What is The Artificial Intelligence Act?
On 12th July 2024, the European Parliament and Council’s Regulation (EU) 2024/1689, known as the Artificial Intelligence Act, was published in the Official Journal of the European Union. Emphasising transparency, accountability, and data protection, this regulation introduces stringent obligations for high-risk AI applications to ensure safety and compliance with fundamental rights.
The Act, which took effect on 1st August 2024, sets out harmonised rules for AI development, market placement, and use within the EU. It adopts a proportionate risk-based approach, focusing on transparency, accountability, and data protection to ensure that AI systems are auditable and trustworthy.
High-risk AI applications are subject to more stringent controls, with the Act imposing rigorous obligations on AI providers to ensure safety and adherence to existing legislation protecting fundamental rights throughout the AI lifecycle.
Why was the Regulation Introduced?
The fast advancement of Artificial Intelligence has brought substantial benefits, alongside significant risks. As AI technologies increasingly impact various aspects of life, the need for a comprehensive regulatory framework became clear. The AI Act addresses these concerns by establishing a clear set of guidelines to ensure the ethical and safe deployment of AI systems.
What is the Impact on Businesses?
The Act’s impact varies by sector. It primarily affects businesses working with AI systems in areas such as finance, health, transport, and security. These sectors must adhere to the highest standards of the law due to the significant potential impact their technologies could have on security and individual rights.
Furthermore, the regulation fosters innovation by allowing businesses, including SMEs and startups, to develop, train, validate, and test AI systems within AI regulatory sandboxes. By 2nd August 2026, each EU Member State must establish at least one sandbox, which can be set up jointly with other Member States. These sandboxes provide a controlled environment for testing AI systems under regulatory supervision, facilitating innovation while ensuring adherence to regulatory standards.
Responding to Legal Requirements with ISO 42001:2023
ISO 42001:2023 offers a structured approach to managing AI systems and supports compliance with the AI Act. Here’s how:
Data Protection: The standard emphasises data security and privacy, aiding compliance with data protection laws such as GDPR. Adherence to ISO 27001 ensures a robust information security management system (ISMS), while ISO 27701 provides a framework for managing personally identifiable information (PII), enhancing your organisation’s ability to meet GDPR requirements and other privacy regulations.
Governance and Structure: ISO 42001:2023 helps establish a clear governance structure for managing AI, facilitating adherence to oversight and transparency requirements.
Risk Management: It provides a systematic approach to identifying and mitigating risks, essential for meeting the law’s risk assessment requirements for high-risk AI applications.
Continuous Improvement: ISO 42001:2023 promotes ongoing review and enhancement of AI practices, crucial for adapting to legal and technological changes.
By implementing a management system based on ISO 42001:2023, organisations not only ensure compliance with current AI laws but also prepare themselves for future regulations and technological challenges.
For more information on how ISOQAR can assist you in achieving ISO 42001:2023 certification and navigating the new AI regulatory landscape, contact us today.
