The European Union (EU) Artificial Intelligence (AI) Act is the first legislation in the world that will have an extraterritorial impact on AI providers and users in non-EU jurisdictions, if their AI systems affect individuals in the EU. It uses a risk-based approach and classifies AI systems as either prohibited, high-risk, or low-risk based on their potential for impacts to society and individuals’ health, safety, or fundamental rights.
The EU AI legislation is currently under negotiation, and the proposal of the EU AI Act will become law once both the Council (representing the 27 EU Member States) and the European Parliament agree on a common version of the text, which is expected to be finalised this year, and could come to action in Q1 2024.
This act could become a global standard (if not a regulation outside the EU), similar to the EU's General Data Protection Regulation (GDPR).
The act calls out high data quality as being essential for the safe performance of many AI systems, and highlights that achieving high quality data requires the implementation of appropriate data governance and management practices.
Data governance and management has been at the forefront of Chief Data Officer (CDO) activities for the last decade, as organisations have matured their data related capabilities. This is often in response to regulatory drivers, for example, BCBS239 PERDARR (Basel Committee on Banking Supervision’s Principles for Effective Risk Data Aggregation and Risk Reporting), GDPR, etc. We envisage the EU AI Act will have a substantial impact on how organisations create, manage, control, and maintain their data related to AI systems.
The act states that training, validation, and testing data sets for high-risk AI systems shall be subject to appropriate data governance and management practices, which cover:
In addition, it states that the technical documentation of a high-risk AI system shall include:
The data governance and management requirements outlined in the Act impact across a broad set of capabilities that typically fall under the remit of the CDO.
Table: EU AI Act’s impact across common CDO capabilities
As we approach the finalisation of the Act, CDOs should conduct a current state assessment of the various CDO capabilities and frameworks to gauge the organisation’s ability to comply with the asks of the EU AI Act.
This is something we can support with. Our experts have devised a high-level questionnaire that can help you understand your organisation’s readiness for the EU AI Act. We offer an initial assessment, where we will measure your organisation’s maturity across data strategy, governance frameworks, infrastructure, and processes. From here, we can work with you to identify data constructs that require an uplift to ensure you are compliant when the EU AI Act comes into regulation. Get in touch with our contacts below to organise your assessment.
May’23: Webinar: A New Era for AI Regulation | Deloitte UK
Jan’23: Key developments proposed for the EU AI Act as it moves to latter stages | Deloitte UK
Apr’22: Understanding the proposed EU AI Act | Deloitte UK
May’21: The new EU AI Act | What do financial services firms need to know?, Valeria Gallo (deloitte.com)
Mar’21: How to spot unintended biases in machine learning, Michelle Lee (deloitte.com)