Who does this EU AI Act affect?

The EU AI Act will apply to companies inside and outside the EU. If your AI systems have any connection with the EU, you may fall under its scope.

In general, the EU AI Act will cover:

• AI providers: These are companies which develop and sell AI systems to the EU, and provide access within the EU.
• AI Importers and distributors: Companies which import and distribute AI systems into the market in the EU.
• Deployers (also called business users): These are companies based inside the EU, which employ AI systems within their business operations, such as hiring, lending, and filtering customers.
• Non-EU companies: if you are operating in the United States, the AI Act can still apply if your AI system’s results affect people or decisions in the EU.

To sum up, the clear message to businesses operating in the U.S. is that if you are selling AI to EU customers, using AI, and/or producing output to be used within the EU, the AI Act is applicable to you.

What are the New Requirement under the EU AI Act?

The AI Act is not a to-do list that applies equally to everyone. In fact, there are different obligations depending on the company’s role in the AI supply chain (whether the company is provider, deployer or importer/distributor).

The AI Providers are faced with the most rigid requirements.

These are:

• a risk management system and on-going risk controls;
• data governance initiatives to deal with data quality;
• detailed technical documentation and record-keeping;
• a proper human oversight safeguards built into the system’s design;
• cybersecurity, accuracy, and robustness standards;
• post-market surveillance and corrective measures when identified problems occur.

The AI Deployers have more operational duties.

They must:

• utilize the system as indicated by the service provider;
• ensure effective human supervision by trained personnel; and
• control and manage the system by using internal rules and processes.

What does the AI Act Mean for U.S. Law Firms?

The EU AI Act will present a challenge to U.S. law firms providing services to global clients to comply with this new legislation. Since it also involves product liability, commercial contracting, cybersecurity, data governance, employment, consumer, and IP, the affected firms will require a team of professionals to advise their clients on managing their entire AI chain.

The companies relying on, or offering, AI-enabled tools for research, review, and analysis must re-evaluate themselves in the light of this new legislation. They could fall under the definition of ‘providers’ if they are putting their AI-based systems into the EU market, or if the tools developed by them are used inside the EU.

The new AI Act compels US law firms to integrate AI governance into the scope of their usual compliance practice and regulate the use of AI systems.

Bottom Line

The EU AI Act has a global reach. It sends a worldwide compliance signal, influencing large companies’ development in the future. For U.S. firms with any EU exposure, the AI governance should be treated as a standard regulatory function: it should be organized, documented, and embedded into both product development and overall risk management.

As the legal requirements become increasingly complex, expert guidance becomes a necessity. If your organization needs support adapting to the EU AI Act while keeping innovation strong, the KPC Marketing team is here to help.

Get in touch with us today for a free consultation and explore our services at www.kpcmarketing.com