On Wednesday, European Parliament members voted overwhelmingly to approve a new set of rules on artificial intelligence.
The EU is taking a risk-based approach to AI, with the EU AI Act meaning that the riskier the effects an AI system has, the more scrutiny it will face.
The act will become law after member states sign it off, which is usually a formality. It will also need to be published in the EU's Official Journal, which JPMorgan says, according to reports, should happen between May and June. The regulation is expected to be fully applicable 24 months after it enters into force.
AI systems are said to be divided into four categories according to the associated societal risk. For example, high-risk cases will be those in critical infrastructure and AI used in medical devices. However, the EU believes most AI applications will be low-risk.
In almost all cases, companies must clearly indicate when they use AI technology, while companies deemed higher risk will be required to provide clear information to users. Furthermore, applications deemed "too risky" will be prohibited.
Analysts said in a note Friday that some use cases, such as social scoring, will be prohibited.
Focusing on the market, analysts stated: "'General Purpose AI ̇' systems' rules, which include large generative AI models, are likely to be the focus of most investor attention given market trends."
They added: "The act implements transparency requirements and the respect of copyright laws in model training. Models that pose 'systemic risks,' i.e., the most powerful (above 10^25 FLOPs of total computing power - supposedly including OpenAI's ChatGPT 4 and Google (NASDAQ:GOOGL)'s Gemini), will be mandated to assess and mitigate risks, report serious incidents, conduct state-of-the-art tests and model evaluations, ensure cybersecurity and provide information on the energy consumption."
Analysts note that financially speaking, fines can reach up to 7% of global annual turnover or EUR35 million for prohibited AI violations and 3% of global annual turnover or EUR15 million for most other violations.
The investment bank believes the act's adoption could shift the focus from data security and privacy issues to a broader list of topics, including labeling and copyrights, as well as broader ethical and sustainability considerations.