The EU AI Act comprehensively regulates the use of artificial intelligence (AI) in Europe for the first time. This creates new obligations and areas of responsibility for companies. Management, in particular, is required to consider the legal requirements for the legally compliant use of AI systems in good time and integrate them into everyday business.
The most important AI-relevant regulations at a glance
The European Union’s objective with the AI Act is to promote innovation, trust and security in the use of artificial intelligence. In addition to this new regulation, others of relevance for companies include the Cyber Resilience Act (CRA), the General Data Protection Regulation (GDPR), the updated NIS2 Directive and the planned Product Liability Directive. All of these address different aspects of the use of AI solutions.
EU AI Act
The EU has reached a milestone with this AI Act by defining uniform standards for the development, introduction and monitoring of AI applications. The regulations differentiate between different risk levels – from “prohibited” to “minimal” risks – and require detailed documentation for high-risk applications as a basis for transparency.
Providers and operators of products in the EU are obliged to submit an AI Declaration of Conformity, which documents compliance with all requirements at all times. Violations can result not only in financial penalties, but may also have legal implications. Companies operating solely in Switzerland are not affected by the AI Act.
Cyber Resilience Act (CRA)
The CRA is being introduced by the EU to address the growing threats posed by cyberattacks. Companies need to ensure the digital resilience of their products, services and therefore also their AI applications. The EU IT Security Regulation includes technical protective measures and ongoing monitoring and elimination of potential vulnerabilities. It also explicitly holds software manufacturers and providers accountable for their cybersecurity.
Whitepaper
What manufacturers of connected devices need to know now
Learn how the new EU Cyber Resilience Act is changing the requirements for manufacturers of connected devices.
GDPR and AI
As was already the case, data protection is a top priority wherever personal data is processed. Automated decision making and profiling are only permitted under strict conditions. Companies are obliged to ensure comprehensive transparency and to systematically protect the rights of data subjects. Data protection impact assessments are a standard requirement when launching new AI projects.
NIS2 Directive
The updated NIS2 Directive significantly tightens cybersecurity requirements in critical infrastructure and certain economic sectors. Companies in sectors such as energy, healthcare and transportation are subject to increased prevention, response and reporting requirements. AI systems that are used in these environments must be correspondingly robust and compliant.
Product liability and industry-specific regulations
The revision of the Product Liability Directive includes intelligent systems for the first time: Anyone who distributes or operates faulty AI solutions can be held liable for any resulting damages in the future. In addition, depending on the industry – for example, in the financial sector or in the area of medical devices – other specific requirements apply that companies must observe.
bbv Academy on EU regulations
Get your team ready for the CRA
The EU is enacting various laws on cybersecurity. This particularly affects product developers. This course will give you a clear understanding.
Why managers must act now
The new regulations represent a significant broadening of management responsibilities.
Typical challenges for managers:
- Compliance with all relevant legal requirements when using AI technologies
- Monitoring and assessment of new liability risks as well as expansion of internal audit mechanisms
- Adaptation of processes, responsibilities and control systems
- Development and implementation of effective AI governance in the company
Areas of action for sustainable AI compliance
To efficiently and sustainably implement the EU AI Act, it is recommended to pay particular attention to the following areas:
1. Establish targeted AI governance
A structured model for managing AI applications is essential. This includes clearly defined responsibilities, binding approval processes and the integration of legal requirements into internal guidelines.
2. Identify and assess risks
Every AI application should be classified according to its risk category as set out in the AI Act and reviewed regularly. Early risk analyses create transparency and form the basis for compliant action.
3. Define technical and organisational measures
Data protection, IT security, monitoring and comprehensive documentation are essential. All precautionary measures should be continuously reviewed to ensure they are up to date and effective and also adapted to new requirements.
4. Involve supply chain and third-party providers
External partners, suppliers and the data sources used must be incorporated into the AI compliance concept. Contract preparation and supplier management must comply with legal regulations in order to minimise liability risks.
5. Support competency and awareness
Regular training and internal information measures ensure that all employees are informed about current regulatory requirements and their significance.
Workshop
Ensure your compliance and minimise AI risks
AI compliance trap? As a CEO or senior manager, you bear responsibility. This exclusive course looks at compliance requirements in relation to the use of AI.
Regulation as a strategic advantage
The AI regulations set out in the AI Act not only mean new challenges for companies, but also new opportunities.
- Opportunity to position oneself as a responsible market player
- Building trust with customers and business partners
- Secure and scalable innovation management
Act now with bbv at your side
Prepare your company for the future of artificial intelligence. bbv supports you with sound AI strategy consulting, targeted risk assessment, practical implementation and specialised AI workshops for CEOs.
Contact us and find out how you can guide your company into the future in a legally compliant and sustainable manner with tailor-made solutions and innovative methods.
THIS MIGHT ALSO INTEREST YOU
Success with personalised AI: A sound data strategy is essential for achieving results
How AI is transforming property management
Franke Coffee Systems: New structures for greater efficiency
The most common stumbling blocks on the path towards digitalisation of SMEs – and how to avoid them
