The EU’s much-anticipated AI Act has finally reached the statute book, with the legislation due to formally enter into force in early August.
The arrival of the legislation represents a genuinely momentous shift in the focus of regulation of AI and its associated technologies, stepping away from the line of thinking that AI is just another category of software which should be subject to the same laws, standards and regulation as other, similar technologies. Its risk-based approach, categorising AI systems from “unacceptable” through to “minimal risk”, is the first serious, detailed attempt to address the broad risks and issues that AI is seen to pose, and to set out robust processes to ensure continuous monitoring and human oversight of systems that could, unchecked, result (in some cases) in ultimate harm to end users.
Businesses should be taking steps now to ensure compliance with the requirements of the Act, which comes into force on a phased basis over the next 36 months, and we will be working with our clients to help them put in place the legal and organisational measures necessary to ensure they are ready.
In taking those compliance steps, however, it is worth stepping back to consider some of the broader legislative, political and regulatory issues that will influence how the Act will be implemented. That includes:
- recognition that it reaches the statute book, in effect, incomplete – there remains a broad range of guidance, codes of practice and supplementary standards still to be defined
- the question of whether member states can reach a consensus on the critical question of how the interaction of AI systems and existing IP rights will be managed
- whether legislative initiatives started during the last term of the European Parliament (particularly its draft AI Liability Directive) will be picked up again to attempt to define clear and consistent rules around liability for AI systems when they fail – not an easy task given the complex supply chains that often sit behind AI products
- how quickly the Commission and individual member states will form the regulatory bodies that will ultimately oversee enforcement of the Act – and whether concerted enforcement efforts will effectively be suspended until they do. The Commission is currently on a recruitment drive for its central AI Office, but it is unclear how quickly they can fill those roles with appropriately expert personnel
- how the Act will correlate to the numerous legislative and other initiatives beginning to emerge from outside the EU – possibly including the UK in the new Labour administration’s first King’s Speech
- whether the change in the political make-up of the new European Parliament, combined with lobbying efforts from the global technology sector, may still influence how the detail behind the act and its enforcement will ultimately be implemented.
We’ll be watching all of these issues closely, to help our clients navigate the requirements of the legislation and the necessary governance that will sit around it as it comes into force, but one thing’s for sure – the arrival of the legislation only represents a starting point, and there remains plenty still to be settled for those deploying and procuring AI in the months ahead.
Disclaimer
This information is for general information purposes only and does not constitute legal advice. It is recommended that specific professional advice is sought before acting on any of the information given. Please contact us for specific advice on your circumstances. © Shoosmiths LLP 2024.