EU

AI regulation needs clarity as laws develop globally, affecting innovation. A framework is essential for organizations to manage AI risks effectively amidst uncertainty. Current EU guidelines address specific AI systems, yet many low-risk applications remain unregulated, creating risks that require self-regulation. Companies should develop unique AI risk profiles and integrate governance standards within enterprise frameworks. Technological solutions can aid compliance and support responsible AI usage, emphasizing the need for clear governance strategies at enterprise, product, and operational levels. As regulations evolve, a proactive and balanced approach to AI governance is crucial for leveraging innovation while minimizing risks.

https://www.fticonsulting.com/uk/insights/articles/navigating-global-ai-regulation-innovation

The EU AI Act offers guidance for general counsel (GCs) on managing generative AI risks, fostering innovation rather than hindering it. Despite their hesitance, legal leaders can use regulatory frameworks like the EU AI Act as a roadmap for responsible AI implementation. The Act delineates categories for AI risk, with high-risk applications facing stringent requirements to ensure safety and compliance. By understanding these regulations, organizations can mitigate risks like bias and ethical concerns while promoting technological advancements.

https://news.bloomberglaw.com/us-law-week/eu-ai-act-provides-gcs-innovation-guideposts-not-barriers

The EU AI Act, the world's first comprehensive AI regulation, is set to impact financial markets with risk classifications for AI systems: Unacceptable (banned), High (restricted), Limited/Transparency (requires user awareness), and Minimal (no additional requirements). It applies to all EU member states and externally to entities impacting the EU market. Investors see challenges for tech firms, particularly smaller ones, but potential growth for those specializing in compliance and trustworthy AI. Compliance costs are high, penalties for non-compliance severe. The Act officially enforcement starts August 2024, with parts rolling out earlier.

https://www.morningstar.co.uk/uk/news/262229/the-eu-ai-act-is-coming-into-force-heres-what-it-means-for-you.aspx

EU's draft AI code faces industry backlash due to concerns over copyright, risk assessments, and transparency. Tech groups argue the rules are overly burdensome and may stifle innovation, particularly regarding mandatory third-party risk assessments. Critics highlight inadequate protections for fundamental rights and copyright law. Feedback on the draft is open until March 30, with a final version expected in May.

https://dig.watch/updates/eu-draft-ai-code-faces-industry-pushback

GPAI Code of Practice: EU's AI Act mandates GPAI providers, like GPT and Llama, to comply with copyright laws and create a Code of Practice for adherence. The 3rd Draft simplifies requirements, stressing proportional compliance based on provider size. Key areas include: establishing a copyright policy, responsible web crawling practices, identifying TDM opt-outs, mitigating copyright infringement risks, and appointing a copyright contact. The finalized Code is expected by May 2025, and stakeholder feedback is open until March 30, 2025.

https://www.taylorwessing.com/en/insights-and-events/insights/2025/03/gpai-code-of-practice

EIOPA released a consultation on AI governance and risk management for insurance. The Opinion guides insurance entities on AI use, emphasizing risk assessment, proportional governance, ethics, data management, and accountability. It highlights the importance of fairness, transparency, and documentation, while encouraging a customer-centric approach and regular review of AI strategies. Adequate data governance and redress mechanisms are mandated, not introducing new laws but clarifying existing regulations. Feedback is due by May 12, 2025.

https://datamatters.sidley.com/2025/03/14/eiopa-publishes-consultation-on-opinion-on-ai-governance-and-risk-management/

EU's new GPAI Code, delayed but published on March 11, aims to aid compliance under the AI Act for General Purpose AI providers. While it includes streamlined commitments and user-friendly documentation, concerns remain from tech bodies about copyright and risk evaluation requirements. Further guidance on GPAI models is forthcoming. Finalization is due by May; if not completed by August 2025, common rules may be established by the Commission. The success of this voluntary Code is crucial for practical implementation of the AI Act.

https://thelens.slaughterandmay.com/post/102k49e/ai-acts-new-gpai-code-out-finally

EU's AI Act now mandates first obligations.

https://www.jdsupra.com/legalnews/the-eu-s-ai-act-the-first-obligations-3018655/