AI Act into force Today: Is Your Company Ready for Compliance?

The AI Act was published in the Official Gazette of the European Union and officially comes into force today. Is your company ready to comply with it?

The different provisions of the AI Act will become applicable during a specific timeline that you can find in our report available HERE. However, with the clock quickly running, no company can afford to adopt a technology which will have to be dismissed, renegotiated, and in any case changed in a few months.

Below is the methodology that we recommend following in the coming months to become compliant:

1. Map AI systems: Identify all AI systems your company currently uses or plans to use. The risk is that your business is already using artificial intelligence solutions without the company being aware and without considering the legal implications, for instance, due to local initiatives of departments or even individuals.
2. Create an AI governance framework: Establish internal rules for the use and approval of AI solutions. These rules should take into account the obligations arising from the AI Act, data protection regulations, intellectual property laws, ISO standards for areas that are not covered, and ethical rules in line with ESG principles. These rules should not just prohibit any sort of usage of AI solutions since otherwise, employees will try to bypass them. They should set the approval process so that employees are aware of how business needs have to be escalated.
3. Create material to ease the understanding of the AI governance framework internally and start training your employees: We normally accompany the policy with a leaflet that, in a short and easy-to-understand manner, also adopting legal design solutions, summarizes the most important contents of the governance framework. At the same time, we run training sessions for the different business units with a specific focus on the AI solutions impacting their activity. If your employees and officers do not understand what can and cannot be done with AI solutions, the business will remain at risk, and any effort will be meaningless.
4. Form an internal AI committee: Assign a team to evaluate AI solutions using a compliance-by-design approach. This team can include top managers, but it also needs operational members who will be involved in the assessment of the artificial intelligence solution, liaise with the different business units, and monitor the AI solution even after its implementation.
5. Select and prioritize AI solutions: Determine which AI solutions to invest in and establish their priority levels. This activity will need to make a prior high-level assessment of the compliance risks and implications of the solutions identified by the business. Then the AI committee will have to select the solutions on which the company wants to invest, also obtaining the approval of the relevant budget.
6. Test and evaluate AI solutions: Begin evaluating selected AI technologies. This activity has technical and compliance implications. To support businesses in this potentially time-consuming task, we have developed Prisca AI Compliance, a solution that allows convenient assessment of the compliance of artificial intelligence solutions across the AI Act, data protection laws, IP laws, and ISO standards, generating a detailed report that can be used for internal compliance as well as towards regulators and third parties challenging the conduct of the company. You can watch a video about this product HERE.

Do you want to know more about the above-mentioned methodology? Reach out to us to discuss. In the meantime, you can read HERE some material on the most relevant legal issues of AI compliance.

Below are the other articles of the week on the legal issues of the world of innovation from my DLA Piper's colleagues. Enjoy them!

Data Protection & Cybersecurity ?

Large language models (LLMs) Do NOT process personal data according to the Hamburg privacy authority

The Hamburg Data Protection Authority issued an insightful discussion paper addressing privacy risks and AI with a nuanced grasp of the technology. Read more

Google's Privacy Practices Face Scrutiny by Consumer Protection Authority in Italy

Google faces a consumer protection probe in Italy over privacy concerns; investigation scrutinizes data practices across its services. Read more

The GPEN published its 2024 Sweep report focusing on dark patterns

The Global Privacy Enforcement Network published its 2024 Sweep report focusing on "Deceptive Design Patterns", also known as "dark patterns," observed in websites and mobile applications. Read more

Intellectual Property

Tetris celebrates its 40th anniversary: a brand triumph in the European Union

The iconic game Tetris is celebrating a remarkable milestone: its 40th anniversary. Known for its catchy tune, Tetris has earned a unique place not only in the history of video games, but also in the field of intellectual property. Read more

UPC: first substantial judgments of the Düsseldorf and Paris local divisions

Just over a year after the UPC became operational, namely on 3 and 4 July, the Düsseldorf Local Division and the Paris Local Division issued their first substantial judgments in two proceedings on the merits. Read more

Technology Media and Telecommunication

AGCom initiates public consultation on regulatory measures concerning the assignment of radio frequencies for terrestrial broadband and ultra-broadband wireless electronic communications systems

?With Resolution 247/24/CONS dated June 26, 2024, published on July 2, 2024, AGCom has initiated a public consultation on future regulatory measures concerning the assignment of radio frequencies for terrestrial broadband and ultra-broadband wireless electronic communications systems whose rights of use will expire on December 31, 2029. Read more

Learn about Prisca AI Compliance, the legal tech tool developed by DLA Piper to assess the maturity of artificial intelligence systems against key regulations and technical standards here. And read our report on the most relevant provisions of the AI Act here.

You can learn more about “Transfer,” the legal tech tool developed by DLA Piper to support companies in evaluating data transfers out of the EEA (TIA) here, and check out a DLA Piper publication outlining Gambling regulation here, as well as a report analyzing key legal issues arising from the metaverse here, and a comparative guide to regulations on lootboxes here.