AI Act for the Working Programmer
Holger Hermanns, Anne Lauber-Rönsberg, Philip Meinel, Sarah Sterz, Hanwei Zhang
TL;DR
The paper tackles the challenge of navigating the EU AI Act from the perspective of the working programmer, focusing on how to distinguish regulated AI technologies and identify applicable obligations. It adopts a two-pronged approach: mapping obligations across GPAI models, AI systems, and SPAI, and providing a practical flowchart to guide developers through compliance questions. A key contribution is analyzing downstream use of GPAI models (e.g., fine-tuning, repurposing) and highlighting the regulatory tension between enabling innovation and ensuring high-risk protections, with empirical examples like AutoRa. The study emphasizes substantial regulatory uncertainties, anticipates future standardization by EU bodies, and advocates for AI literacy and regulatory engagement to shape implementation. Overall, the work offers a navigational framework to help practitioners anticipate legal risks and integrate compliance into software development lifecycles.
Abstract
The European AI Act is a new, legally binding instrument that will enforce certain requirements on the development and use of AI technology potentially affecting people in Europe. It can be expected that the stipulations of the Act, in turn, are going to affect the work of many software engineers, software testers, data engineers, and other professionals across the IT sector in Europe and beyond. The 113 articles, 180 recitals, and 13 annexes that make up the Act cover 144 pages. This paper aims at providing an aid for navigating the Act from the perspective of some professional in the software domain, termed "the working programmer", who feels the need to know about the stipulations of the Act.