As expected, the EU Parliament adopted the EU AI Act in Strasbourg on 13th March with an overwhelming majority of votes.
While this is not the final step of the legislative process(the AI Act still needs to be formally endorsed by the Council of the EU which is expected in May-June and then it must be published in the Official Journal soon after) it does mark an important milestone.
Organisations are already working out what they need to do to comply with the forthcoming legislation.
People are scrambling to start using AI – it's already inundating the market. When staff are rushing to try out ChatGPT without realising the implications of copyright and other risks, organisations need to start putting safety measures in place.
Once the text of the AI Act is published in the EU's Official Journal, it will be introduced in phases over the next two to three years. It is expected that the EU will be the first region in the world to regulate the technology and that other countries around the world will follow suit. The UK has yet to provide detailed regulation, but it has so far indicated that it will be a lighter touch in order to encourage innovation.
What can businesses do to prepare to comply?
AI is already inundating the market in various forms and products. Organisations will need to imbed AI within their global compliance and governance structures to ensure they are mitigating potential risks.
Steps businesses can start taking include:
- running AI risk assessments and mapping where AI is being used
- drafting AI ethical rules and guidelines for use of Generative AI
- reviewing AI Governance structures and assessing the role of their Data Protection Officer in this context
- identifying if any activity falls into the high-risk AI category (as this will require greater measures of compliance)
- taking a look at the supply chain – if AI is going to be used by vendors, businesses will need to add clauses to their contracts to protect themselves
HR/Recruitment / Employment impact
The AI Act will also have a significant impact in specific areas such as HR and recruitment, given the restrictions that apply to the processing of sensitive data, use of biometric identification systems, emotion recognition tools and profiling. AI has the potential to disrupt recruitment and profiling activities. However, the EU legislator imposes clear boundaries on what AI systems are permitted and what rules apply to them. Notably, transparency and the respect of individuals' fundamental rights are some of the key requirements under the AI Act, similar to what already exists under the GDPR.
AI Act Introduction phased timeline:
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
