The EU AI Act Has Passed. How Can Firms Ensure Compliance?

The EU AI Act Has Passed. How Can Firms Ensure Compliance?

Right now, the world has its first-ever legal framework for AI after EU lawmakers voted to adopt the AI Act .?

Once formally signed by member states, firms have six months to remove prohibited use cases of AI, 12 months to meet rules around general purpose AI, and two years to become fully compliant with the legislation.

The So What

“AI standards and certifications provide a common view of ‘what good looks like’ with respect to a framework, law, policy, or guideline,” explains Steve Mills , global chief AI ethics officer at BCG , who has co-authored a new article on this topic for the Responsible Artificial Intelligence Institute .? ?

“Such standards will now come to the fore as a mechanism for global business leaders to demonstrate compliance to customers, partners, regulators, and other stakeholders.”??

The EU AI Act is the latest indicator that businesses need to double down on AI standards.?

AI standards are developed collaboratively by recognized experts in the field:??

  • Provide authoritative guidance to business leaders to show that the AI governance they put in place aligns with best practice. They are often certifiable and auditable.?
  • Give policymakers and regulators a means to evaluate regulatory compliance.??
  • Can apply at the organizational or system level.?

As well as helping firms comply with new laws, standards also allow firms to participate in governance discussions.? ?

“By contributing to AI standards development, business leaders can help shape the AI governance landscape with lessons from their organizations, while gaining early insight into emerging best practices and challenges,” Mills says. ??

“Though standardization has a reputation for being technical and guided by large organizations, standards development organizations are making significant efforts to involve smaller organizations.” ??

Standards have previously offered guidance for firms seeking to comply with the EU’s GDPR rules on privacy and security, for example.

The Idea in Action ??

Here are two examples of standards created by the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC): ? ?

  • ISO/IEC 42001: This standard provides guidance on establishing, implementing, maintaining, and continually improving a management system for AI. For example, the standard on information security management systems helps organizations adopt a holistic approach to manage existing and emerging information security risks.?
  • ISO/IEC 23894: This standard provides guidance on AI risk management across an organization and provides detailed guidance on how to design and administer AI product-level risk assessments.? ?

There are two European Standardization committees which may adopt the above standards—or create new ones—in order to clarify the requirements contained within the EU AI Act. This includes data quality and governance, technical documentation, human oversight, or transparency and provision of information to users. ?

Now What

Business leaders can take these steps to get started with AI standards:??

Set objectives for using AI standards. Three common purposes are aligning an organization’s AI governance with global best practices, improving and demonstrating regulatory compliance, and shaping the AI governance landscape.?

Select AI standards. Focus first on well-known AI standards, such as ISO/IEC 42001 and ISO/IEC 23894. These standards will have more robust supporting communities and their terms and concepts may be incorporated by suppliers, customers, end users, and government organizations. In many cases, these are also certifiable and auditable.??

Create an inventory of the standards being used and identify areas of expertise. Identify which functions in your organization are using standards already. For example, your cybersecurity, data protection, or risk functions may already be using standards. These functions can serve as sources of expertise and are valuable sources of information on how to best adopt and conform to new standards.???

Conduct a gap analysis to identify the next steps. Map the selected AI standards to your organization’s existing AI strategy, governance, and processes in order to identify gaps. Determine the importance and estimated cost for each gap. Prioritize the gaps to address based on your organization’s objectives. Create a roadmap to help the organization move from current state to compliant and auditable.

Engage in standards processes. Contribute to the development of AI standards through national committees or directly with standards organizations to share lessons from your organization, shape the AI governance landscape, and stay on top of emerging best practices.??

For Further Reading

A Guide to AI Governance for Business Leaders?

Finding Your Way Through AI’s Regulatory Jungle?

BCG’s approach to Responsible AI

Harshad Dhuru

CXO Relationship Manager

7 个月

thank you so much for sharing. it's Very Excellent and Visionary. The EU AI Act is the European Union's flagship law to regulate how AI systems should be designed and used within the EU.

回复
Shaher Al Hroub

"Strategy & Perfomance | Business Transformation | HRM | Business Research | AI Regulation"

7 个月

The EU AI Act represents a significant step towards responsible and regulated use of AI technologies. Compliance should not be seen merely as a legal obligation but as an opportunity to lead in the establishment of ethical AI practices. Firms that proactively adopt and contribute to AI standards will not only navigate the regulatory landscape more effectively but also establish themselves as trustworthy and forward-thinking in the eyes of stakeholders and the broader community.

回复

The passage of the EU AI Act marks a pivotal moment in the regulation of artificial intelligence. It's imperative for global businesses to swiftly implement these new rules within tight timeframes. Utilizing AI standards, as recommended by Steve Mills, is a practical step towards demonstrating compliance. This aligns with the broader industry trend of prioritizing ethical AI practices. Exciting times ahead for AI governance and compliance!

回复
Rajiv Jain

Head of Delivery | Program Director | Transformation | Data and Analytics | Automation | Risk Management | Change Maker | MBA

8 个月

Great to see this legislation move forward in EU… what are your thoughts Saurabh and Paul?

回复

要查看或添加评论,请登录

社区洞察

其他会员也浏览了