The use of artificial intelligence (AI) in companies is no longer a vision of the future, but a reality. With the AI Act/Regulation(Regulation (EU) 2024/1689), the EU has created a regulation that governs the use of AI throughout Europe. The aim is to promote innovation and minimize risks for consumers and companies. But what specific obligations does the AI Act entail? In this article, we explain what companies need to bear in mind and provide practical tips to stay on the safe side legally.

What is the AI Act and why is it important?

The AI Act is the first comprehensive regulation for artificial intelligence worldwide. It is intended to ensure that AI systems are used responsibly and creates uniform standards within the EU. The regulation distinguishes between four risk classes that determine the obligations of companies:

1. Inadmissible AI systems: Systems that violate fundamental rights, such as manipulative technologies or social scoring.
2. High-risk AI systems: Applications in safety-critical areas such as medicine, education or law enforcement.
3. Limited risks: Systems with low impact, e.g. chatbots or AI-supported recommendation systems.
4. Minimal risks: Technologies that are not subject to significant risks, such as spam filters.

As a general rule, the higher the risk, the stricter the requirements.

Obligations for high-risk AI systems

The requirements are most extensive for high-risk systems:

• Risk management systems: Companies must analyze potential risks and take measures to minimize them.
• Transparency obligations: Users must be informed that they are interacting with an AI system.
• Data security: Training data must be representative, correct and free of discrimination.
• Monitoring and documentation: Regular checks and reports on the operation of the system are mandatory.

Example: A hospital uses an AI to support diagnosis. Among other things, it must ensure that the underlying data is free of bias and that doctors can understand the AI’s decisions.

Obligations for AI systems with limited risks

Certain requirements also apply to systems with limited risk:

• Duty to inform: Consumers need to know when they are interacting with an AI, e.g. chatbots.
• Ethical principles: The systems must not deceive or manipulate.

Example: An online store uses an AI-based product recommendation. It is sufficient to mention the use of AI in the general terms and conditions.

General obligations for all AI systems

General guidelines apply regardless of the risk class:

• Data protection: Companies must comply with the General Data Protection Regulation (GDPR).
• Responsibility: The implementation of AI systems must be carried out in accordance with ethical and legal standards.

How can companies prepare?

The new regulations of the AI Act require timely action:

1. Inventory: Which AI systems does your company already use? Which ones are planned?
2. Check risk classes: Which category do your applications belong to?
3. Adapt internal processes: Implement a risk management system and train your employees.
4. Obtain legal advice: Legal support is essential to meet all requirements.

Our focus on the topic of “AI in the company”

The use of AI opens up exciting opportunities for companies, but also raises many legal questions. Our topic page “AI in the company” provides you with comprehensive information and practical tips on how to use AI safely and effectively.