A

AI Literacy

Skills, knowledge and understanding that allow providers, deployers and affected persons, taking into account their respective rights and obligations in the context of this Regulation, to make an informed deployment of AI systems, as well as to gain awareness about the opportunities and risks of AI and possible harm it can cause.

AI Office

The Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission.

AI Regulatory Sandbox

A controlled framework set up by a competent authority which offers providers or prospective providers of AI systems the possibility to develop, train, validate and test, where appropriate in real-world conditions, an innovative AI system, pursuant to a sandbox plan for a limited time under regulatory supervision.

AI System

A machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. Related: Recital 12

Authorised Representative

A natural or legal person located or established in the Union who has received and accepted a written mandate from a provider of an AI system or a general-purpose AI model to, respectively, perform and carry out on its behalf the obligations and procedures established by this Regulation.

B

Biometric Categorisation System

An AI system for the purpose of assigning natural persons to specific categories on the basis of their biometric data, unless it is ancillary to another commercial service and strictly necessary for objective technical reasons. Related: Recital 16

Biometric Data

Personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, such as facial images or dactyloscopic data. Related: Recital 14

Biometric Identification

The automated recognition of physical, physiological, behavioural, or psychological human features for the purpose of establishing the identity of a natural person by comparing biometric data of that individual to biometric data of individuals stored in a database. Related: Recital 15

Biometric Verification

The automated, one-to-one verification, including authentication, of the identity of natural persons by comparing their biometric data to previously provided biometric data. Related: Recital 15

C

CE Marking

A marking by which a provider indicates that an AI system is in conformity with the requirements set out in Chapter III, Section 2 and other applicable Union harmonisation legislation providing for its affixing.

Common Specification

A set of technical specifications as defined in Article 2, point (4) of Regulation (EU) No 1025/2012, providing means to comply with certain requirements established under this Regulation.

Conformity Assessment

The process of demonstrating whether the requirements set out in Chapter III, Section 2 relating to a high-risk AI system have been fulfilled.

Conformity Assessment Body

A body that performs third-party conformity assessment activities, including testing, certification and inspection.

Critical Infrastructure

Critical infrastructure as defined in Article 2, point (4), of Directive (EU) 2022/2557.

D

Deep Fake

AI-generated or manipulated image, audio or video content that resembles existing persons, objects, places, entities or events and would falsely appear to a person to be authentic or truthful.

Deployer

A natural or legal person, public authority, agency or other body using an AI system under its authority except where the AI system is used in the course of a personal non-professional activity. Related: Recital 13

Distributor

A natural or legal person in the supply chain, other than the provider or the importer, that makes an AI system available on the Union market.

Downstream Provider

A provider of an AI system, including a general-purpose AI system, which integrates an AI model, regardless of whether the AI model is provided by themselves and vertically integrated or provided by another entity based on contractual relations.

E

Emotion Recognition System

An AI system for the purpose of identifying or inferring emotions or intentions of natural persons on the basis of their biometric data. Related: Recital 18

F

Floating-Point Operation

Any mathematical operation or assignment involving floating-point numbers, which are a subset of the real numbers typically represented on computers by an integer of fixed precision scaled by an integer exponent of a fixed base. Related: Recital 110

G

General-Purpose AI Model

An AI model, including where such an AI model is trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable of competently performing a wide range of distinct tasks regardless of the way the model is placed on the market and that can be integrated into a variety of downstream systems or applications, except AI models that are used for research, development or prototyping activities before they are placed on the market. Related: Recitals 97, 98, and 99

General-Purpose AI System

An AI system which is based on a general-purpose AI model and which has the capability to serve a variety of purposes, both for direct use as well as for integration in other AI systems. Related: Recital 100

H

Harmonised Standard

A harmonised standard as defined in Article 2(1), point (c), of Regulation (EU) No 1025/2012.

High-Impact Capabilities

Capabilities that match or exceed the capabilities recorded in the most advanced general-purpose AI models. Related: Recital 110

I

Importer

A natural or legal person located or established in the Union that places on the market an AI system that bears the name or trademark of a natural or legal person established in a third country.

Informed Consent

A subject’s freely given, specific, unambiguous and voluntary expression of his or her willingness to participate in a particular testing in real-world conditions, after having been informed of all aspects of the testing that are relevant to the subject’s decision to participate.

Input Data

Data provided to or directly acquired by an AI system on the basis of which the system produces an output.

Instructions for Use

The information provided by the provider to inform the deployer of, in particular, an AI system’s intended purpose and proper use.

Intended Purpose

The use for which an AI system is intended by the provider, including the specific context and conditions of use, as specified in the information supplied by the provider in the instructions for use, promotional or sales materials and statements, as well as in the technical documentation.

L

Law Enforcement

Activities carried out by law enforcement authorities or on their behalf for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and preventing threats to public security.

Law Enforcement Authority

Either:

• (a) any public authority competent for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security; or
• (b) any other body or entity entrusted by Member State law to exercise public authority and public powers for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

M

Making Available on the Market

The supply of an AI system or a general-purpose AI model for distribution or use on the Union market in the course of a commercial activity, whether in return for payment or free of charge.

Market Surveillance Authority

The national authority carrying out the activities and taking the measures pursuant to Regulation (EU) 2019/1020.

N

National Competent Authority

A notifying authority or a market surveillance authority; as regards AI systems put into service or used by Union institutions, agencies, offices and bodies, references to national competent authorities or market surveillance authorities in this Regulation shall be construed as references to the European Data Protection Supervisor.

Non-Personal Data

Data other than personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679.

Notified Body

A conformity assessment body notified in accordance with this Regulation and other relevant Union harmonisation legislation.

Notifying Authority

The national authority responsible for setting up and carrying out the necessary procedures for the assessment, designation and notification of conformity assessment bodies and for their monitoring.

O

Operator

A provider, product manufacturer, deployer, authorised representative, importer or distributor.

P

Performance of an AI System

The ability of an AI system to achieve its intended purpose.

Personal Data

Personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679.

Placing on the Market

The first making available of an AI system or a general-purpose AI model on the Union market.

Post Remote Biometric Identification System

A remote biometric identification system other than a real-time remote biometric identification system. Related: Recital 17

Post-Market Monitoring System

All activities carried out by providers of AI systems to collect and review experience gained from the use of AI systems they place on the market or put into service for the purpose of identifying any need to immediately apply any necessary corrective or preventive actions.

Profiling

Profiling as defined in Article 4, point (4), of Regulation (EU) 2016/679.

Provider

A natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge.

Publicly Accessible Space

Any publicly or privately owned physical place accessible to an undetermined number of natural persons, regardless of whether certain conditions for access may apply, and regardless of the potential capacity restrictions. Related: Recital 19

Putting into Service

The supply of an AI system for first use directly to the deployer or for own use in the Union for its intended purpose.

R

Real-Time Remote Biometric Identification System

A remote biometric identification system, whereby the capturing of biometric data, the comparison and the identification all occur without a significant delay, comprising not only instant identification, but also limited short delays in order to avoid circumvention. Related: Recital 17

Real-World Testing Plan

A document that describes the objectives, methodology, geographical, population and temporal scope, monitoring, organisation and conduct of testing in real-world conditions.

Reasonably Foreseeable Misuse

The use of an AI system in a way that is not in accordance with its intended purpose, but which may result from reasonably foreseeable human behaviour or interaction with other systems, including other AI systems.

Recall of an AI System

Any measure aiming to achieve the return to the provider or taking out of service or disabling the use of an AI system made available to deployers.

Remote Biometric Identification System

An AI system for the purpose of identifying natural persons, without their active involvement, typically at a distance through the comparison of a person’s biometric data with the biometric data contained in a reference database. Related: Recital 17

Risk

The combination of the probability of an occurrence of harm and the severity of that harm.

S

Safety Component

A component of a product or of an AI system which fulfils a safety function for that product or AI system, or the failure or malfunctioning of which endangers the health and safety of persons or property.

Sandbox Plan

A document agreed between the participating provider and the competent authority describing the objectives, conditions, timeframe, methodology and requirements for the activities carried out within the sandbox.

Sensitive Operational Data

Operational data related to activities of prevention, detection, investigation or prosecution of criminal offences, the disclosure of which could jeopardise the integrity of criminal proceedings.

Serious Incident

An incident or malfunctioning of an AI system that directly or indirectly leads to any of the following:

• (a) the death of a person, or serious harm to a person’s health;
• (b) a serious and irreversible disruption of the management or operation of critical infrastructure;
• (c) the infringement of obligations under Union law intended to protect fundamental rights;
• (d) serious harm to property or the environment.

Special Categories of Personal Data

The categories of personal data referred to in Article 9(1) of Regulation (EU) 2016/679, Article 10 of Directive (EU) 2016/680 and Article 10(1) of Regulation (EU) 2018/1725.

Subject

For the purpose of real-world testing, means a natural person who participates in testing in real-world conditions.

Substantial Modification

A change to an AI system after its placing on the market or putting into service which is not foreseen or planned in the initial conformity assessment carried out by the provider and as a result of which the compliance of the AI system with the requirements set out in Chapter III, Section 2 is affected or results in a modification to the intended purpose for which the AI system has been assessed. Related: Recital 128

Systemic Risk

A risk that is specific to the high-impact capabilities of general-purpose AI models, having a significant impact on the Union market due to their reach, or due to actual or reasonably foreseeable negative effects on public health, safety, public security, fundamental rights, or the society as a whole, that can be propagated at scale across the value chain. Related: Recital 110

T

Testing Data

Data used for providing an independent evaluation of the AI system in order to confirm the expected performance of that system before its placing on the market or putting into service.

Testing in Real-World Conditions

The temporary testing of an AI system for its intended purpose in real-world conditions outside a laboratory or otherwise simulated environment, with a view to gathering reliable and robust data and to assessing and verifying the conformity of the AI system with the requirements of this Regulation and it does not qualify as placing the AI system on the market or putting it into service within the meaning of this Regulation, provided that all the conditions laid down in Article 57 or 60 are fulfilled.

Training Data

Data used for training an AI system through fitting its learnable parameters.

V

Validation Data

Data used for providing an evaluation of the trained AI system and for tuning its non-learnable parameters and its learning process in order, inter alia, to prevent underfitting or overfitting.

Validation Data Set

A separate data set or part of the training data set, either as a fixed or variable split.

W

Widespread Infringement

Any act or omission contrary to Union law protecting the interest of individuals, which:

• (a) has harmed or is likely to harm the collective interests of individuals residing in at least two Member States other than the Member State in which:
  
  • (i) the act or omission originated or took place;
  • (ii) the provider concerned, or, where applicable, its authorised representative is located or established; or
  • (iii) the deployer is established, when the infringement is committed by the deployer;
• (b) has caused, causes or is likely to cause harm to the collective interests of individuals and has common features, including the same unlawful practice or the same interest being infringed, and is occurring concurrently, committed by the same operator, in at least three Member States.

Withdrawal of an AI System

Any measure aiming to prevent an AI system in the supply chain being made available on the market.