EU AI Act explicitly mentions SMEs and start-ups, but how?

The EU AI Act Proposal contains 20+ explict mentions of SMEs/start-ups. It aims to soften obligations and ease access to specific compliance processes and to include them inside EU governance bodies.

Jean-Matthieu Schertzer

7 minute read

European Union is on the verge of adopting a horizontal Regulation on Artificial Intelligence (AI Act). Specific mentions of SMEs and start-ups are included. Let’s analyze them.

Here is the breakdown of the 30 explicit mentions, and their goals, of SMEs and start-ups in the AI Act Proposal:

  • to smoothen some Provider and Deployer obligations (#12 mentions),
  • to possibly reduce penalties when infringement occurs (#2),
  • to facilitate access (process and price) to compliance processes (#7),
  • to include them more as stakeholder in EU Governance (#4) and
  • to affirm a will to support their innovation. (#5)

1. Objectives and context

This post is not a general summary and analysis on the AI Act, but focuses on an important point of discussion, at the core of the Innovation vs Regulation debate. We will focus on Small and Medium-sized Enterprises (SMEs) and Start-ups.

Some context: At the time of the writing (14th of June, 2023), the EU Parliament has formally voted a Proposal for the AI Act. The next step will be to go through the Trilogue for the final deliberations and vote.

2. Methodology

2.1. Presentation

So, let’s track those mentions of SMEs and start-ups in the text. We will use the Consolidated draft version with the Parliament Amendmends, from the 9th of May 2023.

A keyword search has been run on the document, with the following queries: “SMEs”, “SME’s”, " SME”, “medium-sized”. After deduplication, there are 30 mentions of SMEs, which are mostly associated with the word start-up (25 out of 30).

Those mentions have been manually reformulated, merged together and grouped by category.

2.2. Weaknesses

With a keyword search, there are some weaknesses though, due to:

  • misspellings (partially hedged by querying with different keywords)
  • paraphrases (partially hedged by including the non-abbreviated form, with “medium-sized”)
  • situations that apply to SMEs, without refering to it. The best example is Art. 17.2., regarding the obligation for high-risk Providers to have a Quality Management System. It states that its implementation “shall be proportionnate to the size of the provider’s organisation”. These implicit mentions are a blindspot of our methodology.

3. Results

Five categories have been created to capture all mentions of SMEs:

  • Less Obligations (deduplicated in 3: Provider, Deployer and in General, for high-rish AI System)
  • [possibly] Smaller Penalties
  • Easier access to compliance processes
  • Inclusion in EU Governance
  • Affirmation of the importance of innovation.

Below, you can checkout the results at a high level or in detail.

3.1. Synthesis

Category Themes and Articles # of mentions
 Less Obligations as Provider Scope of the AI Act (Art. 2 and Recital 12a)
Technical Documentation (Art. 11)
Less Obligations as Deployer Fundamental Rights Impact Assessment of high-risk AI systems (Art. 29a and Recital 58a) 3
 Less Obligations in General Unfair contractual terms unilaterally imposed on an SME or start-up (Art. 28a and Recital 60a, 60b)
Smaller Penalties Penalties (Art. 71 and Recital 84) 2
Easier access to compliance processes Conformity Assessment (Art. 43.4.a)
Regulatory Sandboxes (Art. 53 and Recital 72)
National supervisory authorities (Art. 59)
Inclusion in EU Governance Harmonized Standards (Art. 40 and Recital 61b, 61d)
Advisory forum (Art. 58.2.)
Affirmation of the importance of innovation Subject matter/Purpose (Art. 1 and Recital 5, 5a)
Guidelines for the Commission on the implementation of this Regulation (Art. 82b.1.)

3.2. Details

Here is the display of the mentions of SMEs at the Article/Recital level.

Category Article or Recital Content # of mentions
Less Obligations as Provider Scope of the AI Act:
Recital 12a and Art. 2
To foster the development and deployment of AI, especially by SMEs, start-ups, academic research but also by individuals, this Regulation should not apply to such free and open-source AI components except to the extent that they are placed on the market or put into service by a provider as part of a high-risk AI system […]. Note that “foundation models” are not exempted and a specific part of the AI Act describes obligations for foundation models providers. 1
Less Obligations as Provider Technical Documentation:
Art. 11
Providers of high-risk AI systems have an obligation to provide Technical Documentation, which contains, at a minimum, elements set out in Annex IV. The article adds : “or, in the case of SMEs and start-ups, any equivalent documentation meeting the same objectives, subject to approval of the competent national authority”. 1
Less Obligations as Deployer Fundamental Rights Impact Assessment of high-risk AI systems:
Recital 58a and Art. 29a
The “fundamental rights impact assessment” (prior to putting it into use), obligation for Deployers, should not apply to SMEs which, given the lack of resources, might find it difficult to perform such consultation. 3
Less Obligations in General Unfair contractual terms unilaterally imposed on an SME or start-up:
Recital 60a, 60b and Art. 28a
If an unfair contractual term concerning components […] integrated in a high-risk AI system has been unilaterally imposed by an enterprise on a SME or start-up, it shall not be binding. 7
Smaller Penalties Penalties:
Recital 84 and Art. 71
Penalties, in case of infringements, shall take into particular account the interests of SMEs and start-ups and their economic viability. 2
Easier access to compliance processes Conformity Assessment
Art. 43.4.a
Specific interests and needs of SMEs shall be taken into account when setting the fees for third party conformity assessment, reducing those fees proportionately to their size and market share. 1
Easier access to compliance processes Regulatory Sandboxes:
Recital 72 and Art. 53
Member States should ensure that regulatory sandboxes are easily accessible to SMEs and start-ups (including prospective AI Providers). Moreover, this access should be free of charge for SMEs and start-ups, and with simple procedures. 5
Easier access to compliance processes National supervisory authorities:
Art. 59
National supervisory authorities may provide guidance and advice on the implementation of this Regulation, including to SMEs and start-ups. 1
Inclusion in EU Governance Harmonized Standards:
Recital 61b, 61d and Art. 40
Actors involved in advising for the standardisation request and involved the standardisation process should include SMEs and start-ups (to develop harmonised standards, cf Art. 40). 2
Inclusion in EU Governance Advisory forum:
Art. 58.2.
The membership of the advisory forum shall represent a balanced selection of stakeholders, including industry, start-ups, SMEs, civil society, the social partners and academia. […] 2
Affirmation of the importance of innovation Subject matter/purpose of the AI Act:
Recital 5, 5a and Art. 1
The AI Act rules should be clear and robust in protecting fundamental rights, supportive of new innovative solutions, and enabling to a European ecosystem […]. By laying down those rules, as well as measures in support of innovation with a particular focus on SMEs and start-ups, this regulation supports the objective of promoting the “AI made in Europe”. Moreover, the Union should address the main gaps and barriers between large companies, SME’s and start-ups. 4
Affirmation of the importance of innovation Guidelines for the Commission on the implementation of this Regulation:
Art. 82b.1.
When issuing such guidelines, the Commission shall pay particular attention to the needs of SMEs including start-ups, local public authorities and sectors most likely to be affected by this Regulation. 1

Final Word

On the one hand, there is a clear intent to ease compliance and the impact of the AI Act, for SMEs and start-ups. Their contribution to innovation is explicitely stated, with softened obligations, possibly smaller penalties, an easier access to compliance processes, a better inclusion in EU Governance bodies and repeated affirmations of the innovative nature of SMEs and start-ups.

On the other hand, most of these mentions do not directly translate into concrete reduced expectations towards compliance for SMEs and start-ups that will be providers of high-risk systems. A lot of mentions are indeed not very precise yet, without Harmonized Standards.

comments powered by Disqus