Decoding the Impact of the EU AI Act on US-Based Companies

The European Union’s new Artificial Intelligence Act (EU AI Act), ratified in March 2024, is set to revolutionize AI regulation globally. This article aims to provide a comprehensive guide for CISOs and business leaders on navigating the implications of this Act on US-based companies.

The EU AI Act introduces a robust regulatory framework for AI applications, impacting businesses that operate in the EU, offer AI products or services, or process data of EU residents. US companies, even those without physical presence in the EU, may also be subject to this regulation. CISOs of such companies need to assess their compliance obligations and take proactive steps to adhere to the EU AI Act.

With the EU AI Act leading the way in AI regulation globally, policymakers worldwide are likely to align their regulations with its principles. In the US, several proposed AI regulations are in the pipeline to enhance AI governance and compliance across sectors.

The Act categorizes AI systems based on risk levels, ranging from unacceptable risk to low or minimal risk, each with specific compliance requirements. Implementing an AI risk management system tailored to generative AI risks is crucial for businesses to ensure compliance with the EU AI Act.

To kick-start the journey towards EU AI Act compliance, companies should review their existing AI applications, implement standards for AI model development, conduct a thorough gap analysis, and develop an action plan to address compliance gaps. Collaboration between CISOs and other business leaders is essential in navigating the complexities of AI regulation.

As US-based companies gear up to comply with the EU AI Act, staying informed and proactive in addressing regulatory requirements will be key to ensuring responsible AI deployment and maintaining competitive edge in the evolving AI landscape.

Bryan McGowan is the US Trusted AI Leader at KPMG US. With extensive experience in AI governance and compliance, Bryan plays a pivotal role in helping companies navigate the regulatory landscape. Matthew P. Miller, Principal, Advisory, Cyber Security Services, and Katie Boswell, Managing Director, Cyber Security Services, both at KPMG US, bring a wealth of expertise in cybersecurity and AI risk management to support companies in achieving compliance with the EU AI Act.