Categories
News

Understanding the EU’s Artificial Intelligence Act: Key Points for Legal and Compliance Professionals | Marcum LLP


Key Points

  • The EU AI Act went into impact on August 1, 2024, and applies to organizations globally.

  • The Act requires classifying AI programs and mandates necessities for AI customers, builders, suppliers, and distributors.

  • The Act has particular necessities that carry extreme penalties for non-compliance.

  • Legal and compliance professionals have an obligation to make sure the compliance of their organizations’ AI programs by a complete program.

On August 1, 2024, the European Union’s Artificial Intelligence Act went into impact, turning into the first regulatory framework to deal with the moral, authorized, and societal implications of AI programs. The Act requires organizations that develop or use AI programs to stick to necessities based mostly on classifying AI programs into totally different danger classes and necessities.1 Any group that implements or makes use of AI programs in the EU, makes use of EU knowledge, or has EU customers of its AI is topic to this regulation.

Understanding the key provisions of the Act is essential for authorized and compliance professionals to make sure compliance. The penalties for non-compliance are noteworthy. The EU can impose an administrative effective of as much as €35 million or 7 % of worldwide annual gross income, whichever is bigger.2 Given the mass adoption of AI by many organizations, the EU AI Act is critical to many organizations.

Classification of AI Techniques

Considered one of the EU AI Act’s pillars is introducing a risk-based classification system for AI purposes. The classifications are required for any AI system in use by a corporation. The EU defines AI programs as:3

AI system’ means a machine-based system that’s designed to function with various ranges of autonomy and which will exhibit adaptiveness after deployment, and that, for specific or implicit targets, infers, from the enter it receives, find out how to generate outputs akin to predictions, content material, suggestions, or selections that may affect bodily or digital environments[.]

This definition encompasses a big selection of various kinds of AI. Whereas massive language mannequin programs have acquired most of the consideration just lately, the EU’s definition captures the full vary of AI programs, together with predictive analytics and guidelines engines.

The classifications outlined by the EU embody 4 classes stratified by ranges of danger. The very best danger class, unacceptable danger, is strictly prohibited with out an exemption (e.g., affirmative exemptions for regulation enforcement). The remaining three classes are allowed, supplied that the AI programs’ administration and utilization adjust to the laws.

The 4 AI danger classes are:

  • Unacceptable Danger: These are AI programs deemed to pose a risk to security, elementary rights, or societal values and are due to this fact prohibited.

  • Excessive Danger: These are AI programs that require strict compliance with regulatory necessities because of their potential affect on security and elementary rights.

  • Transparency Danger: These programs necessitate transparency obligations to make sure customers know they’re interacting with AI.

  • Minimal Danger: These are deemed low danger and topic to minimal regulatory oversight.

AI risk categories

Roles in AI Techniques

The EU AI Act lays out particular roles and duties for numerous stakeholders concerned in growing, deploying, and overseeing AI programs. The 4 roles outlined in the Act are AI system suppliers, customers, importers, and distributors.

These roles are essential to grasp as a result of customers and deployers of AI programs are topic to the Act, even when they didn’t develop the AI system.

The EU defines these roles as follows:4

supplier means a pure or authorized individual, public authority, company, or different physique that develops an AI system or a general-purpose AI mannequin or that has an AI system or a general-purpose AI mannequin developed and locations it on the market or places the AI system into service underneath its personal identify or trademark, whether or not for fee or freed from cost;

deployer means a pure or authorized individual, public authority, company, or different physique utilizing an AI system underneath its jurisdiction besides the place the AI system is utilized in the course of a private, non-professional exercise;

importer means a pure or authorized individual positioned or established in the Union that locations on the market an AI system that bears the identify or trademark of a pure or authorized individual established in a 3rd nation;

distributor means a pure or authorized individual in the provide chain, apart from the supplier or the importer, that makes an AI system obtainable on the Union market;

Every position is designated with duties. That is necessary as a result of the duties lengthen past the improvement of AI by extending to the customers of the programs and those that deliver AI into the EU and implement it.

Suppliers are primarily accountable for making certain their AI programs adjust to the Act’s necessities. This consists of conducting thorough danger assessments, sustaining technical documentation, and making certain that AI programs are designed and educated utilizing high-quality datasets. Suppliers should additionally implement mechanisms for human oversight and keep a system for logging and monitoring AI system efficiency.

Customers of high-risk AI programs additionally bear important duties underneath the EU AI Act. They need to function the AI programs in line with the directions supplied by the system suppliers and report any severe incidents or malfunctions to the related authorities. Customers are anticipated to take applicable measures to make sure that the AI programs are used ethically and don’t pose dangers to people’ rights or security. Moreover, customers should cooperate with regulatory authorities throughout inspections and audits, offering entry to mandatory documentation and logs.

Importers and distributors play necessary roles in making certain that AI programs coming into the EU market adjust to the Act. Importers are accountable for verifying that the AI programs they bring about into the EU meet all compliance necessities. They need to guarantee the suppliers have performed the mandated assessments and have the required documentation. Distributors should be sure that AI programs are usually not compromised throughout transportation and storage. Each importers and distributors must preserve data and cooperate with authorities to make sure that solely compliant AI programs can be found in the market.

AI Techniques Obligations

Every kind of danger class carries particular necessities for the governance and oversight of AI programs. Organizations are required to handle each certainly one of their AI programs based mostly on the corresponding danger classes. These necessities span governance and management areas, together with know-how administration and human oversight. As well as, organizations should disclose when AI is getting used, akin to when AI chatbots are used for buyer help.

For prime-risk AI programs, the Act imposes a number of stringent necessities. These necessities are designed to make sure that organizations keep correct governance and oversight of their AI programs. The necessities for high-risk AI programs embody:

  • Danger Administration: Organizations should implement broad danger administration know-how options to determine and mitigate potential dangers related to high-risk AI purposes.

  • Knowledge Governance: Excessive-quality knowledge and coaching should be used to develop AI fashions to attenuate biases and inaccuracies, and high-quality knowledge should be maintained all through the AI lifecycle.

  • Technical Documentation: Complete technical documentation is required to adjust to regulatory requirements.

  • Human Oversight: Sure measures are required to make sure that human oversight can intervene in the AI system’s decision-making course of, if mandatory.

  • Robustness and Accuracy: AI programs should be designed to ship correct, sturdy, and safe outcomes relative to the dangers they pose.

The Act accommodates extra necessities, and every requirement accommodates extra specifics about the remedy of AI programs. Considered one of the noteworthy necessities is that some AI programs should adhere to particular disclosure obligations for transparency. These necessities embody the following:

  • Consumer Consciousness: Customers should be knowledgeable that they’re interacting with an AI system. That is essential for chatbots and different AI-driven customer support purposes.

  • Disclosure of Capabilities: The AI system’s limitations and capabilities ought to be clearly communicated to stop misunderstandings or misuse.

The Act and Legal and Compliance Professionals

Organizations with any operations involving the EU want to include the EU AI Act into their compliance applications. The monetary penalties have garnered headlines, with penalties as much as €35 million or 7 % of worldwide annual gross income. Whereas the Act is now in impact, the EU is rolling it out over two years to provide organizations time to stick to it. Nevertheless, authorized and compliance professionals ought to focus instantly on their compliance with this Act, not solely to change into compliant with their present AI know-how but in addition to allow themselves to proceed their AI improvement with compliance included into their processes.

Legal and compliance professionals ought to take a number of proactive steps to make sure their organizations adjust to the EU AI Act. Organizations ought to incorporate the steps to reinforce and improve their current compliance and inner audit applications. Most necessities are usually not novel vis-à-vis conventional know-how compliance necessities, other than a number of issues distinctive to AI (e.g., AI transparency and bias).

Beneath are the advisable approaches for understanding the EU AI Act and your group’s compliance:

  • Conduct a Thorough EU AI Act Overview: Carry out a radical assessment of the particulars and necessities of the EU AI Act to grasp what obligations your group has, if any.

  • Determine and Classify AI Techniques: Conduct an AI assessment to doc all programs that comprise AI—even when your group didn’t develop the programs AI—and classify every in line with the EU’s definitions.

  • Audit Present AI Techniques: Conduct thorough audits of current AI programs to measure them in line with the Act’s danger class necessities and implement mandatory compliance measures.

  • Develop Compliance Packages: Set up complete AI compliance applications that embody danger administration, knowledge governance, and documentation procedures.

  • Overview Insurance policies and Notifications: Replace inner insurance policies and exterior disclosures, if mandatory.

  • Coaching and Consciousness: Prepare employees and stakeholders on the necessities and implications of the EU AI Act to advance your group’s compliance tradition.

Conclusion

The EU AI Act establishes a rigorous and structured framework for regulating AI applied sciences, emphasizing danger administration, transparency, and accountability. Legal and compliance professionals are important in navigating this regulation to make sure their organizations use and deploy AI responsibly and ethically. Whereas we’re at present in the early phases of AI compliance, organizations are finest served to implement complete AI compliance applications to finest serve their stakeholders and mitigate monetary, technological, moral, and reputational dangers.

Trying for solutions? We may help.

Marcum is a number one assurance, tax, and advisory agency with distinguished professionals who deliver a long time of expertise to assist shoppers efficiently navigate advanced points at the intersection of know-how and compliance. Whether or not you might be growing superior AI know-how or are using AI for your advertising and marketing campaigns, we may help you. Contact us today to learn more.

Sources

  1. European Parliament, “REGULATION (EU) 2024/1689 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL,” https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L_202401689, June 13, 2024.

  2. European Parliament, “Article 99: Penalties,”

    https://www.euaiact.com/article/99, July 31, 2024.

  3. European Parliament, “EU Artificial Intelligence Act, Article 3: Definitions,”

    https://artificialintelligenceact.eu/article/3/#:~:textual content=Anpercent20AIpercent20systempercent20ispercent20a,thatpercent20usespercent20anpercent20AIpercent20system., June 13, 2024.

  4. European Parliament, “EU Artificial Intelligence Act, Article 3: Definitions,”

    https://artificialintelligenceact.eu/article/3/#:~:textual content=Anpercent20AIpercent20systempercent20ispercent20a,thatpercent20usespercent20anpercent20AIpercent20system., June 13, 2024



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *