Modern dark data center, all objects in the scene are 3D

Quick Hits

  • Assuming that last week’s leaked text is, in fact, the current draft, the AI Act will require employers to notify employees and workers’ representatives before implementing “high-risk AI systems,” such as those used in recruiting or for other employment-related decision-making.
  • The AI Act will also require employers to follow “instructions of use” provided by the producers of such high-risk AI systems, implement human oversight by individuals with adequate training, monitor use of the system for issues like discrimination, and retain records of the AI output, all while also maintaining compliance with existing data privacy obligations.
  • Employers can expect other countries to quickly follow suit with legislation modeled on the AI act.

Following a provisional agreement in December 2023, and last week’s leak of the latest and purported final draft, EU policymakers have now officially agreed on the final text of the AI Act, which appears to be more prescriptive for employers than the original draft. Following procedural formalities, including a formal vote and publication in the Official Journal of the European Union, and barring any surprises, the AI Act will enter into force twenty days later and become effective twenty-four months after that (with some exceptions). Although that may seem like a long time, getting into compliance will be a heavy lift for employers. And the lift is likely to be even heavier, given that EU member states may implement their own regulations in the interim with shorter compliance windows. In fact, Portugal has already codified notice obligations for employers using AI in the workplace.

Employer Obligations Under the AI Act

Under the AI Act’s four-tiered, “risk-based approach” to regulating AI, the higher a tool’s risk, the stricter the rules governing it. AI tools intended to be used in the workplace are generally considered “high risk,” and therefore subject to significant regulations. Fortunately, most of the obligations fall on those creating AI tools, but there are also requirements for employers.

Generally, under the AI Act, employers must:

  1. inform workers’ representatives and affected workers that they will be subject to the AI system;
  2. implement human oversight by individuals who have adequate competence, training, and authority, as well as the necessary support;
  3. monitor use of the system, and if an issue like discrimination arises, immediately suspend using the system and notify both the provider, the importer or distributor, and the “relevant market surveillance authority”;
  4. maintain the logs automatically generated by the system for an appropriate period, which must be at least six months; and
  5. comply with any applicable data privacy laws.

Other requirements may apply depending upon the circumstances, such as the employer’s industry, what the AI system does, and whether the employer has control over the data inputted into the AI system.

Extraterritoriality and Heavy Fines

The AI Act is relevant for any employer using AI systems with output “intended to be used” in the European Union. That means even employers without a physical presence in the European Union may have compliance obligations under the AI Act if, for example, they make job postings available to EU candidates or if they have independent contractors or contingent workers in the European Union.

Also, much like the European Union’s General Data Protection Regulation (GDPR), there are significant penalties for noncompliance. The AI Act’s penalties range from €7.5 million (approximately USD $8 million) or 1.5 percent of a company’s total worldwide annual turnover (whichever is higher) to €35 million (approximately USD $38 million) or 7 percent of a company’s total worldwide annual turnover (whichever is higher).

A Model for Other Countries

The AI Act is, as it was intended to be, a comprehensive framework for AI, regulating AI in everything from policing to commercial products to education and employment, and everything in between. The legal community and policy scholars agree that it is likely to be to AI what the GDPR was to data privacy.

Employers using AI tools, and particularly those with cross-border operations, may wish to follow these developments and evaluate proactive compliance efforts.

Ogletree Deakins’ Cross-Border Practice Group, Cybersecurity and Privacy Practice Group, and Technology Practice Group will continue to monitor developments and will provide updates on the Cross-Border, Cybersecurity and Privacy, and Technology blogs as additional information becomes available.

Follow and Subscribe

LinkedIn | Instagram | Webinars | Podcasts


Browse More Insights

Fingerprint Biometric Authentication Button. Digital Security Concept
Practice Group

Technology

Ogletree Deakins is uniquely situated to provide tech employers and users (the “TECHPLACE™”) with labor and employment advice, compliance counseling, and litigation services that embrace innovation and mitigate legal risk. Through our Technology Practice Group, we support clients in the exploration, invention, and/or implementation of new and evolving technologies to navigate the unique and emerging labor and employment issues present in the workplace.

Learn more
Modern dark data center, all objects in the scene are 3D
Practice Group

Cybersecurity and Privacy

The attorneys in the Cybersecurity and Privacy Practice Group at Ogletree Deakins understand that data now accumulates quickly and transmits easily. As the law adapts to technical advancements, we effectively advise our clients as they work to comply with new developments and best practices for protecting the privacy of the data that their businesses collect and retain.

Learn more
Glass globe representing international business and trade
Practice Group

Cross-Border

Often, a company’s employment issues are not isolated to one state, country, or region of the world. Our Cross-Border Practice Group helps clients with matters worldwide—whether involving a single non-U.S. jurisdiction or dozens.

Learn more

Sign up to receive emails about new developments and upcoming programs.

Sign Up Now