EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Select your location
Local sites
Why are the EU AI Act and data management critical for businesses? Set to become the world’s first comprehensive regulation governing artificial intelligence (AI), the EU AI Act (“the Act”), proposed by the European Commission, aims to ensure ethical, secure, and responsible AI practices while safeguarding individuals’ rights. As AI rapidly revolutionizes industries and economies and integrates into daily life, robust governance is crucial. In this article we help you gain an understanding of the EU AI Act and the importance of data management, provide recommendations for preparation, and finally share strategic business opportunities not to be missed.
Understanding the EU AI Act: a strategic imperative
Effective AI governance is essential to mitigate risks, protect individual rights, and promote public trust in AI systems. It encompasses various dimensions, including transparency, accountability, fairness, and security. The Act categorizes AI systems into four risk levels. Each category is subject to different regulatory requirements, with the most stringent measures applied to high-risk AI systems.
Practical scenario: Consider a company developing an AI recruitment tool that faces allegations of bias due to poor data practices – e.g., it was trained on past hiring data that favored a particular demographic, like candidates from certain universities. Because of this, the system automatically filters out resumes of candidates from certain backgrounds, even though they are highly qualified, resulting in a shrinking talent pool, legal and reputation risks (e.g., discrimination lawsuits and bad press), and lack of innovation (e.g., a homogenous team leads to weaker problem-solving). These serious issues could have been avoided with strong governance.
To share a real-life example, take the case of the National Health Service (NHS), in the UK, where an AI system shared patient data without consent back in 2015, resulting in legal and ethical concerns, and eventually legal action.
The EU AI Act lays out the following foundational pillars, to help organizations using AI avoid situations like the above:
- Prohibition of unacceptable AI practices: AI systems that pose a clear threat to safety, livelihoods, and rights are banned. This includes AI systems that manipulate human behavior or exploit vulnerabilities.
- Regulation of high-risk AI systems: High-risk AI systems, such as those used in critical infrastructure, education, employment, and law enforcement, must comply with strict requirements related to data quality, transparency, and human oversight.
- Transparency obligations: AI systems interacting with humans, generating deepfakes, or used for biometric identification must disclose their nature to users.
- Governance and enforcement: The Act establishes national supervisory authorities and a European Artificial Intelligence Board to ensure compliance and enforcement.
Businesses developing or deploying high-risk AI must maintain detailed technical documentation, ensure traceability of data used for AI training and testing, and conduct conformity assessments before deployment.
The cornerstone of compliance: the unavoidable importance of data management
At the cornerstone of AI compliance is the reliance on data, making effective data management indispensable for compliance with the EU AI Act. In what ways is data essential in AI management?
- Data quality and integrity: High-quality, accurate, and unbiased data is essential for training reliable AI models.
- Data privacy and security: Compliance with data protection regulations, such as the General Data Protection Regulation (GDPR), is paramount. Organizations must adopt measures to protect personal data and ensure data security.
- Data transparency and accountability: Transparent data practices and clear documentation are critical for accountability. Organizations should maintain detailed records of data sources, processing methods, and AI model performance.
- Ethical data use: Ethical considerations should guide data collection, processing, and usage. Organizations must avoid biases, discrimination, and unfair practices in their AI systems
Practical scenario: A company discovers inconsistencies in its data governance during an audit, delaying a new AI product launch – e.g., imagine an e-commerce company developing an AI-powered pricing system realizing that the AI system was trained on scraped competitor pricing data (violating antitrust regulations), and customer purchase history data without obtaining explicit user consent. Early investment in governance could have prevented these unnecessary roadblocks.
To look at a real-life example, EY recently assisted a public services organization in defining a robust operating model for its AI program, enhancing data quality and accountability in order to streamline product development, reduce compliance risks, and accelerate time-to-market for innovative AI solutions.
Preparing for today and for the future: key actions for businesses
As the EU AI Act paves the way for a regulated AI landscape, it’s crucial for European businesses to prepare for compliance. Proactive steps will not only help avoid penalties but also enable organizations to leverage AI ethically and responsibly, ensuring a competitive edge in the future.
The AI Act: implementation timelines
Ideas for effective AI governance
What are some of the basic steps firms can take to kickstart their journey to AI Act compliance?
Conduct a comprehensive AI assessment:
- Key points: Assess all AI systems currently in use within the organization to determine their risk levels according to EU AI Act risk categories.
- Measures: Create an inventory of AI systems, classify them by risk level, and evaluate their compliance with the Act’s requirements.
- Ideas: Automate the AI assessment process and identify potential gaps.
Implement robust data governance frameworks:
- Key points: Always underestimated, establish policies and procedures for data management, ensuring data quality, integrity, and security of data used by AI.
- Measures: Develop data governance policies, appoint data stewards, and implement data quality controls.
- Ideas: Centralize data governance activities for AI systems and ensure consistency across the organization.
Define and invest in AI ethics and compliance training:
- Key points: Define AI ethics principles and provide AI literacy programs for employees to raise awareness about AI ethics, compliance requirements, and responsible AI practices.
- Measures: Create a repository of AI ethics principles to be used across the organization and develop training modules on AI ethics, the EU AI Act, and data protection regulations.
- Ideas: Create interactive workshops and e-learning courses to engage employees and reinforce key concepts.
Case study: How has EY helped firms with their compliance journey
The above are just a few steps. But how do you enhance transparency and accountability? Are your policies, procedures, standards, and guidelines compliant?
As AI technologies become integral to organizational operations, experts can ensure that AI initiatives are governed effectively and align with the EU AI Act. EY undertook the actions for an international client.
AI governance insights enablement
This process began with conducting interviews to gain in-depth insights into the program’s scope, strategy, and future plans. Following this, we facilitated an insight enablement workshop that focused on best practices in AI governance and risk management. The workshop covered critical areas such as governance design, operating model structures, intake processes, and policy formulation, providing a robust framework for effective AI governance.
AI GRC assessment
The assessment involved leveraging insights gained from AI Governance Insights to conduct a comprehensive evaluation of the client’s enterprise-level AI risk practices. This culminated in the preparation of a detailed findings and recommendation report, which offered management actionable insights and strategic guidance aimed at strengthening their AI risk framework.
Strategic opportunities for businesses
Instead of perceiving the EU AI Act as a burden, businesses can harness it as a powerful tool for gaining a competitive advantage. By committing to ethical AI practices, companies can build trust and foster stronger relationships with customers and partners. Compliance with the Act also paves the way for expansion into regulated markets where responsible AI is essential. Furthermore, the Act encourages innovation that aligns with societal expectations and regulatory standards, enabling businesses to develop AI solutions that not only meet compliance requirements but also resonate with consumers and stakeholders alike.
Conclusion
AI governance is now essential for businesses. The EU AI Act sets clear regulations, emphasizing data management to protect rights and public trust while fostering innovation. This presents both challenges and opportunities. Companies need help and advice to proactively audit systems, improve data quality, and adopt governance frameworks to turn compliance into a strategic advantage. Collaboration among policymakers, industry, and the public is crucial for navigating AI governance complexities and ensuring an ethical AI future. Compliance may seem complex, but it’s also an opportunity to innovate, lead, and thrive in a regulated world.
Summary
The EU AI Act represents a groundbreaking regulatory framework aimed at ensuring ethical and responsible AI practices while protecting individual rights. As AI technology rapidly evolves, effective governance is essential to mitigate risks and promote public trust. This article outlines the key components of the Act, including risk categorization, data management requirements, and the importance of transparency and accountability, and emphasizes the strategic opportunities for businesses to leverage compliance as a competitive advantage, fostering innovation and building trust with stakeholders.
Related articles
AI Adoption in European Financial Services: Progress, Challenges, and Future Directions
European financial services firms are increasingly embedding Artificial Intelligence (AI) and Generative AI (GenAI) technologies into their operations to enhance productivity and efficiency. Yet, according to our second EY European Financial Services AI Survey, only a mere 9% of these firms consider themselves ahead of the curve in AI adoption. Despite high aspirations for a more AI-driven business environment, with 28% of firms accelerating their AI adoption over the past year, the majority remain in the early, experimental stages, particularly concerning GenAI.
19 Dec 2024
Laurent Moscetti
Rapport intégrité EY : L’IA et ses défis
Fruit de l’analyse de plus de 5 000 experts issus de 53 nations, le rapport mondial sur l’Intégrité d’EY 2024 vient d’être publié. Il intègre des données inédites concernant les enjeux d’intégrité liés à l’intelligence artificielle.
17 Jun 2024
Frédéric Guilmin
Three significant shocks impacting search in the Generative AI era
Searching is ubiquitous in modern information intensive economies, shaping all variety of transactions from labor and product markets to e-commerce and social media.
27 Feb 2023
Beatriz Sanz Sáiz