{"id":1312,"date":"2025-08-01T16:00:30","date_gmt":"2025-08-01T16:00:30","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4319212"},"modified":"2025-08-01T16:00:30","modified_gmt":"2025-08-01T16:00:30","slug":"as-eus-ai-act-deadline-looms-providers-worry-about-legal-grey-areas","status":"publish","type":"post","link":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/08\/01\/as-eus-ai-act-deadline-looms-providers-worry-about-legal-grey-areas\/","title":{"rendered":"As EU\u2019s AI Act Deadline Looms, Providers Worry About Legal Grey Areas"},"content":{"rendered":"
\"European<\/picture>
Image: bearevay\/Envato Elements<\/figcaption><\/figure>\n

<\/p>\n

From Aug. 2, 2025, providers of general-purpose artificial intelligence (GPAI) models in the European Union must comply with key provisions of the EU AI Act. Requirements include maintaining up-to-date technical documentation and summaries of training data.<\/p>\n

The AI Act<\/a> outlines EU-wide measures aimed at ensuring that AI is used safely and ethically. It establishes a risk-based approach to regulation<\/a> that categorises AI systems based on their perceived level of risk to and impact on citizens.<\/p>\n

As the deadline approaches, legal experts are hearing from AI providers that the legislation lacks clarity, opening them up to potential penalties even if they intend to comply. Some of the requirements also threaten innovation in the bloc by asking too much of tech startups, but the legislation does not have any real focus on mitigating the risks of bias and harmful AI-generated content.<\/p>\n

Oliver Howley, partner in the technology department at law firm Proskauer, spoke to TechRepublic about these shortcomings. \u201cIn theory, 2 August 2025 should be a milestone for responsible AI,\u201d he said in an email. \u201cIn practice, it\u2019s creating significant uncertainty and, in some cases, real commercial hesitation.\u201d<\/p>\n

<\/span>Unclear legislation exposes GPAI providers to IP leaks and penalties<\/span><\/h2>\n

Behind the scenes, providers of AI models in the EU are struggling with the legislation as it \u201cleaves too much open to interpretation,\u201d Howley told TechRepublic. \u201cIn theory, the rules are achievable\u2026. but they\u2019ve been drafted at a high level and that creates genuine ambiguity.\u201d<\/p>\n

The Act defines GPAI models as having \u201csignificant generality\u201d without clear thresholds, and that providers must publish \u201csufficiently detailed\u201d summaries of the data used to train their models. The ambiguity here creates an issue, as disclosing too much detail could \u201crisk revealing valuable IP or triggering copyright disputes,\u201d Howley said.<\/p>\n

Some of the opaque requirements pose unrealistic standards, too. The AI Code of Practice<\/a>, a voluntary framework that tech companies can sign up to implement and comply with the AI Act, instructs GPAI model providers to filter websites that have opted out of data mining from their training data. Howley said this is \u201ca standard that\u2019s difficult enough going forward, let alone retroactively.\u201d<\/p>\n

It is also unclear who is obliged to abide by the requirements. \u201cIf you fine-tune an open-source model for a specific task, are you now the \u2018provider\u2019?\u201d Howley said. \u201cWhat if you just host it or wrap it into a downstream product? That matters because it affects who carries the compliance burden.\u201d<\/p>\n

Indeed, while providers of open-source GPAI models are exempt from some of the transparency obligations, this is not true if they pose \u201csystemic risk.\u201d In fact, they have a different set of more rigorous obligations, including safety testing, red-teaming, and post-deployment monitoring. But since open-sourcing allows unrestricted use, tracking all downstream applications is nearly impossible, yet the provider could still be held liable for harmful outcomes.<\/p>\n

<\/span>Burdensome requirements could have a disproportionate impact on AI startups<\/span><\/h2>\n

\u201cCertain developers, despite signing the Code, have raised concerns that transparency requirements could expose trade secrets and slow innovation in Europe,\u201d Howley told TechRepublic. OpenAI, Anthropic, and Google have committed to it, with the search giant in particular expressing such concerns. Meta has publicly refused to sign the Code in protest of the legislation in its current form.<\/p>\n

\u201cSome companies are already delaying launches or limiting access in the EU market \u2013 not because they disagree with the objectives of the Act, but because the compliance path isn\u2019t clear, and the cost of getting it wrong is too high.\u201d<\/p>\n

Howley said that startups are having the hardest time because they don\u2019t have in-house legal support to help with the extensive documentation requirements. These are some of the most essential companies when it comes to innovation, and the EU recognises this<\/a>.<\/p>\n

\u201cFor early-stage developers, the risk of legal exposure or feature rollback may be enough to divert investment away from the EU altogether,\u201d he added. \u201cSo while the Act\u2019s objectives are sound, the risk is that its implementation slows down precisely the kind of responsible innovation it was designed to support.\u201d<\/p>\n

A possible knock-on effect of quashing the potential of startups is rising geopolitical tensions. The US administration\u2019s vocal opposition to AI regulation<\/a> clashes with the EU\u2019s push for oversight, and could strain ongoing trade talks<\/a>. \u201cIf enforcement actions begin hitting US-based providers, that tension could escalate further,\u201d Howley said.<\/p>\n

<\/span>Act has very little focus on preventing bias and harmful content, limiting its effectiveness<\/span><\/h2>\n

While the Act has significant transparency requirements, there are no mandatory thresholds for accuracy, reliability, or real-world impact, Howley told TechRepublic.<\/p>\n

\u201cEven systemic-risk models aren\u2019t regulated based on their actual outputs, just on the robustness of the surrounding paperwork,\u201d he said. \u201cA model could meet every technical requirement, from publishing training summaries to running incident response protocols, and still produce harmful<\/a> or biased<\/a> content.\u201d<\/p>\n