Embracing AI: Luxembourg’s proactive approach to artificial intelligence
As artificial intelligence (AI) continues to redefine the global digital landscape, understanding its implications and the necessary frameworks for its ethical integration into society is paramount. The KPMG report on the EU AI Act provides a comprehensive analysis of the upcoming regulations and outlines strategic actions crucial for navigating this new terrain. The report highlights AI's transformative potential across various sectors, urging readiness for the regulatory shifts that will shape the future of AI usage in Europe and beyond.
Luxembourg is distinguishing itself as a forward-thinking hub for AI, evidenced by its early and ongoing preparatory actions. The Commission de Surveillance du Secteur Financier (CSSF), Luxembourg’s financial sector regulator, has been particularly proactive, having published white papers on AI that discuss its potential impacts and challenges. The CSSF continues to monitor the deployment of AI in the financial sector closely, ensuring that innovations align with both consumer protection and industry competitiveness.
Moreover, the National Commission for Data Protection (CNPD) has actively facilitated public engagement through consultations and interactive sessions, such as the "DaProLAb" workshops. These initiatives are part of a broader effort to foster a well-informed dialogue about AI's regulatory landscape, ensuring that stakeholder perspectives are considered in shaping practical and effective governance models.
The Luxembourgish government is also capitalizing on AI’s potential to enhance service delivery and stimulate economic growth. Additionally, the government’s investment in sovereign cloud technology exemplifies a strategic move to provide secure AI capabilities, ensuring that innovations in AI are leveraged in a controlled and safe manner.
This article was originally published by KPMG Global.
Decoding the EU AI Act
Discover the potential impact of the AI Act to your organization.
Download PDF (1.8 MB) ⤓
EU AI Act Overview
AI holds immense promise to expand the horizon of what is achievable and to impact the world for our benefit — but managing AI’s risks and potential known and unknown negative consequences will be critical. The AI Act is set to be finalized in 2024 and aims to ensure that AI systems are safe, respect fundamental rights, foster AI investment, improve governance, and encourage a harmonized single EU market for AI.
The AI Act's definition of AI is anticipated to be broad and include various technologies and systems. As a result, organizations are likely to be significantly impacted by the AI Act. Most of the obligations are expected to take effect in early 2026. However, prohibited AI systems will have to be phased out six months after the AI Act comes into force. The rules for governing general-purpose AI are expected to apply in early 2025.1
The AI Act applies a risk-based approach, dividing AI systems into different risk levels: unacceptable, high, limited and minimal risk.2
High-risk AI systems are permitted but subject to the most stringent obligations. These obligations will affect not only users but also so-called ‘providers’ of AI systems. The term ‘provider’ in the AI Act covers developing bodies of AI systems, including organizations that develop AI systems for strictly internal use. It is important to know that an organization can be both a user and a provider.
Providers will likely need to ensure compliance with strict standards concerning risk management, data quality, transparency, human oversight, and robustness.
Users are responsible for operating these AI systems within the AI Act’s legal boundaries and according to the provider's specific instructions. This includes obligations on the intended purpose and use cases, data handling, human oversight and monitoring.
New provisions have been added to address the recent advancements in general-purpose AI (GPAI) models, including large generative AI models.3 These models can be used for a variety of tasks and can be integrated into a large number of AI systems, including high-risk systems, and are increasingly becoming the basis for many AI systems in the EU. To account for the wide range of tasks AI systems can accomplish and the rapid expansion of their capabilities, it was agreed that GPAI systems, and the models they are based on, may have to adhere to transparency requirements. Additionally, high-impact GPAI models, which possess advanced complexity, capabilities, and performance, will face more stringent obligations. This approach will help mitigate systemic risks that may arise due to these models' widespread use.4
Existing Union laws, for example, on personal data, product safety, consumer protection, social policy, and national labor law and practice, continue to apply, as well as Union sectoral legislative acts relating to product safety. Compliance with the AI Act will not relieve organizations from their pre-existing legal obligations in these areas.
Organizations should take the time to create a map of the AI systems they develop and use and categorize their risk levels as defined in the AI Act. If any of their AI systems fall into the limited, high or unacceptable risk category, they will need to assess the AI Act’s impact on their organization. It is imperative to understand this impact — and how to respond — as soon as possible.
Get in touch
Connect with us
- Find office locations kpmg.findOfficeLocations
- kpmg.emailUs
- Social media @ KPMG kpmg.socialMedia
Transforming for a future of value
1 European Commission. (December 12, 2023). Artificial Intelligence – Questions and Answers.
2 European Council. (December 9, 2023). Artificial Intelligence Act Trilogue: Press conference – Part 4.
3 European Parliament. (March 2023). General-purpose artificial intelligence.
4 European Commission. (December 12, 2023). Artificial Intelligence – Questions and Answers.