Playing by the Rules: Getting the AI Act Together

The European Parliament two months ago approved the EU AI Act, the world’s first set of regulations aimed at governing the rapidly expanding adoption and use of AI within the European political and trading bloc.

The passage of the long-debated legislation put guidelines in place for companies to follow and, like the General Data Protection Regulation (GDPR) that went into effect in the European Union six years earlier, came with some expensive penalties for non-compliance. In the case of the AI Act, the fines for the most egregious infringements can cost organizations as much as $38 million.

While companies will have two years before most of the EU AI Act’s provisions are enforced, they are beginning to map out how they will navigate a world of stringent AI guidelines and accelerate AI innovation.

“It’s something multinational organizations are very concerned with, as the AI Act is the first global regulation with meaningful financial penalties for noncompliance,” Daniel Christman, director of AI programs at AI security company Cranium AI, told “Given that almost every team across the enterprise is now using AI in some way, security and compliance teams see conformity with the AI Act as a monumental task, but one that many saw as an eventuality.”

The EU AI Hub

Cranium AI – whose Cranium Enterprise platform helps organizations establish visibility, security and governance in its AI environments – is teaming with Microsoft and international professional services and accounting organization KPMG to launch an initiative designed to help organizations mark a path for adopting, deploying and managing AI in compliance with the EU’s regulations.

The companies on Wednesday launched the EU AI Hub, designed to give companies a systematic approach to AI, from understanding the current status of policies and controls to showing how the systems are built to show regulators and others how their efforts align with the EU standards.

Cranium’s role includes such steps as creating an AI bill of materials, running risk reports and performing gap analysis against an EU AI Act framework the vendor has created, according to Cranium CEO Jonathan Dambrot. KPMG – which spun out Cranium as a standalone company last year – is bringing its Trusted Responsible AI Framework into the EU AI Hub, along with its expertise in such areas as strategy, technology and data sciences.

Microsoft will provide its AI technologies and practices. Microsoft last month announced a new AI hub in London that will develop AI models and tools and the necessary infrastructure to support them and act has a collaboration site for the IT giant and its partners, including OpenAI.

Keeping in Compliance

The EU AI Hub will give organizations a way to ensure that their developing AI initiatives won’t fall out of line with the EU’s new regulations, according to Cranium’s Christman.

“One of the main concerns we hear is that many companies are still struggling to capture a complete inventory of their AI systems due to the sprawl of AI capabilities across internal and third-party tools,” he said. “It seems every day leaders are receiving an email that a platform they use is now ‘AI-enabled’ – myself included.”

Initiatives like the EU AI Hub will be important given the far-reaching effects of the EU’s new act. The American Council, an international affairs think tank, wrote that the EU AI Act’s impact on the tech industry “is expected to be significant, as companies developing and deploying AI systems will need to devote resources to compliance measures, which raise costs and slow innovation in the short term, especially for startups.”

The Council added that “the Act’s emphasis on responsible AI development and protecting fundamental rights is the region’s first attempt to set up guardrails and increase public trust in AI technologies, with the overall goal of promoting long-term growth and adoption.”

Expansion Expected

The EU AI Hub will be located at KPMG’s offices in Dublin, Ireland, but organizations will have the option of interacting with it remotely or online. They’ll be able to connect to it through Cranium, KPMG, or Microsoft, Christman said. He expects it will expand, catering to a larger number of clients across the EU as more enterprises integrate AI into their operations. It also will adapt to what he expects will be a changing regulatory environment, with more requirements and legislation emerging.

Christman also expects the AI Hub will expand to other regions, including the United States, which itself is grappling with how to put guidelines and policies in place to deal enterprise use of AI.

Such expansion will “offer global support and interconnectivity while also addressing local requirements,” he said. “In the near future, we expect to establish hubs to support the U.S. and ASPAC [Asia Pacific Network of Science and Technology Centers]. Additionally, we envision creating hubs tailored to specific industries, such as financial services, to help organizations meet the unique requirements of their respective lines of business.”