The compliance requirements for companies involved in AI are becoming increasingly complex as they navigate the new EU AI Act alongside existing regulations. Ela Barda, a partner at Signature Litigation, emphasizes that organizations must integrate AI Act compliance with frameworks established by the Digital Services Act (DSA), the General Data Protection Regulation (GDPR), and other related directives.
The Overlapping Regulatory Framework
Barda highlights that the AI Act's transparency obligations are not standalone. They layer over a dense regulatory environment that includes the DSA and consumer protection laws. For online platforms already subject to DSA systemic risk assessments outlined in Articles 34 and 35, this means incorporating AI transparency into their existing risk mitigation strategies. Companies face the challenge of adapting their processes instead of creating separate compliance efforts, which can lead to inefficiencies and increased operational burdens.
Navigating Provider and Deployer Obligations
Online platforms must navigate obligations for both providers and deployers of AI technologies. They host and distribute AI-generated content while potentially deploying their own generative AI tools. Barda explains that very large online platforms (VLOPs) have unique obligations to ensure AI-generated content is clearly marked. This includes using prominent markers to distinguish between human-generated and AI-generated or manipulated content, complicating compliance efforts further.
A significant issue arises when deployers attempt to avoid disclosing AI-generated text. The AI Act allows exceptions if a natural or legal person has editorial responsibility during the content's creation, provided that the content has undergone human review. However, platforms must keep meticulous internal documentation identifying responsible individuals. Barda warns that any shortcomings in this documentation could lead to scrutiny regarding the platform’s role in distributing unlabelled content, underscoring the risks tied to compliance failures.
The Challenge of Preserving Label Integrity
The AI Act also requires deployers to work with distributors to maintain the integrity of content labels throughout the distribution chain. Barda notes that in practice, content often gets screenshotted, reposted, and reformatted, leading to the loss of metadata crucial for preserving label integrity. This technical challenge complicates compliance, as maintaining such labels may not always be feasible in a fast-paced digital environment.
Implications for Future AI Governance
As companies adjust to these evolving regulatory expectations, the implications for future AI governance are significant. The ongoing integration of the AI Act with existing EU legislation indicates a move toward more comprehensive oversight of AI technologies, likely impacting how platforms manage content and ensure transparency. This multifaceted regulatory approach could establish precedents for AI governance globally, encouraging similar frameworks in other jurisdictions.
Barda’s insights highlight the need for companies to reconsider their compliance strategies in light of the AI Act. By integrating these new transparency obligations with established regulations, firms may navigate the complexities of the regulatory landscape more effectively while reducing risks associated with non-compliance.
