Further Reading: The EU AI Act and Risk-Based Regulation

The sources below provide deeper engagement with the themes introduced in Chapter 21. They are organized by topic and include a mix of legal analyses, policy commentary, technical assessments, and comparative perspectives.

The EU AI Act: Text and Commentary

European Commission. "Proposal for a Regulation laying down harmonised rules on artificial intelligence (Artificial Intelligence Act)." COM(2021) 206 final. Brussels, April 21, 2021. The original legislative proposal, essential for understanding the Act's initial design choices and comparing them to the final text. Reading the proposal alongside the final regulation reveals where political negotiation strengthened, weakened, or fundamentally altered the Commission's vision.

Veale, Michael, and Frederik Zuiderveen Borgesius. "Demystifying the Draft EU Artificial Intelligence Act." Computer Law Review International 22 (2021): 97–112. The earliest and most widely cited academic analysis of the Commission's proposal. Veale and Borgesius systematically examine the Act's definitions, classification system, and enforcement architecture, identifying ambiguities and potential implementation challenges. Essential reading for understanding the Act's technical legal structure.

Ebers, Martin, et al. "The European Commission's Proposal for an Artificial Intelligence Act — A Critical Assessment by Members of the Robotics and AI Law Society (RAILS)." Journal of Law, Technology & Society 1 (2021): 589–603. A multi-author critical assessment from legal scholars specializing in AI and robotics law. The paper examines the Act's scope, risk classification, conformity assessment, and enforcement provisions from multiple disciplinary perspectives. Particularly valuable for its analysis of how the Act interacts with existing product safety and liability frameworks.

Risk-Based Regulation: Theory and Practice

Black, Julia. "The Emergence of Risk-Based Regulation and the New Public Risk Management in the United Kingdom." Public Law (Autumn 2005): 512–549. A foundational article on risk-based regulation as a governance strategy. Black examines how regulators use risk assessment to allocate limited enforcement resources, and the institutional, informational, and political challenges this approach creates. Essential background for understanding the theoretical framework behind the AI Act's tiered approach.

Baldwin, Robert, Martin Cave, and Martin Lodge. Understanding Regulation: Theory, Strategy, and Practice. 3rd ed. Oxford: Oxford University Press, 2024. The leading textbook on regulatory theory, covering risk-based approaches alongside command-and-control, incentive-based, and market-based alternatives. The chapter on risk provides the theoretical vocabulary for evaluating the AI Act's classification choices — including the inherent challenge of regulating harms that are probabilistic, distributed, and difficult to measure.

Floridi, Luciano. "The European Legislation on AI: A Brief Analysis of Its Philosophical Approach." Philosophy & Technology 34 (2021): 215–222. Floridi, one of Europe's leading philosophers of technology, provides a concise philosophical analysis of the AI Act's approach. He evaluates whether the Act's risk-based framework is consistent with the ethical principles developed by the High-Level Expert Group on AI, and identifies points of philosophical tension — particularly around the relationship between risk assessment and fundamental rights.

General-Purpose AI and Foundation Models

Bommasani, Rishi, et al. "On the Opportunities and Risks of Foundation Models." Stanford Center for Research on Foundation Models (CRFM), 2021. The landmark report that defined "foundation models" as a category and catalyzed policy attention. Over 100 researchers across multiple disciplines contributed to this comprehensive assessment of the capabilities, risks, and governance challenges of large-scale AI models. Essential context for understanding why the AI Act needed to be expanded to address GPAI.

Anderljung, Markus, et al. "Frontier AI Regulation: Managing Emerging Risks to Public Safety." arXiv preprint, 2023. A policy proposal from researchers at major AI labs (including Anthropic, Google DeepMind, and OpenAI) arguing for regulatory frameworks specifically targeting the most capable AI models. The paper's concept of "frontier AI" — models at the boundary of current capabilities — provides useful context for the AI Act's systemic risk provisions and the compute-based threshold.

Engler, Alex. "The EU AI Act Will Have Global Impact, but a Lot of Uncertainty." Brookings Institution, 2023. A policy analysis examining the practical challenges of implementing the AI Act's GPAI provisions, including the difficulty of measuring systemic risk, the tension between transparency requirements and trade secrets, and the challenge of enforcing obligations on providers headquartered outside the EU.

Biometric Surveillance and Fundamental Rights

Kindt, Els. Privacy and Data Protection Issues of Biometric Applications: A Comparative Legal Analysis. Dordrecht: Springer, 2013. A comprehensive legal analysis of biometric data processing under European law, covering the conceptual foundations of biometric identification, the legal framework for processing biometric data, and the unique risks biometrics pose to privacy and non-discrimination. Provides essential background for understanding why the AI Act treats biometric identification as a particularly sensitive application.

European Digital Rights (EDRi). "Ban Biometric Mass Surveillance: A Collection of Arguments." Brussels, 2021. A compilation of civil society arguments for a complete ban on biometric mass surveillance in public spaces. EDRi's analysis covers the fundamental rights implications, the discriminatory impacts (particularly on racial and ethnic minorities), the chilling effects on freedom of assembly and expression, and the proportionality analysis under EU fundamental rights law. Reflects the position the Parliament largely adopted during AI Act negotiations.

Fussey, Pete, and Daragh Murray. "Independent Report on the London Metropolitan Police Service's Trial of Live Facial Recognition Technology." University of Essex, 2019. An independent evaluation of one of the most significant real-world deployments of live facial recognition in a democratic context. The researchers found significant accuracy problems (81% false positive rate), disproportionate impact on ethnic minorities, and inadequate governance frameworks. The report provides empirical evidence for the concerns that motivated the AI Act's biometric surveillance provisions.

Comparative AI Governance

OECD. OECD AI Policy Observatory. Available at https://oecd.ai. The OECD maintains the most comprehensive tracker of AI governance initiatives worldwide. The observatory covers national AI strategies, policy frameworks, and governance instruments across over 60 countries. Essential for comparative analysis and for tracking the AI Act's global influence.

Smuha, Nathalie A. "From a 'Race to AI' to a 'Race to AI Regulation': Regulatory Competition for Artificial Intelligence." Law, Innovation and Technology 13, no. 1 (2021): 57–84. Smuha examines the phenomenon of "regulatory competition" in AI governance — the dynamic in which jurisdictions compete to attract AI investment by offering favorable regulatory environments, or alternatively, to set global standards by being first to regulate. Directly relevant to understanding the AI Act's strategic significance as first-mover regulation.

Roberts, Huw, et al. "The Chinese Approach to Artificial Intelligence: An Analysis of Policy, Ethics, and Regulation." AI & Society 36 (2021): 59–77. A detailed analysis of China's AI governance framework, including the country's approach to algorithmic recommendation regulation, deep synthesis (deepfake) regulation, and generative AI governance. Provides essential context for the comparative dimension of the AI Act discussion, particularly the case study on social credit systems.

These readings extend the chapter's analysis of the AI Act from legal text to political process, philosophical foundation, technical context, and comparative perspective. As Part 4 continues with data governance frameworks (Chapter 22) and cross-border data flows (Chapter 23), the regulatory foundations laid here will be built upon repeatedly.