NextGenInsight.Net

EU AI Law: 7% Fine, 2025

·

·

Billy Yang

### EU AI Law: A Comprehensive Guide for Businesses

The EU's new AI Act will be implemented in phases starting February 2025. This law aims to enhance the safety and accountability of AI systems, and non-compliance can result in fines of up to 7% of a company's global revenue, which is expected to be a significant burden for businesses. Let's dive into the key details of the law and the preparations businesses need to make.

1. EU AI Act Implementation Schedule

※ Phased Roadmap
  • February 2025: Regulations on prohibited AI systems begin.
  • August 2025: General-purpose AI penalties apply.
  • August 2026: Most regulations come into effect.
  • August 2027: Final regulations, including Article 6.1 and Annex II, become effective.
Key Point:

The phased implementation requires a strategic approach, aligning your preparations with the specific regulatory deadlines.

2. Classification of AI System Risk Levels

The EU AI Act categorizes AI systems into three tiers. Each tier has different requirements, so understanding the type of AI your company uses is crucial.

  1. Prohibited AI

    • Systems that infringe on user autonomy or are used for 'social scoring.'
    • Mostly banned, with limited exceptions for law enforcement, etc.

  2. High-Risk AI

    • AI technologies that directly impact humans (e.g., healthcare, education, finance).
    • Strict compliance is mandatory.

  3. Low-Risk AI

  • Technologies like recommendation systems and spam filters.
  • Only require basic documentation.
Key Point:

Start by determining which category your AI systems fall into, and focus your preparations on the high-risk AI systems.

3. Categorization of AI Adoption Types in Companies

Given the diverse uses of AI by businesses, it's important to categorize how your company is using AI.

  1. Wild AI

    • Employees using publicly available AI tools from external sources.

  2. Embedded AI

    • AI functionalities integrated into existing solutions.

  3. Hybrid AI

  • Utilizing a combination of existing AI models and internal company data.
  1. In-House AI
    • AI technologies developed internally by the company.
Key Point:

Each category has different requirements and compliance measures. In-house AI requires the most careful evaluation and management.

4. Additional Obligations under the AI Act

You should familiarize yourself with and implement the following measures like a manual:

  1. Risk Assessment:

    • Regularly evaluate the risks posed by your AI systems.

  2. Transparency Obligations:

    • Clearly disclose the functioning and purpose of your AI systems.

  3. EU-wide Database Registration:

  • Certain AI systems must be registered in the EU's official database.
  1. Sensitive Information Management:
    • Additional safeguards are necessary if your AI handles sensitive data like race, gender, or political opinions.
Key Point:

While these requirements demand time and resources, upfront investments can reduce long-term risks.

5. Practical Action Plan for Companies

Here are the effective strategies proposed by Gartner:

  1. Discovery and Inventory:

    • Systematically analyze all your AI systems through cataloging.
    • Assess legal bases for personal data processing and the use of sensitive information.

  2. Leverage GDPR Documentation:

    • Utilize existing PIAs (Privacy Impact Assessments) and RoPAs (Records of Processing Activities) from GDPR compliance to save time.

  3. Procurement and Change Management:

  • Thorough pre-screening and real-time monitoring when adopting new AI technologies.
  1. Department-Specific Prioritization:
    • Prioritize AI system checks for departments handling sensitive data, particularly HR and marketing.
Key Point:

Aim for a "gradual response" that is realistically achievable, rather than striving for perfect preparation.

6. Relationship Between EU Regulations and Other Laws

The EU AI Act does not operate in isolation. It interacts with various existing laws, including:

  • Machinery Directive: AI related to manufacturing.
  • Medical Device Regulation: AI in healthcare.
  • Toy Safety Directive: AI aimed at children.
  • Civil Aviation Security Regulations: AI in aviation like drones.
Key Point:

To avoid overlapping compliance efforts, carefully analyze the end-use case of your AI systems and their corresponding legal linkages.

Conclusion: What Businesses Should Start Now

  • Step 1: Identify and categorize your company's AI landscape.
  • Step 2: Prioritize compliance preparations for high-risk AI.
  • Step 3: Revise internal systems and processes to meet legal requirements.
  • Step 4: Strengthen employee training and risk management structures.

The EU AI Act demands a fundamental shift in how companies utilize AI, beyond mere regulatory compliance. To stay competitive, you must prepare systematically now. View this law as an opportunity, and transform risks into leadership strategies.

*Source URL:
https://zdnet.co.kr/view/?no=20250118172831


### EU AI Law: A Comprehensive Guide for Businesses The EU's new AI Act will be implemented in phases starting February 2025. This law aims to enhance the safety and accountability of AI systems, and non-compliance can result in fines of up to 7% of a company's global revenue, which is expected to be a…

Leave a Reply

Your email address will not be published. Required fields are marked *

Feature is an online magazine made by culture lovers. We offer weekly reflections, reviews, and news on art, literature, and music.

Please subscribe to our newsletter to let us know whenever we publish new content. We send no spam, and you can unsubscribe at any time.

NextGenInsight.Net