Deciphering the EU AI Act: Part II Impact on Your Organization

Author: Elija Leib, Federica Pizzuti, Oliver Deiters

Mar 01, 2024
After analyzing the main content of the EU AI Act , this article will provide in-depth insights into potential implications on affected organizations.

Who is affected?

  • Providers placing AI systems on the EU market
  • Deployers of AI systems within the EU
  • Providers and deployers if the output of the system is used in the EU
  • Importers and distributors of AI systems
  • Manufacturers placing an AI system on the EU market within their product

What are the obligations?

Minimal risk: For AI systems falling under this category the establishment of voluntary codes of conduct is encouraged.
Limited risk: AI systems used in limited risk contexts are subject to several transparency obligations. This means e.g. that pictures created by AI must be watermarked as AI-generated.
High risk providers must fulfill a range of obligations including
  • the establishment of a risk and a quality management system,
  • compliance with data governance, record keeping and technical documentation requirements,
  • implementing measures to allow for human oversight
  • and AI system design that allows for certain levels of accuracy, robustness and cybersecurity.

General Purpose AI

General purpose AI (GPAI) “means an AI model, including when trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable to competently perform a wide range of distinct tasks regardless of the way the model is placed on the market and that can be integrated into a variety of downstream systems or applications.”
These models must fulfill additional requirements on technical documentation, information on training data and compliance with copyright legislation. GPAI models with systemic risk are very powerful GPAI systems. These systems must perform model evaluations and adversarial testing, ensure a certain level of cybersecurity, track incidents and mitigate systemic risks. Compliance with these requirements can be achieved through codes of practice developed by the industry with participation of national governments.
As the EU AI Regulation unfolds, it's imperative for your organization to assess its role, risk level, and compliance obligations. Are you ready to navigate the nuances of this transformative regulatory landscape?
Get ready for our upcoming article, where we will give you a deep dive to become ready for the application. Get ready for a suspenseful unveiling of the next chapter in the world of AI compliance!