U.S. Artificial Intelligence (AI) Laws

Although currently the A.I. legal landscape in the U.S. is scattered many states have enacted or proposed legislation to regulate different aspects of the A.I. such as: 

  • profiling in public spaces, use of A.I. or Gen A.I. in employement, in heathcare and healthinsurance, use of Automated Decision Tool (ADTs) by landlords, political communications utilizing text or images generated by A.I., the use of A.I. to generate books for public consumption, etc. 

Depending on these laws organisations must take action to comply with applicable legal obligations. 

We compiled a state-by-state study analysing the proposed, enacted and failed states A.I. laws. The overview can serve as a first hand resource for A.I. professionals, legal and compliance officers who have been appointed to guide their organisation on the path of compliance with A.I. laws. 

Data Protection Impact Assessment for Artificial Intelligence. Practical Considerations. 

The AI Act describes itself as a risk-based legislation distinguishing between three distinct legal regimes for AI systems. Each regime lays down legal obligations that correlate with anticipated risks to public interests and values protected by EU law. 

Hight-risk AI systems can be placed in the market only after a Fundamental Rights Impact Assessment (FRIA) has been conducted. 

As privacy professionals we have been exposed to the intricaces of complex Data Protection Impact Assessments (DPIA).  

In this whitepaper written for Wrangu B.V we argue that  we can integrate FRIA with the Data Protection Impact Assessments in four steps

  1. Document the processing activities of the AI systems
  2. Identify and assess risks to fundamental rights of individuals. 
  3. Balance organizational interests with individual’s fundamental rights (necessity and proportionality)
  4. Mitigate identified risks

Compliance Pillars of the EU AI Act 

The EU AI Rulebook, the AI Act, is due to be finalized by the end of 2023 and be effective starting 2027. 

The legislation has extraterritorial effect and violations could be sanctioned with administrative fines of up to 6% of the violator global turnover or 30 million euros whichever is higher.

Although much ink has been spilled over the issue of control of AI tools and dire repercussions thereof, there is little literature analysing the extensive compliance obligations of safety, transparency, traceability, non-discrimination, and environmental consciousness imposed by the upcoming EU AI legislation. 

In this short paper, we will therefore, focus our attention on the compliance pillars of the EU AI Act. 

By following the letter of the proposed legislation, we make sense that organisations will have to implement a set of at least twenty compliance mechanisms specifically to address the hazards of high-risks AI systems. 

We are analysing these mechanisms one by one. 


Fundamental Rights Impact Assessment

Every European Union (EU) citizen is granted a set of fundamental rights, all firmly rooted in values such as equality, non-discrimination, inclusion, human dignity, freedom, and democracy. These values are the bedrock of the EU, safeguarded by the rule of law, and enshrined in both the EU Treaties and the Charter of Fundamental Rights. 

The EU Charter of Fundamental Rights is a proclamation jointly established by the European Parliament, the Council, and the Commission. It serves as a foundation upon which the EU is constructed, emphasizing essential principles like human dignity, freedom, equality, and solidarity. Within a single comprehensive document, the Charter outlines a wide spectrum of civil, political, economic, and social rights enjoyed by both Union citizens and all individuals residing within the EU’s territory. 

When conducting Fundamental Rights Impact Assessments (FRIA), it is crucial for the Ethics Committee to thoroughly evaluate any possible direct or indirect effects on each of these Fundamental Rights: what, how, who, why, how long, categories of affected individuals, relevant legal frameworks, riks and mitigations, monitoring controls, reassessment.