EU adopts AI Act with potential to be transformational for children’s online experience

On 12 March 2024, the EU’s Artificial Intelligence Act passed its last legislative hurdle and was voted into law by the European Parliament. A pioneering piece of regulation applying to all AI systems used in the world’s biggest single market and underpinned by the regulatory clout of the European Commission, its passage marks a milestone for tech accountability. Whether or not it will deliver on its promise for users, including children, will depend however on how effectively it is implemented.

The first major tech law recognising children’s rights in the digital environment as set out in the General comment No. 25 to the UN Convention on the Rights of the Child, the EU’s AI Act contains a number of key provisions for children. The Act notably bans outright any AI system that exploits the vulnerabilities of age (Article 5). It also requires AI systems designated as “high-risk” - including AI used in education – to take special account of children and their rights as they undertake detailed risk management processes. A requirement to watermark deepfakes and other AI generated materials, and to inform users when they are interacting with AI, will also benefit children.

The law however will only be as strong as its implementation. What will be the bar for the enforcement of the Article 5 ban? What will the risk management systems look like and how will they interpret and deal with risks to children?

The passage of the AI Act is a landmark achievement, but the road ahead remains long. Our destination is clear: practical change in the lived experience of children. To get there the tenets of the UN Convention on the Rights of the Child and its General comment No. 25 need to percolate through the guidelines, codes of conduct and technical standards that will bring the Regulation to life,” said Leanda Barrington-Leach, Executive Director of 5Rights Foundation.

Setting a high bar for the protection of children from AI risks and harms must be a key priority for the implementation of the Act. In the two years before its full entry into force, the European Commission – together with the newly established AI Office, AI Board and competent national authorities – will have to develop clear and robust guidelines for the Act’s implementation for children. These should, among others, specify that vulnerabilities due to age apply to all under 18s and set out how the ban in Article 5 on exploiting such vulnerabilities can be operationalised and invoked for children.