forked from intuitem/ciso-assistant-community
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ai-act.yaml
14414 lines (14019 loc) · 828 KB
/
ai-act.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
urn: urn:intuitem:risk:library:ai-act
locale: en
ref_id: AI Act
name: EU Artificial Intelligence Act (AI Act)
description: Regulation (EU) 2024/1689 of the European Parliament and of the Council
of 13 June 2024 laying down harmonised rules on artificial intelligence and amending
Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858,
(EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU)
2020/1828 (Artificial Intelligence Act).
copyright: European Union law
version: 2
provider: EU
packager: intuitem
objects:
framework:
urn: urn:intuitem:risk:framework:ai-act
ref_id: AI Act
name: EU Artificial Intelligence Act
description: Regulation (EU) 2024/1689 of the European Parliament and of the Council
of 13 June 2024 laying down harmonised rules on artificial intelligence and
amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU)
2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU)
2016/797 and (EU) 2020/1828 (Artificial Intelligence Act).
requirement_nodes:
- urn: urn:intuitem:risk:req_node:ai-act:node2
assessable: false
depth: 1
name: Preambule
- urn: urn:intuitem:risk:req_node:ai-act:recital-1
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 1
description: "The purpose of this Regulation is to improve the functioning of\
\ the internal market by laying down a uniform legal framework in particular\
\ for the development, the placing on the market, the putting into service\
\ and the use of artificial intelligence systems (AI systems) in the Union,\
\ in accordance with Union values, to promote the uptake of human centric\
\ and trustworthy artificial intelligence (AI) while ensuring a high level\
\ of protection of health, safety, fundamental rights as enshrined in the\
\ Charter of fundamental rights of the European Union (the \u2018Charter\u2019\
), including democracy, the rule of law and environmental protection, against\
\ the harmful effects of AI systems in the Union, and to support innovation.\
\ This Regulation ensures the free movement, cross- border, of AI-based goods\
\ and services, thus preventing Member States from imposing restrictions on\
\ the development, marketing and use of AI systems, unless explicitly authorised\
\ by this Regulation."
- urn: urn:intuitem:risk:req_node:ai-act:recital-2
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 2
description: This Regulation should be applied in accordance with the values
of the Union enshrined as in the Charter, facilitating the protection of natural
persons, undertakings, democracy, the rule of law and environmental protection,
while boosting innovation and employment and making the Union a leader in
the uptake of trustworthy AI.
- urn: urn:intuitem:risk:req_node:ai-act:recital-3
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 3
description: AI systems can be easily deployed in a large variety of sectors
of the economy and many parts of society, including across borders, and can
easily circulate throughout the Union. Certain Member States have already
explored the adoption of national rules to ensure that AI is trustworthy and
safe and is developed and used in accordance with fundamental rights obligations.
Diverging national rules may lead to the fragmentation of the internal market
and may decrease legal certainty for operators that develop, import or use
AI systems. A consistent and high level of protection throughout the Union
should therefore be ensured in order to achieve trustworthy AI, while divergences
hampering the free circulation, innovation, deployment and the uptake of AI
systems and related products and services within the internal market should
be prevented by laying down uniform obligations for operators and guaranteeing
the uniform protection of overriding reasons of public interest and of rights
of persons throughout the internal market on the basis of Article 114 of the
Treaty on the Functioning of the European Union (TFEU). To the extent that
this Regulation contains specific rules on the protection of individuals with
regard to the processing of personal data concerning restrictions of the use
of AI systems for remote biometric identification for the purpose of law enforcement,
of the use of AI systems for risk assessments of natural persons for the purpose
of law enforcement and of the use of AI systems of biometric categorisation
for the purpose of law enforcement, it is appropriate to base this Regulation,
in so far as those specific rules are concerned, on Article 16 TFEU. In light
of those specific rules and the recourse to Article 16 TFEU, it is appropriate
to consult the European Data Protection Board.
- urn: urn:intuitem:risk:req_node:ai-act:recital-4
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 4
description: AI is a fast evolving family of technologies that contributes to
a wide array of economic, environmental and societal benefits across the entire
spectrum of industries and social activities. By improving prediction, optimising
operations and resource allocation, and personalising digital solutions available
for individuals and organisations, the use of AI can provide key competitive
advantages to undertakings and support socially and environmentally beneficial
outcomes, for example in healthcare, agriculture, food safety, education and
training, media, sports, culture, infrastructure management, energy, transport
and logistics, public services, security, justice, resource and energy efficiency,
environmental monitoring, the conservation and restoration of biodiversity
and ecosystems and climate change mitigation and adaptation.
- urn: urn:intuitem:risk:req_node:ai-act:recital-5
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 5
description: At the same time, depending on the circumstances regarding its
specific application, use, and level of technological development, AI may
generate risks and cause harm to public interests and fundamental rights that
are protected by Union law. Such harm might be material or immaterial, including
physical, psychological, societal or economic harm.
- urn: urn:intuitem:risk:req_node:ai-act:recital-6
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 6
description: Given the major impact that AI can have on society and the need
to build trust, it is vital for AI and its regulatory framework to be developed
in accordance with Union values as enshrined in Article 2 of the Treaty on
European Union (TEU), the fundamental rights and freedoms enshrined in the
Treaties and, pursuant to Article 6 TEU, the Charter. As a pre-requisite,
AI should be a human-centric technology. It should serve as a tool for people,
with the ultimate aim of increasing human well-being.
- urn: urn:intuitem:risk:req_node:ai-act:recital-7
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 7
description: "In order to ensure a consistent and high level of protection of\
\ public interests as regards health, safety and fundamental rights, common\
\ rules for high-risk AI systems should be established. Those rules should\
\ be consistent with the Charter, non-discriminatory and in line with the\
\ Union\u2019s international trade commitments. They should also take into\
\ account the European Declaration on Digital Rights and Principles for the\
\ Digital Decade and the Ethics guidelines for trustworthy AI of the High-Level\
\ Expert Group on Artificial Intelligence (AI HLEG)."
- urn: urn:intuitem:risk:req_node:ai-act:recital-8
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 8
description: A Union legal framework laying down harmonised rules on AI is therefore
needed to foster the development, use and uptake of AI in the internal market
that at the same time meets a high level of protection of public interests,
such as health and safety and the protection of fundamental rights, including
democracy, the rule of law and environmental protection as recognised and
protected by Union law. To achieve that objective, rules regulating the placing
on the market, the putting into service and the use of certain AI systems
should be laid down, thus ensuring the smooth functioning of the internal
market and allowing those systems to benefit from the principle of free movement
of goods and services. Those rules should be clear and robust in protecting
fundamental rights, supportive of new innovative solutions, enabling a European
ecosystem of public and private actors creating AI systems in line with Union
values and unlocking the potential of the digital transformation across all
regions of the Union. By laying down those rules as well as measures in support
of innovation with a particular focus on small and medium enterprises (SMEs),
including startups, this Regulation supports the objective of promoting the
European human-centric approach to AI and being a global leader in the development
of secure, trustworthy and ethical AI as stated by the European Council,
and it ensures the protection of ethical principles, as specifically requested
by the European Parliament.
- urn: urn:intuitem:risk:req_node:ai-act:recital-9
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 9
description: "Harmonised rules applicable to the placing on the market, the\
\ putting into service and the use of high-risk AI systems should be laid\
\ down consistently with Regulation (EC) No 765/2008 of the European Parliament\
\ and of the Council, Decision No 768/2008/EC of the European Parliament and\
\ of the Council and Regulation (EU) 2019/1020 of the European Parliament\
\ and of the Council (\u2018New Legislative Framework\u2019). The harmonised\
\ rules laid down in this Regulation should apply across sectors and, in line\
\ with the New Legislative Framework, should be without prejudice to existing\
\ Union law, in particular on data protection, consumer protection, fundamental\
\ rights, employment, and protection of workers, and product safety, to which\
\ this Regulation is complementary.\nAs a consequence all rights and remedies\
\ provided for by such Union law to consumers, and other persons on whom AI\
\ systems may have a negative impact, including as regards the compensation\
\ of possible damages pursuant to Council Directive 85/374/EEC remain unaffected\
\ and fully applicable. Furthermore, in the context of employment and protection\
\ of workers, this Regulation should therefore not affect Union law on social\
\ policy and national labour law, in accordance with Union law, concerning\
\ employment and working conditions, including health and safety at work and\
\ the relationship between employers and workers. This Regulation should also\
\ not affect the exercise of fundamental rights as recognised in the Member\
\ States and at Union level, including the right or freedom to strike or to\
\ take other action covered by the specific industrial relations systems in\
\ Member States as well as the right to negotiate, to conclude and enforce\
\ collective agreements or to take collective action in accordance with national\
\ law.\nThis Regulation should not affect the provisions aiming to improve\
\ working conditions in platform work laid down in a Directive of the European\
\ Parliament and of the Council on improving working conditions in platform\
\ work. Moreover, this Regulation aims to strengthen the effectiveness of\
\ such existing rights and remedies by establishing specific requirements\
\ and obligations, including in respect of transparency, technical documentation\
\ and record-keeping of AI systems. Furthermore, the obligations placed on\
\ various operators involved in the AI value chain under this Regulation should\
\ apply without prejudice to national law, in accordance with Union law, having\
\ the effect of limiting the use of certain AI systems where such law falls\
\ outside the scope of this Regulation or pursues other legitimate public\
\ interest objectives than those pursued by this Regulation. For example,\
\ national labour law and law on the protection of minors, namely persons\
\ below the age of 18, taking into account the United Nations General Comment\
\ No 25 (2021) on children\u2019s rights in relation to the digital environment,\
\ insofar as they are not specific to AI systems and pursue other legitimate\
\ public interest objectives, should not be affected by this Regulation."
- urn: urn:intuitem:risk:req_node:ai-act:recital-10
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 10
description: "The fundamental right to the protection of personal data is safeguarded\
\ in particular by Regulations (EU) 2016/679 and (EU) 2018/1725 of the European\
\ Parliament and of the Council and Directive (EU) 2016/680 of the European\
\ Parliament and of the Council. Directive 2002/58/EC of the European Parliament\
\ and of the Council additionally protects private life and the confidentiality\
\ of communications, including by way of providing conditions for any storing\
\ of personal and non-personal data in and access from terminal equipment.\
\ Those Union legal acts provide the basis for sustainable and responsible\
\ data processing, including where data sets include a mix of personal and\
\ non-personal data. This Regulation does not seek to affect the application\
\ of existing Union law governing the processing of personal data, including\
\ the tasks and powers of the independent supervisory authorities competent\
\ to monitor compliance with those instruments. \nIt also does not affect\
\ the obligations of providers and deployers of AI systems in their role as\
\ data controllers or processors stemming from Union or national law on the\
\ protection of personal data in so far as the design, the development or\
\ the use of AI systems involves the processing of personal data. It is also\
\ appropriate to clarify that data subjects continue to enjoy all the rights\
\ and guarantees awarded to them by such Union law, including the rights related\
\ to solely automated individual decision-making, including profiling. Harmonised\
\ rules for the placing on the market, the putting into service and the use\
\ of AI systems established under this Regulation should facilitate the effective\
\ implementation and enable the exercise of the data subjects\u2019 rights\
\ and other remedies guaranteed under Union law on the protection of personal\
\ data and of other fundamental rights."
- urn: urn:intuitem:risk:req_node:ai-act:recital-11
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 11
description: This Regulation should be without prejudice to the provisions regarding
the liability of intermediary service providers set out in Directive 2000/31/EC
of the European Parliament and of the Council.
- urn: urn:intuitem:risk:req_node:ai-act:recital-12
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 12
description: "The notion of \u2018AI system\u2019 in this Regulation should\
\ be clearly defined and should be closely aligned with the work of international\
\ organisations working on AI to ensure legal certainty, facilitate international\
\ convergence and wide acceptance, while providing the flexibility to accommodate\
\ the rapid technological developments in this field. Moreover, it should\
\ be based on key characteristics of AI systems that distinguish it from simpler\
\ traditional software systems or programming approaches and should not cover\
\ systems that are based on the rules defined solely by natural persons to\
\ automatically execute operations. A key characteristic of AI systems is\
\ their capability to infer. This capability to infer refers to the process\
\ of obtaining the outputs, such as predictions, content, recommendations,\
\ or decisions, which can influence physical and virtual environments, and\
\ to a capability of AI systems to derive models or algorithms from inputs\
\ or data. The techniques that enable inference while building an AI system\
\ include machine learning approaches that learn from data how to achieve\
\ certain objectives, and logic- and knowledge-based approaches that infer\
\ from encoded knowledge or symbolic representation of the task to be solved.\
\ The capacity of an AI system to infer transcends basic data processing,\
\ enables learning, reasoning or modelling. The term \u2018machine-based\u2019\
\ refers to the fact that AI systems run on machines.\nThe reference to explicit\
\ or implicit objectives underscores that AI systems can operate according\
\ to explicit defined objectives or to implicit objectives. The objectives\
\ of the AI system may be different from the intended purpose of the AI system\
\ in a specific context. For the purposes of this Regulation, environments\
\ should be understood to be the contexts in which the AI systems operate,\
\ whereas outputs generated by the AI system reflect different functions performed\
\ by AI systems and include predictions, content, recommendations or decisions.\
\ AI systems are designed to operate with varying levels of autonomy, meaning\
\ that they have some degree of independence of actions from human involvement\
\ and of capabilities to operate without human intervention. The adaptiveness\
\ that an AI system could exhibit after deployment, refers to self-learning\
\ capabilities, allowing the system to change while in use. AI systems can\
\ be used on a stand-alone basis or as a component of a product, irrespective\
\ of whether the system is physically integrated into the product (embedded)\
\ or serve the functionality of the product without being integrated therein\
\ (non-embedded)."
- urn: urn:intuitem:risk:req_node:ai-act:recital-13
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 13
description: "The notion of \u2018deployer\u2019 referred to in this Regulation\
\ should be interpreted as any natural or legal person, including a public\
\ authority, agency or other body, using an AI system under its authority,\
\ except where the AI system is used in the course of a personal non-professional\
\ activity. Depending on the type of AI system, the use of the system may\
\ affect persons other than the deployer."
- urn: urn:intuitem:risk:req_node:ai-act:recital-14
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 14
description: "The notion of \u2018biometric data\u2019 used in this Regulation\
\ should be interpreted in light of the notion of biometric data as defined\
\ in Article 4, point (14) of Regulation (EU) 2016/679, Article 3, point (18)\
\ of Regulation (EU) 2018/1725 and Article 3, point (13) of Directive (EU)\
\ 2016/680. Biometric data can allow for the authentication, identification\
\ or categorisation of natural persons and for the recognition of emotions\
\ of natural persons."
- urn: urn:intuitem:risk:req_node:ai-act:recital-15
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 15
description: "The notion of \u2018biometric identification\u2019 referred to\
\ in this Regulation should be defined as the automated recognition of physical,\
\ physiological and behavioural human features such as the face, eye movement,\
\ body shape, voice, prosody, gait, posture, heart rate, blood pressure, odour,\
\ keystrokes characteristics, for the purpose of establishing an individual\u2019\
s identity by comparing biometric data of that individual to stored biometric\
\ data of individuals in a reference database, irrespective of whether the\
\ individual has given its consent or not. This excludes AI systems intended\
\ to be used for biometric verification, which includes authentication, whose\
\ sole purpose is to confirm that a specific natural person is the person\
\ he or she claims to be and to confirm the identity of a natural person for\
\ the sole purpose of having access to a service, unlocking a device or having\
\ security access to premises."
- urn: urn:intuitem:risk:req_node:ai-act:recital-16
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 16
description: "The notion of \u2018biometric categorisation\u2019 referred to\
\ in this Regulation should be defined as assigning natural persons to specific\
\ categories on the basis of their biometric data. Such specific categories\
\ can relate to aspects such as sex, age, hair colour, eye colour, tattoos,\
\ behavioural or personality traits, language, religion, membership of a national\
\ minority, sexual or political orientation. This does not include biometric\
\ categorisation systems that are a purely ancillary feature intrinsically\
\ linked to another commercial service meaning that the feature cannot, for\
\ objective technical reasons, be used without the principal service and the\
\ integration of that feature or functionality is not a means to circumvent\
\ the applicability of the rules of this Regulation. For example, filters\
\ categorising facial or body features used on online marketplaces could constitute\
\ such an ancillary feature as they can be used only in relation to the principal\
\ service which consists in selling a product by allowing the consumer to\
\ preview the display of the product on him or herself and help the consumer\
\ to make a purchase decision. Filters used on online social network services\
\ which categorise facial or body features to allow users to add or modify\
\ pictures or videos could also be considered to be ancillary feature as such\
\ filter cannot be used without the principal service of the social network\
\ services consisting in the sharing of content online."
- urn: urn:intuitem:risk:req_node:ai-act:recital-17
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 17
description: "The notion of \u2018remote biometric identification system\u2019\
\ referred to in this Regulation should be defined functionally, as an AI\
\ system intended for the identification of natural persons without their\
\ active involvement, typically at a distance, through the comparison of a\
\ person\u2019s biometric data with the biometric data contained in a reference\
\ database, irrespectively of the particular technology, processes or types\
\ of biometric data used. Such remote biometric identification systems are\
\ typically used to perceive multiple persons or their behaviour simultaneously\
\ in order to facilitate significantly the identification of natural persons\
\ without their active involvement. This excludes AI systems intended to be\
\ used for biometric verification, which includes authentication, the sole\
\ purpose of which is to confirm that a specific natural person is the person\
\ he or she claims to be and to confirm the identity of a natural person for\
\ the sole purpose of having access to a service, unlocking a device or having\
\ security access to premises. That exclusion is justified by the fact that\
\ such systems are likely to have a minor impact on fundamental rights of\
\ natural persons compared to the remote biometric identification systems\
\ which may be used for the processing of the biometric data of a large number\
\ of persons without their active involvement. In the case of \u2018real-time\u2019\
\ systems, the capturing of the biometric data, the comparison and the identification\
\ occur all instantaneously, near-instantaneously or in any event without\
\ a significant delay. In this regard, there should be no scope for circumventing\
\ the rules of this Regulation on the \u2018real- time\u2019 use of the AI\
\ systems concerned by providing for minor delays. \u2018Real-time\u2019 systems\
\ involve the use of \u2018live\u2019 or \u2018near-live\u2019 material, such\
\ as video footage, generated by a camera or other device with similar functionality.\
\ In the case of \u2018post\u2019 systems, in contrast, the biometric data\
\ have already been captured and the comparison and identification occur only\
\ after a significant delay. This involves material, such as pictures or video\
\ footage generated by closed circuit television cameras or private devices,\
\ which has been generated before the use of the system in respect of the\
\ natural persons concerned."
- urn: urn:intuitem:risk:req_node:ai-act:recital-18
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 18
description: "The notion of \u2018emotion recognition system\u2019 referred\
\ to in this Regulation should be defined as an AI system for the purpose\
\ of identifying or inferring emotions or intentions of natural persons on\
\ the basis of their biometric data. The notion refers to emotions or intentions\
\ such as happiness, sadness, anger, surprise, disgust, embarrassment, excitement,\
\ shame, contempt, satisfaction and amusement. It does not include physical\
\ states, such as pain or fatigue; this refers for example to systems used\
\ in detecting the state of fatigue of professional pilots or drivers for\
\ the purpose of preventing accidents. This does also not include the mere\
\ detection of readily apparent expressions, gestures or movements, unless\
\ they are used for identifying or inferring emotions. Those expressions can\
\ be basic facial expressions, such as a frown or a smile, or gestures such\
\ as the movement of hands, arms or head, or characteristics of a person\u2019\
s voice, such as a raised voice or whispering."
- urn: urn:intuitem:risk:req_node:ai-act:recital-19
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 19
description: "For the purposes of this Regulation the notion of \u2018publicly\
\ accessible space\u2019 should be understood as referring to any physical\
\ place that is accessible to an undetermined number of natural persons, and\
\ irrespective of whether the place in question is privately or publicly owned,\
\ irrespective of the activity for which the place may be used, such as commerce\
\ (for instance, shops, restaurants, caf\xE9s), services (for instance, banks,\
\ professional activities, hospitality), sport (for instance, swimming pools,\
\ gyms, stadiums), transport (for instance, bus, metro and railway stations,\
\ airports, means of transport ), entertainment (for instance, cinemas, theatres,\
\ museums, concert and conference halls), or leisure or otherwise (for instance,\
\ public roads and squares, parks, forests, playgrounds). A place should be\
\ classified as publicly accessible also if, regardless of potential capacity\
\ or security restrictions, access is subject to certain predetermined conditions,\
\ which can be fulfilled by an undetermined number of persons, such as purchase\
\ of a ticket or title of transport, prior registration or having a certain\
\ age. In contrast, a place should not be considered to be publicly accessible\
\ if access is limited to specific and defined natural persons through either\
\ Union or national law directly related to public safety or security or through\
\ the clear manifestation of will by the person having the relevant authority\
\ on the place. The factual possibility of access alone (such as an unlocked\
\ door or an open gate in a fence) does not imply that the place is publicly\
\ accessible in the presence of indications or circumstances suggesting the\
\ contrary (such as. signs prohibiting or restricting access). Company and\
\ factory premises, as well as offices and workplaces that are intended to\
\ be accessed only by relevant employees and service providers, are places\
\ that are not publicly accessible. Publicly accessible spaces should not\
\ include prisons or border control. Some other areas may be composed of both\
\ not publicly accessible and publicly accessible areas, such as the hallway\
\ of a private residential building necessary to access a doctor's office\
\ or an airport. Online spaces are not covered either, as they are not physical\
\ spaces. Whether a given space is accessible to the public should however\
\ be determined on a case- by-case basis, having regard to the specificities\
\ of the individual situation at hand."
- urn: urn:intuitem:risk:req_node:ai-act:recital-20
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 20
description: "In order to obtain the greatest benefits from AI systems while\
\ protecting fundamental rights, health and safety and to enable democratic\
\ control, AI literacy should equip providers, deployers and affected persons\
\ with the necessary notions to make informed decisions regarding AI systems.\
\ Those notions may vary with regard to the relevant context and can include\
\ understanding the correct application of technical elements during the AI\
\ system\u2019s development phase, the measures to be applied during its use,\
\ the suitable ways in which to interpret the AI system\u2019s output, and,\
\ in the case of affected persons, the knowledge necessary to understand how\
\ decisions taken with the assistance of AI will have an impact on them. In\
\ the context of the application this Regulation, AI literacy should provide\
\ all relevant actors in the AI value chain with the insights required to\
\ ensure the appropriate compliance and its correct enforcement. Furthermore,\
\ the wide implementation of AI literacy measures and the introduction of\
\ appropriate follow-up actions could contribute to improving working conditions\
\ and ultimately sustain the consolidation, and innovation path of trustworthy\
\ AI in the Union. The European Artificial Intelligence Board (the \u2018\
Board\u2019) should support the Commission, to promote AI literacy tools,\
\ public awareness and understanding of the benefits, risks, safeguards, rights\
\ and obligations in relation to the use of AI systems. In cooperation with\
\ the relevant stakeholders, the Commission and the Member States should facilitate\
\ the drawing up of voluntary codes of conduct to advance AI literacy among\
\ persons dealing with the development, operation and use of AI."
- urn: urn:intuitem:risk:req_node:ai-act:recital-21
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 21
description: In order to ensure a level playing field and an effective protection
of rights and freedoms of individuals across the Union, the rules established
by this Regulation should apply to providers of AI systems in a non-discriminatory
manner, irrespective of whether they are established within the Union or in
a third country, and to deployers of AI systems established within the Union.
- urn: urn:intuitem:risk:req_node:ai-act:recital-22
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 22
description: 'In light of their digital nature, certain AI systems should fall
within the scope of this Regulation even when they are not placed on the market,
put into service, or used in the Union. This is the case, for example, where
an operator established in the Union contracts certain services to an operator
established in a third country in relation to an activity to be performed
by an AI system that would qualify as high-risk . In those circumstances,
the AI system used in a third country by the operator could process data lawfully
collected in and transferred from the Union, and provide to the contracting
operator in the Union the output of that AI system resulting from that processing,
without that AI system being placed on the market, put into service or used
in the Union. To prevent the circumvention of this Regulation and to ensure
an effective protection of natural persons located in the Union, this Regulation
should also apply to providers and deployers of AI systems that are established
in a third country, to the extent the output produced by those systems is
intended to be used in the Union.
Nonetheless, to take into account existing arrangements and special needs
for future cooperation with foreign partners with whom information and evidence
is exchanged, this Regulation should not apply to public authorities of a
third country and international organisations when acting in the framework
of cooperation or international agreements concluded at Union or national
level for law enforcement and judicial cooperation with the Union or the Member
States, provided that the relevant third country or international organisations
provides adequate safeguards with respect to the protection of fundamental
rights and freedoms of individuals. Where relevant, this may cover activities
of entities entrusted by the third countries to carry out specific tasks in
support of such law enforcement and judicial cooperation. Such framework for
cooperation or agreements have been established bilaterally between Member
States and third countries or between the European Union, Europol and other
Union agencies and third countries and international organisations. The authorities
competent for supervision of the law enforcement and judicial authorities
under this Regulation should assess whether those frameworks for cooperation
or international agreements include adequate safeguards with respect to the
protection of fundamental rights and freedoms of individuals. Recipient Member
States authorities and Union institutions, bodies, offices and agencies making
use of such outputs in the Union remain accountable to ensure their use complies
with Union law. When those international agreements are revised or new ones
are concluded in the future, the contracting parties should undertake the
utmost effort to align those agreements with the requirements of this Regulation.'
- urn: urn:intuitem:risk:req_node:ai-act:recital-23
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 23
description: This Regulation should also apply to Union institutions, bodies,
offices and agencies when acting as a provider or deployer of an AI system
- urn: urn:intuitem:risk:req_node:ai-act:recital-24
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 24
description: "If and insofar AI systems are placed on the market, put into service,\
\ or used with or without modification of such systems for military, defence\
\ or national security purposes, those should be excluded from the scope of\
\ this Regulation regardless of which type of entity is carrying out those\
\ activities, such as whether it is a public or private entity. As regards\
\ military and defence purposes, such exclusion is justified both by Article\
\ 4(2) TEU and by the specificities of the Member States\u2019 and the common\
\ Union defence policy covered by Chapter 2 of Title V TEU that are subject\
\ to public international law, which is therefore the more appropriate legal\
\ framework for the regulation of AI systems in the context of the use of\
\ lethal force and other AI systems in the context of military and defence\
\ activities. As regards national security purposes, the exclusion is justified\
\ both by the fact that national security remains the sole responsibility\
\ of Member States in accordance with Article 4(2) TEU and by the specific\
\ nature and operational needs of national security activities and specific\
\ national rules applicable to those activities. Nonetheless, if an AI system\
\ developed, placed on the market, put into service or used for military,\
\ defence or national security purposes is used outside those temporarily\
\ or permanently for other purposes, for example, civilian or humanitarian\
\ purposes, law enforcement or public security purposes, such a system would\
\ fall within the scope of this Regulation.\nIn that case, the entity using\
\ the system for other than military, defence or national security purposes\
\ should ensure compliance of the system with this Regulation, unless the\
\ system is already compliant with this Regulation. AI systems placed on the\
\ market or put into service for an excluded purpose, namely military, defence\
\ or national security, and one or more non-excluded purposes, such as civilian\
\ purposes or law enforcement, fall within the scope of this Regulation and\
\ providers of those systems should ensure compliance with this Regulation.\
\ In those cases, the fact that an AI system may fall within the scope of\
\ this Regulation should not affect the possibility of entities carrying out\
\ national security, defence and military activities, regardless of the type\
\ of entity carrying out those activities, to use AI systems for national\
\ security, military and defence purposes, the use of which is excluded from\
\ the scope of this Regulation. An AI system placed on the market for civilian\
\ or law enforcement purposes which is used with or without modification for\
\ military, defence or national security purposes should not fall within the\
\ scope of this Regulation, regardless of the type of entity carrying out\
\ those activities."
- urn: urn:intuitem:risk:req_node:ai-act:recital-25
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 25
description: This Regulation should support innovation, respect freedom of science,
and should not undermine research and development activity. It is therefore
necessary to exclude from its scope AI systems and models specifically developed
and put into service for the sole purpose of scientific research and development.
Moreover, it is necessary to ensure that this Regulation does not otherwise
affect scientific research and development activity on AI systems or models
prior to being placed on the market or put into service. As regards product
oriented research, testing and development activity regarding AI systems or
models, the provisions of this Regulation should also not apply prior to those
systems and models being put into service or placed on the market. That exclusion
is without prejudice to the obligation to comply with this Regulation where
an AI system falling into the scope of this Regulation is placed on the market
or put into service as a result of such research and development activity
and to the application of provisions on regulatory sandboxes and testing in
real world conditions. Furthermore, without prejudice to exclusion regarding
AI systems specifically developed and put into service for the sole purpose
of scientific research and development, any other AI system that may be used
for the conduct of any research and development activity should remain subject
to the provisions of this Regulation. In any event, any research and development
activity should be carried out in accordance with recognised ethical and professional
standards for scientific research and should be conducted in accordance with
applicable Union law.
- urn: urn:intuitem:risk:req_node:ai-act:recital-26
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 26
description: In order to introduce a proportionate and effective set of binding
rules for AI systems, a clearly defined risk-based approach should be followed.
That approach should tailor the type and content of such rules to the intensity
and scope of the risks that AI systems can generate. It is therefore necessary
to prohibit certain unacceptable AI practices, to lay down requirements for
high-risk AI systems and obligations for the relevant operators, and to lay
down transparency obligations for certain AI systems.
- urn: urn:intuitem:risk:req_node:ai-act:recital-27
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 27
description: While the risk-based approach is the basis for a proportionate
and effective set of binding rules, it is important to recall the 2019 Ethics
guidelines for trustworthy AI developed by the independent AI HLEG appointed
by the Commission. In those guidelines, the AI HLEG developed seven non-binding
ethical principles for AI which are intended to help ensure that AI is trustworthy
and ethically sound. The seven principles include human agency and oversight;
technical robustness and safety; privacy and data governance; transparency;
diversity, non-discrimination and fairness; societal and environmental well-being
and accountability. Without prejudice to the legally binding requirements
of this Regulation and any other applicable Union law, those guidelines contribute
to the design of a coherent, trustworthy and human-centric AI, in line with
the Charter and with the values on which the Union is founded. According to
the guidelines of the AI HLEG, human agency and oversight means that AI systems
are developed and used as a tool that serves people, respects human dignity
and personal autonomy, and that is functioning in a way that can be appropriately
controlled and overseen by humans. Technical robustness and safety means that
AI systems are developed and used in a way that allows robustness in the case
of problems and resilience against attempts to alter the use or performance
of the AI system so as to allow unlawful use by third parties, and minimise
unintended harm. Privacy and data governance means that AI systems are developed
and used in accordance with privacy and data protection rules, while processing
data that meets high standards in terms of quality and integrity. Transparency
means that AI systems are developed and used in a way that allows appropriate
traceability and explainability, while making humans aware that they communicate
or interact with an AI system, as well as duly informing deployers of the
capabilities and limitations of that AI system and affected persons about
their rights. Diversity, non-discrimination and fairness means that AI systems
are developed and used in a way that includes diverse actors and promotes
equal access, gender equality and cultural diversity, while avoiding discriminatory
impacts and unfair biases that are prohibited by Union or national law. Social
and environmental well-being means that AI systems are developed and used
in a sustainable and environmentally friendly manner as well as in a way to
benefit all human beings, while monitoring and assessing the long- term impacts
on the individual, society and democracy. The application of those principles
should be translated, when possible, in the design and use of AI models. They
should in any case serve as a basis for the drafting of codes of conduct under
this Regulation. All stakeholders, including industry, academia, civil society
and standardisation organisations, are encouraged to take into account as
appropriate the ethical principles for the development of voluntary best practices
and standards.
- urn: urn:intuitem:risk:req_node:ai-act:recital-28
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 28
description: Aside from the many beneficial uses of AI, that technology can
also be misused and provide novel and powerful tools for manipulative, exploitative
and social control practices. Such practices are particularly harmful and
abusive and should be prohibited because they contradict Union values of respect
for human dignity, freedom, equality, democracy and the rule of law and fundamental
rights enshrined in the Charter, including the right to non-discrimination,
to data protection and to privacy and the rights of the child.
- urn: urn:intuitem:risk:req_node:ai-act:recital-29
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 29
description: "AI-enabled manipulative techniques can be used to persuade persons\
\ to engage in unwanted behaviours, or to deceive them by nudging them into\
\ decisions in a way that subverts and impairs their autonomy, decision-making\
\ and free choices. The placing on the market, the putting into service or\
\ the use of certain AI systems with the objective to or the effect of materially\
\ distorting human behaviour, whereby significant harms, in particular having\
\ sufficiently important adverse impacts on physical, psychological health\
\ or financial interests are likely to occur, are particularly dangerous and\
\ should therefore be forbidden. Such AI systems deploy subliminal components\
\ such as audio, image, video stimuli that persons cannot perceive as those\
\ stimuli are beyond human perception or other manipulative or deceptive techniques\
\ that subvert or impair person\u2019s autonomy, decision-making or free choice\
\ in ways that people are not consciously aware or, where they are aware,\
\ they are still deceived or are not able to control or resist. This could\
\ be facilitated, for example, by machine-brain interfaces or virtual reality\
\ as they allow for a higher degree of control of what stimuli are presented\
\ to persons, insofar as they may materially distort their behaviour in a\
\ significantly harmful manner. In addition, AI systems may also otherwise\
\ exploit the vulnerabilities of a person or a specific group of persons due\
\ to their age, disability within the meaning of Directive (EU) 2019/882 of\
\ the European Parliament and of the Council, or a specific social or economic\
\ situation that is likely to make those persons more vulnerable to exploitation\
\ such as persons living in extreme poverty, ethnic or religious minorities.\n\
Such AI systems can be placed on the market, put into service or used with\
\ the objective to or the effect of materially distorting the behaviour of\
\ a person and in a manner that causes or is reasonably likely to cause significant\
\ harm to that or another person or groups of persons, including harms that\
\ may be accumulated over time and should therefore be prohibited. It may\
\ not be possible to assume that there is an intention to distort behaviour\
\ where the distortion results from factors external to the AI system which\
\ are outside the control of the provider or the deployer, namely factors\
\ that may not be reasonably foreseeable and therefore not possible for the\
\ provider or the deployer of the AI system to mitigate. In any case, it is\
\ not necessary for the provider or the deployer to have the intention to\
\ cause significant harm, provided that such harm results from the manipulative\
\ or exploitative AI-enabled practices. The prohibitions for such AI practices\
\ are complementary to the provisions contained in Directive 2005/29/EC of\
\ the European Parliament and of the Council, in particular unfair commercial\
\ practices leading to economic or financial harms to consumers are prohibited\
\ under all circumstances, irrespective of whether they are put in place through\
\ AI systems or otherwise. The prohibitions of manipulative and exploitative\
\ practices in this Regulation should not affect lawful practices in the context\
\ of medical treatment such as psychological treatment of a mental disease\
\ or physical rehabilitation, when those practices are carried out in accordance\
\ with the applicable law and medical standards, for example explicit consent\
\ of the individuals or their legal representatives. In addition, common and\
\ legitimate commercial practices, for example in the field of advertising,\
\ that comply with the applicable law should not, in themselves, be regarded\
\ as constituting harmful manipulative AI practices."
- urn: urn:intuitem:risk:req_node:ai-act:recital-30
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 30
description: "Biometric categorisation systems that are based on natural persons\u2019\
\ biometric data, such as an individual person\u2019s face or fingerprint,\
\ to deduce or infer an individuals\u2019 political opinions, trade union\
\ membership, religious or philosophical beliefs, race, sex life or sexual\
\ orientation should be prohibited. That prohibition should not cover the\
\ lawful labelling, filtering or categorisation of biometric data sets acquired\
\ in line with Union or national law according to biometric data, such as\
\ the sorting of images according to hair colour or eye colour, which can\
\ for example be used in the area of law enforcement."
- urn: urn:intuitem:risk:req_node:ai-act:recital-31
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 31
description: AI systems providing social scoring of natural persons by public
or private actors may lead to discriminatory outcomes and the exclusion of
certain groups. They may violate the right to dignity and non-discrimination
and the values of equality and justice. Such AI systems evaluate or classify
natural persons or groups thereof on the basis of multiple data points related
to their social behaviour in multiple contexts or known, inferred or predicted
personal or personality characteristics over certain periods of time. The
social score obtained from such AI systems may lead to the detrimental or
unfavourable treatment of natural persons or whole groups thereof in social
contexts, which are unrelated to the context in which the data was originally
generated or collected or to a detrimental treatment that is disproportionate
or unjustified to the gravity of their social behaviour. AI systems entailing
such unacceptable scoring practices and leading to such detrimental or unfavourable
outcomes should be therefore prohibited. That prohibition should not affect
lawful evaluation practices of natural persons that are carried out for a
specific purpose in accordance with Union and national law.
- urn: urn:intuitem:risk:req_node:ai-act:recital-32
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 32
description: "The use of AI systems for \u2018real-time\u2019 remote biometric\
\ identification of natural persons in publicly accessible spaces for the\
\ purpose of law enforcement is particularly intrusive to the rights and freedoms\
\ of the concerned persons, to the extent that it may affect the private life\
\ of a large part of the population, evoke a feeling of constant surveillance\
\ and indirectly dissuade the exercise of the freedom of assembly and other\
\ fundamental rights. Technical inaccuracies of AI systems intended for the\
\ remote biometric identification of natural persons can lead to biased results\
\ and entail discriminatory effects. Such possible biased results and discriminatory\
\ effects are particularly relevant with regard to age, ethnicity, race, sex\
\ or disabilities. In addition, the immediacy of the impact and the limited\
\ opportunities for further checks or corrections in relation to the use of\
\ such systems operating in real-time carry heightened risks for the rights\
\ and freedoms of the persons that are concerned by law enforcement activities."
- urn: urn:intuitem:risk:req_node:ai-act:recital-33
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 33
description: "The use of those systems for the purpose of law enforcement should\
\ therefore be prohibited, except in exhaustively listed and narrowly defined\
\ situations, where the use is strictly necessary to achieve a substantial\
\ public interest, the importance of which outweighs the risks. Those situations\
\ involve the search for certain victims of crime including missing people;\
\ certain threats to the life or to the physical safety of natural persons\
\ or of a terrorist attack; and the localisation or identification of perpetrators\
\ or suspects of the criminal offences listed in an annex to this Regulation,\
\ where those criminal offences are punishable by a custodial sentence or\
\ a detention order for a maximum period of at least four years in the Member\
\ State concerned in accordance with the law of that Member State. Such a\
\ threshold for the custodial sentence or detention order in accordance with\
\ national law contributes to ensuring that the offence should be serious\
\ enough to potentially justify the use of \u2018real-time\u2019 remote biometric\
\ identification systems.\nMoreover, those criminal offences are based on\
\ the 32 criminal offences listed in the Council Framework Decision 2002/584/JHA,\
\ taking into account that some of those offences are, in practice, likely\
\ to be more relevant than others, in that the recourse to \u2018real- time\u2019\
\ remote biometric identification is, foreseeably, necessary and proportionate\
\ to highly varying degrees for the practical pursuit of the localisation\
\ or identification of a perpetrator or suspect of the different criminal\
\ offences listed and having regard to the likely differences in the seriousness,\
\ probability and scale of the harm or possible negative consequences. An\
\ imminent threat to life or the physical safety of natural persons could\
\ also result from a serious disruption of critical infrastructure, as defined\
\ in Article 2, point (4) of Directive (EU) 2022/2557 of the European Parliament\
\ and of the Council, where the disruption or destruction of such critical\
\ infrastructure would result in an imminent threat to life or the physical\
\ safety of a person, including through serious harm to the provision of basic\
\ supplies to the population or to the exercise of the core function of the\
\ State. In addition, this Regulation should preserve the ability for law\
\ enforcement, border control, immigration or asylum authorities to carry\
\ out identity checks in the presence of the person that is concerned in accordance\
\ with the conditions set out in Union and national law for such checks. In\
\ particular, law enforcement, border control, immigration or asylum authorities\
\ should be able to use information systems, in accordance with Union or national\
\ law, to identify persons who, during an identity check, either refuse to\
\ be identified or are unable to state or prove their identity, without being\
\ required by this Regulation to obtain prior authorisation. This could be,\
\ for example, a person involved in a crime, being unwilling, or unable due\
\ to an accident or a medical condition, to disclose their identity to law\
\ enforcement authorities."
- urn: urn:intuitem:risk:req_node:ai-act:recital-34
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 34
description: "In order to ensure that those systems are used in a responsible\
\ and proportionate manner, it is also important to establish that, in each\
\ of those exhaustively listed and narrowly defined situations, certain elements\
\ should be taken into account, in particular as regards the nature of the\
\ situation giving rise to the request and the consequences of the use for\
\ the rights and freedoms of all persons concerned and the safeguards and\
\ conditions provided for with the use. In addition, the use of \u2018real-time\u2019\
\ remote biometric identification systems in publicly accessible spaces for\
\ the purpose of law enforcement should be deployed only to confirm the specifically\
\ targeted individual\u2019s identity and should be limited to what is strictly\
\ necessary concerning the period of time as well as geographic and personal\
\ scope, having regard in particular to the evidence or indications regarding\
\ the threats, the victims or perpetrator. The use of the real-time remote\
\ biometric identification system in publicly accessible spaces should be\
\ authorised only if the relevant law enforcement authority has completed\
\ a fundamental rights impact assessment and, unless provided otherwise in\
\ this Regulation, has registered the system in the database as set out in\
\ this Regulation. The reference database of persons should be appropriate\
\ for each use case in each of the situations mentioned above."
- urn: urn:intuitem:risk:req_node:ai-act:recital-35
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 35
description: "Each use of a \u2018real-time\u2019 remote biometric identification\
\ system in publicly accessible spaces for the purpose of law enforcement\
\ should be subject to an express and specific authorisation by a judicial\
\ authority or by an independent administrative authority whose decision is\
\ binding of a Member State. Such authorisation should, in principle, be obtained\
\ prior to the use of the AI system with a view to identifying a person or\
\ persons. Exceptions to that rule should be allowed in duly justified situations\
\ on grounds of urgency, namely, in situations where the need to use the systems\
\ concerned is such as to make it effectively and objectively impossible to\
\ obtain an authorisation before commencing the use of the AI system. In such\
\ situations of urgency, the use of the AI system should be restricted to\
\ the absolute minimum necessary and should be subject to appropriate safeguards\
\ and conditions, as determined in national law and specified in the context\
\ of each individual urgent use case by the law enforcement authority itself.\
\ In addition, the law enforcement authority should in such situations request\
\ such authorisation while providing the reasons for not having been able\
\ to request it earlier, without undue delay and, at the latest within 24\
\ hours. If such an authorisation is rejected, the use of real-time biometric\
\ identification systems linked to that authorisation should cease with immediate\
\ effect and all the data related to such use should be discarded and deleted.\
\ Such data includes input data directly acquired by an AI system in the course\
\ of the use of such system as well as the results and outputs of the use\
\ linked to that authorisation. It should not include input that is legally\
\ acquired in accordance with another Union or national law. In any case,\
\ no decision producing an adverse legal effect on a person should be taken\
\ based solely on the output of the remote biometric identification system."
- urn: urn:intuitem:risk:req_node:ai-act:recital-36
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 36
description: In order to carry out their tasks in accordance with the requirements
set out in this Regulation as well as in national rules, the relevant market
surveillance authority and the national data protection authority should be
notified of each use of the real-time biometric identification system. National
market surveillance authorities and the national data protection authorities
that have been notified should submit to the Commission an annual report on
the use of real-time biometric identification systems.
- urn: urn:intuitem:risk:req_node:ai-act:recital-37
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 37
description: Furthermore, it is appropriate to provide, within the exhaustive
framework set by this Regulation that such use in the territory of a Member
State in accordance with this Regulation should only be possible where and
in as far as the Member State concerned has decided to expressly provide for
the possibility to authorise such use in its detailed rules of national law.
Consequently, Member States remain free under this Regulation not to provide
for such a possibility at all or to only provide for such a possibility in
respect of some of the objectives capable of justifying authorised use identified
in this Regulation. Such national rules should be notified to the Commission
within 30 days of their adoption.
- urn: urn:intuitem:risk:req_node:ai-act:recital-38
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 38
description: The use of AI systems for real-time remote biometric identification
of natural persons in publicly accessible spaces for the purpose of law enforcement
necessarily involves the processing of biometric data. The rules of this Regulation
that prohibit, subject to certain exceptions, such use, which are based on
Article 16 TFEU, should apply as lex specialis in respect of the rules on
the processing of biometric data contained in Article 10 of Directive (EU)
2016/680, thus regulating such use and the processing of biometric data involved
in an exhaustive manner. Therefore, such use and processing should be possible
only in as far as it is compatible with the framework set by this Regulation,
without there being scope, outside that framework, for the competent authorities,
where they act for purpose of law enforcement, to use such systems and process
such data in connection thereto on the grounds listed in Article 10 of Directive
(EU) 2016/680. In that context, this Regulation is not intended to provide
the legal basis for the processing of personal data under Article 8 of Directive
(EU) 2016/680. However, the use of real-time remote biometric identification
systems in publicly accessible spaces for purposes other than law enforcement,
including by competent authorities, should not be covered by the specific
framework regarding such use for the purpose of law enforcement set by this
Regulation. Such use for purposes other than law enforcement should therefore
not be subject to the requirement of an authorisation under this Regulation
and the applicable detailed rules of national law that may give effect to
that authorisation.
- urn: urn:intuitem:risk:req_node:ai-act:recital-39
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 39
description: "Any processing of biometric data and other personal data involved\
\ in the use of AI systems for biometric identification, other than in connection\
\ to the use of real-time remote biometric identification systems in publicly\
\ accessible spaces for the purpose of law enforcement as regulated by this\
\ Regulation, should continue to comply with all requirements resulting from\
\ Article 10 of Directive (EU) 2016/680. For purposes other than law enforcement,\
\ \u258C Article 9(1) of Regulation (EU) 2016/679 and Article 10(1) of Regulation\
\ (EU) 2018/1725 prohibit the processing of biometric data subject to limited\
\ exceptions as provided in those Articles. In the application of Article\
\ 9(1) of Regulation (EU) 2016/679, the use of remote biometric identification\
\ for purposes other than law enforcement has already been subject to prohibition\
\ decisions by national data protection authorities."
- urn: urn:intuitem:risk:req_node:ai-act:recital-40
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 40
description: In accordance with Article 6a of Protocol No 21 on the position
of the United Kingdom and Ireland in respect of the area of freedom, security
and justice, as annexed to the TEU and to the TFEU, Ireland is not bound by
the rules laid down in Article 5(1), point (c) to the extent it applies to
the use of biometric categorisation systems for activities in the field of
police cooperation and judicial cooperation in criminal matters, Article 5(1),
points (e) and (f) to the extent they apply to the use of AI systems covered
by that provision, Article 5(3) to (8) and Article 26(10) of this Regulation
adopted on the basis of Article 16 of the TFEU which relate to the processing
of personal data by the Member States when carrying out activities falling
within the scope of Chapter 4 or Chapter 5 of Title V of Part Three of the
TFEU, where Ireland is not bound by the rules governing the forms of judicial
cooperation in criminal matters or police cooperation which require compliance
with the provisions laid down on the basis of Article 16 TFEU.
- urn: urn:intuitem:risk:req_node:ai-act:recital-41
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 41
description: In accordance with Articles 2 and 2a of Protocol No 22 on the position
of Denmark, annexed to the TEU and to the TFEU, Denmark is not bound by rules
laid down in Article 5(1), point (c) to the extent it applies to the use of
biometric categorisation systems for activities in the field of police cooperation
and judicial cooperation in criminal matters, Article 5(1), point (e), point
(f) to the extent it applies to the use of AI systems covered by that provision,
Article 5(3) to (8) and Article 26(10) of this Regulation adopted on the basis
of Article 16 of the TFEU, or subject to their application, which relate to
the processing of personal data by the Member States when carrying out activities
falling within the scope of Chapter 4 or Chapter 5 of Title V of Part Three
of the TFEU.
- urn: urn:intuitem:risk:req_node:ai-act:recital-42
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:ai-act:node2
ref_id: Recital 42
description: In line with the presumption of innocence, natural persons in the
Union should always be judged on their actual behaviour. Natural persons should
never be judged on AI- predicted behaviour based solely on their profiling,
personality traits or characteristics, such as nationality, place of birth,