Risk Advisory
Tim Roberts, UK Co-Country Leader & Partner and Managing Director, Risk Advisory comments on the first phase of the EU AI Act
“The first set of compliance obligations under the EU AI Act came into force yesterday. Like GDPR, this regulation will ultimately apply to any organisation worldwide that is doing business with AI models in Europe and it is therefore critical that companies take notice, even if they are not EU based. Given that the framework was largely developed before the rapid rise of generative AI, businesses must recognise that it primarily focuses on traditional analytic AI tools rather than the more complex GenAI applications that can produce hallucinations. The guidelines are therefore highly likely to evolve over time, in line with the technology, giving the UK an opportunity to consider its own framework and potentially capture the benefits of a more flexible regulatory regime that maintains high standards of consumer protection while remaining agile for tech firms.
“Naturally, this also reignites the debate about striking the right balance between innovation and regulation. But instead of seeing them as opposing forces, it’s more useful to think of them as two things we need to get right in parallel … because regulation can be a facilitator of innovation - not a blocker. The speed at which AI is advancing has caused discomfort for some consumers, but strong safeguards can build trust and create a thriving (and fairer) environment for greater business innovation. The EU AI Act is an important first step in this journey, and its success will depend on how well it is applied and how well it evolves, with the end goal being smarter regulation that drives businesses to continue pushing boundaries for the benefit of all.”