The EU AI Act: Open-Source Exceptions and Considerations for Your AI Strategy – Orrick

8 minute read | May.20.2024
This update is part of our EU AI Act Essentials Series. Click here to view additional updates.
The European AI Act emerged after years of deliberation among legislators crafting the first comprehensive law to regulate artificial intelligence systems^[1] and general-purpose AI models (GPAIMs).^[2]
Given the EU’s status as an early mover in tech regulation, AI developers and users should understand the requirements of and exceptions to the EU regulation – including open-source exceptions – as a guidepost for how such requirements are likely to develop elsewhere in the near term.
The AI Act seeks to regulate (and in some cases prohibit) the development, use and distribution of AI systems and general-purpose AI models, especially where such technologies impact life, safety or individual legal rights.
The AI Act reflects a concern that foundational AI technologies carry enhanced risk to society due to their widespread adaptability and the likelihood of their pervasive use throughout the technology ecosystem, meaning problems with powerful or defective AI systems or models could be quickly magnified in the economy as compared to models with only a narrow and tailored training process and use case.
The extent to which the AI Act should regulate open-source AI technologies was a source of controversy during the legislative process and final negotiations. Some argued that failure to include exemptions for models and systems made available to developers on an open-source basis would stifle knowledge-sharing and innovation. However, others raised the potential for security issues associated with unrestricted dissemination of open-source models.
In the end, the AI Act contains two exemptions. 
The provider of the open-source GPAIM nonetheless must:
Below are just a few initial considerations developers, providers and users (called “deployers” under the AI Act) should keep in mind as they continue to develop, use and distribute such technologies:
What types of AI technologies are you using or sharing and for what purposes?
What are the pros and cons as a “provider” for licensing AI systems or GPAIMs to third parties under an open-source license that respects the requirements of the AI Act?
What are the pros and cons as a “deployer” (user) for licensing AI systems or GPAIMs from providers under the exceptions?
What safeguards should I have in place if my company uses open-source AI technologies?
If you have questions about the EU AI Act, open-source AI systems, general purpose AI models, or legal issues in artificial intelligence reach out to the authors (Julia Apostle, Sarah Schaedler, Shaya Afshar and Daniel Healow) or other members of Orrick’s AI team.
^[1] “AI system” is defined as “a machine-based system designed to operate with varying levels of autonomy and that might exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.”
^[2] “General-purpose AI models” are defined as “an AI model, including when trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable to competently perform a wide range of distinct tasks regardless of the way the model is placed on the EU market and that can be integrated into a variety of downstream systems or applications.”
Paris
Paris

Julia counsels on compliance issues in relation to European and French tech and data regulations, including the GDPR, the Digital Services Act, the regulation of AI, the Data Act and other new and emerging legislation impacting online platforms, technology developers, and eCommerce businesses. She advises companies of all sizes on a wide range of compliance matters, ranging the drafting of internal policies, to assisting with regulatory investigations, and product counseling.
In the context of strategic transactions covering significant and complex technological issues, she is involved in the drafting and negotiation of agreements relating to data transfer, IT, software, content and brand licensing.
Qualified to practice in the UK and France, Julia is deeply familiar with the commercial considerations’ clients face, having practiced in-house at Twitter, Financial Times and CBS for more than a decade prior to joining Orrick.
San Francisco
San Francisco

Sarah’s practice focuses on structuring and negotiating the intellectual property aspects of complex corporate transactions, including mergers and acquisitions, business divestitures and commercial transactions where software and technology are the principal assets. Sarah also advises on intellectual property and technology contracts related questions in the context of Artificial Intelligence (AI).
Sarah routinely advises on carve-outs and business separation transactions and helps clients with structuring and implementing their intellectual property and technology separation roadmap.
Sarah has counseled several companies in their preparation for a divestiture and understands the issues a buyer is focused on in the context of intellectual property matters. She regularly helps companies implement remediation steps around their intellectual property assets to help them to a successful closing.
She has significant experience advising private equity funds on investments involving companies that are driven by technology & innovation, as well as intellectual property reliant consumer product companies and companies that are stepping into digitalization.
Sarah is also a member of Orrick’s AI leadership group and involved in thought leadership projects related to AI matters on corporate transactions.
Educated and trained in Germany, France and the United States, Sarah’s international experience provides her with additional knowledge on cross-border transactions and international matters.
Santa Monica
Santa Monica

During his time with Orrick, Shaya was seconded to cloud-based information security company Zscaler, Inc. as commercial and corporate counsel. Prior to joining Orrick, Shaya was an associate in the IP and Technology Transactions Group at Skadden, Arps, Slate, Meagher & Flom LLP, and prior to law school, he spent a year teaching English in Shenzhen, China.
Silicon Valley
Silicon Valley

Daniel has experience working with clients of all sizes with varying industry and regulatory footprints, from startups to mature technology companies to large financial institutions, in various transactional settings, such as mergers and acquisitions, carve-outs, service provider arrangements, development arrangements, strategic partnerships and commercial contracts. In addition to standalone transactions, Daniel provides ongoing client support concerning post-transaction business integration, IP portfolio management, artificial intelligence tooling usage, open source software usage, compliance with privacy laws, internal and external-facing policy management and data management strategy.
Prior to joining Orrick, Daniel was an Associate in the IP and Technology Transactions Group at Skadden. Prior to law school, he was part of the Legal Online Operations team at Google where he managed and developed policies to address government requests for user data.
© 2024 Orrick, Herrington & Sutcliffe LLP. All rights reserved.
Please do not include any confidential, secret or otherwise sensitive information concerning any potential or actual legal matter in this e-mail message. Unsolicited e-mails do not create an attorney-client relationship and confidential or secret information included in such e-mails cannot be protected from disclosure. Orrick does not have a duty or a legal obligation to keep confidential any information that you provide to us. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.
By clicking “OK” below, you understand and agree that Orrick will have no duty to keep confidential any information you provide.


This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!