Brussels, BELGIUM – The EU’s Artificial Intelligence (AI) Act suffers from critical shortcomings, according to a legal analysis published today. Despite assurances from the European Commission and EU co-legislators, the study reveals that the landmark regulation fails to genuinely adhere to a risk-based approach.

Conducted by Prof. Dr. Martin Ebers, the new study warns that the AI Act will lead to legal uncertainty and overregulation, as well as unjustified increases in compliance costs – unless crucial improvements are made during the upcoming implementation phase.

Fortunately, the AI Act contains ample tools to deliver truly risk-based implementation. Ebers sets out clear recommendations for the EU’s newly-founded AI Office to get the Act back on track. This is much needed, as numerous provisions are the result of rushed political compromises rather than thorough risk-benefit analysis or solid evidence, the report finds.

The current system for classifying ‘high-risk’ AI systems is not adequately supported by empirical evidence, for example. Ebers therefore calls on the Commission’s AI Office to use its power to amend and refine the existing high-risk use cases.

Moving forward, it will be key to ensure that economic and social benefits of AI systems – such as advancing scientific breakthroughs – are explicitly weighed against risks, which isn’t currently being done.

The report also calls for a unified methodology to identify and assess ‘systemic risks’ from general-purpose AI (GPAI) models, which are currently largely undefined in the AI Act due to political compromises. Likewise, it suggests that the AI Office should update thresholds for GPAI models with systemic risks based on tangible evidence.

The Computer & Communications Industry Association (CCIA Europe), which commissioned this independent report, urges the European Commission to implement the AI Act by following a genuine risk-based approach in order to address today’s legal uncertainty.

The following can be attributed to CCIA Europe’s Senior Policy Manager Boniface de Champris:

“This study proposes concrete fixes to serious problems. The AI Office, up and running as of this week, must ensure that AI Act implementation respects its intended risk-based approach – including guidelines, secondary legislation, standards, and codes of practice.”

“It is of paramount importance, for example, that upcoming codes of practice clearly specify which ‘systemic risks’ general-purpose AI model providers must assess and mitigate in practice. Right now, this is still surrounded by a great deal of legal uncertainty.”

“Legislators around the world need to know that key AI Act provisions fail to follow a genuine risk-based approach. As long as these structural issues have not been resolved other lawmakers should not adopt the EU’s approach without careful consideration as this would duplicate its shortcomings on a global scale.”