As our Microsoft AI Tour reached Brussels, Paris, and Berlin towards the tip of final 12 months, we met with European organizations that had been energized by the probabilities of our newest AI applied sciences and engaged in deployment initiatives. They had been additionally alert to the truth that 2025 is the 12 months that key obligations underneath the European Union’s AI Act come into impact, opening a brand new chapter in digital regulation because the world’s first, complete AI legislation turns into a actuality.
At Microsoft, we’re prepared to assist our prospects do two issues directly: innovate with AI and adjust to the EU AI Act. We are constructing our services and products to adjust to our obligations underneath the EU AI Act and dealing with our prospects to assist them deploy and use the expertise compliantly. We are additionally engaged with European policymakers to help the event of environment friendly and efficient implementation practices underneath the EU AI Act which are aligned with rising worldwide norms.
Below, we go into extra element on these efforts. Since the dates for compliance with the EU AI Act are staggered and key implementation particulars usually are not but finalized, we can be publishing info and instruments on an ongoing foundation. You can seek the advice of our EU AI Act documentation on the Microsoft Trust Center to remain updated.
Building Microsoft services and products that adjust to the EU AI Act
Organizations around the globe use Microsoft services and products for progressive AI options that empower them to attain extra. For these prospects, notably these working globally and throughout completely different jurisdictions, regulatory compliance is of paramount significance. This is why, in each buyer settlement, Microsoft has dedicated to adjust to all legal guidelines and laws relevant to Microsoft. This contains the EU AI Act. It can be why we made early selections to construct and proceed to spend money on our AI governance program.
As outlined in our inaugural Transparency Report, we now have adopted a danger administration strategy that spans your entire AI improvement lifecycle. We use practices like impression assessments and red-teaming to assist us establish potential dangers and be certain that groups constructing the highest-risk fashions and techniques obtain further oversight and help by way of governance processes, like our Sensitive Uses program. After mapping dangers, we use systematic measurement to judge the prevalence and severity of dangers in opposition to outlined metrics. We handle dangers by implementing mitigations just like the classifiers that type a part of Azure AI Content Safety and guaranteeing ongoing monitoring and incident response.
Our framework for guiding engineering groups constructing Microsoft AI options—the Responsible AI Standard—was drafted with an early model of the EU AI Act in thoughts.
Building on these foundational parts of our program, we now have devoted important assets to implementing the EU AI Act throughout Microsoft. Cross-functional working teams combining AI governance, engineering, authorized, and public coverage consultants have been working for months to establish whether or not and the way our inside requirements and practices needs to be up to date to mirror the ultimate textual content of the EU AI Act in addition to early indications of implementation particulars. They have additionally been figuring out any further engineering work wanted to make sure readiness.
For instance, the EU AI Act’s prohibited practices provisions are among the many first provisions to come back into impact in February 2025. Ahead of the European Commission’s newly established AI Office offering further steerage, we now have taken a proactive, layered strategy to compliance. This contains:
- Conducting an intensive evaluate of Microsoft-owned techniques already available on the market to establish any locations the place we would want to regulate our strategy, together with by updating documentation or implementing technical mitigations. To do that, we developed a collection of questions designed to elicit whether or not an AI system might implicate a prohibited apply and dispatched this survey to our engineering groups through our central tooling. Relevant consultants reviewed the responses and adopted up with groups instantly the place additional readability or further steps had been obligatory. These screening questions stay in our central accountable AI workflow software on an ongoing foundation, in order that groups engaged on new AI techniques reply them and interact the evaluate workflow as wanted.
- Creating new restricted makes use of in our inside firm coverage to make sure Microsoft doesn’t design or deploy AI techniques for makes use of prohibited by the EU AI Act. We are additionally creating particular advertising and marketing and gross sales steerage to make sure that our general-purpose AI applied sciences usually are not marketed or bought for makes use of that would implicate the EU AI Act’s prohibited practices.
- Updating our contracts, together with our Generative AI Code of Conduct, in order that our prospects clearly perceive they can’t interact in any prohibited practices. For instance, the Generative AI Code of Conduct now has an categorical prohibition on using the companies for social scoring.
We had been additionally among the many first organizations to enroll to the three core commitments within the AI Pact, a set of voluntary pledges developed by the AI Office to help regulatory readiness forward of among the upcoming compliance deadlines for the EU AI Act. In addition to our common rhythm of publishing annual Responsible AI Transparency Reports, you’ll find an outline of our strategy to the EU AI Act and a extra detailed abstract of how we’re implementing the prohibited practices provisions on the Microsoft Trust Center.
Working with prospects to assist them deploy and use Microsoft services and products in compliance with the EU AI Act
One of the core ideas of the EU AI Act is that obligations must be allotted throughout the AI provide chain. This signifies that an upstream regulated actor, like Microsoft in its capability as a supplier of AI instruments, companies, and parts, should help downstream regulated actors, like our enterprise prospects, after they combine a Microsoft software right into a high-risk AI system. We embrace this idea of shared accountability and intention to help our prospects with their AI improvement and deployment actions by sharing our data, offering documentation, and providing tooling. This all ladders as much as the AI Customer Commitments that we made in June of final 12 months to help our prospects on their accountable AI journeys.
We will proceed to publish documentation and assets associated to the EU AI Act on the Microsoft Trust Center to supply updates and tackle buyer questions. Our Responsible AI Resources website can be a wealthy supply of instruments, practices, templates, and data that we imagine will assist lots of our prospects set up the foundations of fine governance to help EU AI Act compliance.
On the documentation entrance, the 33 Transparency Notes that we now have revealed since 2019 present important details about the capabilities and limitations of our AI instruments, parts, and companies that our prospects depend on as downstream deployers of Microsoft AI platform companies. We have additionally revealed documentation for our AI techniques, comparable to solutions to continuously requested questions. Our Transparency Note for the Azure OpenAI Service, an AI platform service, and FAQ for Copilot, an AI system, are examples of our strategy.
We anticipate that a number of of the secondary regulatory efforts underneath the EU AI Act will present further steerage on model- and system-level documentation. These norms for documentation and transparency are nonetheless maturing and would profit from additional definition in keeping with efforts just like the Reporting Framework for the Hiroshima AI Process International Code of Conduct for Organizations Developing Advanced AI Systems. Microsoft has been happy to contribute to this Reporting Framework by way of a course of convened by the OECD and appears ahead to its forthcoming public launch.
Finally, as a result of tooling is important to attain constant and environment friendly compliance, we make accessible to our prospects variations of the instruments that we use for our personal inside functions. These instruments embrace Microsoft Purview Compliance Manager, which helps prospects perceive and take steps to enhance compliance capabilities throughout many regulatory domains, together with the EU AI Act; Azure AI Content Safety to assist mitigate content-based harms; Azure AI Foundry to assist with evaluations of generative AI functions; and Python Risk Identification Tool or PyRIT, an open innovation framework that our impartial AI Red Team makes use of to assist establish potential harms related to our highest-risk AI fashions and techniques.
Helping to develop environment friendly, efficient, and interoperable implementation practices
A singular characteristic of the EU AI Act is that there are greater than 60 secondary regulatory efforts that may have a fabric impression on defining implementation expectations and directing organizational compliance. Since many of those efforts are in progress or but to get underway, we’re in a key window of alternative to assist set up implementation practices which are environment friendly, efficient, and aligned with rising worldwide norms.
Microsoft is engaged with the central EU regulator, the AI Office, and different related authorities in EU Member States to share insights from our AI improvement, governance, and compliance expertise, search readability on open questions, and advocate for sensible outcomes. We are additionally taking part within the improvement of the Code of Practice for general-purpose AI mannequin suppliers, and we stay longstanding contributors to the technical requirements being developed by European Standards organizations, comparable to CEN and CENELEC, to handle high-risk AI system necessities within the EU AI Act.
Our prospects even have a key function to play in these implementation efforts. By participating with policymakers and trade teams to know the evolving necessities and have a say on them, our prospects have the chance to contribute their helpful insights and assist form implementation practices that higher mirror their circumstances and wishes, recognizing the broad vary of organizations in Europe which are energized by the chance to innovate and develop with AI. In the approaching months, a key query to be resolved is when organizations that considerably fine-tune AI fashions develop into downstream suppliers resulting from adjust to general-purpose AI mannequin obligations in August.
Going ahead
Microsoft will proceed to make important product, tooling, and governance investments to assist our prospects innovate with AI consistent with new legal guidelines just like the EU AI Act. Implementation practices which are environment friendly, efficient, and interoperable internationally are going to be key to supporting helpful and reliable innovation on a worldwide scale, so we’ll proceed to lean into regulatory processes in Europe and around the globe. We are excited to see the initiatives that animated our Microsoft AI Tour occasions in Brussels, Paris, and Berlin enhance folks’s lives and earn their belief, and we welcome suggestions on how we will proceed to help our prospects of their efforts to adjust to new legal guidelines just like the EU AI Act.