The world’s first comprehensive regulation of AI, the European Union Artificial Intelligence Act (“EU AI Act” or the “Act”), officially came into force on August 1, 2024, with most provisions entering enforcement on August 2, 2026. The EU AI Act bans AI systems with “unacceptable risk,” including those AI that engage in real-time facial recognition, social scoring, and cognitive behavioral manipulation. In addition, under the EU AI Act, high-risk AI systems, such as those in employment, infrastructure, finance, biometrics, and law enforcement, are subject to stringent regulatory requirements designed to ensure safety, transparency, and accountability. First, before deployment of any high-risk system, deployers must perform a fundamental rights impact assessment (FRIA), that includes identifying the demographic categories of people likely ot be impacted by the system, the likelihood of the risks of harm to the specific categories of people, and any measures to be taken to prevent and mitigate those risks. Second, after deployment, ongoing obligations mandated by the Act include:
  • Continuous Risk Management: Providers must implement a risk management system to continuously monitor the AI system throughout its lifecycle. This system should be capable of identifying, evaluating, and mitigating foreseeable risks, ensuring the AI operates safely and ethically at all times.
  • Data Governance: High-risk AI systems must adhere to strict data governance practices, ensuring the quality, accuracy, and integrity of data used for training, validation, and testing. Effective measures must be in place to prevent and mitigate biases, ensuring that the AI system does not produce discriminatory outcomes.
  • Technical Documentation: Comprehensive documentation detailing the AI system’s design, functionality, limitations, and compliance efforts must be maintained. This ensures transparency and demonstrates adherence to regulatory standards, making the system auditable by authorities.
  • Human Oversight: The Act mandates that high-risk AI systems include mechanisms for appropriate human oversight. Human operators must be able to intervene, override, or shut down the AI system if necessary, preventing unintended harm or unauthorized autonomous decisions.
  • Robustness, Accuracy, and Security: High-risk AI systems must be designed for robustness, reliability, and security. Regular testing is required to ensure the AI operates within defined parameters, remains resilient to errors or malfunctions, and can withstand external threats such as cyberattacks.
  • Transparency and Explainability: High-risk AI systems must be transparent, ensuring users are aware when they are interacting with an AI system. Additionally, the AI’s outputs and decisions must be explainable, particularly in critical sectors like healthcare, finance, or law enforcement, allowing users to understand how decisions are made.
  • Post-Market Monitoring and Reporting: Providers are required to implement post-market surveillance to ensure ongoing compliance after the AI system is deployed. This includes monitoring for incidents or malfunctions and conducting periodic reviews to ensure the system adheres to the evolving regulatory framework.
These requirements are designed to ensure that high-risk AI systems remain safe, reliable, and accountable throughout their operational lifecycle, minimizing risks to individuals and fostering trust in AI technologies across industries. At Dorf Nelson and Zauderer LLP, we offer comprehensive guidance on the diverse risks associated with AI technology for businesses and their employees, including its integration into products and services for customer access. Our experienced attorneys provide counsel on intellectual property protection for AI technologies and work closely with clients to develop tailored generative AI policies and guidelines that align with specific business needs and risk tolerance. We diligently monitor updates to the EU AI Act and its implications for companies, crafting strategies to ensure compliance with forthcoming obligations.