With the EU AI Act due to start coming into effect in the next few weeks, businesses cannot avoid addressing this new regulation, or else they’ll risk paying hefty fines of up to €35 million. But that’s not all, with the new UK Labour government planning to tighten AI rules further, businesses will need to ensure they are prepared to comply.
In light of this, Keith Fenner, SVP and GM EMEA at Diligent, a leading GRC SaaS company, discusses the risks and opportunities that the AI Act will bring to businesses, as well as the next steps they should take to ensure they are compliant.
What is the biggest risk for businesses when the AI act comes into force?
“With the EU AI Act now coming into effect, the onus is on British and Irish businesses to prepare for compliance. Failure to do so can lead to the potential for hefty fines – up to €35 million or 7% of global turnover for breaches. This means becoming and remaining compliant is increasingly important.
“We will also likely see regulators, shareholders, and customers holding companies and directors to account for failures to address AI risks much faster than they have for other risks. This is because there is already a solid foundation of regulations and practices in place that have been built to address cyber and data protection risks, which can be leveraged to address AI-related issues more efficiently.”
Are there likely to be any challenges or problems with compliance – and how can these be overcome?
“All organisations recognise the opportunity of AI and feel growing pressure to adopt it, but they are concerned about having to navigate the imminent AI governance and compliance landscape. The new EU AI Act is likely to be the start of an AI governance journey for most organisations. The requirement to create, implement and manage an AI governance program will feel overwhelming and most organisations may not know how to start or who should own this program.
“The solution is not to ban AI, but rather to start applying guardrails and investing in good governance while reliance on AI is still in its infant stages, empowering organisations to harness innovation opportunities with confidence, and deliver the benefits of AI while mitigating risks, maintaining compliance, and upholding ethical values.”
“Business leaders and GRC professionals will need to perform gap assessments to evaluate if current policies and regulations on privacy, security and risk can be applied to AI. The aim is to establish a strong governance framework, encompassing both in-house and third-party AI solutions. But compliance is just the tip of the iceberg. To truly thrive in this new era, business leaders need to reimagine their approach to AI. This means finding the right balance between innovation and regulation.”
