Punter Southall Law explores the implications of the EU AI Act, which will take effect on August 1, 2024. Jonathan Armstrong, Partner at Punter Southall Law and an expert in compliance and technology, offers valuable insights into what this legislation means for businesses in the EU and beyond.
Jonathan Armstrong, co-author of LexisNexis’ authoritative work, Managing Risk: Technology & Communications, and a Professor at Fordham Law School, where he teaches international compliance, comments, “After a long legislative process, the EU AI Act is finally becoming law on August 1, 2024. Although transitional provisions will delay full implementation, this hybrid legislation draws from previous EU regulations such as product safety, competition, and GDPR.”
He continues, “The Act is not without its flaws and will face challenges similar to those experienced with GDPR, including under-resourced regulators and uneven enforcement. Nonetheless, it has already shifted perspectives on AI risks and responsibilities both within the EU and globally.”
Armstrong notes that while the EU claims the Act is the world’s first comprehensive AI legal framework, AI was not entirely unregulated prior to this. He points out previous enforcement actions under GDPR, such as the Italian Data Protection Authority’s ban on ReplikaAI, Google’s Bard AI tool suspension, and fines for companies like Deliveroo and Clearview AI.
How can businesses ensure compliance?
“Preparation is crucial. Organizations should evaluate their current and planned use of AI systems, perform a compliance gap analysis, and identify affected business areas,” advises Armstrong.
“Creating a tailored Action Plan is essential. This should include employee training, increasing awareness, and briefing boards on AI risks and opportunities. Many boards lack AI and technology expertise, which needs to be addressed to grasp AI-related risks and opportunities fully. Ignoring AI is not an option; knowledge is vital.”
“Organizations should inventory their AI systems to assess their risk levels and update internal policies and procedures, including data breach plans in line with the EU AI Act. They should also prepare materials and notices to inform customers about their AI use, meet transparency requirements, and update client and supplier agreements with standardized clauses.”
How will UK businesses be affected?
“The UK government’s stance on AI regulation is evolving, with recent indications of new legislation in the Labour Government’s King’s Speech. Plans include establishing a Regulatory Innovation Office to support existing regulators, potentially resulting in a simplified version of the EU AI Act.”
Armstrong adds, “The UK government is unlikely to wait for the EU’s enforcement of the Act. With knowledgeable personnel and a proactive approach to regulation, the UK may implement its AI regulations more swiftly.”