Online
Article
Online Edition '24

Comparing the EU AI Act to Proposed AI-Related Legislation in the US

Sofia Gracias
University of Chicago Law School '25
TABLE OF CONTENTS

I. Introduction

Artificial intelligence (AI) has risen to the forefront of public discourse as the field has rapidly developed over the last decade.1 Although the definition of AI has not been agreed upon,2 it can broadly be described as “us[ing] computers to simulate human intelligent behaviors and… train[ing] computers to learn human behaviors such as learning, judgment, and decision-making.”3 AI has been integrated into our daily lives through Google, Westlaw, social media, ChatGPT, and more. These examples encompass a variety of types of AI about which regulators have become increasingly alarmed. The desire to regulate AI stems from concerns including, but not limited to, privacy threats, job displacement, misinformation and manipulation, and security risks.4

The stakes for AI regulation rose with the release of ChatGPT in November 2022, which showed the potential of generative AI technology and led to frenzied development in the AI market.5 The pressure for the United States (US) to pass AI regulation has only increased since the European Union (EU) reached an agreement that will lead to the quick passage of the AI Act.6 This article analyzes the EU’s AI Act and its potential effectiveness. It compares proposed legislation from Congress to the EU AI Act to see if there is any overlap and if there are ways to improve the legislation to make it more effective.

II. Analysis

A. What is the EU AI Act?

The EU has been at the forefront of initiating technology related regulation involving privacy concerns.7 As the leader in AI regulation, the EU began working on the AI Act back in 2018.8 The goal of the regulation is to “ensure that fundamental rights, democracy, the rule of law and environmental sustainability are protected from high risk AI, while boosting innovation and making Europe a leader in the field.”9 In 2021, the EU released its first draft of the AI Act, but breakthroughs in the field—such as generative AI technology—created the need for major revisions which led to an updated draft in 2023.10 Ultimately, in February 2024, the 27 EU member states unanimously voted to approve the AI Act, revising it further, finalizing its language, and advancing it towards completion.11 A final vote of the European Parliament is expected in April 2024.12

1. Regulatory Framework in the 2021 EU AI Act

While the 2021 draft needed some revision, it nonetheless provided the regulatory framework used in the AI Act. It stated that AI systems that can be used in different applications will be categorized based on their risk to users.13 The categories: unacceptable risk, high risk, and limited risk.14 The level of risk an AI system poses would determine the set of rules and obligations imposed by regulators. AI systems that are characterized as an unacceptable risk would be banned because they pose the greatest threat to people.15 General purpose and generative AI have their own set of requirements and will also be assessed to determine if they pose a systemic risk that would place them in a higher risk category.16

2. Takeaways from 2023 EU AI Act Provisional Agreement

The 2023 Act bans certain AI systems based on the threat they pose to citizens’ rights and democracy.17 The Act also lists certain exceptions for law enforcement’s use of biometric identification systems (RBI) in public spaces with judicial authorization and for a specific list of crimes. It also details “post-remote” RBI which would be used to search for convicted persons or suspects and strict rules for “real-time” RBI. The Act sets forth the obligations for the AI systems at different levels of risk. The sanctions for non-compliance with the AI Act are steep. A violating entity could be fined from “35 million euro or 7% of global turnover to 7.5 million or 1.5% of turnover” depending on the type of violation or the size of the entity.18 The Act also puts measures in place to promote the safe development of AI technology. They established regulatory “sandboxes” which allow testing to develop and train AI before introducing it to the market.19

3. Finalized Language from the 2024 EU AI Act

On February 2, 2024, the EU AI Act was finalized and endorsed by the 27 Member States of the EU.20 This followed an online leak of the text on January 22, 2024.21 The finalized language remains consistent with and expands upon the provisions detailed in the 2023 Provisional Agreement.22 The Act contains a revised definition of “artificial systems” (the OECD definition) to distinguish it from other software systems.23 The scope of the Act is fleshed out further to apply to all aspects of AI production, development, manufacturing, importation and production management with connection to the EU’s economy. The risk framework and prohibited AI systems remain the same but are also more thorough.24 The Act also sets out a detailed implementation timeline.

There are enforcement concerns that come with implementing such a robust piece of legislation.25 The General Data Protection Act, the EU’s previous landmark legislation to protect citizens’ privacy from technological infringement, has been criticized for inaction.26 It bolsters concerns that the EU will not be effective in enforcing more substantive regulation. For proper enforcement, the EU will need to hire technological experts to ensure the Act reaches emerging AI technology, and it will need to coordinate enforcement in each of the EU’s 27 Member States.27 The EU has made strides toward better enforcement with the creation of the European AI Office.28 The AI Office will support implementation of the AI Act by coordinating the Member States, evaluating general-purpose AI models, requesting compliance measures from AI providers and applying sanctions.29 While this does not entirely solve the enforcement problem, it is a step in the right direction for cohesive implementation. The European Parliament will vote on the Act in mid-April. If Parliament approves, the Act will go into effect 20 days after the publication of the EU Official Journal and will be enforceable after 24 months.30 In the meantime, the EU launched the AI Pact, inviting AI developers to start transitioning into compliance with the Act.31

B. Congress’s Proposed AI Regulatory Frameworks for the US

After the announcement of the EU’s AI Act, there has been a call for AI related legislation in the US. President Biden responded to requests for regulation in an Executive Order for “responsible innovation” that directed the federal government’s attention toward shaping AI’s growth and mitigating the potential risks.32 Congress has also acted toward passage of AI legislation. AI regulation has gained bipartisan support, and more than 30 AI-related bills were introduced in Congress in 2023.33 Three comprehensive frameworks for an AI regulatory regime have been introduced by the current Congress. These frameworks will be discussed and compared to the one set forth in the EU’s AI Act.

1. SAFE Innovation Framework

The SAFE Innovation Framework was announced by Senate Majority Leader Chuck Schumer (D-NY) with bipartisan support from Senators Martin Heinrich (D-NM), Todd Young (R-IN), and Mike Rounds (R-SD) in June 2023.34 The framework consists of five principles to mitigate AI risk while encouraging development in the field. These principles are security, accountability, foundations, explainability, and innovation.35 Leader Schumer also announced an implementation of AI Forums, in which Senators would be educated by AI experts behind closed doors.36 The first of these took place in September.

This framework provides guiding principles on which to base legislation. It seems to be focused on transparency and education from AI developers and advancement of AI technology without infringing on security. There is an emphasis on the US maintaining its role as one of the leaders in AI development. The EU’s AI Act takes a more risk-based approach.37 Although the framework claims to promote the growth of AI, the risk assessments enforced on businesses might impose stifling restrictions. Also, the SAFE Framework may not be strict enough and might allow free reign of AI development without the necessary safeguards.

2. Bipartisan Framework for US AI Act

The Bipartisan Framework was introduced by Senators Richard Blumenthal (D-CT) and Josh Hawley (R-MO) in September 2023.38 They are both members of the Senate Judiciary Subcommittee on Privacy, Technology, and the Law. This framework includes several policy proposals, along with guiding principles.39 The guiding principles build on those included in the SAFE Framework but emphasize transparency and consumer protection, specifically when it comes to children.40 One of the policy recommendations would establish licensing requirements for AI systems and an independent body that will oversee the licensing process.41 The entity would also monitor and report AI developments and the economic impact of AI.42 The framework includes a proposal that blocks AI companies from getting Section 230 immunity.43 Section 230 protects internet service providers from lawsuits brought against them for things that users say while using their platform.44 This framework would remove that protection from AI companies. The proposal would also increase protections “to prevent foreign adversaries from obtaining advanced AI technologies.”45

This framework has potential to line up more closely with the EU’s AI Act. It provides detailed policy recommendations along with guiding principles. The EU Act emphasizes transparency and other protections through the lens of protecting the people’s rights. This framework focuses more on competition and consumer protection. The policy proposal to protect AI technology for national security purposes is different than the EU Act. The Bipartisan framework seeks to protect the public from the technology being weaponized by adversaries. Conversely, the EU’s AI Act does not protect against this. Although international protection could be beneficial to US interests, policymakers should focus on passing domestic protections first to meet the immediate need for AI-related legislation. The EU AI Act prioritizes domestic protections by using its risk framework to ensure citizens are covered.

3. National AI Commission Act 

The National AI Commission Act, H.R. 4223, was introduced by a bipartisan group of House members in June 2023.46 This Act would establish a “blue ribbon commission” of 20 people appointed by the President and Congress, “with each political party selecting half of the members.”47 The members include experts in AI technology, industry leaders, and experts in government and national security.48 They would work to develop a risk-based AI regulatory framework and make recommendations for implementation. The Commission would formulate three reports, the first two would be submitted six months apart and the third would be completed a year later.49

This would ensure the development of a comprehensive framework for AI regulation in the US. It does not give any principles or policy goals that would enable it to be compared to EU’s AI Act. However, it does specify taking a risk-based approach to AI regulation, which is similar to the EU’s approach. The risk-based approach might lead to overregulation, which could be harmful to industry growth. However, by including AI technology and industry experts on the Commission, the risk of unduly harming industry growth may be counteracted.

C. US AI-Related Legislation Introduced in Congress

Congress has introduced targeted legislation to address specific issues in addition to the broad frameworks discussed previously. The legislation falls into the following issue categories: “(1) promoting AI [Research & Development] leadership; (2) protecting national security; (3) disclosure; (4) protecting election integrity; (5) workforce training; and (6) coordinating and facilitating federal agency AI use.”50 This issue specific legislation addresses different concerns than the EU’s AI Act.

The EU’s AI Act focuses on determining the risk to the public introduced by AI technology and regulating that AI system accordingly. There is a strong emphasis on supervising the development of AI technology which can be harmful to industry growth. The priorities in the US’s proposed legislation differ by focusing on AI-system development, with some protection for the risks associated with the technology. The US approach focuses on protecting national security, disclosure mandates, and election integrity. Similar to the Bipartisan Framework for the US AI Act, this prioritization of national security differs from the EU’s protection of individual rights. The proposed US legislation safeguards individuals through protections against generative AI and “deep fakes” that take on the likeness of individuals potentially resulting in identity theft.51 The EU’s Act has specific protections for that type of AI-system as well. The US bills also establish protections for election integrity, which is not specifically mentioned in the EU’s Act. The EU’s Act could address security by banning AI technology that could interfere with election integrity.

III. Conclusion

The EU Member States have finalized the language of the EU AI Act, and it is just months away from potential passage into law. Meanwhile, the US is continuing to progress its regulatory framework and the substantive aspects of its own AI Act. Based on the developments thus far, the EU has a more significant risk-based approach to regulating AI technology, while the US is attempting to regulate the field without stifling industry growth. It will be interesting to observe how the EU AI Act influences the artificial intelligence industry and if those observations can be applied to a US AI Act.

  • 1Scott J. Shackelford & Rachel Dockery, Governing AI, 30 Cornell J.L. & Pub. Pol'y 279 (2020); See David Bollier, Artificial Intelligence, The Great Disruptor: Coming to Terms with AI-Driven Markets, Governance, and Life, Aspen Inst., at 3 (2018).
  • 2Shackelford & Dockery, supra note 1, at 286.
  • 3Caiming Zhang & Yang Lu, Study On Artificial Intelligence: The State of the Art and Future Prospects, 23 J. Indus. Info. Integration 1 (2021).
  • 4Bernard Marr, The 15 Biggest Risks Of Artificial Intelligence, Forbes (June 2, 2023, 3:07 AM EDT), https://perma.cc/U4EL-U3Q8.
  • 5Catherine Thorbecke, A Year After ChatGPT’s Release, the AI Revolution Is Just Beginning, CNN (Nov. 30, 2023, 10:32 AM EST), https://perma.cc/56K4-D5LT.
  • 6Adam Satariano, E.U. Agrees on Landmark Artificial Intelligence Rules, N.Y. Times (Dec. 8, 2023), https://perma.cc/9MXN-J3GC.

  • 7Id.
  • 8Id.
  • 9Artificial Intelligence Act: Deal on Comprehensive Rules for Trustworthy AI, Eur. Parliament: News (Dec. 9, 2023), https://perma.cc/GN7R-SCAJ.
  • 10Id.
  • 11Jedidiah Bracy & Caitlin Andrews, EU countries vote unanimously to approve AI Act, Int’l. Assoc. Priv. Pro. (Feb. 2, 2024), https://perma.cc/PYT5-ZCY9.
  • 12Id.
  • 13EU AI Act: First Regulation on Artificial Intelligence, Eur. Parliament: News (Dec. 19, 2023), https://perma.cc/75CD-JZN5.
  • 14Id.
  • 15Id.
  • 16Id.
  • 17Artificial Intelligence Act: Deal on Comprehensive Rules for Trustworthy AI, Eur. Parliament: News (Dec. 9, 2023) [hereinafter EU AI Act Provisional Agreement], https://perma.cc/GN7R-SCAJ.
  • 18Id.
  • 19Id.
  • 20Jedidah Bracy & Caitlin Andrews, EU Countries Vote Unanimously to Approve AI Act, IAPP (Feb. 2, 2024), https://perma.cc/Q2XE-XNQY.
  • 21Clara Hainsdorf et. al, The Pre-Final Text of the EU’s AI Act Leaked Online, White & Case (Feb. 6, 2024), https://perma.cc/ARE7-NBM4.
  • 22Id.
  • 23Id.
  • 24Id.
  • 25Satariano, supra note 6.
  • 26Id.
  • 27EU AI Act Provisional Agreement, supra note 17.
  • 28European AI Office, Eur. Commission (last visited Feb. 28, 2024), https://perma.cc/WVG3-7RB3.
  • 29Id.
  • 30Hainsdorf et. al, supra note 21.
  • 31AI Act, Eur. Commission (last visited Feb. 28, 2024) https://perma.cc/RH5A-AVST.
  • 32Exec. Order No. 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, 88 Fed. Reg. 75,191 (Oct. 30, 2023); FACT SHEET: President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence, The White House (Oct. 30, 2023).
  • 33U.S. Artificial Intelligence Policy: Legislative and Regulatory Developments, Covington Alert (Oct. 20, 2023) [hereinafter Covington Alert], https://perma.cc/6YRQ-FBUU.
  • 34Id.
  • 35Chuck Schumer, Schumer’s SAFE Innovation Framework, Senate Democrats (June 21, 2023), https://perma.cc/5SSQ-LRCL.
  • 36Brendan Bordelon, Schumer Launches New Phase in Push for AI Bill, Politico (June 21, 2023, 1:27 PM EDT), https://perma.cc/ZEG7-97HM.
  • 37Satariano, supra note 6.
  • 38Varun Aggarwal, Senate Leaders Propose New Bipartisan Framework for AI Regulation, Harv. J. L. & Tech.: JOLT Digest (Oct. 12, 2023), https://perma.cc/2U2J-WQCK.
  • 39Covington Alert, supra note 33.
  • 40Senator Richard Blumenthal & Senator Josh Hawley, Bipartisan Framework for U.S. AI Act, Blumenthal Senate (Sept. 7, 2023), https://perma.cc/G2H8-3APB.
  • 41Covington Alert, supra note 33.
  • 42Blumenthal & Hawley, supra note 40.
  • 43Hawley, Blumenthal Introduce Bipartisan Legislation to Protect Consumers and Deny AI Companies Section 230 Immunity, Hawley Senate (June 14, 2023), https://perma.cc/7777-DUDM.
  • 44Section 230: 47 U.S.C. § 230, Electronic Frontier Foundation, https://perma.cc/8VCD-P6H9.
  • 45Covington Alert, supra note 33.
  • 46Id.
  • 47Id.
  • 48Jose Antonio Lanz, US Congress Presses Forward on AI Regulation with Proposed Commission, Yahoo! Fin. (June 21, 2023), https://perma.cc/8FP5-VHXY.
  • 49Covington Alert, supra note 33.
  • 50Id.
  • 51See Stu Sjouwerman, Deepfake Phishing: The Dangerous New Face Of Cybercrime, Forbes (Jan. 23, 2024, 9:00 AM EST), https://perma.cc/CYN9-38AD.