related to AI systems.
  • Foster collaboration among regulators, stakeholders, and industry representatives.

6. Compliance and Enforcement Authorities

• Definition: These are specific authorities that may be established at the national level to manage compliance, monitoring, and enforcement of the EU AI Act.
• Responsibilities:
  • Investigate potential non-compliance issues and impose penalties where necessary.
  • Support national authorities in enforcing the provisions of the Act.
  • Manage incident reporting and contribute to the ongoing monitoring of AI systems.

Summary

The roles defined under the EU AI Act are crucial for ensuring that AI systems are developed, deployed, and used in a manner that is safe, ethical, and compliant with regulatory standards. These roles facilitate accountability and enable effective oversight throughout the lifecycle of AI technologies, from development through to post-market monitoring. Understanding these roles is essential for organisations engaging with AI to ensure they adhere to the requirements set forth by the Act.




The EU AI Act is structured into several articles that outline the provisions, requirements, and obligations related to artificial intelligence within the European Union. Below is an overview of the key articles, summarising their main focus and contents:

Key Articles of the EU AI Act

1. Article 1: Subject matter and scope

   • Defines the purpose of the regulation and the AI systems it applies to, clarifying that it covers both public and private sector uses of artificial intelligence.

2. Article 2: Definitions

   • Provides definitions for key terms used throughout the Act, such as "artificial intelligence," "high-risk AI systems," and "provider."

3. Article 3: Relationship with other Union legal acts

   • Clarifies how the EU AI Act interacts with other EU legislation and regulations, ensuring consistency across legal frameworks.

4. Article 4: Fundamental rights and safety

   • Emphasises the need to respect fundamental rights and ensure safety when developing and deploying AI systems.

5. Article 5: AI systems classification

   • Introduces a risk-based classification system for AI systems, categorising them into unacceptable risk, high risk, and low or minimal risk categories.

6. Article 6: Prohibited AI practices

   • Lists specific AI applications that are prohibited due to their potential to harm individuals or society, such as social scoring by governments and real-time biometric identification in public spaces.

7. Article 7: High-risk AI systems

   • Defines the criteria for identifying high-risk AI systems, which will be subject to stricter regulatory requirements.

8. Article 8: Requirements for high-risk AI systems

   • Outlines the specific requirements that high-risk AI systems must meet, including risk management, data governance, transparency, and human oversight.

9. Article 9: Governance and management

   • Discusses the governance structures that providers must establish to ensure compliance with the AI Act and proper management of AI systems.

10. Article 10: AI systems requirements

    • Specifies additional requirements for high-risk AI systems pertaining to the robustness, accuracy, and reliability of the systems.

11. Article 11: Transparency and information to users

    • Mandates that providers ensure transparency regarding AI systems, including providing users with information about their capabilities and limitations.

12. Article 12: Human oversight

    • Emphasises the necessity of human oversight in the operation of high-risk AI systems to ensure safety and ethical considerations.

13. Article 13: Conformity assessment

    • Describes the procedures for assessing conformity of high-risk AI systems with the provisions of the Act before they are placed on the market.

14. Article 14: Post-market monitoring

    • Outlines requirements for ongoing monitoring of AI systems after they have been deployed to ensure continued compliance and performance.

15. Article 15: Responsibilities of users

    • Defines the responsibilities of users of AI systems, including ensuring that the systems are used in accordance with the AI Act.

16. Article 16: National competent authorities

    • Establishes the role of national authorities in the implementation and enforcement of the AI Act.

17. Article 17: European Artificial Intelligence Board

    • Introduces the EAIB, tasked with facilitating cooperation among member states and providing guidance on the interpretation of the Act.

18. Article 18: Codes of conduct

    • Encourages the development of voluntary codes of conduct for AI systems not classified as high-risk to promote best practices.

19. Article 19: Reporting obligations

    • Sets out the obligations for providers and users to report incidents or issues related to AI systems to the relevant authorities.

20. Article 20: Penalties

    • Discusses the enforcement mechanisms and penalties for non-compliance with the AI Act.

Summary

The articles of the EU AI Act lay the groundwork for a comprehensive regulatory framework aimed at promoting the safe and ethical use of artificial intelligence across the EU. By establishing clear definitions, requirements, and governance structures, the Act seeks to mitigate risks associated with AI while fostering innovation and public trust in AI technologies. Understanding these articles is crucial for organisations involved in the development or use of AI to ensure compliance with the regulatory landscape.

EU AI Act Mapping with ISO 42001

ISO 42001 is a standard for establishing, implementing, maintaining, and continuously improving an Artificial Intelligence Management System (AIMS). The EU AI Act, on the other hand, is a legislative framework that aims to ensure the safe and ethical use of artificial intelligence within the EU.

Below is a mapping of ISO 42001 clauses with relevant articles from the EU AI Act. This mapping aims to demonstrate the alignment between the standard’s requirements and the regulatory provisions of the AI Act.

Mapping Table of ISO 42001 Clauses with EU AI Act Articles

ISO 42001 Clauses	Relevant EU AI Act Articles	Description
1. Scope	Article 1: Subject matter and scope	Establishes the purpose and scope of the AI management system and the AI Act's application.
2. Normative References	Article 2: Definitions	Provides definitions relevant to AI management and the scope of the AI Act.
3. Terms and Definitions	Article 2: Definitions	Aligns on the terminology used in AI, ensuring clarity and understanding.
4. Context of the Organisation	Article 17: Risk Management	Encourages organisations to assess the context in which they operate, including risk factors related to AI.
5. Leadership	Article 9: Governance	Emphasises the need for strong governance structures in the use of AI.
6. Planning	Article 5: AI Systems Classification	Involves planning for compliance based on the risk classification of AI systems.
7. Support	Article 11: Transparency and Information to Users	Addresses the need for support mechanisms, ensuring transparency and communication with users of the AI systems.
8. Operation	Article 10: AI Systems Requirements	Outlines operational processes and requirements for developing and deploying AI systems.
9. Performance Evaluation	Article 14: Post-Market Monitoring	Involves evaluating the effectiveness and compliance of AI systems after deployment.
10. Improvement	Article 13: Conformity Assessment	Focuses on continuous improvement and the need for periodic assessments to ensure compliance with the AI Act.
Annex A (Guidance)	Article 18: Codes of Conduct	Provides guidance on best practices and codes of conduct applicable to AI systems.

Summary

Mapping illustrates how the ISO 42001 standard can align with the regulatory framework established by the EU AI Act. Both frameworks emphasise the importance of governance, risk management, transparency, and continuous improvement in the development and deployment of AI systems. Organisations can benefit from implementing ISO 42001 to ensure compliance with the EU AI Act while enhancing their AI governance and management practices.