Scenario: Ek company job applications screen karne ke liye AI use karti hai.
Yeh high-risk kyun hai: Employment ek fundamental right hai; biased AI discriminate kar sakta hai.
Compliance steps:
Risk Management:
Hum kya karte hain: Risks identify karo (gender bias, age bias, accessibility issues).
Yeh step kyun?: Jo risks identify nahi hue, unhe mitigate nahi kar sakte. Proactive thinking force hoti hai.
Data Governance:
Hum kya karte hain: Ensure karo ki training data diverse demographics represent kare; protected attributes ke across bias test karo.
Yeh step kyun?: AI data se patterns seekhta hai. Agar training data certain groups ko overrepresent kare, toh model bhi wahi karega.
Check: Validation set par fairness metrics (demographic parity, equalized odds) run karo.
Technical Documentation:
Hum kya karte hain: Model architecture, training data sources, performance metrics, known limitations document karo.
Yeh step kyun?: Auditability. Agar koi rejected candidate complain kare, toh regulators ko samajhna hoga ki decisions kaise hue.
Human Oversight:
Hum kya karte hain: HR staff final decisions se pehle AI recommendations review kare; override kar sake.
Yeh step kyun?: AI woh patterns pakadta hai jo humans miss karte hain, lekin humans woh context pakad lete hain jo AI miss karta hai. Complementary strengths hain.
Transparency:
Hum kya karte hain: Applicants ko inform karo ki AI use ho raha hai; decision factors ki explanation do.
Yeh step kyun?: Applicants ka haq hai jaanne ka aur automated decisions ko contest karne ka.
Act mein general-purpose AI (GPAI) jaise GPT, DALL-E, LLaMA—jinhe kisi specific use case ke liye design nahi kiya gaya—ke liye special provisions hain.
Example chain:
OpenAI GPT-5 train karta hai → GPAI provider obligations (training data document karo, systemic risks test karo)
Hospital GPT-5 khareedta hai ek diagnostic chatbot banane ke liye → High-risk AI obligations (clinical validation, human oversight, etc.)
Agar diagnostic chatbot fail ho, toh dono OpenAI aur hospital liable ho sakte hain (depend karta hai ki failure kahan se aayi).
Ek high-risk AI system deploy karne wali company ke liye:
Step 1: Risk Assessment
↓
Is it high-risk? (Check Annex III of Act)
├─ No → Transparency requirements only (if limited risk)
└─ Yes↓
Step 2: Data Governance
↓
Audit training data for quality, bias
↓
Step 3: Technical Documentation
↓
Document architecture, training process, performance
↓
Step 4: Testing & Validation
↓
Test on representative data; compute fairness/accuracy metrics
↓
Step 5: Human Oversight Design
↓
Define human review points, override mechanisms
↓
Step 6: Conformity Assessment
↓
Self-assessment or third-party audit (depends on system type)
↓
Step 7: CE Marking & Registration
↓
Register in EU database; afix CE mark to product
↓
Step 8: Post-Market Monitoring
↓
Log incidents, retrain as needed, report serious issues
Time estimate: Full compliance ke liye 6-18 months (system complexity par depend karta hai).
Imagine karo tumne ek robot banaya jo teachers ko homework grade karne mein help karta hai. Woh bahut smart hai aur bahut time bachata hai! Lekin kya hoga agar robot galti se certain neighborhoods ke bachon ko kharab grades de kyunki usne biased past data se seekha? Yeh toh fair nahi hai, na?
EU AI Act robots aur AI ke liye ek rulebook ki tarah hai. Yeh kehta hai:
Dangerous robots ban hain (jaise robots jo sabko spy karein ya logon ko trick karein).
Important robots ko extra careful rehna hoga (jaise robots jo homework grade karein ya doctors ki help karein). Unhe test karna hoga ki woh fair hain, aur human hamesha unka kaam check kare.
Chatbots ko honest rehna hoga ("Hi, main ek robot hoon!" instead of human hone ka pretend karna).
Simple robots kuch bhi kar sakte hain (jaise chess khelne wala robot ya spam filter).
Hume yeh kyun chahiye? Kyunki AI bahut powerful hota ja raha hai, aur agar rules na ho, toh koi aisa robot bana sakta hai jo unfair decisions le (jaise logon ko unke naam ya skin color ki wajah se jobs ke liye reject kare) ya logon ko unke bina jaane spy kare. Rules ensure karte hain ki AI logon ki help kare bina unhe hurt kiye.
Yeh waise hi hai jaise cars chalane ke rules hain: tumhe license chahiye, car mein seatbelts aur airbags hone chahiye, aur tum footpath par drive nahi kar sakte. Same idea—rules powerful cheezon ko safe rakhte hain!
6.4.1-Value-alignmentproblem: AI Act alignment ka ek governance solution hai. Jahan technical alignment ensure karta hai ki AI wahi kare jo hum chahte hain, regulation ensure karti hai ki jo hum chahte hain woh humane ho.
6.4.2-Reward-hacking: High-risk requirements (human oversight, logging) detect karne mein help karte hain jab deployed AI metrics ko harmful ways mein "game" kare.
6.4.3-Interpretability-and-explainability: Explainability high-risk systems ke liye "transparency" requirements ke under mandated hai—directly relevant.
6.4.5-AI-safety-research: Act AI safety research fund karta hai; certification bodies ko standards chahiye, jo safety research provide karti hai.
6.4.12-Long-term-existential-risks: Act near-term harms (bias, privacy) address karta hai. Long-term risks (AGI alignment) scope se bahar hain, lekin GPAI systemic risk provisions ek step hain.
#flashcards/ai-ml
EU AI Act ke regulatory approach ka core principle kya hai? :: Risk-based approach—AI systems ko risk level ke hisaab se classify kiya jaata hai (unacceptable, high, limited, minimal), zyada risk wale systems par stricter requirements hoti hain.
EU AI Act ke under prohibited (unacceptable risk) AI systems ke do examples do.
1) Governments dwara social scoring, 2) Public spaces mein real-time remote biometric identification (narrow exceptions ke saath).
High-risk AI systems ke saat core requirements kya hain?
1) Risk management, 2) Data governance, 3) Technical documentation, 4) Record-keeping, 5) Transparency, 6) Human oversight, 7) Accuracy/robustness/cybersecurity.
Hiring AI system ko high-risk kyun classify kiya jaata hai?
Employment ek fundamental right hai; biased AI protected groups ke saath discriminate kar sakta hai, equality principles violate karte hue.
EU AI Act ke under limited-risk AI systems (jaise chatbots) ko kya karna chahiye?
Users ko disclose karo ki woh AI ke saath interact kar rahe hain (transparency obligation).
Prohibited AI systems deploy karne par penalty kya hai?
€35 million tak ya global annual revenue ka 7%, jo bhi zyada ho.
Act ke under GPAI (general-purpose AI) obligations kya hain?
Providers ko model documentation (capabilities, limitations, data sources) publish karna hoga, copyright compliance ensure karni hogi, aur bahut bade models ke liye systemic risk evaluations karne honge.
EU AI Act ke context mein "Brussels Effect" kya hai?
Non-EU companies bhi aksar EU AI Act globally follow karti hain kyunki 1) EU market access milta hai, 2) do versions banana inefficient hai, 3) yeh ek de facto global standard ban jaata hai jo dusre jurisdictions copy karte hain.
EU AI Act high-risk systems ke liye human oversight kyun require karta hai?
Edge cases aur context jo AI miss kare unhe pakadne ke liye, AI decisions ko override karne ke liye, aur accountability maintain karne ke liye (insaan zimmedaar hain, machines nahi).
Banned real-time biometric surveillance aur allowed post-event analysis mein kya farq hai? :: Public mein real-time scanning mass surveillance aur chilling effects create karta hai; specific crimes ke baad post-hoc targeted analysis (judicial oversight ke saath) ka investigative purpose hota hai.
Act high-risk AI ke liye data governance kyun mandate karta hai?
Biased ya low-quality training data se biased/inaccurate AI decisions hoti hain; data governance ensure karta hai ki training data representative ho aur deployment se pehle bias ke liye test ki gayi ho.