Last Updated: May 1, 2025
EU AI Act Risk Categories
| Risk Level | Definition | Requirements | Examples |
|---|---|---|---|
| Unacceptable | Banned outright | Prohibited from EU market | Social scoring, real-time biometric surveillance, emotion recognition at work |
| High-Risk | Must meet strict requirements | CE marking, conformity assessment, human oversight, transparency, accuracy, cybersecurity | Medical devices, hiring systems, credit scoring, law enforcement AI |
| Limited Risk | Transparency obligations only | Must inform users they're interacting with AI | Chatbots, emotion recognition, deepfake generators |
| Minimal Risk | No specific regulation | Voluntary codes of conduct encouraged | Spam filters, AI-powered video games, inventory management |
| General Purpose AI (GPAI) | Additional rules for foundation models | Technical documentation, copyright compliance, energy reporting, systemic risk assessment for models >10^25 FLOPs | GPT-4, Claude, Gemini, Llama 3 |
Bias Detection Methods
Disparate Impact AnalysisCompare outcomes across demographic groups: ratio < 0.8 indicates potential discrimination
Equalized OddsMeasure if false positive / false negative rates are equal across groups
Demographic ParityCheck if positive prediction rates are similar across groups — P(ŷ=1|A=a) ≈ P(ŷ=1|A=b)
Intersectional AnalysisTest bias at intersections (e.g., race × gender) not just single attributes
Counterfactual TestingChange only the protected attribute in inputs, check if model output changes
Subgroup AUCCompute model performance metrics separately for each demographic subgroup
Calibration by GroupCheck if predicted probabilities mean the same thing across groups — P(Y=1|score=s, A=a) = P(Y=1|score=s, A=b)
Word Embedding Association Test (WEAT)Measure bias in word embeddings — geometric distance between concept and attribute vectors
Fairness Metrics & Interventions
| Item | Description |
|---|---|
Pre-processing | Balance training data: oversample underrepresented groups, reweight samples, or generate synthetic data |
In-processing | Add fairness constraints to model training: adversarial debiasing, fairness regularization, constrained optimization |
Post-processing | Adjust model outputs: threshold optimization per group, equal opportunity calibration |
Fairness-Aware Metrics | Use Fairlearn (Microsoft), AI Fairness 360 (IBM), or What-If Tool (Google) for automated fairness evaluation |
Data Cards | Document training data: source, collection method, demographic composition, known gaps — Google's Data Cards framework |
Model Cards | Document model: intended use, limitations, evaluation results, ethical considerations — pioneered by Google / Hugging Face |
Human Review | Establish diverse review panels to evaluate model behavior in context — technical metrics alone miss contextual fairness |
Redress Mechanism | Provide a clear process for users to contest AI decisions — required by GDPR and EU AI Act for high-risk systems |
Transparency Requirements
| Item | Description |
|---|---|
Explainability | Users have a right to meaningful explanation of AI decisions — SHAP, LIME, and attention visualization help |
Opt-Out Rights | Users must be able to opt out of automated decision-making for consequential decisions (GDPR Article 22) |
AI Disclosure | Users must be informed when interacting with AI vs human — chatbots, voice assistants, customer service |
Audit Trail | Maintain records of model versions, training data provenance, and decision rationale for regulatory audits |
Energy Reporting | EU AI Act: report model training energy consumption — encourages efficient model development |
Copyright Transparency | Disclose copyrighted training data — EU AI Act requirement to enable opt-out and compensation mechanisms |
Third-Party Audits | Independent audits for high-risk AI systems — similar to financial audits for public companies |
Open Source Ethics | Open-source models aren't exempt from ethics — consider dual-use risks when releasing powerful models publicly |
Pro Tip: Start with transparency. Even if you can't fix every bias immediately, documenting model limitations, training data composition, and intended use builds trust and is increasingly required by law.