AI (Artificial Intelligence) is becoming a big part of how businesses operate. But with this technology comes new rules that companies must follow. The EU AI Act, effective since August 1st 2024, is one of these important new rules. If your company uses or develops AI, it’s important to know what this means for you.

What is the EU AI Act?

It is a law designed to make sure that AI systems used in Europe are safe, fair, and respect people’s rights. Whether your company makes AI systems or just uses them, you need to be aware of this law and comply with several legal obligations (e.g. training of staff, documentation of AI-systems, or in some cases even a fundamental rights impact assessment).

Does This Affect Your Company?

Most probably, yes, it does. The EU AI Act doesn’t only apply to companies that create AI. If your company uses AI in any way, you must follow this law.  It’s worth noting that even if you’re not using the best-known AI services – like Copilot or ChatGPT –  there’s a good chance your company is using AI through the many tools and services currently in the market. For example, CRM platforms that predict buying behavior, HR tools with embedded AI for screening resumes, AI-driven algorithms that help detect financial fraud, and more.

Non-compliance with the obligations from the AI act, may result in considerably high fines —up to €35 million or 7% of your company’s annual global income, whichever is higher.

Different rules for different use cases

Depending on what kind of AI-solution your company uses, whether AI is being developed, used, tailored or sold, different obligations from the EU AI Act apply.  Before getting started it is important to take one step back, take a deep breath, and take a calm and structured approach. Be aware: The EU AI Act is new to everybody, including the authorities. The regulations and provisions will be filled with life within the next few months and years, just as it was the case with regard to the GDPR.

So, what needs to be done, now?

As a first step we recommend an initial assessment to take inventory what AI systems your company is using. You should identify and document these systems to make sure they follow the EU AI Act and other important laws like the GDPR and the Data Act. This step will also help you identify the high-risk AI systems, making compliance easier.

Once you know who works with what kind of AI-solutions, you can figure out your specific obligations under the EU AI Act. This includes understanding the risks associated with your AI systems and what role your company plays in using or developing them.

Next Steps

After you’ve documented your AI systems and understood your obligations, you can start meeting these requirements. This might mean adding new safety features, regularly checking for risks, or making sure your AI decisions are transparent and fair.

As part of the DSN GROUP, we have over 20 years of experience helping businesses navigate complex regulations like the EU AI Act. We can help you start with an initial assessment of your AI systems and guide you through the steps to ensure compliance.

Contact us at office@first-privacy.com to learn how we can help your company stay compliant and stay ahead of the regulations.