As the world continues to get to grips with the advancement of AI, a legislative framework is on the horizon. The EU Artificial Intelligence (AI) Act will change how we develop, market, or use AI systems. The regulatory framework will be similar to the General Data Protection Regulation (GDPR), but the focus will remain on AI.
Planet Compliance spoke with AI & Partners to learn more about the EU AI Act and how it will affect businesses. Use this information to check if your company is ready and if you still need to cover some areas.
What Are The Key Takeaways Of The EU AI Act?
The key takeaways of the EU AI Act are as follows:
- The EU AI Act has a European approach to it, which means there will be a high level of data protection, digital rights, and ethical standards.
- The ethical and legal framework will represent the EU’s values. Also, it will stay in line with the Charter of Fundamental Rights.
- There will be more clarity about key problem areas. For example, there will be more legal certainty, safety, and security for companies.
- The EU AI Act is expected to come into force in Q1 2024.
What Similarities Exist With The GDPR?
As mentioned earlier, there are some similarities between the EU AI Act and the GDPR. Here are some examples:
- Accountability will be key. Companies can do this by demonstrating ongoing compliance and keeping detailed testing records.
- It will also have extraterritorial scope, meaning that it will apply to businesses outside of the EU that offer goods or services to EU citizens.
- There will be fines and penalties for companies not complying with the EU AI Act. It could impose fines of up to 6% of annual global revenue.
- Companies will also need to adopt a risk-based approach to the EU AI Act by assessing potential risks and implementing measures to mitigate risks.
- Businesses must be transparent. This transparency involves letting users know how their data is used and when AI systems use it.
How Does It Apply?
There are four distinct areas that the EU AI Act will apply to. Here are some examples to see where your organization fits.
A provider is a person who has developed an AI system or is developing one to put it on the market or into service. It applies to an AI system under its own name or a trademark for payment or free of charge.
A user is a person using an AI system under its authority. The exception is when it is for a personal, non-professional activity. It also applies to anyone using an AI system for a professional activity, such as assigning someone to a vocational training institution.
This section applies to authorized reps, operators, importers, and third-party distributors. The EU AI Act mainly applies to Providers and Users. However, depending on their services and what they do with the AI system, it can affect these others.
AI systems are in three categories: In-Scope, Out-Of-Scope, and To-Be-Determined. Detailed below is an explanation of the three categories and some examples.
In-Scope – High-risk AI systems, applications, and uses. Examples are health and mass surveillance.
Out-Of-Scope – Non-Risk AI systems. Examples are non-critical infrastructure and non-HR and employment.
To-Be-Determined – AI systems that are high-risk applications/low-risk use (also vice versa).
What Are The Requirements?
You will need to follow four main areas to stay compliant. These are document and record-keeping, human oversight, information provision, and training data. Here’s a quick insight into the requirements for each area:
Document and record-keeping
- Keep datasets
- Make records so you can provide data upon request
- System in place to protect confidential information
- Hire dedicated staff
- Provide staff training
- Regular software updates
- Clarity about the purpose and key assumptions
- Identity/contact of the provider
- Model optimization and parameters
- Ensure the quality of the training dataset
- Suitability of data-driven solutions
- Use non-personal or anonymized data
What Are The Additional Requirements?
There will also be a few other requirements on top of the ones mentioned above. Here are some additional requirements for the EU AI Act:
- Conformity Assessment
- Impact Assessments
- Ongoing Compliance
- Post-market monitoring
- Quality and Risk Management
- Reporting to Competent Authorities
- Robustness and accuracy
How Can AI & Partners Help?
The information above should help you get the ball rolling and prepare for the EU AI Act. However, if your business is still concerned and wondering how it will affect your organization, AI & Partners can help you. Using its groundbreaking RegTech tool, the European AI Scanner, AI & Partners, assists firms in complying with the EU AI Act. Get in touch with them if you need any further support and want to ensure you are ready in time.