EU AI Act: Is Enterprise Architecture Key To Compliance?

Posted by Neil Sheppard on August 31, 2023

SBOMs Global Interest Swelling In Security By Design - The EU Cyber Resilience Act

The EU AI Act is the first legislation on artificial intelligence to be proposed, but other governments are sure to follow Europe's lead. Find out what you need to do to stay compliant with approaching worldwide AI regulation.

The EU AI Act is gaining momentum in the European Parliament. This first-of-its-kind sweeping regulation will categorize and control the use of artificial intelligence (AI) tools in order to protect the rights of EU citizens.

While the European Union (EU) is the first authority to push forward with this kind of regulation, the topic is being discussed in many territories. The EU AI Act is, therefore, likely to be a benchmark for what we can expect other governments to adopt in their regions.

Using the EU AI Act as guidance when acquiring and leveraging AI tools will avoid compliance issues when regulation becomes standard over the next five years. Organizations that do this will gain a competitive advantage over the competition.

Let's look at what restrictions the EU AI Act will impose and how you can stay compliant.

What Is The EU AI Act?

Artificial intelligence (AI) may have hit the headlines in the last 12 months, but the EU AI Act has been in development for far longer. The European Parliament first adopted three reports on AI regulation in October 2020.

In January 2021, the EU proposed guidelines for AI regulation, and in May, 2022, a roadmap was put forward for legislation. Finally, on June 14, 2023, the Parliament adopted its negotiating position on a final AI Act.

The Act is likely to pass much as it was proposed. It includes a detailed categorization of different levels of AI risk, and appropriate controls for software at each level, but also some general rules.

AI systems at all levels will be required to offer customers basic transparency. This means ensuring content created by generative AI is clearly marked as such to consumers.

In addition, measures will need to be taken to ensure that AI tools cannot be used to generate illegal content. Finally, all AI developers will need to publish summary information on what copyrighted data has been used for AI training.

High-risk And Banned AI

A range of AI systems will be classified as "high risk" under the EU AI Act, and will be required to be registered with an EU database and approved for release into the market, as well as subject to regular audits in future. These systems include AI systems involved in:

  • EU product safety legislation
  • Biometric identification
  • Management and operation of critical infrastructure
  • Education and vocational training
  • Employment, worker management, and access to self-employment
  • Access to and enjoyment of essential private and public services and benefits
  • Law enforcement
  • Migration, asylum, and border control management
  • Assistance in legal interpretation and application of the law

Lastly, AI software will be outright banned if it is in any way designed for:

  • cognitive behavioral manipulation, such as toys designed to encourage negative behavior in children
  • social scoring that classifies people based upon their personal characteristics
  • biometric identification, such as facial recognition

When Will The EU AI Act Come Into Force?

The EU AI Act has been in development for many years and has progressed apace. This latest step makes it increasingly likely that the Act will pass before the end of the year.

Still, it will take around two years for the Act to be implemented. This means regulation won't come into place until 2025 at the very earliest; more likely, 2026.

However, keeping the likely direction of coming regulation in mind when making your initial decisions about what artificial intelligence (AI) you choose to leverage will avoid having to course-correct when the regulation is in place. So, how can you stay on the right side of regulation?

Complying With Regulation Like The EU AI Act

The EU AI Act is designed to regulate the misuse of artificial intelligence (AI). As such, staying compliant won't be difficult for legitimate organizations.

Few businesses will be aiming to manipulate children, racially profile customers, invade their privacy, or create illegal content. Avoiding tools that do so should be current standard practice anyway.

More of a contentious issue will be full transparency with customers. This won't be optional, but it will, at least, be easy to implement.

The greatest challenge, however, will be for organizations working in the "high-risk" industries listed above. The burden will be placed upon these businesses to provide full documentation to regulators for assessment before product release and regularly going forward.

To facilitate the preparation of regulatory documentation, you need a tool that can pull together the information you need about how your AI systems fit into your application portfolio and IT landscape. You need the LeanIX EAM.

How LeanIX Supports AI Compliance

The EU AI Act will require regulatory assessment of high-risk artificial intelligence (AI) tools and this means other governments are likely to legislate for similar inspection. That means you need a tool to help you prepare documentation for regulators.

The LeanIX EAM is the perfect tool to assist your enterprise architects in detecting, documenting, and reporting on the AI systems in use within your IT landscape. The information logged in the EAM will make preparing regulatory AI reports simple.

We can confirm this due to our first-hand experience with AI implementation. The LeanIX AI Assistant can even support you with preparing your AI regulatory reports.

LeanIX Has First-Hand Experience With AI

LeanIX-Ai-Assistant

The EU AI Act will also govern the LeanIX EAM, due to the advanced AI Assistant we're developing within the platform. Our customers already have access to the beta version of our artificial intelligence (AI) tool, and it's currently supporting them with:

  • the automation of documentation tasks
  • accelerated report creation
  • researching successor technologies
  • providing architecture recommendations
  • simplifying access to EA tools for business users
  • and much more

To learn about our AI Assistant, see our previous article:

READ: Secure AI? We're Offering It For Enterprise Architecture

Discover The LeanIX EAM

EAM DE10

The EU AI Act is the forerunner for coming worldwide legislation on artificial intelligence (AI). To comply with regulation, you need the right toolset to support you in the creation of AI regulatory documentation.

That's why you need the LeanIX EAM. To find out more, book a demo today:

Schedule a demo

Subscribe to the LeanIX Blog and never miss a post again!