On 9 December 2023 the European Parliament and the Council managed to reach a provisional agreement regarding the AI Act, which is expected to be adopted early 2024. Within two years from adoption the AI Act will apply to all businesses introducing or using AI in the EU. Given this timeline, EU businesses should already be planning and adjusting their strategies to comply with the new AI regulation.
The AI Act is the world’s first comprehensive AI law and introduces a risk-based categorization for AI systems. Certain AI applications will be deemed unacceptable and thus prohibited in the EU. While these prohibitions may not impact a large number of businesses, many will need to address the new compliance requirements for AI systems that are classified as high or medium risk. High-risk AI systems will necessitate compliance with several provisions, including a risk management system and specific documentation requirements. For versatile AI technologies, like ChatGPT, and other general-purpose AI systems, the regulation will impose relatively strict requirements, inter alia relating to documentation and transparency.
In parallel, existing regulations, such as GDPR and copyright laws, already sets out requirements for AI development and use. To navigate these existing and impending regulations, businesses should consider the following:
- Mapping: Identify which AI technologies align with your business needs and understand the applicable regulatory requirements.
- Documentation: Evaluate the regulatory risks associated with using AI and develop strategies to mitigate these risks.
- Implementation: Ensure the establishment of a comprehensive AI framework in your business, defining clear roles, responsibilities, and guidelines for AI usage.
- Review: Set up a process for ongoing AI compliance monitoring.
To conclude, the AI Act with its strict requirements and sanctions is set to change the game for businesses, much like the GDPR did in 2018. It’s vital for businesses to begin a structured process to understand and comply with both current and future AI regulatory requirements. This proactive approach to AI Compliance will become increasingly critical as we move into 2024 and beyond.