As businesses across the globe brace for the European Union’s newly adopted Artificial Intelligence (AI) Act, the ramifications are becoming more apparent. The AI Act will create opportunities and challenges, particularly for companies that rely heavily on AI technology. The regulation classifies AI systems based on the level of risk and will mandate new standards for developers and deployers, pushing businesses to reevaluate their strategies in a bid to comply with this EU legislation that will open doors to the EU market.
The EU’s AI Act establishes a comprehensive framework aimed at ensuring the safe and transparent development of AI technologies. The Act divides AI systems into four risk categories: unacceptable, high, limited, and minimal risks. High-risk AI systems that significantly impact people’s safety or fundamental rights — such as those used in healthcare, transportation, law enforcement, and employment — are subjected to the most stringent rules. The objective is to mitigate risks related to health, safety, and fundamental rights.
This regulation extends beyond the EU’s borders, applying to any company whose AI systems impact EU consumers or citizens. Businesses from the US to Asia must now consider how to adapt their operations to meet the Act’s requirements, even if they don’t directly operate within the EU.
For companies globally, the biggest hurdle introduced by the AI Act is the cost of compliance. High-risk AI systems must undergo rigorous testing, documentation, and oversight. This can be an expensive and time-consuming process, especially for small and medium-sized enterprises (SMEs) that may not have the resources to dedicate to compliance.
Companies must now invest in new infrastructure for risk management, maintain detailed records of how AI systems function, and ensure that AI outputs are transparent and traceable.
Non-compliance carries heavy penalties, with fines reaching up to 6% of a company’s global annual turnover. This creates a strong financial incentive for companies to adhere to the Act’s strict guidelines, but the financial burden of compliance itself is daunting for many businesses. Furthermore, companies must prepare to continuously monitor their AI systems, ensuring they meet EU standards at all stages of their lifecycle.
Despite the challenges, the AI Act also offers opportunities for innovation and strategic advantage for businesses that embrace the new regulations. Companies prioritising ethical AI development and transparency will be well-positioned to thrive in the EU market, where consumers and regulators increasingly demand accountability from AI providers. The new standards encourage responsible AI innovation, promoting safer, more transparent technologies that could lead to stronger consumer trust.
The Act also provides clarity for businesses looking to innovate in AI. By outlining clear boundaries on acceptable and high-risk AI practices, the regulation creates a more predictable environment for companies, encouraging investment in areas where compliance is straightforward. Early adopters of the regulation are likely to gain a competitive edge by becoming trusted leaders in the field of ethical AI.
One of the key features of the AI Act is the distinct set of obligations placed on developers (AI system providers) and deployers (users of AI systems). Both roles are critical in ensuring compliance with the new standards, and each faces unique challenges under the Act.
Developers’ Obligations
To comply, AI developers of high-risk AI systems are responsible for the technical integrity of their systems. They must ensure that their AI systems undergo rigorous risk management assessments, continuously evaluating potential risks to user safety or fundamental rights.
Developers are required to maintain comprehensive technical documentation, which must include detailed information on how the AI system functions, the data it uses, and the risk mitigation measures in place.
Additionally, they must ensure that AI systems have mechanisms for traceability and logging, allowing businesses and regulators to track any issues that arise during operation. The Act also prohibits the use of biased or discriminatory data, requiring developers to employ high-quality datasets for training and testing AI models. AI systems classified as high-risk cannot be deployed without undergoing a conformity assessment, which certifies that the system meets all of the EU’s regulatory requirements.
For complaint usage, deployers — in this case, businesses that utilise AI systems — carry a different set of responsibilities. They are required to conduct a Fundamental Rights Impact Assessment (FRIA) before deploying high-risk AI systems. This assessment evaluates the system’s potential impact on privacy, non-discrimination, and security.
Deployers must also ensure human oversight of AI systems, particularly those categorised as high-risk. This oversight is critical for preventing harm and ensuring that the AI operates ethically.
Deployers are responsible for incident reporting, meaning they must report any system malfunctions or safety risks to both the developer and the relevant authorities. These requirements ensure that companies using AI technology are held accountable for their operations.
That said, businesses must adopt a strategic approach to integrating AI technologies. The first step for companies is to map out their AI systems, identifying which systems fall under the high-risk category and ensuring that they comply with the EU’s requirements.
Many businesses may need to create new internal governance structures, such as AI ethics committees, to oversee compliance efforts and guide decision-making. These committees can help ensure that AI systems are designed and deployed in line with both ethical standards and regulatory requirements. Additionally, businesses will need to engage in continuous monitoring of their AI systems, regularly updating their compliance protocols as the EU AI Act evolves and enforcement tightens.
Another key aspect of adapting to the new regulations is fostering collaboration between developers and deployers. This collaboration ensures that deployers have the technical knowledge needed to comply with the AI Act’s requirements and can implement the necessary safeguards. Businesses may also need to invest in employee training to ensure that their staff are equipped to monitor AI systems and address any potential compliance issues.
Global Impacts
The AI Act’s influence is expected to extend far beyond Europe. Many countries are exploring if they should adopt similar regulatory frameworks, and businesses that align with the EU’s rules now will be better positioned to comply with future regulations in other markets. The AI Act could serve as a global model for AI governance, much like the General Data Protection Regulation (GDPR) did for data privacy.
The EU AI Act marks a turning point in the global regulatory landscape for AI. While the compliance challenges are significant, businesses that strategically adapt to the new environment stand to gain a competitive edge. By prioritising transparency, risk management, and ethical AI practices, companies can not only comply with the law but also foster innovation and consumer trust in an increasingly regulated digital economy.
The AI Act represents both a challenge and an opportunity for businesses willing to lead in the responsible use of AI technology.
Writer : Saliltorn Thongmeensuk, PhD, is a research fellow at the Thailand Development Research Institute
First Publish : Bangkok Post 11 Sep 2024