How should global companies respond to the EU’s Artificial Intelligence Act?

This is a guest blogpost by Greg Hanson, GVP, platform sales specialist, Informatica.

The impact of EU regulations does not stop at the borders of Europe. We saw this with the General Data Protection Regime (GDPR), which has become a de facto international standard. Now the global tech ecosystem is preparing for the introduction of new game-changing regulation which will have a similarly wide-reaching effect: the EU’s A.I. Act.

International organisations that want to do business in the EU will need to pay close attention to these wide-ranging new regulations. The Act will require US and non-EU businesses to establish full visibility of the origins of data used to build their AI models. The quality of this data must also be fully understood, and companies will be required to fully trace it through their data supply chain.

This new compliance burden represents a significant change in the regulatory landscape which will force businesses to make major adaptations to the processes that assess data clarity, accuracy, lineage and governance. Companies whose data crosses international borders (which is most of them), will come under pressure to gain full visibility of their data flows, including where and how it is processed.

The Act will also provide motivation for all organisations – not just those headquartered in the EU – to reframe their data and AI strategies to ensure they are enabling the best possible outcomes. Businesses that comply now will lay the foundations for growth – so it’s important to start preparing as soon as possible.

Advantages of the AI Act

While the Act will introduce additional complexity for businesses, it will also push many organisations to take concrete steps which will empower them to use data more effectively and protect its integrity. Many, if not most, organisations now deploy AI in some form to fuel their data processes and drive informed decision-making.

Clearly, bad data leads to worse outcomes. If the information provided to leaders is poor, they are effectively navigating without an accurate map or the right instruments to guide their journey. Without appropriate data controls, organisations risk making incorrect decisions in the short-term. In the long-term, it reduces the potential benefits of AI technologies.

Investing in the data supply chain

Investment in data supply chains will be crucial for any organisation that wants to truly benefit from AI and unlock better outcomes. As the need for data accuracy, clarity and governance intensifies, businesses will need to bring discipline and resilience to data at a time when data volumes are growing.

Our recent survey of UK chief data officers found that over half (57%) believe there are more than 1,000 sources of data in their organisation and predict data sources will continue to grow. However, this also creates greater proliferation and fragmentation making it difficult to generate a holistic view of data.

Investment in the data supply chain will be crucial for any organisation that wants to truly benefit from AI and stay ahead of the regulatory landscape. As the need for data accuracy, clarity and governance intensifies, businesses will not be able to meet that challenge if they are trying to manage large volumes of data with fragmented technologies and tools. Companies that rely on multiple data management products will struggle with technical debt, interrupt the data supply chain and make compliance significantly more costly and time-consuming.

To counter these challenges and seamlessly demonstrate compliance, organisations need to move away from manually documenting data across a plethora of different toolsets, code and skills. Instead, there is a growing need to ensure the quality, governance and traceability of data is built into the data management principles. Standardising data on a single data management platform that is underpinned by a metadata system of record will provide the required level of visibility.

Preparing for compliance

The changes introduced by the EU’s A.I. Act will not be immediate. It is highly likely that it will take several years to get the controls, guardrails and responsibilities in the right place to ensure compliance. Businesses and policymakers will need to collaborate closely to get this regulation into shape to ensure it is a driver of growth, rather than a blocker.

There is a long road ahead, which means the industry has time to prepare. However, the EU’s A.I. Act is likely to be a starting point and increasing regulation will undoubtedly come as countries and regulators look for ways to manage the potential power and danger of AI.

In the meantime, companies need to prepare for greater regulatory oversight by simplifying the data management processes and tools that they are currently relying on. By reducing complexity and standardising on tools that ensure a metadata system of record is captured, organisations can ensure traceability, governance and quality are baked in to meet evolving regulatory requirements. The alternative is to risk relying on manual processes which are costly, time consuming and constantly out of date.