- By Frederik Them Pedersen, Legal Consultant
AI Act Compliance: Get Off on the Right Foot with These 6 Steps
- June 6, 2024
Did you know that 65% of consumers say they have higher trust in businesses who use AI responsibly and transparently?
Complying with the AI Act is not ‘only’ the right thing to do but can also be a competitive edge for your business.
I want to help you reach this win-win as my blog post takes you through:
ISO 42001: International standard for AI management
In December 2023, ISO – the International Organization for Standardization – published the world’s first standard for Artificial Intelligence Management Systems: ISO 42001:2023.
In detail, ISO 42001 works like a guiding principle for setting up, running, and improving a system to manage artificial intelligence in organizations. It’s relevant for all organizations, either making or using AI systems, to help them handle AI in a responsible, transparent, and ethical manner.
Also, it gives companies a structured way to balance risks, benefits, and innovation within governance structures when it comes to AI.
By complying with ISO 42001, your organization first and foremost displays your commitment to responsible AI practices.
Also, it works in your favor in your compliance efforts by giving you a double benefit:
You ensure compliance with both EU AI regulation and recognized global standards – and this paves the way for more credibility and trust among customers, partners, investors, and so on.
Now, we have the formalities in place.
However, it’s no secret that ISO 42001 can be quite a mouthful if you don’t ‘speak’ law fluently.
As an alternative, my colleagues and I have made these 6 AI compliance steps for you.
The 6 steps towards your AI Act compliance
Here are the 6 steps that get you off to a good start with your AI Act compliance:
Step 1: Map your assets
As the first step, you should map your AI assets and thereby get an overview of your use of General-purpose AI (GPAI) and/or AI systems.
Step 2: Conduct risk assessment on AI assets
The risk of using AI should be assessed. Here you include what can happen to the persons who can interact with the AI, and how you can mitigate these consequences.
Step 3: Do governance and controls
In this step, you must ensure governance and controls of your compliance. In this case, it’s a good idea to make an annual cycle of work that gives you an overview of your general tasks and your tasks per AI assets depending on their classification.
Also, we advise you to update your documents every year.
Finally, we advise you to get an overview of links to GDPR, so you don’t do double work.
Step 4: Ensure documentation
Documentation is the proof of your compliance.
Therefore, it’s important to have a code of conduct that document responsible use of AI. In some cases, you also need to have a transparency policy, a policy/procedure for an AI risk management system, and a data protection impact assessment.
Also, you should be aware that even if you don’t use high-risk AI, you still need to document that they are not high-risk.
Step 5: Comply with GDPR obligations
Often personal data will be processed in AI systems.
Therefore, you must get familiar with your GDPR obligations – and comply with them. Among other things, it means that you need to include any AI processing in your privacy policy, make a data protection impact assessment (DPIA), etc.
Step 6: Ensure training and awareness
Finally, it’s important that you ensure training and awareness with your management and employees since their level of knowledge and skills within the use of AI is essential to your compliance.
There are many more nuances on these steps towards readiness for and compliance with the AI Act depending on your specific use of AI tools.
It can for that reason be a complex task to start from scratch with risk assessments, policies, documentation, and so on.
That’s why we’ve launched our AI compliance solution – with a free trial, you get our help to:
- Figure out your specific AI obligations
- Generate your AI policies and legal documentation
- Conduct risk assessments on your AI systems
