The Artificial Intelligence Act (AI Act) of the European Union (EU) claims to be based on a risk-based approach to avoid over-regulation and to respect the principle of legislative proportionality. This paper argues that risk-based regulation is indeed the right approach to AI regulation. At the same time, however, the paper shows that important provisions of the AI Act do not follow a truly risk-based approach. Yet, this is nothing that cannot be fixed. The AI Act provides for sufficient tools to support future-proof legislation and to implement it in line with a genuine risk-based approach. Against this background, the paper analyses how the AI Act should be applied and implemented according to its original intention of a risk-based approach, and what lessons legislators around the world can learn from the AI Act in regulating AI.

This paper examines the impact that the finally approved Artificial Intelligence Act (AIA) will have on European public authorities when developing, acquiring and using AI systems. It argues that, despite the initial disappointment that the Act may cause when approaching it from an administrative law perspective, and despite the fact that some of the solutions that have been finally chosen are questionable, it represents a remarkable step forward, duly addressing many of the problems raised in the literature in relation to the automation of administrative decisions and the use of AI systems by public authorities.