EU AI Act: How CIOs Can Prepare
The EU’s AI Act will become the world’s most comprehensive regulatory framework for AI. Businesses doing business in the EU will need to comply or face massive penalties.
March 25, 2024
The European Union has passed its sweeping AI Act, which will establish tough guidelines and penalties for businesses using artificial intelligence.
The EU will roll out the new regulations in phases between 2024 and 2027 targeting “high-risk” AI applications. Companies running afoul of the new rules could face fines of up to 7% of global turnover, or $38 million, whichever is higher.
The vote passed with 523 votes in favor, 46 against, and 49 votes not cast. The law will enter into force in May after approval from the European Council and after last-minute legal language checks. The AI Act, penned in 2021, categorizes AI risks from “unacceptable” – a designation that would earn a ban – to “high,” “medium,” and “low” hazards.
“Europe is NOW a global standard-setter in AI,” Thierry Breton, the European Commissioner for Internal Market said on X, (formerly twitter).
The Commission’s Civil Liberties Committee member Dragos Tudorach lauded the AI Act’s passage, but said the work is just beginning. “The EU has delivered. We have linked the concept of artificial intelligence to the fundamental values that form the basis of our societies,” he said in a statement. “AI will push us to rethink the social contract at the heart of our democracies, our education models, labor markets, and the way we conduct warfare.
What Businesses Can Expect
Much like the EU’s general data protection regulation (GDPR) set the standard for the way businesses collect and protect data, the AI Act is expected to have sweeping, worldwide impact on businesses. Many worldwide companies tailor their data practices to comply with GDPR as a foundational governance framework.
“This law is the most definitive stab at governing this AI monster,” Nitish Mittal, partner with IT research firm Everest Group, tells InformationWeek in an interview. He says as influential as GDPR has been for worldwide businesses, the AI Act’s influence could be more profound. “I believe this is going to have a ‘halo effect’ for other regions. GDPR deals with a very specific point around data privacy. But AI is such a big, broad existential issue for our society and businesses right now … every country is trying to see what they can do to get inspired by this law in some shape or form.”
Jonathan Dambrot, CEO of AI security and trust firm Cranium, says the regulations give businesses a needed framework as they race to adopt new AI tools. “When we look at AI, there’s still a lot of confusion,” he says. “You have CEOs sing that the risk of not using AI is higher than the risk of using AI. There’s so much investment and so much experimentation happening…”
Steep fines will be an effective motivator, Dambrot says.
About the Author
You May Also Like