article
AI compliance in 2025 and beyond
Preparing for the AI Act
July 26, 2024 • 3 minutes
As artificial intelligence continues to revolutionize industries around the world, the adoption and use of AI tools are coming under more and more scrutiny. And while the law takes much longer to evolve with technology, it is finally catching up with AI.
There are many considerations when it comes to AI compliance — and for businesses that operate or serve customers in the EU, there’s a significant piece of new legislation that’s coming into force soon: the EU AI Act. Regardless of whether your company does business in the EU, this act will likely serve as a guideline for non-EU countries to follow when establishing their own AI regulatory compliance and legislation in the coming years, so familiarizing yourself with these AI regulations now can help you to get ahead of the curve.
In our recent webinar, we discussed the implications of the AI Act and how companies should prepare for its arrival in February 2025 with Barry Scannell, a Partner at leading corporate law firm William Fry.
But what is the AI Act, and what is its significance?
“GDPR, on steroids”
The importance of AI compliance and data security isn’t new — these have been key concerns ever since ChatGPT first exploded in popularity.
But companies that are using AI technology in almost any part of the business, if they operate or serve customers in the EU, now have a non-negotiable deadline to meet thanks to the AI Act coming into force in February 2025.
“It’s GDPR on steroids,” says Barry. “The fines for not complying with prohibited AI systems, which are simply banned from the European Union, they’re €35 million. We’re seeing fines of hundreds and hundreds of millions of Euro, usually in relation to data protection.”
3 things to know about the AI Act
Barry broke down three main pillars in the AI Act that businesses should be aware of:
1. Prohibited AI systems: The AI Act bans certain AI technologies — specifically, those that:
- manipulate people’s decisions or exploit their vulnerabilities
- evaluate or classify people based on their social behavior or personal traits, and
- predict a person’s risk of committing a crime
2. General purpose systems: Companies that build general-purpose AI models will have to keep detailed records of their AI’s development and testing. They must also provide this information to other companies that want to use their AI, while still protecting their intellectual property.
3. AI literacy: Companies that create and use AI systems have to ensure their employees and anyone else who uses these systems on their behalf are educated about AI.
“Article 4 of the AI Act says you have to have a sufficient level of AI literacy for your staff, and that means you may need to implement AI training,” says Barry. “So not only is it a nice-to-have, but it’s actually going to become a legal obligation.”
The AI Compliance Checklist: 10 priorities
So, how can businesses prepare their employees and operational processes to meet compliance requirements with the AI Act?
Barry provided a checklist of tips that William Fry advises corporate clients to use — the list is a product of the team’s experience as technology lawyers, their work internally, and also their observations of the industry and where it’s going. (Watch the full webinar for Barry’s walkthrough of the most important points in this “compliance program” checklist that he would advise prioritizing.)
1. Train your staff
2. Develop robust documentation
3. Invest in human oversight
4. Manage data governance
5. Plan for timelines
6. Determine risk classification
7. Implement disclosure measures
8. Ensure transparent communication
9. Prepare for compliance costs
10. Stay informed and adapt
The AI Act is coming — are you ready?
If your company is providing AI solutions to customers, it’s never too early to start preparing your teams and leaders for what’ll be required of them in the compliance lifecycle. Watch our AI Compliance webinar for more key details about the upcoming AI Act, including prohibited AI systems and AI literacy requirements, and practical ways to minimize bias and maintain compliance efforts as an organization.