The EU Artificial Intelligence (AI) Act, a landmark regulation on AI technologies, was formally signed on 13 June 2024 and successfully entered into force on 1 August 2024.
This Act is set to transform how AI systems are developed, deployed and managed across the European Union. Organisations must therefore understand their obligations under the new legislation.
The EU AI Act applies to all providers, deployers, importers and distributors of AI systems impacting EU users. Initially proposed in 2021, the Act has undergone significant changes following negotiations. The AI Act adopts a risk-based approach, assigning AI applications to four risk categories based on the potential threat they pose: unacceptable risk, high-risk, limited risk and minimal risk applications.
The EU AI Act is expected to become a global standard for AI regulation. It aims to establish a unified framework that incorporates the concepts of risk acceptability and trustworthiness of AI systems as perceived by their users. By addressing these aspects within a single framework, the Act aims to provide a comprehensive approach to AI regulation that can be adopted and implemented internationally.
The EU AI Act will have extraterritorial reach across all sectors. Other jurisdictions should be aware that they may still be subject to the Act if:
The EU AI Act's implementation will be phased:
Law firms should take several key steps to ensure compliance with the EU Artificial Intelligence Act. They should catalog all AI systems used within the firm, including those from third parties, and classify each system according to the Act’s risk categories: unacceptable, high, limited, or minimal risk. This classification will guide the level of regulatory oversight required.
Establishing effective governance structures is crucial. Consider setting up an AI compliance team or appointing a Chief AI Officer to oversee compliance. Develop and document comprehensive strategies for monitoring and managing compliance and ensure all required documentation is prepared and maintained.
Training staff on the new regulations is essential. They should understand the risk categorisation, compliance measures and procedures for reporting non-compliance. Review and update internal policies and procedures to align with the Act’s requirements and establish a process for ongoing review and adaptation.
Engage with legal and AI experts to gain insights and stay informed about any updates to the Act. Communicate with clients about how the new regulations might impact them and their AI-related projects to maintain trust and ensure mutual compliance.
By taking these steps, law firms can navigate the transition to compliance with the EU AI Act effectively.
At Belgravia Law, we will continue to closely monitor how these regulations will impact the operation of law firms and will provide updates as the landscape evolves.
