Foundation Models Impacting EU AI Regulation

Understanding AI Compliance: Key Insights from the COMPL-AI Framework ⬇️ As AI models become increasingly embedded in daily life, ensuring they align with ethical and regulatory standards is critical. The COMPL-AI framework dives into how Large Language Models (LLMs) measure up to the EU’s AI Act, offering an in-depth look at AI compliance challenges. ✅ Ethical Standards: The framework translates the EU AI Act’s 6 ethical principles—robustness, privacy, transparency, fairness, safety, and environmental sustainability—into actionable criteria for evaluating AI models. ✅Model Evaluation: COMPL-AI benchmarks 12 major LLMs and identifies substantial gaps in areas like robustness and fairness, revealing that current models often prioritize capabilities over compliance. ✅Robustness & Fairness : Many LLMs show vulnerabilities in robustness and fairness, with significant risks of bias and performance issues under real-world conditions. ✅Privacy & Transparency Gaps: The study notes a lack of transparency and privacy safeguards in several models, highlighting concerns about data security and responsible handling of user information. ✅Path to Safer AI: COMPL-AI offers a roadmap to align LLMs with regulatory standards, encouraging development that not only enhances capabilities but also meets ethical and safety requirements. 𝐖𝐡𝐲 𝐢𝐬 𝐭𝐡𝐢𝐬 𝐢𝐦𝐩𝐨𝐫𝐭𝐚𝐧𝐭? ➡️ The COMPL-AI framework is crucial because it provides a structured, measurable way to assess whether large language models (LLMs) meet the ethical and regulatory standards set by the EU’s AI Act which come in play in January of 2025. ➡️ As AI is increasingly used in critical areas like healthcare, finance, and public services, ensuring these systems are robust, fair, private, and transparent becomes essential for user trust and societal impact. COMPL-AI highlights existing gaps in compliance, such as biases and privacy concerns, and offers a roadmap for AI developers to address these issues. ➡️ By focusing on compliance, the framework not only promotes safer and more ethical AI but also helps align technology with legal standards, preparing companies for future regulations and supporting the development of trustworthy AI systems. How ready are we?

This report provides the first comprehensive analysis of how the EU AI Act regulates AI agents, increasingly autonomous AI systems that can directly impact real-world environments. Our three primary findings are: 1. The AI Act imposes requirements on the general-purpose (AI GPAI) models underlying AI agents (Ch. V) and the agent systems themselves (Ch. III). We assume most agents rely on GPAI models with systemic risk (GPAISR) Accordingly, the applicability of various AI Act provisions depends on (a) whether agents proliferate systemic risks under Ch. V (Art. 55), and (b) whether they can be classified as high-risk systems under Ch. III. We find that (a) generally holds, requiring providers of GPAISRs to assess and mitigate systemic risks from AI agents. However, it is less clear whether AI agents will in all cases qualify as (b) high-risk AI systems, as this depends on the agent's specific use case. When built on GPAI models, AI agents should be considered high-risk GPAI systems, unless the GPAI model provider deliberately excluded high-risk uses from the intended purposes for which the model may be used. 2. Managing agent risks effectively requires governance along the entire value chain. The governance of AI agents illustrates the “many hands problemˮ, where accountability is obscured due to the unclear allocation of responsibility across a multi-stakeholder value chain. We show how requirements must be distributed along the value chain, accounting for the various asymmetries between actors, such as the superior resources and expertise of model providers and the context-specific information available to downstream system providers and deployers. In general, model providers must build the fundamental infrastructure, system providers must adapt these tools to their specific contexts, and deployers must adhere to and apply these rules during operation. 3. The AI Act governs AI agents through four primary pillars: risk assessment, transparency tools, technical deployment controls, and human oversight. We derive these complementary pillars by conducting an integrative review of the AI governance literature and mapping the results onto the EU AI Act. Underlying these pillars, we identify 10 sub-measures for which we note specific requirements along the value chain, presenting an interdependent view of the obligations on GPAISR providers, system providers, and system deployers. By Amin Oueslati, Robin Staes-Polet at The Future Society Read: https://lnkd.in/e6865zWq

Regulations arrive. Agents evolve faster. Welcome to the compliance gap. Autonomous AI agents are becoming more powerful. They reason, plan, adapt, and act. But the EU AI Act was never designed with them in mind. That legal blind spot is widening. Key findings from Governing AI Agents Under the EU AI Act reveal a critical mismatch: → The Act includes no definition of autonomous agents → Agents can combine multiple high-risk use cases within a single system → Current rules apply only at deployment, not as behavior evolves → Agents can reconfigure goals and interact with other agents after launch → Liability is still tied to deployers, even when outcomes emerge unpredictably This is a regulation written for tools, not actors. The Act assumes systems are static and predictable. But agents generate their own behavior. Their risk profile is not fixed. The Unresolved Agent Problem. Autonomous agents break key assumptions in EU law: → Systems operate based on pre-defined functions → Risk can be assessed once, before deployment → Responsibility flows neatly from provider to deployer Agents challenge all of this. They adapt. They collaborate. They evolve in the field. And when decisions go wrong, existing rules offer no clear framework for responsibility. The authors state clearly: "The EU AI Act is ill-equipped to address risks posed by AI systems that can self-initiate actions and dynamically change behavior post-deployment." The paper outlines several urgent recommendations: → Introduce a new regulatory class for Autonomous Agent Systems → Move beyond one-time approval to runtime governance and continuous oversight → Extend documentation to include behavioral traceability and decision logs → Create hybrid liability models combining provider, deployer, and system behavior This is not theoretical. Agent-based systems are already being piloted in logistics, finance, defense, and healthcare. The law is falling behind the technology. The EU AI Act is a historic milestone. But for autonomous agents, it is only the beginning. The next chapter of AI governance must address systems that reason, decide, and act on their own. If the law does not adapt, trust in autonomous AI never will.

The European Commission published official guidelines for general-purpose AI (GPAI) providers under the EU AI Act. This is especially relevant for any teams working with foundation models like GPT, Llama, Claude, and open-source versions. A few specifics I think people overlook: -If your model uses more than 10²³ FLOPs of training compute and can generate text, images, audio, or video, guess what…you’re in GPAI territory. -Providers (whether you’re training, fine-tuning, or distributing models) must: -Publish model documentation (data sources, compute, architecture) Monitor systemic risks like bias or disinformation -Perform adversarial testing -Report serious incidents to the Commission -Open-source gets some flexibility, but only if transparency obligations are met. Important dates: August 2, 2025: GPAI model obligations apply August 2, 2026: Stronger rules kick in for systemic risk models August 2, 2027: Legacy models must comply For anyone already thinking about ISO 42001 or implementing Responsible AI programs, this feels like a natural next step. It’s not about slowing down innovation…it’s about building AI that’s trustworthy and sustainable. https://lnkd.in/eJBFZ8Ki

🚨 [AI REGULATION] The definition and societal impacts of open foundation models should be at the core of AI policy & regulation discussions. Why? In many jurisdictions, there are more lenient rules for these AI models. Read this: ➡ The EU AI Act, for example, in its Article 53, which covers General-Purpose AI Models, establishes that: "2. The obligations set out in paragraph 1, points (a) and (b), shall not apply to providers of AI models that are released under a free and open-source licence that allows for the access, usage, modification, and distribution of the model, and whose parameters, including the weights, the information on the model architecture, and the information on model usage, are made publicly available. This exception shall not apply to general-purpose AI models with systemic risks." ➡ In the US, the Federal Trade Commission has recently published an article covering open-weights foundation models, highlighting their potential benefits (including enabling greater innovation, driving competition, improving consumer choice, and reducing costs) and possible risks to consumers when compared to centralized closed models (link to the article below). ➡ Given the high stakes and the fact that regulatory authorities will look at these AI models differently, both their definition and their societal impacts - especially in comparison to closed ones - must be closely scrutinized. ➡ In this context, the paper "On the Societal Impact of Open Foundation Models" by Sayash Kapoor, Rishi Bommasani, Kevin Klyman, Shayne Longpre, Ashwin Ramaswami for State Senate, Peter Cihon, Aspen Hopkins, Kevin Bankston, Stella Biderman, Miranda Bogen, Dr. Rumman Chowdhury, Alex Engler, Peter Henderson, Yacine Jernite, Seth Lazar, Stefano Maffulli, Alondra Nelson, Joelle Pineau, Aviya Skowron, Dawn Song, Victor Storchan, Daniel Zhang, Daniel E. Ho, Percy Liang & Arvind Narayanan is a must-read for everyone in AI, especially those focused on regulation and policymaking (link below). ➡ The paper discusses the distinctive properties of open foundation models, their benefits, a risk assessment framework to evaluate risks and threats, and recommendations and calls to action. ➡ AI liability is still an open topic in many jurisdictions worldwide. At this point, it is extremely important that policymakers and regulators invest time and effort in understanding the different risk profiles, the best way to regulate them, and who is responsible for the harm after it happens. ➡ Find all relevant links below. ➡ To stay up to date with the latest developments in AI policy & regulation, join 28,500 people who subscribe to my weekly newsletter (link below). #AI #FoundationModels #OpenFoundationModels #AIRegulation #AIgovernance #AIpolicy

The EU Council sets the first rules for AI worldwide, aiming to ensure AI systems in the EU are safe, respect fundamental rights, and align with EU values. It also seeks to foster investment and innovation in AI in Europe. 🔑 Key Points 🤖Described as a historical milestone, this agreement aims to address global challenges in a rapidly evolving technological landscape, balancing innovation and fundamental rights protection. 🤖The AI Act follows a risk-based approach, with stricter regulations for AI systems that pose higher risks. 🤖Key Elements of the Agreement ⭐️Rules for high-risk and general purpose AI systems, including those that could cause systemic risk. ⭐️Revised governance with enforcement powers at the EU level. ⭐️Extended prohibitions list, with allowances for law enforcement to use remote biometric identification under safeguards. ⭐️Requirement for a fundamental rights impact assessment before deploying high-risk AI systems. 🤖The agreement clarifies the AI Act’s scope, including exemptions for military or defense purposes and AI used solely for research or non-professional reasons. 🤖Includes a high-risk classification to protect against serious rights violations or risks, with light obligations for lower-risk AI. 🤖Bans certain AI uses deemed unacceptable in the EU, like cognitive behavioral manipulation and certain biometric categorizations. 🤖Specific provisions allow law enforcement to use AI systems under strict conditions and safeguards. 🤖Special rules for foundation models and high-impact general-purpose AI systems, focusing on transparency and safety. 🤖Establishment of an AI Office within the Commission and an AI Board comprising member states' representatives, along with an advisory forum for stakeholders. 🤖Sets fines based on global annual turnover for violations, with provisions for complaints about non-compliance. 🤖Includes provisions for AI regulatory sandboxes and real-world testing conditions to foster innovation, particularly for smaller companies. 🤖The AI Act will apply two years after its entry into force, with specific exceptions for certain provisions. 🤖Finalizing details, endorsement by member states, and formal adoption by co-legislators are pending. The AI Act represents a significant step in establishing a regulatory framework for AI, emphasizing safety, innovation, and fundamental rights protection within the EU market. #ArtificialIntelligenceAct #EUSafeAI #AIEthics #AIRightsProtection #AIGovernance #RiskBasedAIRegulation #TechPolicy #AIForGood #AISecurity #AIFramework

🔬🇪🇺 Important news in the world of AI regulation and compliance! ETH Zurich, INSAIT, and LatticeFlow AI have joined forces to launch the first-ever EU AI Act compliance evaluation framework specifically designed for generative AI. This framework provides a comprehensive set of guidelines and metrics to assess the compliance of generative AI systems with the upcoming EU AI Act. By focusing on key aspects such as transparency, accountability, and fairness, the framework aims to ensure that AI technologies are developed and deployed responsibly. 𝐇𝐨𝐰 𝐈𝐭 𝐖𝐨𝐫𝐤𝐬 🛠️ The compliance evaluation framework consists of a series of rigorous tests and assessments that examine various aspects of generative AI systems, including: ➡️ Data quality and bias ➡️ Model robustness and reliability ➡️ Explainability and interpretability ➡️ Privacy and security safeguards Through these evaluations, organizations can identify potential compliance gaps and take proactive measures to address them. 𝐈𝐧𝐭𝐞𝐫𝐩𝐫𝐞𝐭𝐢𝐧𝐠 𝐭𝐡𝐞 𝐑𝐞𝐬𝐮𝐥𝐭𝐬 📊 The framework provides clear and actionable insights into the compliance status of generative AI systems. Organizations can use the evaluation results to: ➡️ Identify areas of strength and weakness ➡️ Prioritize compliance efforts and resource allocation ➡️ Track progress over time and benchmark against industry standards below you will find how some of the most popular genAI models were evaluated (1 being the highest score) By leveraging this framework, companies can navigate the complex landscape of AI regulation with greater confidence and effectiveness. 🔗 https://lnkd.in/dXuEWnPZ 🔗 https://lnkd.in/dtH8Vw9X #AICompliance #EUAIAct #ResponsibleAI #GenerativeAI #InnovationInRegulation

🚀 The EU has just introduced groundbreaking transparency requirements for AI! Starting August 2025, all companies developing general-purpose AI models must publish detailed summaries about their training data. This is a game-changer for AI transparency in Europe! 🌍 Here's what tech companies need to know: Every GPAI model provider must create and make publicly available a comprehensive summary of the content used to train their models. The AI Office will provide a specific template for this disclosure. This requirement applies to ALL GPAI models, whether they're: - Commercial or free - Open-source or proprietary - With or without systemic risk Even companies outside the EU must comply if they want their AI models available in the European market. Why this matters? 🤔 This unprecedented move towards transparency helps: - Ensure ethical AI development - Enable better understanding of AI capabilities - Support compliance with EU copyright laws - Protect fundamental rights For tech leaders and developers, now is the time to start documenting your training data practices. The clock is ticking ⏰ with enforcement beginning August 2025. 💡 Pro tip: Start preparing your documentation systems now to avoid last-minute compliance rushes! Source: Bigid

EU Releases Guidelines on GPAI Model Compliance Under the AI Act ▶ The AI Office published new interpretive guidelines detailing the obligations for GPAI model providers under Article 51 and Annex XIII of the EU AI Act. ▶ The guidance distinguishes between GPAI models and GPAI models with systemic risk, clarifying obligations related to documentation, training data summaries, and technical performance metrics. ▶ GPAI providers must publish a transparency summary (Art. 53) and notify the AI Office before placing systemic-risk models on the EU market (Art. 52). ▶ Developers of GPAI with systemic risk must perform model evaluations, report incidents, and conduct adversarial testing per Annex XIII requirements. ▶ The guidelines also clarify the application of open-source exemptions, cumulative risks, and the delegation of compliance duties between upstream and downstream developers. 📚 The AI Policy Newsletter: https://lnkd.in/eS8bHrvG 👩💻 The AI Policy Course: https://lnkd.in/e3rur4ff 🌐 Learn more about Duco: https://lnkd.in/dYjyKhBd