The EU AI Act: what it means for your business
The EU AI Act, provisionally agreed upon in December 2023 and set to enter into force in Q2-Q3 2024. This will be the world’s first comprehensive AI regulation. The EU AI Act aims to ensure that AI systems in the EU are safe and respect fundamental rights and values.
Who is affected by the EU AI Act?
The EU AI Act impacts various actors involved in AI, including providers, deployers, importers, distributors, and product manufacturers. This ensures that all parties in the AI lifecycle—development, usage, import, distribution, or manufacturing—are accountable. Additionally, the Act applies to non-EU entities, such as those in Switzerland, if their AI system’s output is intended for use within the EU.
What is required by the EU AI Act?
Step 1: Model Inventory
– Assess Current State: Identify if your organization uses, develops, or plans to procure AI systems.
– List AI Systems: Use a model repository to document identified AI systems. Financial services can extend existing model governance frameworks to include AI.
– Status Quo Assessment: Organizations without a model repository should assess their current exposure. Start with existing software catalogs or conduct surveys across business units.
Step 2: Risk Classification
Classify AI Systems: Based on the repository, categorize AI systems by risk level as defined by the EU AI Act:
– Unacceptable Risk: Prohibited systems (e.g., real-time biometric ID in public, social scoring, subliminal influencing).
– High Risk: Must meet stringent requirements, undergo conformity assessments, and be registered in an EU database. Examples include AI in critical infrastructure, hiring, credit scoring, and insurance.
– Limited or Minimal Risk: Require transparency measures (e.g., informing users of AI-generated interactions like chatbots).
Step 3: Prepare and Get Ready
Compliance Steps: Providers, deployers, importers, distributors, and affected parties should:
– Assess AI system risks.
– Raise awareness.
– Design ethical systems.
– Assign responsibility.
– Stay updated on regulations.
– Establish formal governance.
The AI Act is expected to take effect in Q2-Q3 2024, with a transition period of 6-24 months for full compliance.
By proactively preparing, organizations can avoid significant sanctions once the Act is enforced.
