Board Training for the EU Artificial Intelligence Act

The Artificial Intelligence Act, our Briefings for the Board:

We offer custom briefings for the Board of Directors and executive management, tailored to the specific needs of each legal entity. Our briefings can be short and comprehensive (60 minutes), or longer, depending on the needs, the content of the program and the case studies.

Alternatively, you may choose one of our existing briefings:

1. The Artificial Intelligence Act for the Board of Directors and executive management of EU and non-EU legal entities.

2. Understanding the extraterritorial application of EU law and the equivalence decisions of the European Commission.

You can find all information below.

1. The Artificial Intelligence Act for the Board of Directors and executive management of EU and non-EU legal entities.

Overview

The Board of Directors and senior management of EU and non-EU entities must understand that the Artificial Intelligence Act applies to:

(a) providers placing on the market or putting into service AI systems in the EU, irrespective of whether those providers are physically present or established within the Union or in a third country;

(b) users of AI systems who are physically present or established within the EU;

(c) providers and users of AI systems who are physically present or established in a third country, where the output produced by the system is used in the EU;

(d) importers and distributors of AI systems;

(e) product manufacturers placing on the market or putting into service an AI system together with their product and under their own name or trademark;

(f) authorised representatives of providers, which are established in the EU;

The Board of Directors and senior management of EU and non-EU entities that are in the scope of the Artificial Intelligence Act must understand the compliance challenges for AI and high-risk AI systems, and the terminology (notified bodies, digital innovation hubs, testing experimentation facilities, conformity assessments, presumption of conformity, CE marking of conformity, AI regulatory sandboxes, post-market monitoring plan etc.). Also, the interaction of the Artificial Intelligence Act with other EU initiatives, like the European health data space that facilitates non-discriminatory access to health data and covers the training of artificial intelligence algorithms, in a privacy-preserving, secure, timely, transparent and trustworthy manner, and with an appropriate institutional governance.

The Board of Directors and senior management must ensure their organisation understands and complies with the many requirements of the Act, including the establishment of a sound quality management system, the accomplishment of the conformity assessment procedures, the relevant documentation, and the robust post-market monitoring system.

Course Synopsis

- Are you sure we must comply with the Artificial Intelligence Act? Where can we find this information?

Introduction to the Artificial Intelligence Act.

Understanding the important definitions.
- What is ‘artificial intelligence system’, ‘general purpose AI system’, ‘intended purpose’, ‘reasonably foreseeable misuse’, ‘post-market monitoring system’, ‘emotion recognition system’, ‘serious incident’?

Compliance of general purpose AI systems.
- Requirements and obligations for providers of such systems.

Prohibited artificial intelligence practices.

Classification rules for high-risk AI systems.
- Requirements for high-risk AI systems.
- Compliance with the requirements.
- Risk management system.
- Data and data governance.
- Technical documentation.
- Record-keeping.
- Transparency and provision of information to users.
- Human oversight.
- Accuracy, robustness and cybersecurity.

Obligations of providers of high-risk AI systems.
- Quality management system.
- Documentation keeping.
- Conformity assessment.
- Automatically generated logs.
- Corrective actions.
- Duty of information.
- Cooperation with competent authorities.

Authorised representatives.
- Obligations of importers.
- Obligations of distributors.
- Obligations of users of high-risk AI systems.

AI regulatory sandboxes.
- Further processing of personal data for developing certain AI systems in the public interest in the AI regulatory sandbox.
- Testing of high-risk AI systems in real world conditions outside AI regulatory sandboxes.

Reporting of serious incidents.

Market surveillance and control of AI systems in the Union market.

Confidentiality.
- Penalties.
- Administrative fines on Union institutions, agencies and bodies.

Extraterritorial application of EU law - the application of EU provisions outside the territory of the EU, resulting from EU unilateral legislative and regulatory action.

Entry into force and application.

Master plan and list of immediate actions, for EU and non-EU entities.

Other new EU directives and regulations that introduce compliance challenges to EU and non-EU entities.

Closing remarks.

Instructor.

Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.

George Lekatis, General Manager of Cyber Risk GmbH, can also lead these training sessions. His background and some testimonials: https://www.cyber-risk-gmbh.com/George_Lekatis_Testimonials.pdf

Terms and conditions.

You may visit: https://www.cyber-risk-gmbh.com/Terms.html

2. Understanding the extraterritorial application of EU law and the equivalence decisions of the European Commission.

Course Synopsis

The terms ‘extraterritoriality’ and ‘extraterritorial jurisdiction’ refer to the competence of a country to extend its legal powers beyond its territorial boundaries, and to make, apply and enforce rules of conduct in respect of persons, property or events beyond its territory.

The Sarbanes-Oxley Act of 2002, for example, applies to foreign auditors and foreign companies whose securities are listed in a US stock exchange.

Extraterritorial application of EU law is the application of EU provisions outside the territory of the EU, resulting from EU unilateral legislative and regulatory action.

For example, according to EU’s General Data Protection Regulation (GDPR), non-EU data controllers and processors in any country, must comply with the GDPR obligations, if they offer goods or services to individuals in the EU.

Anu Bradford, Professor of Law in Columbia Law School, is the author of the book “The Brussels Effect: How the European Union Rules the World” (2020), that was named one of the best books of 2020 by Foreign Affairs.

In 2012, she introduced the concept of the ‘Brussels Effect’, that describes Europe’s unilateral power to regulate global markets.

Anu Bradford explains why most global corporations choose to adopt the European laws, regulations and standards in the design and operation of their products and services.

The EU standards are generally stricter, and in most cases, when you comply with EU rules, you comply with laws and regulations around the world.

Even when this approach is more costly, global corporations prefer to have an enterprise-wide, single mode of production and operations, and to market their goods and services globally.

Following the doctrine "you comply with EU rules, you comply around the world", global corporations and service providers need professionals that understand the EU laws, regulations, standards and guidelines.

When the European Commission determines that the regulatory or supervisory regime of a non-EU country is equivalent to the corresponding EU framework:

- allows authorities in the EU to rely on supervised entities' compliance with equivalent rules in a non-EU country,

- reduces or eliminates overlaps in compliance requirements for both EU and non-EU entities,

- makes services and products of non-EU companies accepted in the EU,

- allows third-country firms to provide services without establishment in the EU single-market.

We will discuss what happens when the European Commission determines that the regulatory or supervisory regime of a non-EU country is not equivalent to the corresponding EU framework, or when the European Commission has not yet determined if the regulatory or supervisory regime of a non-EU country is equivalent.

We can understand better equivalence decisions from the experience we have with the Accounting Directive, the Audit Directive, the Capital Requirements Regulation (CRR), the Credit Rating Agencies Regulation, the European Market Infrastructure Regulation (EMIR), the Market Abuse Regulation (MAR), the Markets in Financial Instruments Directive (MiFID II), the Markets in Financial Instruments Regulation (MiFIR), the Prospectus Directive, the Solvency II Directive and the Transparency Directive.

After this presentation, the Board and executive management will have a clear understanding or what is mandatory and what is "nice to have", and the consequences of non-compliance.

Instructor.

George Lekatis, General Manager of Cyber Risk GmbH, can also lead these training sessions. His background and some testimonials: https://www.cyber-risk-gmbh.com/George_Lekatis_Testimonials.pdf

Terms and conditions.

You may visit: https://www.cyber-risk-gmbh.com/Terms.html