Scope and obligations

Risk-based framework. Prohibited practices (Art. 5) effective 2 February 2025; general-purpose AI obligations (Arts. 51-55) 2 August 2025; high-risk system obligations (Title III) 2 August 2026. Staggered 6/12/24-month application timeline from 1 August 2024 entry-into-force per Regulation (EU) 2024/1689 Art. 113.

EU AI Act addresses 13 contested AI-governance topics explicitly, 6 via general principles,.

Topics governed

• governs
  Foundation Models / GPAI— Arts. 51-55 (general-purpose AI + systemic risk)

  §Art. 51(1)

  “A general-purpose AI model shall be classified as a general-purpose AI model with systemic risk if it meets any of the following conditions: (a) it has high impact capabilities…”

  source ↗
• governs
  Biometric Identification— Art. 5(1)(h) prohibition + Art. 26(10) post-hoc rules

  §Art. 5(1)(h)

  “the use of 'real-time' remote biometric identification systems in publicly accessible spaces for the purposes of law enforcement, unless and in so far as such use is strictly necessary for…”

  source ↗

  Power-asymmetry analysis

  Art. 5(1)(h) prohibits real-time remote biometric identification in publicly-accessible spaces, but Art. 5(1)(h)(i)-(iii) carves out three law-enforcement use cases (targeted victim search, prevention of imminent threats incl. terrorism, and tracking serious-crime suspects under Annex II). Art. 26(10) then permits post-hoc RBI subject only to ex post judicial authorisation 'without undue delay, at the latest within 24 hours' — meaning the operational default for state security actors is permitted-with-procedural-overlay, not prohibited. Carve-outs swallow the headline rule for the highest-stakes deployment context.

• governs
  Deepfakes / Synthetic Content— Art. 50(4) (disclosure obligation for deep fakes)

  §Art. 50(4)

  “Deployers of an AI system that generates or manipulates image, audio or video content constituting a deep fake, shall disclose that the content has been artificially generated or manipulated.”

  source ↗
• governs
  AI in Employment— Annex III §4 (high-risk: employment management)

  §Annex III4paraphrase

  Employment, workers' management and access to self-employment: AI systems intended to be used for recruitment or selection, and to make decisions affecting terms, promotion, or termination…

  source ↗
• governs
  AI in Healthcare— Annex III §5(a) (high-risk: essential services) + MDR overlap

  §Annex III5(a)paraphrase

  AI systems intended to be used to evaluate the eligibility of natural persons for essential public assistance benefits and services, including healthcare services…

  source ↗
• governs
  AI in Criminal Justice— Annex III §6 (high-risk: law enforcement)

  §Annex III6paraphrase

  Law enforcement: AI systems intended to be used by or on behalf of law enforcement authorities to assess the risk of a natural person offending or re-offending, as polygraphs, or to profile…

  source ↗
• governs
  AI in Education— Annex III §3 (high-risk: educational access)

  §Annex III3(a)paraphrase

  Education and vocational training: AI systems intended to be used to determine access or admission or to assign natural persons to educational and vocational training institutions…

  source ↗
• governs
  Compute-Threshold Reporting— Art. 52 + Annex XIII (10²⁵ FLOP presumption)

  §Art. 51(2)paraphrase

  a general-purpose AI model shall be presumed to have high impact capabilities … when the cumulative amount of computation used for its training measured in floating point operations is greater than 10^25.

  source ↗
• governs
  Transparency Obligations— Arts. 13, 50 (transparency obligations)

  §Art. 50(1)

  “Providers shall ensure that AI systems intended to interact directly with natural persons … are informed that they are interacting with an AI system.”

  source ↗

  Power-asymmetry analysis

  Art. 50 transparency obligations on emotion-recognition / biometric-categorisation / deepfake systems do not apply to military, defence, or national-security deployments — Art. 2(3) excludes these entirely from the Regulation's scope. Within scope, Art. 50(2) further permits omission of synthetic-content disclosure where use is 'authorised by law to detect, prevent, investigate or prosecute criminal offences'. The disclosure floor therefore reaches private-sector deployers but not the most surveillance-heavy state contexts.

• governs
  Individual Redress— Art. 85 (right to lodge complaints)

  §Art. 85paraphrase

  any natural or legal person … may lodge a complaint with the relevant market surveillance authority … [where] there are grounds to consider that there has been an infringement of this Regulation.

  source ↗
• implicit
  Training-Data Rights— Recital 105; CDSM Directive provides primary copyright framework

  §Art. 53(1)(d)paraphrase

  [providers of general-purpose AI models shall] draw up and make publicly available a sufficiently detailed summary about the content used for training of the general-purpose AI model…

  source ↗
• implicit
  Catastrophic & Existential Risk— Art. 51 + Recital 32 — systemic risk overlaps with but does not fully cover catastrophic-risk framing

  §Art. 3(65)paraphrase

  'systemic risk' means a risk specific to the high-impact capabilities of general-purpose AI models … with significant impact on the Union market or on public health, safety, security, or fundamental rights…

  source ↗
• implicit
  Technological Sovereignty— Recitals 1-5 + EU competence framing; AI Office establishes EU capacity

  §Art. 1(1)

  “The purpose of this Regulation is to improve the functioning of the internal market and promote the uptake of human-centric and trustworthy artificial intelligence…”

  source ↗
• implicit
  Agentic AI Governance— Arts. 26-29 deployer obligations apply to agent operators; Arts. 51-55 GPAI obligations capture the underlying model

  §Art. 26(1)

  “Deployers of high-risk AI systems shall take appropriate technical and organisational measures to ensure they use such systems in accordance with the instructions for use accompanying the systems…”

  source ↗
• governs
  Open-Weight Frontier Release— Art. 53(2) + Recital 102/104 — explicit open-source GPAI exemption (with caveats for systemic-risk models)

  §Art. 53(2)paraphrase

  The obligations in paragraph 1, points (a) and (b), shall not apply to providers of AI models released under a free and open-source licence … unless they are general-purpose AI models with systemic risks.

  source ↗
• governs
  Synthetic Content Provenance— Art. 50(2) — provider machine-readable marking obligation; Art. 50(4) — deployer disclosure for deep fakes (distinct from the `deepfakes` topic which focuses on misuse-harms)

  §Art. 50(2)paraphrase

  Providers of AI systems generating synthetic audio, image, video or text shall ensure the outputs are marked in a machine-readable format and detectable as artificially generated or manipulated.

  source ↗
• implicit
  AI in Elections— Art. 5 prohibitions (subliminal manipulation) + Annex III §8 (democratic processes / elections high-risk)

  §Art. 5(1)(a)

  “the placing on the market, the putting into service or the use of an AI system that deploys subliminal techniques beyond a person's consciousness or purposefully manipulative or deceptive techniques…”

  source ↗
• implicit
  Environmental Impact of AI Training— Art. 95 voluntary codes of conduct include environmental sustainability; Recital 142 references energy efficiency reporting for GPAI

  §Art. 95(2)paraphrase

  Codes of conduct may cover … assessing and minimising the impact of AI systems on environmental sustainability, including as regards energy-efficient programming and techniques for design…

  source ↗
• governs
  National Security Carveouts in AI Regulation— Art. 2(3) explicitly excludes AI systems used exclusively for military, defence, or national-security purposes

  §Art. 2(3)

  “This Regulation does not apply to AI systems where and in so far as they are placed on the market, put into service, or used with or without modification exclusively for military, defence or national security purposes…”

  source ↗

Enforcement record

Documented enforcement actions catalogued against EU AI Act (or against rules that this instrument now subsumes).

• New York Times v. OpenAI + MicrosoftUS · 2023 · ongoing
  New York Times Company (private civil litigation) v. OpenAI Inc. + Microsoft Corp. — Unauthorised reproduction of NYT-copyrighted articles in GPT training corpora; output of substantially similar text on prompted query; removal of copyright-management information.
  Lesson: First major frontier-foundation-model copyright lawsuit by a primary news source. Discovery has surfaced disclosure of training-data composition that the EU AIA Art. 53 transparency requirements would have surfaced ex-ante. The case is the highest-stakes ex-post-liability action testing whether US sectoral approach can substitute for ex-ante regulation on training-data rights — outcome will inform 2025-2027 regulatory debates.
  Source record →
• Mobley v. Workday (US AI-hiring class action)US · 2023 · ongoing
  Mobley v. Workday, Inc., No. 3:23-cv-00770 (N.D. Cal.)
  Private civil class action; EEOC amicus participation v. Workday Inc. — Workday's algorithmic hiring tools allegedly screened out applicants on disability, age, and race. Class action seeks to certify Workday as an 'employment agency' under Title VII so disparate-impact theory applies to the algorithm's outputs rather than only its developers.
  Lesson: First major US AI-hiring class action with EEOC amicus support. If Workday is certified as an 'employment agency', US sectoral approach (EEOC + Title VII) substantially expands AI-hiring liability without requiring an AI statute. This is the load-bearing test of whether US 'principles + ex-post liability' approach can substitute for EU AIA Annex III §4 (high-risk employment AI obligations).
  Source record →regulator landing
• EDPB ChatGPT TaskforceEU · 2023–2024
  European Data Protection Board (EDPB) — coordinated DPA action v. OpenAI — Italian Garante temporarily banned ChatGPT (Mar-Apr 2023) over alleged lack of legal basis for training-data processing, missing age-verification, and inability to honour data-subject rights. EDPB convened taskforce to coordinate DPA responses.
  Lesson: First EU-wide AI enforcement coordination predating the EU AIA. Established that GDPR applies fully to LLM training + deployment + that DPAs would coordinate via EDPB rather than fragment. ChatGPT resumed Italian service after age-verification + Article-15 right-of-access endpoint additions. Direct precedent for EU AIA Art. 53 implementation timeline.
  Source record →
• Italian DPA — Clearview AIEU · 2021–2022
  Garante per la protezione dei dati personali (Italian DPA) v. Clearview AI Inc. — Mass scraping of publicly-available facial images + biometric processing without legal basis under GDPR. Provision of services to Italian users without GDPR-compliant data-processing arrangements.
  Lesson: €20M fine + mandatory deletion of Italian-resident facial-recognition data. Established that GDPR provides binding enforcement authority for biometric-AI applications even where no AI-specific instrument exists. Replicated in France (2022) + UK (2022) + Greece (2022) — the only successful cross-jurisdictional AI enforcement so far.
  Source record →
• France CNIL — Clearview AIEU · 2020–2023
  Commission nationale de l'informatique et des libertés (CNIL) v. Clearview AI Inc. — Mass scraping of facial images of French residents + biometric processing without lawful basis. CNIL imposed €20M fine + 5x €100k/day penalty for non-compliance with deletion order.
  Lesson: Parallel to Italian Garante action; both fined identical €20M amount within 6 months. CNIL added 5x €100k/day non-compliance penalty when Clearview refused deletion — escalation pattern that EU AIA Art. 99 (penalties up to 7% global turnover) extends. Multi-DPA replication confirms GDPR is enforceable against US-based AI providers serving EU residents.
  Source record →

Cross-jurisdiction comparison

How peer instruments treat the topics EU AI Act governs.

°= industry self-imposed voluntary framework. Comparing a voluntary code's "governs" tint with a binding regulation's "governs" tint flattens the legal-force distinction; use the instrument-page banner for the operative status of each.

How to cite this article

Policy Window. (2024). EU AI Act [Wiki article — Instrument]. https://policywindow.org/wiki/eu-ai-act

Policy Window. 2024. "EU AI Act." Wiki article (Instrument). https://policywindow.org/wiki/eu-ai-act.

@misc{policywindow-eu-ai-act,
  title  = {EU AI Act},
  author = {Policy Window},
  year   = {2024},
  howpublished = {Regulation (EU) 2024/1689},
  url    = {https://policywindow.org/wiki/eu-ai-act},
  note   = {Primary source: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689}
}

Related debates — rival interpretations & counterevidence

Structured controversies where this instrument's provisions are the locus of disagreement. Each debate page lays out the competing positions with primary-source citations.

• Open-Source vs Closed-Source Frontier Models — Should the most-capable AI models be released under permissive licenses (open weights), or only via API / structured-access agreements? The dispute is foundational to nearly every frontier-AI governance instrument.
• Pause AI vs Accelerate Capabilities — Should the global community impose temporary or capability-conditional pauses on frontier-AI development, or should development accelerate with safety work conducted in parallel?
• Pre-Deployment Red-Team vs Post-Deployment Audit — Should AI capability + safety evaluations happen primarily before deployment (red-team gating release), or primarily after (post-deployment audit + incident response)?
• Risk-Based vs Principles-Based vs Ex-Post Liability Regimes — Should AI governance work via (a) risk-based ex-ante categorisation + obligations (EU), (b) high-level principles delegated to sector regulators (UK / OECD / G7), or (c) ex-post liability + civil litigation (US sectoral)?
• Compute vs Behavioural Capability Thresholds — Should the regulatory trigger for 'frontier' / 'foundation' / 'systemic-risk' status be training-compute thresholds (objective + ex-ante observable), or behavioural-capability evaluation (more semantically meaningful but operationally costly)?

Related instruments

• Executive Order 14110 on Safe, Secure, Trustworthy AI · US
• Interim Measures for Generative AI Service Management · CN
• G7 Hiroshima AI Process Code of Conduct · G7
• OECD AI Principles (Recommendation) · OECD
• Council of Europe Framework Convention on AI · council_of_europe
• NIST AI Risk Management Framework · US
• Seoul Declaration on Safe, Innovative and Inclusive AI · global
• NIST AI RMF Generative AI Profile · US
• California SB-1047: Safe and Secure Innovation for Frontier AI Models Act · US
• India Digital Personal Data Protection Act + AI Advisory (MEITY) · IN
• Brazil AI Bill (PL 2338/2023) · BR
• Anthropic Responsible Scaling Policy (RSP) v2 · US
• Meta Frontier AI Framework · US
• White House Voluntary AI Commitments · US
• Singapore Model AI Governance Framework for Generative AI · SG
• Japan METI AI Guidelines for Business · JP
• General Data Protection Regulation (GDPR) · EU
• EU General-Purpose AI Code of Practice · EU
• OMB Memorandum M-24-10 (Advancing Governance, Innovation, and Risk Management for Agency Use of AI) · US
• GSA Generative AI and Specialized Computing Infrastructure Acquisition Resource Guide · US
• DoD Responsible AI Strategy and Implementation Pathway · US

Evidence base

Academic & grey-literature sources on the topics this instrument addresses (not commentary on the instrument itself) — catalogued metadata with a primary link, no LLM summaries (charter §7). Browse the full literature index.

• Model Card ↗PreprintMitchell et al. (2019), 'Model Cards for Model Reporting,' FAccT '19
• Deceptive Alignment ↗PreprintHubinger, E., et al. (2019), 'Risks from Learned Optimization in Advanced Machine Learning Systems.'
• Mesa-Optimization ↗PreprintHubinger, E., et al. (2019), 'Risks from Learned Optimization in Advanced Machine Learning Systems.'
• Scalable Oversight ↗PreprintChristiano, P., Shlegeris, B., Amodei, D. (2018), 'Supervising Strong Learners by Amplifying Weak Experts.'
• Capability Elicitation ↗PreprintQi, X., Zeng, Y., Xie, T., Chen, P.-Y., Jia, R., Mittal, P., Henderson, P. (2023), 'Fine-tuning Aligned Language Models Compromises Safety, Even When Users Do Not Intend To!'
• Dual-Use Research Norms (DURC for AI) ↗PreprintSolaiman, I., et al. (2019), 'Release Strategies and the Social Impacts of Language Models' — the canonical articulation of structured-access norms for foundation models.
• Policy Instrument ↗Peer-reviewedLascoumes, P. & Le Galès, P. (2007). Introduction: Understanding Public Policy through Its Instruments — From the Nature of Instruments to the Sociology of Public Policy Instrumentation. Governance 20(1): 1-21. See also Hood (1983) The Tools of Government, ch. 1-2; Salamon (2002) The Tools of Government: A Guide to the New Governance, pp. 1-47; Howlett (2011) Designing Public Policies, ch. 3-5.
• Training-Data Attribution ↗PreprintGrosse, R., et al. (2023), 'Studying Large Language Model Generalization with Influence Functions' (Anthropic) — the canonical articulation of scalable influence-function-based attribution for foundation models.
• Prompt Injection ↗PreprintGreshake, K., Abdelnabi, S., Mishra, S., Endres, C., Holz, T., Fritz, M. (2023), 'Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection.'
• Agentic AI System ↗PreprintYao, S., Zhao, J., Yu, D., Du, N., Shafran, I., Narasimhan, K., Cao, Y. (2022), 'ReAct: Synergizing Reasoning and Acting in Language Models.'
• Tool-Use Safety ↗PreprintWallace, E., et al. (2024), 'The Instruction Hierarchy: Training LLMs to Prioritize Privileged Instructions' (OpenAI) — the canonical industry articulation of instruction-channel hierarchy as a tool-use-safety defence.
• Multi-Turn Evaluation ↗PreprintZheng, L., et al. (2023), 'Judging LLM-as-a-Judge with MT-Bench and Chatbot Arena' — operationalises the multi-turn evaluation protocol for foundation models.

+ 24more across this instrument's topics — see the literature index.

References

1. Regulation (EU) 2024/1689
2. Arts. 51-55 (general-purpose AI + systemic risk)
3. Art. 5(1)(h) prohibition + Art. 26(10) post-hoc rules
4. Art. 50(4) (disclosure obligation for deep fakes)
5. Annex III §4 (high-risk: employment management)
6. Annex III §5(a) (high-risk: essential services) + MDR overlap
7. Annex III §6 (high-risk: law enforcement)
8. Annex III §3 (high-risk: educational access)
9. Art. 52 + Annex XIII (10²⁵ FLOP presumption)
10. Arts. 13, 50 (transparency obligations)
11. Art. 85 (right to lodge complaints)
12. Recital 105; CDSM Directive provides primary copyright framework
13. Art. 51 + Recital 32 — systemic risk overlaps with but does not fully cover catastrophic-risk framing
14. Recitals 1-5 + EU competence framing; AI Office establishes EU capacity
15. Arts. 26-29 deployer obligations apply to agent operators; Arts. 51-55 GPAI obligations capture the underlying model
16. Art. 53(2) + Recital 102/104 — explicit open-source GPAI exemption (with caveats for systemic-risk models)
17. Art. 50(2) — provider machine-readable marking obligation; Art. 50(4) — deployer disclosure for deep fakes (distinct from the `deepfakes` topic which focuses on misuse-harms)
18. Art. 5 prohibitions (subliminal manipulation) + Annex III §8 (democratic processes / elections high-risk)
19. Art. 95 voluntary codes of conduct include environmental sustainability; Recital 142 references energy efficiency reporting for GPAI
20. Art. 2(3) explicitly excludes AI systems used exclusively for military, defence, or national-security purposes

Child instruments — implementing acts, delegated acts, transpositions

Rows in the catalog that name EU AI Act as their parent via the parent→child schema. Includes drafts when they are tracked in the catalog; see /wiki/regulators for the cross-parent implementing-acts feed.

• Delegated act
  EU AI Act — delegated act on GPAI classification thresholds (Art. 51)implements Art. 51, Art. 52, Annex XIIIdraft

Scope and obligations

Foundational EU personal-data protection regulation. Most-cited European instrument PW catalogues at the AI-governance boundary — every CNIL / Garante / AEPD / BfDI / DPC enforcement action against an AI system (Clearview, ChatGPT, Replika, automated-hiring complaints) invokes GDPR Arts. 5/6/9/22/35. Art. 22 (automated individual decision-making + profiling) is the load-bearing provision that interacts with EU AIA Art. 26(11) deployer use of AI-system output for decisions concerning natural persons. Art. 35 (DPIA) partially overlaps EU AIA Art. 27 FRIA; the EDPB is finalising a joint EDPB-AI-Office guideline on the AIA-FRIA / GDPR-DPIA interplay through 2026. Art. 9 (special-category processing) interacts with EU AIA Art. 5(1)(c)(d)(g) prohibitions on social scoring + emotion recognition in workplace + untargeted facial-image scraping. Enforced by national Data Protection Authorities; the European Data Protection Board (EDPB, formerly Art. 29 Working Party) coordinates one-stop-shop + Article 65 binding-decision procedures across DPAs.

General Data Protection Regulation (GDPR) addresses 4 contested AI-governance topics explicitly,.

Topics governed

• governs
  Biometric Identification— Art. 9 special-category processing (biometric data for unique identification); Art. 22 ADM with safeguards

  Power-asymmetry analysis

  Art. 22(1) gives data subjects a right against solely-automated decisions with significant effects, but Art. 22(2)(a)-(c) disapply this where the decision is contractually necessary, legally authorised, or based on explicit consent — and the controller defines what 'necessary' means in operational terms. Art. 9(2)(g) layers a further 'substantial public interest' exception over special-category processing. The right is real but the burden of contesting the controller's characterisation of necessity falls on the data subject post-hoc.

• governs
  Transparency Obligations— Arts. 12-14 (information to data subjects); Art. 13(2)(f) + 14(2)(g) meaningful information about ADM logic; Art. 22(3) suitable safeguards
• governs
  Individual Redress— Art. 77 DPA complaint; Art. 79 effective judicial remedy; Art. 80 collective representation by NGOs; Art. 82 right to compensation; Art. 83 administrative fines
• governs
  Training-Data Rights— Art. 5(1)(b) purpose limitation; Art. 6 lawful basis; Art. 9 special-category overlay for sensitive training data; Art. 5(1)(c) data minimisation

Cross-jurisdiction comparison

How peer instruments treat the topics General Data Protection Regulation (GDPR) governs.

°= industry self-imposed voluntary framework. Comparing a voluntary code's "governs" tint with a binding regulation's "governs" tint flattens the legal-force distinction; use the instrument-page banner for the operative status of each.

How to cite this article

Policy Window. (2016). General Data Protection Regulation (GDPR) [Wiki article — Instrument]. https://policywindow.org/wiki/gdpr

Policy Window. 2016. "General Data Protection Regulation (GDPR)." Wiki article (Instrument). https://policywindow.org/wiki/gdpr.

@misc{policywindow-gdpr,
  title  = {General Data Protection Regulation (GDPR)},
  author = {Policy Window},
  year   = {2016},
  howpublished = {Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1-88 (CELEX:32016R0679; ELI:http://data.europa.eu/eli/reg/2016/679/oj); applied from 25 May 2018.},
  url    = {https://policywindow.org/wiki/gdpr},
  note   = {Primary source: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02016R0679}
}

Related instruments

• EU AI Act · EU
• Interim Measures for Generative AI Service Management · CN
• OECD AI Principles (Recommendation) · OECD
• Council of Europe Framework Convention on AI · council_of_europe
• NIST AI RMF Generative AI Profile · US
• India Digital Personal Data Protection Act + AI Advisory (MEITY) · IN
• Brazil AI Bill (PL 2338/2023) · BR
• EU General-Purpose AI Code of Practice · EU
• OMB Memorandum M-24-10 (Advancing Governance, Innovation, and Risk Management for Agency Use of AI) · US

Evidence base

Academic & grey-literature sources on the topics this instrument addresses (not commentary on the instrument itself) — catalogued metadata with a primary link, no LLM summaries (charter §7). Browse the full literature index.

• Model Card ↗PreprintMitchell et al. (2019), 'Model Cards for Model Reporting,' FAccT '19
• Scalable Oversight ↗PreprintChristiano, P., Shlegeris, B., Amodei, D. (2018), 'Supervising Strong Learners by Amplifying Weak Experts.'
• Capability Elicitation ↗PreprintQi, X., Zeng, Y., Xie, T., Chen, P.-Y., Jia, R., Mittal, P., Henderson, P. (2023), 'Fine-tuning Aligned Language Models Compromises Safety, Even When Users Do Not Intend To!'
• Dual-Use Research Norms (DURC for AI) ↗PreprintSolaiman, I., et al. (2019), 'Release Strategies and the Social Impacts of Language Models' — the canonical articulation of structured-access norms for foundation models.
• Policy Instrument ↗Peer-reviewedLascoumes, P. & Le Galès, P. (2007). Introduction: Understanding Public Policy through Its Instruments — From the Nature of Instruments to the Sociology of Public Policy Instrumentation. Governance 20(1): 1-21. See also Hood (1983) The Tools of Government, ch. 1-2; Salamon (2002) The Tools of Government: A Guide to the New Governance, pp. 1-47; Howlett (2011) Designing Public Policies, ch. 3-5.
• Training-Data Attribution ↗PreprintGrosse, R., et al. (2023), 'Studying Large Language Model Generalization with Influence Functions' (Anthropic) — the canonical articulation of scalable influence-function-based attribution for foundation models.
• Prompt Injection ↗PreprintGreshake, K., Abdelnabi, S., Mishra, S., Endres, C., Holz, T., Fritz, M. (2023), 'Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection.'
• Agentic AI System ↗PreprintYao, S., Zhao, J., Yu, D., Du, N., Shafran, I., Narasimhan, K., Cao, Y. (2022), 'ReAct: Synergizing Reasoning and Acting in Language Models.'
• Multi-Turn Evaluation ↗PreprintZheng, L., et al. (2023), 'Judging LLM-as-a-Judge with MT-Bench and Chatbot Arena' — operationalises the multi-turn evaluation protocol for foundation models.
• Data Poisoning ↗PreprintCarlini, N., et al. (2024), 'Poisoning Web-Scale Training Datasets is Practical' — establishes practical feasibility of poisoning frontier-model training corpora.
• Jailbreak Resistance ↗PreprintZou, A., Wang, Z., Kolter, J. Z., Fredrikson, M. (2023), 'Universal and Transferable Adversarial Attacks on Aligned Language Models' — the canonical demonstration that gradient-based suffix attacks transfer across aligned LLMs.
• Model-Merging Risk ↗PreprintBhardwaj, R., et al. (2024), 'Language Models are Homer Simpson! Safety Re-Alignment of Fine-tuned Language Models through Task Arithmetic' — canonical demonstration that safety training is not preserved under task arithmetic / merging.

+ 18more across this instrument's topics — see the literature index.

References

1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1-88 (CELEX:32016R0679; ELI:http://data.europa.eu/eli/reg/2016/679/oj); applied from 25 May 2018.
2. Art. 9 special-category processing (biometric data for unique identification); Art. 22 ADM with safeguards
3. Arts. 12-14 (information to data subjects); Art. 13(2)(f) + 14(2)(g) meaningful information about ADM logic; Art. 22(3) suitable safeguards
4. Art. 77 DPA complaint; Art. 79 effective judicial remedy; Art. 80 collective representation by NGOs; Art. 82 right to compensation; Art. 83 administrative fines
5. Art. 5(1)(b) purpose limitation; Art. 6 lawful basis; Art. 9 special-category overlay for sensitive training data; Art. 5(1)(c) data minimisation