CISO Results

Understanding and Navigating The Artificial Intelligence Act – Regulation (EU) 2024/1689

The Artificial Intelligence Act - Regulation (EU) 2024/1689

The Artificial Intelligence Act – Regulation (EU) 2024/1689

Definition

The Artificial Intelligence Act, or Regulation (EU) 2024/1689, is a comprehensive EU regulation that sets harmonized rules for the development, placement on the market, and use of artificial intelligence (AI) systems. This act ensures that AI systems are developed and used in a way that protects health, safety, and fundamental rights, while promoting innovation and trustworthiness.

History

Development and Publication

The Artificial Intelligence Act was published in the Official Journal of the European Union on July 12, 2024, marking the culmination of a multi-year process that began with a proposal from the European Commission in April 2021.
– The European Parliament and the Council of the European Union voted on the act in March and May 2024, respectively, leading to its formal adoption.

Entry into Force

The AI Act entered into force on August 1, 2024, although its provisions will become applicable gradually over the next two years. Key milestones include:
– February 2, 2025: Chapters I and II, covering general provisions and prohibited AI practices, will apply.
– August 2, 2026: The majority of the act’s provisions, including those for high-risk AI systems, will become applicable.

Examples

Prohibited AI Practices

The AI Act bans certain AI applications that threaten citizens’ rights, such as:
– Biometric categorization systems based on sensitive characteristics.
– Emotion recognition in the workplace and schools.
– Social scoring and predictive policing based solely on profiling.

Impact on Businesses

  1. Compliance Costs: Companies must invest in compliance measures, such as establishing risk and quality management systems, diligent data governance, and transparency obligations. Non-compliance can result in significant fines, up to €35 million or 7% of global annual turnover
  2. Market Access: The act affects not only EU-based companies but also those operating globally. Organizations outside the EU may need to comply if they offer AI services or products within the EU, potentially impacting their market access and revenue.
  3. Reputation and Trust: Businesses that fail to comply with the AI Act risk damaging their reputation and losing customer trust. Ensuring transparency and adherence to the act’s requirements is crucial for maintaining a positive public image.

Insight

Mitigating Risks

To mitigate the risks associated with the AI Act, executives should consider the following strategies:

  1. Risk Assessment and Classification:
    • Identify and classify AI systems according to their risk level (minimal, limited, or high risk).
    • Ensure that high-risk AI systems comply with stringent requirements, including comprehensive documentation and impact assessments.
  2. Transparency and Documentation:
    • Implement transparent practices in AI system development and deployment.
    • Maintain detailed technical documentation and record-keeping to demonstrate compliance.
  3. Staff Training and AI Literacy:
    • Ensure that staff have a sufficient level of AI literacy to understand and implement the act’s requirements.
    • Provide ongoing training to keep staff updated on the evolving regulatory landscape.
  4. Governance and Compliance Frameworks:
    • Establish robust governance structures and compliance frameworks to oversee AI system development and use.
    • Engage with regulatory bodies and industry standards to stay informed about best practices and updates to the regulation.

Call to Action

To navigate the complexities of the Artificial Intelligence Act and ensure your organization is fully compliant, consider engaging with experts in cybersecurity and IT security consulting.

  • Fractional CISO Services: Our Fractional CISO services provide strategic cybersecurity leadership tailored to your organization’s needs.
  • Security Assessments: Conduct thorough security assessments to identify and mitigate risks associated with AI systems.
  • Strategic IT Security Consulting: Receive guidance on implementing compliance measures and best practices for AI system development and deployment.

To learn more about our services and how we can help your organization comply with the AI Act, contact us for a free consultation.