Understanding Compliance for Risky AI Systems in the Workplace

Risky AI Systems: An Overview

The emergence of Artificial Intelligence (AI) has brought about significant advancements, but it also poses substantial risks. Understanding these risks is crucial for businesses and employers who utilize AI systems. This article delves into the implications of the EU AI Act, a groundbreaking piece of legislation that regulates AI based on its risk levels.

The EU AI Act: A World First

On February 2, 2025, the EU AI Act came into effect, marking the first legislative effort globally to regulate AI systems. The Act categorizes AI uses into various risk levels—from minimal risk to unacceptable risk. This classification aims to enhance safety, transparency, and sustainability while preventing discriminatory practices in AI applications.

Organizations need to be proactive in ensuring compliance to avoid potential fines and reputational damage.

Scope of the Act: Who Needs to Comply?

The Act applies not only to AI suppliers within the EU but also to providers and users located outside the EU if their AI outputs are utilized within the EU. For instance, using an AI recruitment tool in the UK for hiring within the EU falls under the Act’s jurisdiction.

Risk Categories Defined

AI uses are classified into different risk categories:

• Minimal Risk: Most AI systems currently available in the EU market.
• Limited Risk: Subject to light-touch obligations.
• High Risk: Stricter regulations are imposed.
• Unacceptable Risk: Banned outright due to significant threats to users and society.

The maximum penalty for non-compliance can reach €35 million or up to 7% of a firm’s total annual turnover.

High Risk AI Systems

High-risk AI systems include applications that affect fundamental rights, such as:

• Biometric data categorization (e.g., AI in CCTV).
• Education and training tools (e.g., detecting erratic student behavior).
• Employment-related AI (e.g., HR decision-making and recruitment).
• Justice administration (e.g., AI in alternative dispute resolution).

These systems must demonstrate a significant risk of harm to health, safety, or fundamental rights to qualify as high risk.

Unacceptable Risk AI Systems

As of February 2, 2025, certain AI systems have been categorized as unacceptable risk and are thus prohibited. Examples include:

• Systems that socially score individuals.
• Emotion recognition technologies in workplaces and schools.
• Biometric categorization systems that infer sensitive attributes.

Action Steps for Employers

Employers must take immediate steps if their business falls within the Act’s scope:

• Audits: Evaluate current AI systems for compliance with risk categories.
• Policies: Establish governance policies to guide responsible AI usage.
• Training: Educate employees about AI risks and responsibilities.
• Supplier Compliance: Ensure third-party AI providers adhere to the Act.

Proactive compliance with the Act will help maintain a culture focused on people, mitigate substantial fines, and protect the organization’s reputation.