September 2024

The Data Governance Regime under the EU AI Act: Intersections with the GDPR and Personal Data Protection

The EU AI Act focuses on data governance and management in AI development, with strict requirements for high-risk AI systems and general-purpose AI models to comply with. The Act also addresses the interplay between AI governance and personal data protection law, particularly the GDPR. The Act introduces new legal grounds for personal data processing and also mandates impact assessments to address risks to fundamental human rights and freedoms. However, AI technologies present unique challenges for privacy and personal data protection, and enterprises may need to navigate compliance with multiple regulatory frameworks. Proper preparation is vital to avoid the harsh consequences of non-compliance.

UK Introduces New Bill to Regulate Automated Decision-Making in the Public Sector

The UK is introducing the Public Authority Algorithmic and Automated Decision-Making Systems Bill (HL Bill 27) to regulate the use of automated and algorithmic tools in decision-making processes within public authorities. The proposed legislation applies to all algorithmic and automated decision-making systems developed or procured by public authorities, excluding those used for national security and routine calculations. The bill introduces requirements for algorithmic impact assessments, algorithmic transparency records, monitoring and auditing, employee training, and adherence to human rights and democratic values. The legislation aims to align with the Council of Europe's Framework Convention on AI.

The first internationally binding AI convention opens for signature

The Council of Europe's (CoE) Framework Convention on Artificial Intelligence and Human Rights, Democracy, and the Rule of Law has opened for signature, and has already been signed by several countries including the United States, the European Union, and the United Kingdom. The Convention applies primarily to States and certain international organizations. It establishes a comprehensive set of obligations designed to ensure that all activities throughout the AI system lifecycle align with human rights, democratic principles, and the rule of law. Its central aim is to ensure that AI systems are developed, deployed, and used in ways that respect human rights, democracy, and the rule of law. The Convention also sets out several guiding principles and a risk management framework for AI systems. The Convention is a pivotal step in the global governance of AI, expanding the geographic influence of such initiatives through the Council of Europe's broad reach.

Regulating AI in employment decisions: What you need to know about Illinois’ HB3773

The Governor of Illinois signed HB3773, which amends the Illinois Human Rights Act to limit the use of predictive analytics in the workplace. The bill specifically addresses generative artificial intelligence used in employment decisions and extends provisions on civil rights violations to cover artificial intelligence. The amendment makes it a civil rights violation to use AI to discriminate in the workplace or to use AI without notification. The bill takes effect on 1 January 2026 and applies to employers, employment agencies, and labor organizations in Illinois.

August 2024

AI policy under a Labour government: Will the UK move on from its light-touch approach?

The new UK Labour government, led by Prime Minister Keir Starmer, plans to regulate powerful AI models, although it has not released any specific bill yet. Existing UK laws like the UK GDPR and Equality Act 2010 affect AI use, and the Labour Party's approach contrasts with the previous government's pro-innovation stance, aiming for binding regulations and transparency. The new AI Opportunities Action Plan and DSIT’s expanded role will support AI-driven growth and public service improvements, and the UK public remains concerned about AI’s impact on the labor market. The Digital Information and Smart Data Bill, the AI Opportunities Action Plan, and the DSIT restructure are some potential regulatory pathways for future regulation. Compliance with Holistic AI can act as an effective guardrail for organizations amidst uncertainties and a rapidly evolving AI regulatory ecosystem.