More news: Implementing the EU AI Regulation effectively

The EU Regulation laying down harmonized rules on Artificial Intelligence (AI Regulation) marks a decisive step towards the regulation of AI systems in the EU. It has been gradually coming into force since August 2, 2024 and has since set clear rules for the use of AI systems that require companies to make extensive adjustments and take compliance measures.

The increasing spread of AI creates both opportunities and risks. In order to protect privacy and fundamental rights, the EU AI Regulation created a legal framework to ensure the safe and responsible use of AI systems.

The legislative process for the AI Regulation began in March 2024 and ended in July 2024. The Regulation came into force in August 2024 and will be successively extended until 2027. This gives companies time to prepare for the new requirements.

The AI Regulation is a specialized product safety law that focuses on AI products themselves. It applies to providers and operators of AI systems in the EU, regardless of where they are based, with a few exceptions for national safety issues and private use.

A central element of the AI Regulation is the categorization of AI systems. These are machine systems that can autonomously derive predictions, recommendations or decisions from inputs. The regulation covers systems that use machine learning and knowledge-based approaches and distinguishes between four main categories of AI systems:

The AI Regulation sets out extensive obligations for providers and operators. Companies must identify their AI systems and classify them into risk categories. Strict requirements apply to high-risk systems in particular. Providers must create detailed documentation covering the entire life cycle of the system, and operators must ensure that human supervision is possible.

Violations of the provisions of the AI Regulation can result in high financial penalties, with fines of up to 35 million euros or 7 percent of annual global turnover. In addition, civil law claims can be enforced more easily in the event of violations.

Negotiations with the National Association of Statutory Health Insurance Funds usually take place in Berlin or online in three meetings of three hours each. Following a successful agreement, a contract under public law is concluded between the manufacturer and the GKV-Spitzenverband, which can be terminated with three months’ notice to the end of the quarter.

If no agreement is reached, the arbitration board will decide on the remuneration amount within three months. The adjusted supply costs as well as self-payer prices and prices in other EU countries will be taken into account.

Companies should start implementing an AI compliance framework immediately. This includes mapping all AI systems and classifying them into risk categories. Measures to comply with the regulation must be implemented promptly. Employee training is essential to raise awareness of the opportunities and risks of AI systems and avoid compliance violations.

It is advisable to create a central office or committee for AI matters. This should ensure that legal requirements are complied with and risks are identified at an early stage. The involvement of experts from compliance, IT, data protection and risk management is crucial.