EU AI Act Will Be World’s First Comprehensive AI Law
All Fintech
Compliance Operations
March 31, 2024
The Case
On March 13, 2024, the European Union’s parliament formally approved the EU AI Act, making it the world’s first major set of regulatory ground rules to govern generative artificial intelligence (AI) technology.
After passing final checks and receiving an endorsement from the European Council, the EU AI Act is expected to become law in spring 2024, likely in May or June.
The first-of-its-kind law is poised to reshape how businesses and organizations in Europe use AI for everything from healthcare decisions to policing. It imposes blanket bans on some “unacceptable” uses of the technology while enacting stiff guardrails for other applications deemed “high-risk.”
Some of its most notable requirements include the following:
Outlaws AI-powered social scoring systems and any biometric-based tools used to guess a person’s race, political leanings, or sexual orientation.
Bans the use of AI to interpret the emotions of people in schools and workplaces, as well as some types of automated profiling.
Outlines a separate category of “high-risk” uses of AI (including education and hiring), requiring transparency and a separate set of other obligations.
Mandates broad new disclosure requirements around the usage of AI models.
Requires all AI-generated deepfakes to be clearly labeled, targeting concerns about manipulated media that could lead to disinformation and election meddling.
Why Does This Matter?
The sweeping legislation, set to take effect in roughly two years, highlights the speed with which EU policymakers have responded to the exploding popularity of tools such as OpenAI’s ChatGPT.
It also underscores how fintechs must navigate the complexities of AI compliance to aim towards adherence to internal compliance policies and regulatory change management. Such regulations vary widely across jurisdictions, encompassing areas such as data privacy, discrimination, and liability. Compliance with these regulations is crucial for promoting trust and safeguarding against legal risks.
The legislation also draws a sharp contrast to the United States, which has yet to make any meaningful progress on federal legislation for AI.
InnReg's Experience
As part of its compliance outsourcing services, InnReg has assisted the world's most innovative fintech companies when they receive specific inquiries and face regulatory scrutiny of their AI algorithms.
Learn More About This Topic
For additional details, read how InnReg’s primer on AI compliance can help your fintech build best practices to meet evolving regulatory requirements. The guide covers all the key AI compliance topics, including:
Understanding regulatory compliance for AI-based fintech products;
Implications of machine learning in compliance;
Time and cost-saving lessons learned from responding to regulatory inquiries;
Legal regulations around AI, and
Practical application examples of AI compliance by InnReg client services.
RIAs
The SEC recently brought settled enforcement actions against two registered investment advisers for failing to establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of material nonpublic information (MNPI), in violation of Section 204A of the Investment Advisers Act of 1940 (Advisers Act) and the Compliance Rule.
RIAs
On Sep. 4, 2024, FinCEN published a final rule (Final Rule) adding certain RIAs and ERAs (collectively, Covered Advisers) to the definition of “financial institution” under the regulations implementing the BSA, and imposing on Covered Advisers broad AML and CFT program requirements, as well as other BSA recordkeeping and reporting requirements.
Broker-Dealers
On November 22, the SEC announced (here) that broker-dealers Webull Financial LLC, Lightspeed Financial Services Group LLC, and Paulson Investment Company, LLC agreed to settle charges that they filed with law enforcement SARs that failed to include required information.
