EU AI Act: Do you have an EU Compliant AI Solution?

14 Jan 2024

The European Union (EU) takes the lead becoming the first major world power to enact a law governing artificial intelligence (AI). As our societies are being reshaped by AI, after numerous drafts, revisions & discussions, the European Commission has reached an agreement in the form of the EU AI Act. So, what are its implications? How about jurisdiction? And how to ensure businesses’ compliance?

Let’s first address the complex negotiations process that bears witness to the importance & potential consequences of the legislation. The French, German & Italian governments advocated for replacing the AI Act with a less stringent code of conduct that they claimed was aimed to alleviate regulatory burdens on European businesses, thereby enabling them to better compete globally. However, the European Commission stayed with their original approach, arguing that a balanced regulation would create a level playing field for all companies, domestic & foreign, by requiring them to adhere to the AI Act's standards.

The purpose of the EU AI Act is to safeguard fundamental rights, democracy, the rule of law & environmental sustainability from the potential risks posed by high-risk AI systems. At the same time, the Act is promoting innovation & investments in such systems along with their applications. The jurisdiction goes beyond the origin of AI development, including any AI system introduced, marketed, or operational within the EU. The approach is risk-based, enforcing different sets of demands based on risk assessment & classification. The road to implementation is going to involve harmonization of the requirements and their translation into tangible technical standards.

The Act will also require all organizations that offer essential services, such as insurance & banking, to conduct an impact assessment on how using AI systems will affect people’s fundamental rights.

Risk classification

Risk classification is a crucial point as it determines the obligations & restrictions for each category, from outright bans to mandatory assessments accompanied by transparency rules. The Act introduces 4 risk levels: Prohibited, High, Limited & Minimal.

Minimal-risk systems are recommendations systems, spam filters & fraud detection are not subject to any specific disclosure measures.

Limited-risk systems are systems supporting human decision-making (chatbots or virtual personal assistants) & categorization systems using biometric data. They have transparency requirements implying that users should be informed that they are interacting with an AI system and they should be able to understand the extent to which AI contributes to this interaction. This is a challenging but still quite enlightening requirement.

High-risk systems are not only the ones used in law enforcement, administration of justice, biometrical identification, medical devices, & vehicles but also systems used within recruitment, HR & access to services such as insurance, banking, credit, benefits etc. Citizens hold the right to launch complaints, with examples including AI systems influencing elections & voter behaviour, allowing citizens to question decisions impacting their rights.

High-risk systems are subject to

  • mandatory fundamental rights impact & conformity assessments,

  • registration in a public EU database,

  • risk & quality management systems implementation,

  • data governance – bias mitigation, showing representative training data,

  • transparency – usage instructions, technical documentation,

  • accuracy and robustness assessment & human oversight.

Certain practices are classified as being damaging, bearing an Unacceptable Risk, therefore prohibited:

  • Techniques manipulating individual cognition & behaviour.

  • Random collection of facial recognition data.

  • Emotion recognition systems in workplaces & education.

  • Deployment of social credit scores.

  • Biometric processing of sensitive personal data like sexual orientation or religious beliefs.

  • Certain applications of predictive policing targeting individuals.

 The road ahead

For businesses, aligning with the EU AI Act means winning consumer trust, ensuring ethical AI operations and potentially achieving competitive differentiation in the market. The AI Act stresses the necessity of transparent, interpretable AI models along with unbiased, premium-quality data while non-compliance may result in substantial financial penalties. The Act’s enforcement demands precise monitoring & continuous review. Specially if operating in sensitive sectors such as finance, insurance & healthcare, organizations must pay close attention to these safeguards. This implies a commitment in terms of resources and investing in specific regulatory knowledge.

A ‘wait and see’ approach is definitely not recommended; it will undoubtedly lead to missed market opportunities. Hence, organizations should proactively evaluate their existing & planned AI systems to determine which ones are prone to high-risks scenarios of the Act. Conducting a comprehensive gap analysis against the essential requirements outlined in the Act is the ultimate advise.

At MimerAI, we understand the significance & potential implications of the EU AI Act for organizations, that is why we are committed to providing comprehensive support to our clients in mitigating the risks & staying compliant. We have built our platform with AI responsibility, explainability & transparency at its foundation, featuring an AI decision-tracking option as well as the possibility to wait on human approval. Moreover, as our platform is both Cloud & LLM agnostic it avoids vendor lock-ins allowing you to perfectly match & choose providers for a specific usage as well as easily switch in case the chosen providers fail to adhere to regulations requirements.

We actively work with our clients to develop tailored compliance strategies for their individual use cases & assist them in enhancing data governance frameworks to meet the Act's stringent standards, focusing on data quality & transparency practices. To ensure your business complies with the novel EU AI Act, a comprehensive, structured analysis & assessment of your ongoing as well as planned operations is crucial. It's essential to recognize both the direct & indirect impacts to identify potential areas of risk today & tomorrow.

Start 2024 by embracing AI responsibly! #AIAct #Regulation #Innovation #AIResponsibility

Let's get started

Boost your productivity now

If you're ready to take your productivity and automation to the next level, give MimerAI a try. Our platform can help you streamline your workflow, automate repetitive tasks, and stay on top of your schedule, all in one place.