EU AI act: GenAI solutions that rely on trusted, internal data are key to compliance with new legislation

By Yohan Lobo, Industry Solutions Manager, Financial Services at M-Files

 

The EU parliament has approved its AI act, the world’s first recognized set of rules designed to regulate this technology. Under the act, AI solutions will be divided into risk categories, including an ‘unacceptable’ tier that will see models that pose systemic risk banned. The bill will come into force 12 months after it is made law and is subject to formal approval from ministers of EU member states.

Generative AI (GenAI) regulation will be split into two tiers, the first of which will require compliance with EU copyright law and summaries of content used to train models. The second tier, reserved for models deemed high risk, involves regular incident reports and more stringent testing.

So, how will this new legislation impact companies leveraging GenAI solutions in the EU and beyond?

Yohan Lobo

Navigating new legislation

The EU’s AI act adds another layer of complexity for business leaders with concerns about the safety of their models. The majority of GenAI solutions will fall into the first tier of regulation, where organizations must prove that the data the model is grounded in can be relied upon.

Models placed in the second tier are those considered a ‘systemic risk’ to public safety, possessing an almost human-like level of intelligence, and will be treated with additional care and attention as a result. This includes chatbots and AI image generators, with these GenAI applications undergoing adversarial testing, where experts attempt to bypass a model’s safeguards.

Businesses developing their own GenAI tools that are placed in the first regulatory tier must have a clear understanding of how their solution draws conclusions and makes assumptions, using data to back up the reliability of the suggestions it provides. Ultimately, if the data being drawn on doesn’t infringe copyright restrictions and can genuinely be trusted, organizations will find it far easier to comply with the new regulations.

An EU bill with global ramifications

The impact of the bill is likely to permeate beyond the EU, similar to the introduction of General Data Protection Regulation (GDPR). This was an EU-led initiative that transformed the way that organizations on an international scale manage people’s data.

Even if businesses in countries outside of the EU aren’t impacted by the bill directly, other nations and governing bodies are sure to follow suit if the legislation is a success. Therefore, it’s crucial that companies developing GenAI models anticipate that governments will reconsider how they are monitoring AI systems and think about how they can better align with any upcoming regulatory changes.

Delivering trust, security, and accuracy

Now that GenAI has broken into the mainstream, businesses across industries are rushing to implement these solutions and get ahead of the competition. However, firms can only introduce a GenAI tool if they are sure it is safe and reliable.

Ensuring GenAI tools only use accurate and well-structured data − typically the same data managed and used by their company – is vital for businesses bound to comply with the EU AI act.

This is dependent upon three key pillars: trust, security, and accuracy. The easiest way to adhere to the legislation is by deploying a solution that operates within reliable internal data. A question all companies should ask themselves, is do they trust their data? If so, they can count on the results their GenAI tool produces.

Correctly implementing an approach driven by internal data means businesses can act with certainty on their AI outputs, improving productivity by equipping knowledge workers with tools to quickly search for, access and analyse the information they need. When a model is given time to adapt to the data it is built upon and learn more about the requirements of the individual employees it services, it will grow in intelligence and intuition and further support the needs of its users.

Trust, security, and accuracy are all intrinsically linked, and companies looking to embed a GenAI strategy that complies with the EU AI act should begin by organising data across all operations. In doing so, they can lay the foundation for a GenAI tool that protects their customers while delivering vital knowledge work automation that will increase efficiency and streamline processes for employees.