THE EU AI ACT – SUPRANATIONAL APPLICABILITY: COMPLIANCE
The EU AI Act applies to every organisation that provides a service or a product within the EU, regardless of their domicile, in the same manner as GDPR applies. The result is that if you are located outside of the EU, then the provisions of the Act will apply to your business.
Your business may be located in: UK; Dubai; Abu Dhabi; India; China; USA, but supply within the EU and you will need to comply with the Act’s requirements. Penalties vary from country to country within the EU; from financial penalties, to director imprisonment.
Article 99: Penalties
Operators, shall be subject to administrative fines of up to 15 000 000 EUR or, up to 3 % of its total worldwide annual turnover for the preceding financial year, whichever is higher:
As a small business, or as a start-up, you may not have the resources available, whether financial, time to understand the Act, or personnel to act as your AI governance and data protection officer, to ensure your compliance with both the AI Act and GDPR.
Questions you may ask of your business are:
- Am I a deployer, or a provider if I alter a model for my business use?
- What are my obligations if I use generative AI in my service provision?
- Can I still use biometric data?
- How do I meet the transparency and explainability thresholds for compliance?
- Are the models I use general purpose and how do I identify risk?
- What do the EU AI Office’s Code of Practice entail and what does an SL4 level mean?
What We Provide
Our AI services enable your small business, or start-up, to meet the compliance mandates by assessing, at the very least, your company’s:
- Use and types of AI
- Policies and procedures
- Mitigation controls
- AI development path
- AI education within the workplace
- Technical documentation
- Logging capabilities
- Data flows & method of usage
- Training, fine-tuning and real-world data
- Your company’s place within the AI supply chain
What Do We Deliver
We have long-term IT and data privacy audit experience, with our background across the legal, technical and business domains. Using our wealth of knowledge built over 25 years, we will provide your company with:
- A detailed assessment report, with a simple to understand gap analysis report
- A risk-based audit report, highlighting areas to be prioritised to ensure compliance
- A set of documents to create your appropriate IT security /cyber privacy policies & procedures
- A set of documents to create your appropriate data privacy policies & procedures
- A GANT chart with actionable tasks in an easy-to-follow format
Once we have assessed your company and provided the route map and milestones for you to meet the AI Act requirements, we are also able to offer you the option to draw upon our experience to:
- Act as your AI governance & compliance officer
- Act as your data protection officer
- Collaboratively work with you, using remote project management tools to ensure compliance
- Create the appropriate documentation
- Source third-parties to provide AI logging capabilities
- Develop your AI governance and controls formal documentation
- Create compliant SLA’s for your company’s AI supply chain providers
- Establish your notification procedures for adverse events
- Assist in creating the above for compliance on a per-EU country basis
For more information on how we can assist your small business, or start-up in EU AI Act compliance