Introduction
The evolving framework of Artificial Intelligence (AI) regulation within the European Union is crystallizing with the advent of the new EU AI Draft Act. This pioneering legislation seeks to mitigate risks and capitalize on the advantages of AI technologies, focusing on the safety, transparency, and accountability of AI systems, especially those deemed high-risk. As the Owner and CEO of Formiti Data International Ltd, I recognize the importance of this progression and its impact on data privacy and compliance experts.
Obligations Linked to High-Risk AI Systems
The EU AI Draft Act classifies certain AI systems as high-risk regarding data privacy due to their potential effects on fundamental rights and safety. Such systems are subjected to strict regulatory requirements involving multiple stakeholders.
a. Providers’ Obligations
Providers of high-risk AI systems shoulder significant responsibilities. They are obliged to create a thorough risk management system that ensures the AI system’s design and development reduce risks. This process includes utilizing high-quality data sets, keeping detailed technical documentation, and enforcing a strong quality management system. Transparency is crucial, necessitating providers to supply clear documentation and instructions that allow users to comprehend and manage the AI system’s outputs. Human oversight is compulsory to address risks to health, safety, and fundamental rights. Moreover, providers must guarantee the AI system’s robustness, accuracy, and cybersecurity in compliance with AI regulations. For those providers located outside the EU, designating an authorized representative within the EU is essential.
b. Users’ Responsibilities
Users of high-risk AI systems must adhere to the provider’s instructions, actively monitor the system for anomalies, and maintain input data records. This proactive engagement ensures the systems are used responsibly and within regulatory boundaries to achieve compliance with AI regulation laws.
c. Importers’ and Distributors’ Role
Importers are required to confirm that high-risk AI systems have passed the necessary conformity assessments and have the proper documentation prior to market placement. Similarly, distributors must ensure that these systems bear the mandatory CE marking and come with the requisite documentation and instructions.
d. Expanded Definition of ‘Provider’
Users, importers, distributors, or third parties can be classified as ‘Providers’ under the Draft Act in specific scenarios. This occurs if they place the AI system on the market under their brand, modify its intended purpose, or make substantial modifications. In such cases, the original provider’s obligations transfer to them.
Conformity and Registration Process
The Draft Act mandates a conformity assessment for high-risk AI systems, with some requiring third-party assessment. Providers must issue an EU declaration of conformity and update it as necessary. The AI system must be registered in the EU database before market placement or service initiation.
Post-market Monitoring and Reporting
A key element of the Draft Act is the ongoing post-market surveillance to gather and analyze performance data. Providers are required to report any serious incidents, malfunctions, or failures to meet obligations to the relevant national authorities.
Penalties for Non-compliance
The Draft Act stipulates substantial fines for non-compliance, including penalties for placing a blacklisted AI system on the market, failing in cooperation duties, or providing misleading information. These fines can reach up to EUR 30 million or 6% of the worldwide annual turnover, underscoring the seriousness with which the EU views AI system regulation.
Conclusion
The EU AI Draft Act represents a significant step towards regulating AI technologies, focusing on high-risk systems. For data privacy professionals, understanding these regulations is crucial. The Act reinforces the need for robust data governance, risk management, and compliance strategies. As we help clients navigate these complexities, it’s vital to stay abreast of these developments, ensuring that AI systems are innovative but also safe, transparent, and accountable. The Act is a clear signal that the era of unregulated AI is ending, ushering in a new age of responsible and ethical AI use.
The Formiti AI Assessment is an excellent tool to help your AI project achieve and maintain EU compliance with the AI Act and guard your organisation against the large fines of ranging from 35 million euro or 7% of global turnover to 7.5 million or 1.5 % of turnover, depending on the infringement and size of the company.
Keep an eye out for our upcoming series of articles on this draft legislation, where we’ll dissect it into digestible sections, aiding your readiness for AI compliance.