+44 (0) 121 582 0192 [email protected]


As an Owner and CEO of Formiti Data International Ltd, I am well aware of the challenges and opportunities that arise in the field of artificial intelligence (AI), especially with the European Union’s AI Law of 2023, which regulates and guides this rapidly evolving domain. In this article, we will delve into the intricate web of obligations that AI system owners and publishers face, with a focus on data privacy laws and the provisions of the EU AI Law 2023.


The EU AI Law 2023: A Paradigm Shift

The EU AI Law 2023 is a groundbreaking piece of legislation tailored to address the unique challenges posed by AI technologies. It categorises AI systems based on their risk levels, imposing stricter requirements on high-risk AI. This classification has profound implications for AI product owners and publishers, necessitating a thorough understanding of where their products fall within this spectrum.


Data Privacy: At the Heart of Compliance

Data privacy forms the cornerstone of the EU AI Law. AI product owners must ensure that their systems are designed and operated in a way that respects the privacy rights of individuals. This includes implementing robust data protection measures, ensuring data minimisation, and maintaining transparency in data processing activities.


Key Obligations Under the EU AI Law

  1. Risk Assessment and Management: AI product owners are required to conduct comprehensive risk assessments to identify and mitigate potential harms. This involves scrutinising the algorithms, data sources, and operational contexts of AI systems./global-data-privacy-assessment/
  2. Transparency and Information Duties: There is an onus on publishers to disclose the capabilities, limitations, and intended use of AI systems. This transparency is crucial for building trust and ensuring informed user consent.
  3. Quality and Data Governance: AI systems must be fed with high-quality, non-biased data. Product owners are responsible for establishing rigorous data governance frameworks to uphold data integrity and fairness.
  4. Continuous Monitoring and Reporting: Post-deployment monitoring is mandatory to track the performance and societal impact of AI systems. Publishers must report any significant incidents or changes in the AI system’s operation to relevant authorities.


Strategies for Compliance

  1. Embedding Privacy by Design: Integrating data privacy considerations at every stage of AI development is essential. This approach ensures compliance is not an afterthought but a foundational element.
  2. Investing in AI Ethics: Establishing an AI ethics board / Officer can guide decision-making and foster a culture of ethical AI use within organisations.
  3. Regular Training and Awareness: Educating staff about the nuances of the EU AI Law and data privacy principles is critical for ensuring ongoing compliance.
  4. Partnering with Data Privacy Experts: Collaborating with data privacy consultants can provide invaluable insights and strategies for navigating complex regulatory landscapes.


The Road Ahead

The EU AI Law 2023 represents a significant step towards responsible AI governance. For AI product owners and publishers, this new regulatory environment offers both challenges and opportunities. By embracing these obligations and integrating them into their operational ethos, they can not only ensure compliance but also build trust and credibility in the market.



As AI continues to reshape our world, legislation like the EU AI Law 2023 plays a pivotal role in balancing innovation with ethical considerations. For AI product owners and publishers, understanding and adhering to these new rules is not just a legal necessity but a moral imperative.