AI Act Into Force: Is Your Company Ready for Compliance?

The AI Act was published in the Official Gazette of the European Union and officially came into force. Is your company ready to comply with it?

The different provisions of the AI Act will become applicable during a specific timeline that you can find in our report available HERE. However, with the clock quickly running, no company can afford to adopt a technology which will have to be dismissed, renegotiated, and in any case changed in a few months.

Below is the methodology that we recommend following in the coming months to become compliant:

1. Map AI systems: Identify all AI systems your company currently uses or plans to use. The risk is that your business is already using artificial intelligence solutions without the company being aware and without considering the legal implications, for instance, due to local initiatives of departments or even individuals.
2. Create an AI governance framework: Establish internal rules for the use and approval of AI solutions. These rules should take into account the obligations arising from the AI Act, data protection regulations, intellectual property laws, ISO standards for areas that are not covered, and ethical rules in line with ESG principles. These rules should not just prohibit any sort of usage of AI solutions since otherwise, employees will try to bypass them. They should set the approval process so that employees are aware of how business needs have to be escalated.
3. Create material to ease the understanding of the AI governance framework internally and start training your employees: We normally accompany the policy with a leaflet that, in a short and easy-to-understand manner, also adopting legal design solutions, summarizes the most important contents of the governance framework. At the same time, we run training sessions for the different business units with a specific focus on the AI solutions impacting their activity. If your employees and officers do not understand what can and cannot be done with AI solutions, the business will remain at risk, and any effort will be meaningless.
4. Form an internal AI committee: Assign a team to evaluate AI solutions using a compliance-by-design approach. This team can include top managers, but it also needs operational members who will be involved in the assessment of the artificial intelligence solution, liaise with the different business units, and monitor the AI solution even after its implementation.
5. Select and prioritize AI solutions: Determine which AI solutions to invest in and establish their priority levels. This activity will need to make a prior high-level assessment of the compliance risks and implications of the solutions identified by the business. Then the AI committee will have to select the solutions on which the company wants to invest, also obtaining the approval of the relevant budget.
6. Test and evaluate AI solutions: Begin evaluating selected AI technologies. This activity has technical and compliance implications. To support businesses in this potentially time-consuming task, we have developed Prisca AI Compliance, a solution that allows convenient assessment of the compliance of artificial intelligence solutions across the AI Act, data protection laws, IP laws, and ISO standards, generating a detailed report that can be used for internal compliance as well as towards regulators and third parties challenging the conduct of the company. You can watch a video about this product HERE.

Do you want to know more about the above-mentioned methodology? Reach out to us to discuss. In the meantime, you can read HERE some material on the most relevant legal issues of AI compliance.