The EU AI Act has a broad scope, and it does not just affect companies based in the EU. In this article you can understand who is essentially caught or subject to the AI Act:
Affected Industry sectors
1. Tech companies: Technology companies like Google, Microsoft, Facebook and Amazon, which develop and deploy AI systems in a wide range of applications.
2. AI Startups: Smaller AI startups that rely on AI technologies for their products.
3. Healthcare and Life Sciences companies: Use of AI in diagnostics, patient monitoring, and medical devices.
4. Finance and Insurance companies: Industries like finance and insurance, which increasingly rely on AI for decision-making processes.
5. Telecommunications & Infrastructure companies: Use of AI in network optimization, fraud detection, and critical infrastructure will need to be monitored.
6. Schools, Universities and Education companies: Use of AI for personalized learning platforms, automated grading, virtual tutors, AI proctoring, predictive analytics, and content creation to enhance teaching and student outcomes.
7. Employment, HR and Workforce companies: AI used for resume screening, candidate matching, employee monitoring, performance analysis, workforce planning, and bias detection to streamline recruitment and manage talent.
Extraterritorial Reach
Evidently even non-EU companies are caught if their AI systems are:
· Used in the EU, or
· Affect people within the EU.
The EU AI Act therefore has global consequences.
Key actions which should be taken now include:
· Conducting an AI mapping exercise to identify all AI systems and general purpose AI (GPAI) models which are or will be used or developed.
· Clarifying the organisation’s role for each AI system and GPAI (e.g., provider, deployer, importer, distributor), in order to determine the specific obligations under the Act.
· Determining which AI systems and GPAI models fall within the scope of the AI Act, by assessing whether they are “placed on the market” or “put into service” in the EU.
· Incorporating the AI Act’s requirements into due diligence processes and contracts.
· Assessing and hiring resources needed to support governance activities, as demand for AI governance professionals is likely to increase.
· For high-risk AI systems, preparing for compliance with requirements such as risk management systems, data governance, technical documentation, record-keeping, transparency, and human oversight.
· For non-EU businesses, assessing whether AI systems or their outputs are accessible or used in the EU, as the AI Act will likely still apply.
· Keeping informed about upcoming guidance and codes of conduct, which will provide more detailed information on compliance requirements.
By taking proactive steps now, businesses can position themselves to comply with the AI Act’s requirements as they come into force over the next few years. Whilst full compliance is not immediately required, early preparation can help avoid rushed implementation and the risk of potential penalties later on.
How can We Help
If you are developing or using AI technologies or systems you should examine if you have duties or certain standards or restrictions while using them. Additionally, depending on the AI system it may take decisions that give rise to competition and personal data laws or even affect discrimination or bias. We can assist in recognising these duties and/or restrictions. For more information follow our AI Series. To book a consultation with one of our consultants visit our website www.pyrgouvakis.com
