By Aidan Connolly

As you may, or may not know, the EU is working on developing legislation to regulate how AI is used within the EU – it is similar in reach and ambition (as well as fines and penalties) to GDPR. The new regulatory framework proposed by the European Commission, aims to create a harmonised set of rules for AI systems and automated decision-making within the European Union. With the legislation expected to come into effect soon, companies need to be aware of its implications and be prepared to adapt.

To achieve these aims, the EU AI Act emphasises transparency, accountability, data protection, and legal liability for both AI systems and automated decision-making processes employed by companies. Businesses must provide clear information about their AI systems’ capabilities, limitations, and potential biases, as well as the rationale behind automated decisions.

Among the provisions of the EU AI Act, high-risk applications, i.e., ones that could have a significant impact on a person depending on the output of the AI model, such as credit scoring, calculation of insurance premiums, or computer-aided HR recruitment will be subject to stricter regulations, including auditing, record-keeping, and documentation. AI systems and automated decision-making processes must adhere to strict data management practices, ensuring citizens’ rights are respected.

“So what?” I hear you say! With most companies in the EU not using AI, many will be tempted to pay little heed to this new legislation. That could be a grave mistake…

The devil is in the detail, in the case of the EU AI act the detail is the “automated decision making” category. If a business is using algorithms (even something simple written in SQL) to make a decision regarding a customer, or potential customer, then they are likely to be subject to the EU AI Act. So, some simple code like:

IF customer_salary < €28,000

AND number_of_times_in_overdraft > 3

THEN refuse_car_loan = ‘YES’


will be subject to the regulation. So, saying that your business does not use AI will not get you off the hook. The reach of the AI Act is vast, and as well as governing non-AI automated decision-making, it will also extend the EU’s arm beyond its boundaries and impact any business in the world selling services into the EU, just like GDPR.

Failure to comply with the EU AI Act can result in significant fines. For non-compliance with certain requirements, companies may face fines up to €20 million or 4% of their global annual turnover, whichever is higher. These substantial penalties highlight the importance of staying informed and adapting to the new requirements.

So, be prepared, this legislation is coming and will have a critical impact on how AI and automated decision-making is developed, and deployed, in the EU and beyond. It is envisaged that companies using such technologies will have to have them audited periodically – this is something that will significantly impact the rollout and maintenance of AI within businesses, and we need to start preparing now.

Recommended Posts