The European Union’s Artificial Intelligence Act (“EU AI Act”), which officially came into force on 1 August 2024, marks a significant advancement in artificial intelligence (“AI”) regulation within the European Union (“EU”). This landmark legislation establishes a comprehensive regulatory and legal framework for AI, setting clear compliance requirements for AI providers, deployers, importers, distributors, and manufacturers that place their AI within the EU market. Among the key issues addressed by the EU AI Act is the preservation of copyright in copyrighted materials, particularly against unauthorised usage by general-purpose AI (“GPAI”) model providers.
GPAI models, as the name suggests, are AI models that can be used for a wide range of tasks and are capable of being integrated into a variety of downstream systems or applications. The development and training of GPAI models rely on extensive datasets – often gathered through scraping of text and data online, which would undoubtedly include copyrighted works. This poses challenges for artists, authors, and creators, as their intellectual property might be used without proper authorisation or adequate compensation. The EU AI Act now introduces guidelines to safeguard rightsholders’ intellectual property rights and ensure transparency, balancing technological advancement with recognition for original works.
In this article, we will examine the key measures brought forth through the EU AI Act on preservation of copyright, particularly in the deployment of GPAI model, and to explore the implications of these new regulations. Malaysian companies looking to provide their own GPAI models should definitely pay attention to these regulations, taking into account the extraterritorial nature of the EU AI Act, as well as the possibility of similar regulations being adopted by the Malaysian government in the future.
1. Express Consent from Rightsholders
The development and training of GPAI models, especially large generative AI models, often involve using extensive datasets that may include text, images, videos, and other types of data. Under EU’s copyright-related Directives, publicly accessible content (such as those published online) are generally allowed for text and data mining purposes, unless the rightsholders opt out of, or reserve the rights to the mining of their published text and data. The EU AI Act has now made it clear that providers of GPAI models will have to observe the reservation of rights to text and data mining by the relevant rightsholders and obtain their authorisations accordingly should the providers wish to mine the text and data of these rightsholders. To some extent, this has provided a welcome clarity on whether copyright owners can stop AI companies from using their copyrighted work (which has been disseminated online) for AI model training.
2. Copyright Policy Implementation
In addition, providers of GPAI models are mandated under the EU AI Act to implement and maintain comprehensive policies to ensure compliance with EU copyright laws. This includes identifying and respecting any rights reservations expressed by copyright holders. Effectively, this means that it is not sufficient for a provider of GPAI models to merely have knowledge of EU copyright laws, but it is also required to craft and put in place operational policies which demonstrates that its business operation complies with the applicable EU copyright laws.
3. Transparency and Data Disclosure
To enhance transparency, GPAI model providers are required under the EU AI Act to draw up and publicly share a detailed summary of the text and data used in training their AI models. This summary must be comprehensive, specifying key data collections or sets utilised during the training process. The objective is to provide an avenue through which copyright holders are to determine if their works are being used and to effectively exercise and enforce their rights. To avoid unintentional divulging of confidential information and/or trade secrets, companies should be careful in preparing the summary, striking a balance between providing sufficient description of the nature and source of the data used, while avoiding disclosing sensitive or proprietary information.
4. Conclusion
The EU AI Act has extraterritorial reach, meaning its regulations apply to all GPAI model providers entering the EU market, regardless of their origin. Providers must comply with these obligations when placing a GPAI model on the EU market, regardless of where the copyright-related activities underpinning the model’s training occur. For providers based outside the EU, such as in Malaysia, adherence to the EU AI Act’s obligations is essential for accessing the EU market, including securing permissions for copyrighted content and providing detailed transparency reports.
Given the sweeping effect of the EU AI Act, it is assuring to know that companies, particularly providers of GPAI models, are given a 12-month grace period until 2 August 2025 to take the necessary actions to comply with the obligations imposed under the EU AI Act. Companies should make full use of this grace period to consult their legal counsels on the wider implications of the EU AI Act, and to allow effective collaboration between its external legal counsels and its in-house legal and compliance teams in anticipation of compliance with the requirements of the EU AI Act.
For more information on or assistance with compliance with the EU AI Act, please feel free to reach out to the firm’s Technology Practice Group. Our experienced lawyers are ready to support you in navigating the AI regulations and ensuring compliance.