Unlocking the AI Act. What US startups need to know about EU’s AI regulations

For US startups looking to expand into the European Union (EU), understanding and complying with the EU AI Act is crucial. In this blog post, we’ll explore when the AI Act applies to US startups and the significant risks of non-compliance.

When Does the AI Act Apply to US Startups?

The AI Act applies to providers placing AI systems on the EU market or putting them into service within the EU, regardless of whether these providers are established within the EU or in a third country, such as the US​​. This means that if a US startup offers AI-based products or services that will be used in the EU, they are subject to the regulations outlined in the AI Act.

Additionally, the AI Act applies to providers and users of AI systems located outside the EU if the output produced by these systems is used within the EU​​. This extraterritorial scope ensures that any AI system impacting EU residents falls under the regulation, emphasizing the importance of compliance for US startups aiming to operate in the EU market.

High-Risk AI Systems

One of the critical components of the AI Act is its focus on high-risk AI systems. These are systems that pose significant risks to the health, safety, or fundamental rights of individuals​​. High-risk AI systems include, but are not limited to, those used as a safety components of products,  in critical infrastructure, biometrics, education, employment, and law enforcement. US startups developing or using such systems must ensure they comply with specific requirements, such as:

• Implementing a robust risk management system.
• Ensuring high levels of data governance and quality.
• Maintaining detailed technical documentation.
• Providing transparency and information to users.
• Enabling human oversight to mitigate risks.

General Purpose AI Systems and the AI Act

The AI Act also places significant emphasis on general purpose AI systems, which are AI technologies designed to perform a wide variety of tasks and are not limited to specific applications. These systems, due to their versatile nature, can have far-reaching impacts across different sectors. The AI Act mandates that general purpose AI systems must adhere to stringent requirements, especially if they are used in contexts that could pose high risks to health, safety, or fundamental rights. These requirements overlap with the requirements for the high-risk AI systems.

The Risks of Non-Compliance

Non-compliance with the AI Act can lead to severe consequences, both legally and financially. Here are some potential risks that US startups might face:

1. Financial Penalties: Non-compliance can result in hefty fines. For instance, violating the AI Act’s provisions can lead to fines of up to 30,000,000 EUR or 6% of the total worldwide annual turnover of the preceding financial year, whichever is higher​​.
2. Market Access Restrictions: Authorities can restrict or prohibit the placement of non-compliant AI systems on the EU market. This can significantly impact startups relying on the EU market for their business growth​​.
3. Reputation Damage: Non-compliance can damage a startup’s reputation, leading to loss of trust among customers and partners. In the competitive tech industry, maintaining a reputation for ethical and lawful operations is crucial for long-term success.
4. Legal Action: Beyond administrative fines, non-compliance can also lead to legal actions from individuals or entities affected by the AI systems. This can result in costly litigation and further financial strain on the startup.

The Timeline for the AI Act’s Implementation

The AI Act is set to be fully applicable one year and a half after its adoption. However, certain provisions, such as those related to governance and the conformity assessment system, will become operational earlier (check here for precise timeline). Member States are required to appoint or establish authorities for supervision, and the European AI Board will be set up to ensure effective implementation. Additionally, the EU database of AI systems will be fully operational by the time the AI Act becomes applicable​​.

Steps to Ensure Compliance

For US startups, the path to compliance with the AI Act involves several crucial steps:

1. Conduct a Risk Assessment: Identify if your AI systems fall under the high-risk category. This assessment should consider the intended purpose, scope, and potential impact of your AI systems on health, safety, and fundamental rights​​.
2. Implement Compliance Measures: Develop and integrate a comprehensive compliance strategy that includes risk management, data governance, transparency, and human oversight. Ensure your technical documentation is detailed and up-to-date​​.
3. Engage with specialized advisors and lawyers: Maintain open communication with trusted lawyers. This can help in understanding specific compliance requirements and keeping abreast of any regulatory updates or changes​​.
4. Invest in Training and Resources: Educate your team about the AI Act and the importance of compliance. Investing in compliance training and resources can help mitigate risks and ensure your startup adheres to the regulations.

Conclusion

Navigating the complexities of the EU AI Act can be challenging for US startups, but it is essential for accessing the lucrative EU market. By understanding when the AI Act applies, recognizing the risks of non-compliance, and taking proactive steps to ensure adherence, startups can not only avoid penalties but also build trust and credibility in their AI offerings.