Artificial intelligence
Great opportunities, high complexity
Significance of artificial intelligence
Artificial intelligence (AI) is among the key disruptive technologies of digitalisation. The technical development of AI, especially large language models, is advancing as rapidly as public awareness of AI is intensifying. Yet he use of AI is not new. Many industries have been using it for a long time, whether in research, finance, logistics or speech recognition and control.
Legal framework
The European Union has adopted the AI Act as a uniform European legal framework for the development and use of AI. Based on a risk-based approach, it covers the entire lifecycle of an AI system, including the market launch of AI systems, market surveillance, oversight, governance, and enforcement. The European legislator complements the AI Act with a revision of the Product Liability Directive, which introduces presumptions of causality and disclosure obligations given the limited transparency of AI systems. In addition, specific legal areas to which attention must be paid when using AI include copyright law, trade secrets law, IT law, the law of obligations/contract law, and data protection law.
What needs to be done?
When using AI, it is essential to have an overview of the AI systems deployed as well as of use cases and data. An AI management system should be established for the entire lifecycle and, for the creation of synergies, it should be linked to existing management systems, in a manner appropriate to how AI is being used and the scope of that use. Key action areas include:
- Applicability: assessment of the scope of the AI Act
- Inventory: identifying and classifying AI systems, use cases, and the data used
- Risk classification: classifying identified AI systems by risk category and conducting fundamental rights impact assessments for high risks
- Data basis: analysing data sources, data quality, and data provenance
- Data protection: reviewing data protection requirements such as allocation of controller responsibility, appropriate legal bases, and erasure requirements
- Transparency: ensuring sufficient information about the AI system
- Quality management: integrating AI systems into quality management and, where applicable, the corporate social responsibility strategy
- Contract management: assessing the need to adapt template agreements and existing contracts with third parties affected by AI
- Logging: reconciling input data with the reference database
- EU database: verifying registration of high-risk AI systems in the EU database
- Training: enabling employees to handle AI systems
- Documentation: preparing technical documentation for the AI system
- Liability: evaluating the changed liability risks within risk management
Our services
Life cycle of the management systems
Our legal advisory services within AI governance cover the entire lifecycle of an AI system:
AI and data protection
- Embedding AI compliance within data protection management
- Lawfulness of personal data processing (training data and operational data)
- In particular, profiling and automated decision-making
- Implementing transparency toward data subjects
Legal use case assessment
- Assessing the lawfulness of business use cases (database law, AI law, etc.)
Risk classification
- Legal advice on the methodology for risk classification under the AI Act
- Sign-off: legal assessment of the risk classification of the specific use case
Data contracts
- Drafting of contracts for input data
Implementation of measures
- Legal support in designing and assessing measures such as implementing transparency obligations and quality management
AI training
- Training on legal requirements (upskilling for legal department members and onboarding for the business)
International AI regulation
- Assessment of international requirements
Liability
- Assessment of liability risks arising from the use case
