EU AI Act Excludes Autonomous AI Agents in Smart City Infrastructure from Key Accountability Rules
A recent study (arXiv:2605.01091) indicates that the EU AI Act does not require safety-component AI in critical infrastructure to adhere to Article 86's explanation rights and Article 27's assessments of fundamental rights, as outlined in Annex III, point 2. This exemption impacts autonomous AI systems in smart city environments, including traffic signal controllers and grid managers, which may operate across various agencies without a clear accountable authority. Although provider and deployer responsibilities under Articles 9-15 remain in effect, and there are some protections through GDPR, NIS2, and tortious liability, the Act limits its main accountability measures for residents. The study identifies this gap through four remaining pathways: GDPR Article 22, transparency obligations, tortious liability, and additional mechanisms.
Key facts
- EU AI Act Annex III point 2 excludes safety-component AI in critical infrastructure from Article 86 and Article 27.
- Autonomous AI agents in smart city infrastructure lack a single accountable authority.
- Provider and deployer duties under Articles 9-15 still apply.
- Residual pathways include GDPR Article 22, transparency obligations, tortious liability, and NIS2.
- The paper is published on arXiv with ID 2605.01091.
- The exclusion affects traffic signal controllers and grid managers.
- Residents have limited means to obtain explanations under the Act.
- The paper traces the accountability deficit through four residual pathways.
Entities
Institutions
- European Union
- arXiv