TASM Notes, May 5th 2024

Sat May 11, 2024

Pre-Meeting Chatting

The News

The Talk - The EU AI Act by Kathrin Gardhouse

We're discussing this today.

EU Act Scope

EU AI Act and Existential Risks

"GPAI" means "General Purpose Artificial Intelligence" systems. It's a technical term defined in the act text. Includes things like ChatGPT/Claude and other general chat models. It doesn't include special-purpose models like Tortoise or StableDiffusion.

Prohibited AI systems

These are things you Do Not Do. The way the act is structured, you don't get retroactive penalties, but you are incentivized to comply going forward if you want to be able to do business in the EU.

Q: Where is the liability in a situation where there are safeguards around these uses, but they're easily jail-breakable?

A: The act doesn't talk about liability in most of these situation, but there is language about understanding possible uses and misuses of your tech. There's a standard here where you consult industry professionals and see if they agree that the given situation falls into "forseeable misuse" of your product

High Risk AI Systems

Q: If I'm using ChatGPT to ask me questions in an attempt to teach me things, does it count as an "Educational and vocational training" system for the purposes of this act?

A: The act doesn't really prohibit individual use of these technologies. It's more concerned with systems that gate access to education/vocational training.

General Purpose AI Systems

Who Does The Classification?

Q: Are there white-hat hackers or equivalents in this space?

A: Kind of? The equivalents here are evals, either alignment or capability. The idea being trying to elicit behavior from models in order to classify them.

Compliance Obligations - High-Risk AI Systems

For Providers

For Deployers

One comment that's come up a few times relates to implied shortcomings of self report. Apparently nuclear does this? Like, if you're taking the uranium-to-compute metaphor seriously, apparently if you ask nuclear weapons regulators "How do you know who's working on nuclear weapons?" their response is "Oh, they tell us."

Another point here is that supply-chain monitoring is potentially effective (but not included in the Act itself). In the nuclear side of the metaphor, this implies monitoring uranium mines or refineries. In the compute side, it implies looking at Nvidia sales (Note: 4090s still well above $2k on Amazon)

Compliance Obligations - GPAIs

For Providers

Still required:

Only implicitly required:


For Deployers

That is all.

Compliance Obligations - GPAIs with Systemic Risks

For Providers


For Deployers


AI Regulatory Sandboxes


Commission can request documentation from GPAI providers, and issue fines or force developers to withdraw their model

For GPAI providers:

Creative Commons License

all articles at langnostic are licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License

Reprint, rehost and distribute freely (even for profit), but attribute the work and allow your readers the same freedoms. Here's a license widget you can use.

The menu background image is Jewel Wash, taken from Dan Zen's flickr stream and released under a CC-BY license