Where Europeans & Americans
Connect to do Business

JOIN OUR MAILINGLIST | CONTACT US

Follow us on 

EACC & Member News

Home » Archive by Category "EACC & Member News" (Page 30)
24 May
EACC & Member News

Taylor Wessing – The EU’s AI Act heads towards final negotiations

What’s the issue?

The EU’s approach to regulating AI is through top-down umbrella legislation. The European Commission proposed an AI Act in April 2021 as discussed here. The AI Act is intended to regulate the development and use of AI by providing a framework of requirements and obligations on its developers, deployers and users, together with regulatory oversight. The framework will be underpinned by a risk-categorisation for AI with ‘high-risk’ systems subject to the most stringent obligations, and a ban on ‘unacceptable-use’ systems.

Much of the subsequent debate around the draft AI Act has focused on the risk-categorisation system and definitions.

What’s the development?

The European Parliament has provisionally agreed its negotiating position (likely to be formally adopted on 14 June 2023), which follows on from the Council adopting its position in December 2022.This means trilogues to arrive at the final version of the Act are likely to begin in early summer.

The Council’s position

The Council of the European Union’s proposed changes include:

  • a narrower definition of AI systems to cover systems developed through machine learning approaches and logic, and knowledge-based approaches
  • private sector use of AI for social scoring is prohibited as are AI systems which exploit the vulnerabilities, not only for a specific group of persons, but also persons who are vulnerable due to their social or economic situation
  • clarification of when real-time biometric identification systems can be used by law enforcement
  • clarification of the requirements for high-risk AI systems and the allocation of responsibility in the supply chain
  • new provisions relating to general purpose of AI and where that is integrated into another high-risk system
  • clarification of exclusions applying to national security, defence and the military as well as where AI systems are used for the sole purpose of research and development or for non-professional purposes
  • simplification of the compliance framework
  • more proportionate penalties for non-compliance for start-ups and SMEs
  • increased emphasis on transparency, including a requirement to inform people exposed to emotion recognition systems
  • measures to support innovation.

The European Parliament’s position

MEPs have suggested a number of potentially significant amendments to the Commission’s proposal.

Unacceptable-risk AI

An amended list of banned ‘unacceptable-risk’ AI to include intrusive and discriminatory uses of AI systems such as:

  • real-time remote biometric identification systems in publicly accessible spaces
  • post remote biometric identification systems, with the only exception of law enforcement for the prosecution of serious crimes and only after judicial authorisation
  • biometric categorisation systems using sensitive characteristics (e.g. gender, race, ethnicity, citizenship status, religion, political orientation)
  • predictive policing systems (based on profiling, location or past criminal behaviour)
  • emotion recognition systems in law enforcement, border management, workplace, and educational institutions
  • indiscriminate scraping of biometric data from social media or CCTV footage to create facial recognition databases (violating human rights and right to privacy).

High-risk AI

Suggested changes would expand the scope of the high-risk areas to include harm to people’s health and safety, fundamental rights, or the environment. High-risk systems will include AI systems used to influence voters in political campaigns and in social media recommender platforms (with more than 45m users under the DSA). High-risk obligations are more prescriptive, with a new requirement to carry out a fundamental rights assessment before use. However, the European Parliament’s proposal also provides that an AI system which ostensibly falls within the high-risk category but which does not pose a significant risk can be notified to the relevant authority as being low-risk. The authority will have three months to object, during which time the AI system can be launched. Misclassifications will be subject to fines.

Enhanced measures for foundation and generative AI models

Providers of foundation model AIs would be required to guarantee protection of fundamental rights, health and safety, and the environment, democracy and rule of law. They would be subject to risk assessment and mitigation requirements, data governance provisions, and to obligations to comply with design, information and environmental requirements, as well as to register in the EU database.

Generative AI model providers would be subject to additional transparency requirements, including to disclose that content is generated by AI. Models would have to be designed to prevent them from generating illegal content and providers will need to publish summaries of copyrighted data used for training. They will also be subject to assessment by independent third parties.

Additional rights

MEPs propose additional rights for citizens to file complaints about AI systems and receive explanations of decisions reached by high-risk AI systems that significantly impact them.

See here for more on the European Parliament’s position.

What does this mean for you?

Anyone developing, deploying or using AI in the EU, placing AI systems on the EU market or putting them into service there, or whose systems produce output used in the EU, will be impacted by the AI Act and will be waiting for the outcome of the trilogues. The European Commission is hoping that the AI Act will be in force by the end of 2023, following which there will be a two-year implementation period.

Find out more

  • You can use our Digital Legislation Tracker to keep on top of incoming digital legislation, including the AI Act. There is also a page dedicated to the AI Act here.
  • For a deep-dive into the AI Act as originally proposed, see our Interface edition here.
  • For more on AI and regulatory approaches around the world, see here.
04 Apr
EACC & Member News

AKD – DORA-readiness of capital market participants tested by the AFM

The Dutch Authority on Financial Markets (the ‘AFM’) performed an exploratory study with trading venues and traders for own risk and account (together the ‘capital market firms’). This to investigate whether the capital market firms have a resilient ICT incident management process and if they are compliant with the upcoming Digital Operational Resilience Act (‘DORA’). The results showed some gaps between the ICT management process in place and the requirements set by DORA.

The AFM performed this study after it observed an increase in ICT-related incidents occurring in the capital markets. As part of this study, the maturity of ICT incident management was assessed. The AFM found that the investigated entities had procedures and processes in place to identify, document, and manage ICT‑related events and incidents. Furthermore they saw a strong correlation between the size of the firm and the maturity of ICT incident management.

The AFM has provided an overview of controls identified in the study (by the investigated entities) that capital market firms can implement to improve their ICT incident management, including:

  1. use of ICT event categorisation and prioritisation.
  2. incorporation of a dedicated ICT security department that implements tools to identify cyber security events and a security event response plan to counter cyber threats.
  3. periodical review of the ICT-related risk management framework to ensure compliance with regulatory requirements and keep up to speed with technology developments.
  4. root cause analyses on ICT-related incidents and define action plans to prevent the recurrence of incidents by identifying and eliminating the underlying cause.
  5. identification and use of key performance indicators (‘KPIs’) concerning ICT events and incidents to showcase to the management whether certain goals are achieved.
  6. service level agreements to manage outsourced ICT functions (if any) on the basis of which these third parties report on KPIs and provide incident reports.

In 2025, DORA will come into force. By then capital market firms will have to comply with strict(er) rules regarding ICT risk management, including ICT incident management. To ensure compliance, the AFM calls on capital market firms to start with the implementation of DORA in a timely manner.

This call for action is also relevant for other financial institutions and ICT third-party service providers, as they also must comply with DORA. To support you with the implementation of DORA, we will continue to publish blog posts, in which we will address the requirements in more detail.

We are also available to assist with a deep-dive analysis of the needs of your organisation in respect of compliance with DORA and support your implementation programme.

It’s time to start exploring and get ready for action!

03 Mar
EACC & Member News

Deloitte – Corporate Sustainability Reporting Directive

As of 2024, businesses will need to be ready for CSRD. Are you?

CSRD is part of the Green Deal that ultimately aims to create a truly sustainable economy in the European Union. The measures go far beyond reporting: from strategy and policies to performance management, technology and controls implementation to change management and audit readiness. Furthermore, implications entail decarbonisation actions and implementing due diligence processes. We foresee the highest impact and relevance in the transformation of the business and we will share our different perspectives on the complex array of aspects around CSRD.

CSRD Series

We’ve created a series of 20-minute videos to guide you through the maze of related topics, from double-materiality to the EU taxonomy. Watch our episodes to understand not only what’s required, but also the real business benefits of getting this right. Every other week a new episode will be published.

Whatch them here
08 Jan
EACC & Member News

EACC network offers concierge service for U.S. internship program

J-1 Visa Concierge Service for EACC members

The EACC network offers its member companies, who would like to bring qualified students & young professionals to the United States, access to a global internship program – also referred to as the J-1 Visa Exchange Program.

The J-1, or Exchange Visitor Visa, allows university students and young professionals from abroad to come to the United States for up to 18 months for full-time, paid exchange programs at eligible EACC member companies.

This is a great opportunity to expose participants from across Europe to your US operations and with that an essential building block to develop international competency for your staff and to prepare future team members for taking role in your organization.

In case you are interested to learn more, please reach out to your local chapter or check below with our U.S. chapters:

EACC New York          EACC Cincinnati          EACC Texas

05 Jan
EACC & Member News

Loyens & Loeff: “Introduction new algorithm regulator and implications for financial sector”

As per 1 January 2023, a new regulator for algorithms has been introduced in the Netherlands. It will be housed within the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, Dutch DPA) but will have its own tasks and responsibilities.

The new algorithm regulator will focus on(i) identifying and analyzing cross-sectoral and overarching risks and effects of algorithms and sharing knowledge about them, (ii) optimizing (existing) collaborations with colleges, market supervisors and state inspectorates, and mapping overarching supervision in the field of algorithms and AI and (iii) arriving at joint standard implementation and creating overview in legal and other frameworks (by means of guidance). The algorithm regulator cannot (yet) exercise specific investigative powers.

During 2023 it will be explored which steps need to be taken to establish a dialogue between (digital) regulators and which role the algorithm regulator should have in policy processes and emerging laws and regulations. More budget will be made available in 2024 and subsequent years allowing the regulator to further expand its activities.

The main task of the new regulator is strengthening and relieving the already existing regulators, without affecting existing powers and responsibilities of the existing regulators. The new regulator will identify cross-sector risks related to algorithms and AI and will share knowledge about them with the other regulators. It will also, in cooperation with already existing regulators, publish and share guidance related to algorithms and AI with market parties, clients and governments.

For the financial industry, this means that the algorithm regulator will also assist the AFM and DNB in supervising algorithms and AI used within financial markets and products. For the AFM, this relates to, among others, supervision of financial service providers, for example in the area of price comparison and algorithms interacting with each other. For the DNB, this relates to fintech governance, for example in the use of zip code for price differentiation in insurance or risk profiling. In time, we could expect these regulators to draft joint statements or guidance regarding the use of AI and algorithms within the financial industry.

The algorithm regulator does not answer individual questions about algorithms and automated decision-making of data subjects. This responsibility still lies with the already existing regulators equipped with such tasks such as the Dutch DPA, DNB and AFM.

Although the Dutch government has not yet decided which regulator will be designated nationally for the European AI Regulation, which is expected to be in force in the second half of 2024, the introduction of the new regulator does anticipate the upcoming regulation. It is currently not expected that the algorithm supervisor will be given specific enforcement powers in anticipation of this regulation just yet.

22 Dec
EACC & Member News

Deloitte: “Dutch M&A Predictions 2023”

We expect the caution to lift as the year 2023 progresses

Ahead of our predictions and commentary by sector, investor type and theme, we offer in our Dutch M&A Predictions 2023 report a quick overview of the Dutch Mergers and Acquisitions market as we see it now, setting the scene for more detailed observations.

21 Dec
EACC & Member News

AKD: “Law regulation effective from 2023 and relevant case law.”

In this update we look back on the key legislative and case law moments of the past six months. We also look ahead, providing an overview of new employment legislation and regulations effective from 1 January 2023, new benefit amounts, state pension ages and anticipated laws and regulations.

Please be aware that at the moment of finalising this update a few matters which, strictly speaking, should be treated as 2022 matters had not been published yet by the relevant authorities.

If the information in this update prompts any questions, do not hesitate to get in touch with one of our specialists.

Read the update here.

«2829303132»
Scroll To Top
We use cookies to improve your experience on our website. By browsing this website, you agree to our use of cookies.
Accept