Share This Article
The European Parliament has approved the AI Act, and companies cannot afford to wait any further to be compliant.ย
The European Parliament hasย officially approvedย the EU AI Act, the first legislation on artificial intelligence. Minor changes to the text will be implemented in the coming months, so we need to wait before reviewing the final wording of the regulation.
Clients have requested our review of AI systems for the last few months, and their question is whether the AI Act should be considered as part of the review. Obviously, clients are always right! Can they afford to launch an AI system that is not AI Act compliant now?
Below are my recommendations on what companies should do now because of the upcoming AI Act:
- ย Map the already used systems that could qualify as AI systemsย – The definition of artificial intelligence systems is very broad, and it does not include only general-purpose AI systems. A due diligence shall be performed internally to qualify them properly;
- Include, in contracts with suppliers, obligations to comply with the AI Act and renegotiate existing contractsย – Companies are already including in contracts a clause requesting to comply with the AI Act. Considering the investment in terms of time, cost, and effort to implement an AI system, no business can afford to be obliged to either dismiss it or at least retrain it once an AI system is in operation;
- Adopt internal technical and operational policies to regulate the use of AIย – The EU AI Act provides different obligations depending on the type of AI system. It is paramount that any business has a system of internal governance on the usage of AI systems and their review and approval. This internal framework is also necessary to prevent employees use AI systems that are publicly available with no control, exposing the company to high risks;
- Implement solutions to ensure compliance with privacy and IP regulationsย – The usage of AI systems is not only regulated by the EU AI Act. Privacy authorities in the EU, particularly the Italian data protection authority, the Garante, have already initiated investigations and issued GDPR fines against providers of artificial intelligence systems. Likewise, significant disputes arose in the United States for breach of intellectual property rights through AI systems;
- ย Adopt an AI Act Compliance Toolย – The policies mentioned above shall be accompanied by a methodology to assess compliance; otherwise, they remain generic principles that risk being ignored. At DLA Piper, we have developed a legal tech tool, PRISCA AI Compliance, which can considerably support companies in their AI compliance program. You can watch a videoย HEREย and reach out to us to know more;
- Protect internal trade secrets and confidential informationย – The recent scandals on the disclosure of confidential information and trade secrets, including strings of code pasted in publicly available artificial intelligence systems, show that a complete compliance program requires the implementation of technical and organizational measures aimed at limiting abuses by employees; and
- Train your employees; otherwise, any AI project will vanish. Any of the measures referred to above are likely not enough if they are not supported by a culture of AI compliance within the company. To this purpose, companies shall adopt the previously mentioned policies and run internal training to spread a higher awareness of the potential benefits and risks.
What is your view on the above? Do you need to know the essentials of the EU AI Act in a short and easy to read and remember format? You can find it HERE
