The Runaway Summer??

Summer is quickly zooming past and autumn is subtly, but evidently taking over the reins of the season. One might be excused, if they thought and felt like they had missed the summer…it certainly seemed to drive past at a 100 miles per hour!

Taking a pause and reflecting on events that have transpired, leading up to and over the summer period, can be a helpful strategy to reclaim one’s summer. Subjectively, hitting the pause button and reviewing our efforts here, is allaying the feeling that we have been robbed or cheated out of our 2024 summer!

What has transpired over the “illusive summer” period?

• The UK General elections happened.
• The EU AI Act entered into force.
• The Summer Olympics happened.

The list above will enthuse varied degrees of interest from various readers. The highlight for me was the Olympics.

We saw Olympians from diverse backgrounds engage in their specialist sport - Athletics, Artistic Swimming, gymnastics etc. Medals were won and awarded, while others gloried in the mere fact that they had participated in the Olympics. What culminated into an amazing Summer Olympics event, was premised on months of hard work - training, planning and preparation by all stakeholders, in the previous months and seasons. The Olympics were a highlight!

The EU AI Act 2024 In Force

The EU AI Act 2024 was and is a big thing! As a Data Protection practitioner and Information Privacy Manager, it is nigh impossible to ignore this summer’s landmark event. Admittedly, from an objective standpoint, this event pales in comparison to memories of the Olympics. However, this author is a data privacy and AI governance enthusiast, therefore we do have to highlight that the EU AI Act 2024 officially entered into force over the summer, on 1st August 2024 and this was a landmark summer event in the world of AI Governance enthusiasts, et al.

Love it or loathe it, we must delve into our summer landmark of particular interest - The EU AI Act 2024!

In my search for the latest information on the EU AI Act, I visited the European Commissioners page. Upon my arrival, I was met with, - among many others- the tag heading ‘Shaping Europe’s Digital Future.’

“Well…” I thought to myself, “…this is going to be handy for all those businesses undergoing some form of organisational digital upgrade in Europe and beyond! If the EU AI Act is busy shaping Europe’s future, surely this regulation has some impact on the UK and UK organisations that import such digital services and/or products from Europe?!”

So here we are – talking about the EU AI Act which came into force in the summer, and which [more than] potentially impacts us here in the UK.

What do we need to know?

There is a lot that we need to know and many privacy and AI governance professionals, will admit to this! Where does one even begin? As with all good beginnings, we start with the basics! ?

EU AI Act Basics

1. The EU AI Act has a long-winded official name[1]. Suffice to say, EU AI Act 2024 is good enough for us here.

2. The EU AI Act fundamentally, aims to foster ‘trustworthy AI’ in Europe and beyond.

3. The EU AI Act endeavours to regulate risks paused by the development and use of AI.

4. AI systems and models have been categorised using a risk-based approach. The EU AI Act therefore references Prohibited AI (in essence these should not be in existence or availed to society), High-Risk AI, Limited Risk and Minimal Risk AI, respectively.

5. The compliance time clock is ticking – The EU AI Act has stipulated some time frames within which, Providers and Deployers of various categorised risk AI systems and models, are required to be compliant.

How does all this affect those of us who are ‘BEYOND’ the EU?

The EU AI Act is a far-reaching regulation which aims to, ‘foster trustworthy AI in Europe and beyond, by ensuring that AI systems respect fundamental rights, safety, and ethical principles and by addressing risks of very powerful and impactful AI models.’

The far-reaching nature of the EU AI Act means businesses and organisations in the UK will potentially interact directly or indirectly with the EU AI Act either, as Deployers and/or Providers.

Suffice to say, as with all compliance matters in an organisation, responsible use and application of AI is a collective responsibility which concerns all staff more so, in an organisation that is digitised to any extent, or digitising.

The UK General Elections

The UK General elections also marked our summer events. The effect of interest, resulting from this ‘summer landmark’ was that some privacy related regulations which were still in the making, automatically fell through. The Artificial Intelligence [Regulation] Bill is an example of a regulation in the making, which fell through because it did not complete its legislative journey.

What we need to know

1. An International Treaty Addressing Artificial Intelligence Risks was signed by the UK on 5th September 2024.

2. This is a legally binding treaty aimed at governing the safe use of AI.

3. Safe use of AI under the treaty is focused on protection of Human Rights [Right to Privacy included], Democracy, and The Rule of Law.

Looking ahead

As we approach autumn, like a good Olympian, we continue to build on our efforts to develop, grow and mature a privacy-oriented culture within our own context. We reflect on our “medals” won, including facilitating the identification and training of Privacy Champions, the progression of accountability tools as well as oversight of Privacy-Champion-led processes. Another medal we can add to our accolades is providing bespoke training across organisational departments. Just as an Olympian is never satisfied with just one medal, we are already aiming for ‘more’ medals.

Autumn…here we come!

?

[1] Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act).