top of page
Writer's pictureThe Bench

Digital World and AI - Quick Business Overview

Written by Salio De Souza.


The EU AI Act and the Digital Services Act (DSA), are two groundbreaking regulations poised to reshape the digital world by establishing robust frameworks for AI and digital services. At the time of posting, these are the timelines:


Key Implementation Timelines


  • July 2024: The definitive AI Act text is published in the Official Journal, becoming binding law on 1 August 2024.

  • February 2025: Prohibitions on specified categories of banned AI come into force.

  • August 2025: General-purpose AI regime begins, with transparency and systemic risk obligations.

  • August 2026: High-risk AI systems must comply with stringent requirements.

  • August 2027: High-risk systems integrated into products subject to EU product safety regulations must meet compliance standards.


Businesses must begin preparations now to align with these regulations. The EU AI Act and DSA mark the beginning of a new era in digital business, emphasizing transparency, accountability, and user protection. The approach is not dissimilar to what we observed with GDPR or NIS2.


Understanding the EU AI Act


The EU AI Act, is the world's first comprehensive legislation on AI. The regulation is complex to the normal bystander, but categorizes AI systems into four risk levels, namely: unacceptable, high, limited, and minimal.


These categories will dictate the regulatory obligations for each AI application, aiming to mitigate risks to health, safety, and fundamental rights.


  • Unacceptable Risk: AI systems that pose a significant risk to safety or fundamental rights are banned. This includes systems that manipulate behavior through subliminal techniques, exploit vulnerabilities, or use biometric identification in public spaces without consent – i.e., AI system used for social scoring that discriminates against individuals based on their behavior or personal characteristics, leading to detrimental treatment. Violations can lead to fines up to €35 million or 7% of global turnover, whichever is higher, [Article 99(3)].

  • High Risk: These systems, which include AI used in critical infrastructure, education, employment, and essential services, must undergo strict compliance measures. For instance – i.e. AI systems used in recruiting that screen job applicants must ensure non-discrimination and transparency in its decision-making process. Non-compliance can result in fines up to €15 million or 3% of global turnover [Article 99(4)].

  • Limited Risk: AI systems in these categories face fewer obligations, mainly focusing on transparency. i.e. would be a customer service chatbot that must disclose to users that they are interacting with an AI system. Fines for non-compliance can reach €7.5 million or 1.5% of global turnover [Article 99(5)].

  • Minimal Risk: These systems generally do not require additional regulatory oversight but may benefit from adhering to voluntary codes of conduct. – i.e. is a basic AI-based email sorting tool that helps users manage their inbox more efficiently.


Digital Services Act (DSA)


The DSA applies to all digital service providers operating within the EU, regardless of whether they are based inside or outside the EU. Similar to the AI Act this includes online platforms, social networks, online marketplaces, and search engines.


Applicability: EU AI Act and DSA


While both the EU AI Act and the DSA aim to regulate and bring transparency to their respective domains, their applicability focuses on different aspects of digital and AI services. Below is a summary to distinguish both:


  • Scope of Services


EU AI Act: Specifically targets AI systems and applications, focusing on the development, deployment, and use of AI within and outside the EU if they affect EU users. 

DSA: Covers a wide range of digital services, primarily focusing on online platforms and digital intermediaries, including those that facilitate the sharing of content and interaction between users.


  • Target Entities


EU AI Act: Applies to developers, providers, distributors, and users of AI systems within the EU, as well as those outside the EU offering AI systems to EU users. 

DSA: Applies to all digital service providers targeting EU consumers, including platforms, marketplaces, and intermediaries, with specific obligations for Very Large Online Platforms.


  • Regulatory Focus


EU AI Act: Emphasizes the ethical and safe use of AI technologies, with specific categories of risk and compliance requirements. 

DSA: Focuses on transparency, accountability, and safety in digital services, particularly regarding content moderation and user protection.


In summary, both the EU AI Act and the DSA have extensive applicability and aim to ensure that digital and AI services are conducted ethically and transparently, with a strong emphasis on protecting users within the EU. Businesses involved in providing AI systems or digital services to EU consumers must thoroughly understand and comply with the relevant regulations to avoid significant fines and maintain trust and accountability.


During my chat with some of my clients, businesses and C-Level should start including in their budgets provision to invest in governance of AI applications and preparing for compliance and training. One can delay, but at their own peril as we've seen with business defaulting with prior regulations and loosing competitive edge.


Preparing for Compliance using past experiences:


  1. Conduct a Comprehensive Audit: Assess all AI systems and digital services to determine their risk category and compliance requirements. This includes mapping data flows, understanding algorithmic decisions, and identifying high-risk applications.

  2. Develop a Compliance Roadmap: Create a detailed plan outlining steps to meet regulatory requirements. This should include timelines, responsible teams, and key milestones to ensure timely compliance.

  3. Invest in Training and Awareness: Educate employees on the ethical and compliant use of AI. Regular training sessions should cover the implications of the EU AI Act and DSA, emphasising transparency, accountability, and human oversight.

  4. Implement Robust Governance Frameworks: Establish policies and procedures to manage AI and digital services. I advise clients to setting up an AI governance team, conducting regular audits, and engaging with regulatory bodies for guidance.


Is your business ready for compliance?


As the AI landscape continues to evolve, staying ahead of regulatory requirements is not just a legal necessity but a competitive advantage. Businesses should proactively address the challenges and opportunities presented by the EU AI Act and DSA. For those seeking support with compliance assessments, risk registers, and governance frameworks, feel free to contact me for further queries, to guide you through these regulations and ensure your business is prepared for the future of AI.


By embracing these regulations and committing to ethical AI practices, businesses can build trust, drive innovation, and navigate the digital transformation with confidence.


Interesting times ahead. Follow me for more updates on this sector.

30 views0 comments

Comments


bottom of page