Artificial Intelligence & Machine Learning , Governance & Risk Management , Next-Generation Technologies & Secure Development

Preparing for the New EU AI Act: Key Compliance Steps

Attorney Jonathan Armstrong Discusses the AI Act's Impact on Global Organizations
Jonathan Armstrong, partner, Punter Southall Law

This week, the European Union's AI Act has gone into force, marking a significant step in AI development. Starting Aug. 1, 2024, it will enforce strict rules on high-risk AI systems and prohibit harmful practices, to ensure transparency and protect fundamental rights.

See Also: InfoSec: Applying AI to Third-Party Risk Management to Achieve Consistency

Although the full act will take effect over two years, certain requirements will start on Feb. 2, 2025. Noncompliance could lead to fines of up to 35 million euros or 7% of annual turnover, nearly double the penalties under the General Data Protection Regulation.

The AI Act introduces risk-based categorization, ranging from unacceptable risk to minimal risk. Each category comes with distinct compliance requirements. "At the very top, there are unacceptable risk systems. Then we have high-risk systems, which could include recruitment-type systems depending on AI usage," said legal expert Jonathan Armstrong. He said the AI Act's enforcement parallels GDPR, and he emphasized that organizations need to adapt quickly to avoid penalties.

The act's reach extends beyond Europe; it affects companies globally if their AI systems interact with EU citizens. Penalties for noncompliance include fines and unannounced inspections. Armstrong advised organizations to assess existing policies, perform gap analyses and ensure that AI systems align with new regulations. "Companies need to consider transparency obligations, especially if deploying AI systems that affect EU individuals," he said.

In this video interview with Information Security Media Group, Armstrong discussed:

  • The AI Act's risk-based categorization of AI systems and corresponding compliance obligations;
  • The potential overlap and conflict with GDPR and other data protection laws;
  • Strategies for global organizations to ensure compliance and prepare for enforcement actions.

Armstrong is a lawyer specializing in compliance and technology. He is regarded as one of the foremost cybersecurity experts and is active in advising clients on GDPR compliance and AI risks and opportunities.


About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.