EU AI Act

The Extraterritorial Reach of the EU AI Act

Authored by
Holistic AI Team
Published on
Jul 29, 2024
read time
0
min read
share this
The Extraterritorial Reach of the EU AI Act

On 1 August 2024, the long-awaited EU AI Act came into force, starting its three-year implementation period. The first provisions on AI literacy and prohibited systems set to come into effect on 2 February 2025 and provisions for high-risk systems in mid 2026. Despite being EU legislation, the AI Act still has significant implications for non-EU companies.

Why does the EU AI Act have an extraterritorial reach?

Instead of governing companies physically based in the EU, the EU AI Act governs the EU market.

This means that non-EU companies that offer AI products and services within the EU market are within scope of the EU AI Act.

Consequently, all companies that target their AI to EU users must ensure that their systems are in compliance with the EU AI Act.

What are the requirements of the EU AI Act for non-EU companies?

The obligations for companies inside and outside of the EU are the same, with the AI Act taking a risk-based approach to determine the obligations associated with each system.

Risk-Based Approach

The most stringent requirements are for high-risk AI systems, while systems with unacceptable risk are prohibited. Obligations for high-risk systems include:

  1. Risk management: Implementing a comprehensive risk management system to identify, assess, and mitigate potential risks associated with AI systems.
  2. Data governance: Ensuring high-quality and representative datasets are used to train AI systems, minimizing biases and inaccuracies.
  3. Documentation: Maintaining detailed documentation to demonstrate compliance with the Act’s requirements, including technical specifications, design processes, and risk assessments.
  4. Transparency and human oversight: Providing clear information on how AI systems make decisions and ensuring human oversight to prevent adverse outcomes.

Actionable steps for non-EU companies

Non-EU companies must comply with the EU AI Act when offering AI products or services to EU citizens. These steps help assess readiness, ensure compliance, and maintain access to the EU market.

1. Conduct a comprehensive compliance audit

Why it matters: Understanding the current state of your AI systems and how they align with the EU AI Act is the first crucial step. You can use your EU AI Act risk calculator to check if your AI system is at risk under the EU AI Act?

Steps to take:

  • Inventory AI systems: Create a detailed inventory of all AI systems used or developed by your company.
  • Assess risk levels: Classify each AI system according to the risk categories outlined in the EU AI Act (unacceptable, high, limited, minimal).
  • Identify gaps: Compare your current practices with the requirements of the EU AI Act to identify areas where your systems fall short. 

2. Develop and implement a compliance strategy

Why it matters: A well-defined strategy will guide your company in aligning with the EU AI Act’s requirements.

Steps to take:

  • Form a compliance team: Establish a dedicated team with representatives from legal, technical, and operational departments.
  • Create a roadmap: Develop a timeline with specific milestones to achieve compliance.
  • Allocate resources: Ensure sufficient budget and resources are allocated for compliance activities, including hiring experts if necessary.

3. Enhance data governance practices

Why it matters: Robust data governance is critical to mitigating bias and ensuring the quality of AI systems. 

Steps to take:

  • Audit data sources: Review and audit the datasets used to train your AI systems for diversity and representativeness.
  • Implement data management policies: Develop and enforce policies for data collection, storage, and processing that align with the EU AI Act.
  • Regular data audits: Schedule regular audits to ensure ongoing compliance and data integrity. 

4. Increase transparency and accountability

Why it matters: Transparency builds trust with users and regulators, while accountability ensures that any issues are promptly addressed. 

Steps to Take:

  • Document AI processes: Maintain detailed documentation of how AI systems are developed, tested, and deployed.
  • Explainability: Invest in tools and methodologies that enhance the explainability of your AI models.
  • User communication: Clearly inform users when they are interacting with AI systems and how decisions are made. 

5. Implement robust risk management and monitoring

Why it matters: Continuous risk management helps in identifying and mitigating potential issues before they escalate.

Steps to take:

  • Risk management framework: Develop a framework for identifying, assessing, and mitigating risks associated with AI systems.
  • Continuous monitoring: Implement real-time monitoring systems to track the performance and impact of AI systems.
  • Feedback loops: Establish feedback mechanisms to gather insights from users and stakeholders, facilitating continuous improvement.

6. Conduct regular training and education

Why it matters: Ensuring that all relevant personnel are aware of and understand the EU AI Act is essential for maintaining compliance.

Steps to take:

  • Training programs: Develop and conduct regular training sessions for employees on the EU AI Act and its implications.
  • Update policies: Regularly update company policies and training materials to reflect changes in the regulatory landscape.
  • Engage experts: Bring in external experts to provide deeper insights and training on specific compliance aspects. 

7. Engage with External Third-Party Tool Providers

Why it matters: Navigating the complexities of the EU AI Act can be challenging, and third-party tools can provide valuable support and resources.

Steps to take:

  • Legal compliance tools: Utilize specialized software that helps interpret the Act's requirements and ensures your compliance strategy is robust.
  • Third-party audit services: Implement third-party audit tools to conduct independent reviews and assessments of your compliance efforts. For instance, read how Unilever partnered with Holistic AI to ensure a responsible approach to AI.

Prioritize compliance with Holistic AI

For non-EU companies, the extraterritorial reach of the Act means that compliance is not optional but essential for accessing the EU market. The regulatory burdens, though substantial, present an opportunity for companies to enhance their AI systems' transparency, accountability, and data governance. 

Are you ready to navigate the complexities of the EU AI Act and turn compliance into a strategic advantage for your business? Book a demo with our experts today and discover how Holistic AI can streamline your EU AI Act preparedness and accelerate your AI transformation.

DISCLAIMER: This blog article is for informational purposes only. This blog article is not intended to, and does not, provide legal advice or a legal opinion. It is not a do-it-yourself guide to resolving legal issues or handling litigation. This blog article is not a substitute for experienced legal counsel and does not provide legal advice regarding any situation or employer.

Holistic AI OSL Library
Table of contents
Text LinkText Link
Heading 2
Subscriber to our Newsletter
Join our mailing list to receive the latest news and updates.
We’re committed to your privacy. Holistic AI uses this information to contact you about relevant information, news, and services. You may unsubscribe at anytime. Privacy Policy.

See the industry-leading AI governance platform in action

Schedule a call with one of our experts

Get a demo
product
Holistic AI SafeguardHolistic AI TrackerHolistic AI AuditsHolistic AI Governance Platform
Resources
BlogPapers & ResearchNewsEvents & WebinarsGlossaryGitHubDocumentationEU AI Act Risk Calculator
COmpany
About Holistic AI
Careers
We're Hiring
CustomersPress ReleasesAnalyst CoverageMedia CoverageExecutive BiosMedia LibrarySitemap
legal
Privacy PolicyTerms & Conditions
we@holisticai.com
© Holistic AI. All rights reserved.

DISCLAIMER: The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the convenience of the reader, user or browser; Holistic AI does not recommend or endorse the contents of the third-party sites.

Readers of this website should contact their attorney to obtain advice with respect to any particular legal matter. No reader, user, or browser of this site should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client relationship between the reader, user, or browser and website authors, contributors, contributing law firms, or committee members and their respective employers.

The views expressed at, or through, this site are those of the individual authors writing in their individual capacities only – not those of their respective employers, Holistic AI, or committee/task force as a whole. All liability with respect to actions taken or not taken based on the contents of this site are hereby expressly disclaimed. The content on this posting is provided "as is;" no representations are made that the content is error-free.