The EU AI Act introduces a requirement for organisations to ensure AI literacy, and the clock is ticking for putting measures in place. But there are a lot of myths and misconceptions about what that really means. In this blog post, we tackle the five biggest myths we’ve come across. The main takeaways? Your organisation is caught by this requirement, you donât have long to put your measures in place, and this is not just…
Whilst the EUâs AI Act has been grabbing all the headlines, the draft AI Convention has been flying under the radar. But not for much longer. The Convention, also sometimes called the âAI Treatyâ, has been drafted by the Council of Europe. If adopted, it will be the first legally binding international convention on AI. The latest draft is not the final version, but contains text that is still subject to negotiation. Weâve set out…
The UKâs Information Commissionerâs Office (ICO) has launched a public consultation on its draft guidance on data privacy transparency in the health and social care sector. The proposed guidance emphasises the importance of going beyond the legal requirements of the GDPR in order to build trust with patients, and builds on themes of openness, honesty and patient engagement. The consultation is open until 7 January 2024, and is essential reading for tech companies providing services…
The EU has published its draft Standard Contractual Clauses for the procurement of AI (AI SCCs). These are drafted for public organisations wishing to procure AI systems developed by an external supplier, and are based on the requirements for high-risk AI systems in the EU AI Act. The AI SCCs might be a good starting point, but dig a little deeper, and youâll find that the clauses are based on some fundamental (but questionable) assumptions.…
Weâve set out our top ten tips on ensuring GDPR compliance if your organisation is procuring AI solutions from third parties. These tips are based on the issues which we see are attracting regulatory scrutiny in practice, the potential stumbling blocks weâre coming across in supplier terms, as well as the ICOâs AI guidance. This guidance has quickly gained a reputation as some of the most impressive and comprehensive guidance on AI and data protection…
The proposed EU AI Act cleared an important hurdle last week, following the approval of the negotiating draft by MEPs on 14 June. The trilogue will now get underway â this is the three-way discussion between the European Parliament, Commission and Council – and we set out below some key takeaways from the recent vote.
EU AI Act: Top 10 Changes in the Latest Draft At the end of last week, two European Parliament Committees published the latest version of the EU AI Act. The new draft reflects months of political wrangling, but it also demonstrates that EU legislators have listened to the (many) criticisms levied at the EU AI Act until now. So whatâs new? Weâve set our top ten changes: So whatâs next? European Parliament are scheduled to…
In its white paper published last month, the UK Government set out its principles-based, adaptive approach to regulating AI. The UK approach stands in stark contrast to the more static and prescriptive approach of the EU AI Act. Instead of assigning responsibility for AI governance to a new single regulator, the UK Government is empowering existing regulators to come up with tailored approaches for specific sectors. The aim is to ensure that the UK remains a flexible…
The European Unionâs draft AI Act is an âearly-moverâ in the arms race towards a global blueprint for AI regulation. In December 2022, the European Council approved a compromise version of the AI Act, and next month, the European Parliament is scheduled to vote on the draft text. But despite its initial promise, the AI Act increasingly resembles the circumstances of its conception â a complex, one-time political compromise between thousands of MEPs with wildly…
The UKâs Health Research Authority (HRA) has unveiled new guidance which signposts the three essential steps to access health and care data for research purposes. The guidance delves into a point that researchers often miss: the common law duty of confidentiality runs in parallel to data privacy laws, and each regime needs to be considered separately to ensure data access requests can stand up to regulatory scrutiny. Step 1: Scoping – What are the data…