Navigating the AI Maze: Striking a Balance Between Business Opportunities and Regulatory Obligations
By Sabine Reifenberger, Frankfurt
AI is being effectively managed and utilized
In the AI-driven world, every business needs a guide—and that's where lawyers like Christoph Werkmeister come in. Following the European Union's General Data Protection Regulation (GDPR) in 2016, Werkmeister, the global co-head of the Data and Technology Practice at Freshfields law firm, witnessed a data protection frenzy. Now, he sees a similar trend in AI consulting, as companies struggle to integrate artificial intelligence (AI) across various sectors, from retail to healthcare.
Executives must grapple with AI, driven by economic pressure and competition. "If AI offers an efficient and cost-effective solution, a board should be aware of these use cases," Werkmeister explains. However, charge ahead with caution. Proper AI governance is essential before it becomes the norm, especially considering employee co-determination rights.
The European Regulation as a Safety Net
To prevent chaos, careful management is key. Companies must consider whether AI tools should be used in HR for employee selection or in customer service for pre-formulated letters. Protecting sensitive data is paramount. "Regular mapping is necessary for AI governance, recording who is working with AI in which area to maintain control," Werkmeister stresses. Companies can also implement enterprise policies to limit AI use to specified processes.
The European Regulation on Artificial Intelligence, effective since August 2021, outlines guidelines for AI governance. The regulation follows a risk-based approach, with higher requirements for so-called high-risk systems, like autonomous vehicles or biometric data systems, which undergo external audits (conformity assessment).
Duty of Care and Compliance
Boards and business leaders have a responsibility to deploy certified and well-documented AI systems, reducing the risk of errors. Companies must also be prepared to provide regulators with information about their AI systems' functionality.
AI literacy internally is also important. Companies using AI systems should provide appropriate employee training, although the specifics remain at the company's discretion. Moreover, the trainings should not be viewed as merely a regulatory requirement; they facilitate informed decision-making and better negotiations with AI providers.
Parallels to Data Protection Regulations
Establishing a governance structure for AI has yet to yield a clear blueprint, but it shares similarities with the GDPR. Companies that already handle customer data effectively in data protection can apply those experiences to AI topics.
International AI Governance Differences
While the AI regulation is primarily organizational, internationally active companies could face multiple AI regulations. Companies with headquarters outside the EU that sell products or use AI output in the EU may fall under the EU AI Act's scope. Differences in regulations between countries exist, such as varying focuses on consumer protection or copyright issues.
As further-reaching AI governance obligations may be introduced in individual countries in the future, businesses should focus on the fundamentals of risk management, transparency, and documentation to remain prepared for the future.
- In the realm of AI, lawyers like Christoph Werkmeister, with extensive knowledge in AI consulting, serve as essential guides for businesses navigating regulatory obligations.
- Proper AI governance is crucial for companies, ensuring a balance of economic benefits and adherence to regulations, such as the European Regulation on Artificial Intelligence.
- To maintain control over AI use, regular mapping is necessary within companies, documenting AI application areas and personnel involvement.
- The successful integration of AI technology in businesses relies not only on regulatory compliance but also on employee training, fostering AI literacy and informed decision-making.
