EU agrees on new AI act - there is no turning back now

Stricter obligations on “General Purpose AI” that includes tools such as ChatGPT to be imposed shortly

A milestone has been reached. Yesterday, European Parliament members agreed on the AI Act and will vote on it in about 6 weeks, with only small changes expected. Next, they will discuss minor adjustments in the "trilogue" stage. This groundbreaking piece of legislation should be in effect around the turn of the year, and fully applied in about 2.5 years from now. 

What happens if you don't comply? 

The penalties under the new AI act are likely to exceed those under the GDPR, with a devastating maximum fine of 6% of annual global turnover - or €30 million for the worst breaches. For a major tech company like Microsoft, which funds ChatGPT creator OpenAI, the bill for a fine would be over €9 billion if found to have broken the rules. What's more, it's likely that your customers will want to know that you're compliant, and for those who start in good time, providing AI compliant solutions is likely to be a big advantage over competitors who wait until the last minute. 

Where to start? 

  • Stay tuned

This is an unprecedented piece of legislation, and there will be a sense of urgency and flurry of actions to be taken as soon as it comes into force. It is therefore important to keep updated on the real impact on your business and start taking action in good time. It cannot be emphasised enough that any business with the slightest ambition to use AI will be affected and must take action. 

  • Risk-based approach

Under the AI Act, AI systems will be categorised according to their level of risk, with categories of unacceptable, high and limited risk. Unacceptable risks refer to AI systems that pose a significant threat to the safety and fundamental rights of individuals, while high risk systems have the potential to cause significant harm if they fail or malfunction. Limited risk systems have a low potential for harm or negative impact. Prohibited uses of AI systems include engaging in illegal activities, discriminating against individuals or groups based on personal characteristics, and manipulating human behaviour in a harmful or deceptive manner. The AI Act also imposes additional obligations on high-risk AI systems, including mandatory testing, human oversight and transparency requirements.

  • Evaluate your use of AI systems and set rules

Evaluate your existing and planned AI systems to make a rough assessment of their risk category (minimal, limited or high risk). This assessment will help you understand the specific rules and requirements that may apply to your AI applications. It will also help you establish rules for the use of AI systems in your organisation and gain control over which systems are used. Controlling the systems will be a prerequisite for managing them, and you certainly want to avoid the development of a shadow AI organisation that is deployed without your knowledge. As there's still a lot that's unknown about the new systems, it's a good idea to keep the use of sensitive corporate and personal data to a minimum in any AI tool your company uses. 

How can Pocketlaw help? 

Pocketlaw will be keeping a close eye on the upcoming process and will keep our customers updated on the latest news and information around the exciting AI Act. Although the final legislation is not yet in place, we will be providing more guidance on how to comply with the proposed AI act in the coming weeks. Click here to stay tuned.

Sign up today to make sure you remain compliant!

Executive summary:

The European Parliament has agreed on a new set of rules called the AI Act, which affects how businesses may use AI, like ChatGPT. These rules will be voted on soon and become effective around the turn of the year, with full application in about 2.5 years.

If companies don't follow the AI Act, they could face huge fines, even larger than those under the current GDPR rules, up to 6 per cent of annual global turnover or €30 million. To stay competitive and keep customers happy, businesses should start preparing now and make sure they're using AI in a way that follows the new rules.

To help businesses follow the AI Act, Pocketlaw will keep an eye on the latest news and updates. They'll also guide customers on how to become compliant with the new rules once they're in place. We will publish more guidance soon. Click here to stay updated. 

Book a personalized demo

Enterprise ready.

ISO 27001 certified and GDPR compliant. Data encrypted at rest with AES 256 and in transit with TLS 1.2+.

For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.