To prepare for the Act, U.S. companies are advised to understand where they are using AI, classify the risk level for each AI use case, ensure their vendors are compliant with the Act, train staff across compliance, policy, legal, and risk, define a simplified AI policy, and invest in adaptable AI technologies. The Act is seen as a harbinger of the future of AI regulation, and U.S. companies are urged to proactively adapt to stay ahead of the regulatory curve.
Key takeaways:
- The EU AI Act, agreed upon by EU policymakers, will have significant implications for US businesses, including those that produce AI-related applications or services that impact EU citizens or supply EU-based companies.
- The Act categorizes AI applications into risk-based tiers, with high-risk use cases requiring compliance with stringent requirements, including detailed risk management policies, documentation requirements, transparency and human oversight obligations, and elevated standards for accuracy, robustness and cybersecurity.
- Companies with EU operations face substantial fines for noncompliance, and even those without direct EU operations may be impacted by the Act if they are within the supply chain of EU-based companies.
- US-based companies should take proactive steps to prepare for the Act, including understanding where their company uses AI, classifying the risk level for each AI use case, ensuring vendor compliance, training staff, defining a simplified AI policy, and investing in adaptable AI technologies.