Navigating the EU AI Act: Compliance for AI start-ups

As a lawyer with almost 20 years of experience in the digital sector and an entrepreneur who has witnessed the development of AI technology first-hand, I see time and again how AI start-ups face unique legal challenges. The EU AI Act, the first comprehensive legal framework for artificial intelligence in Europe, brings both challenges and opportunities. This regulation aims to address the risks of AI systems and position Europe as a global leader in the ethical and sustainable development of AI technologies. For start-ups, this means that they must deal with the complex requirements at an early stage in order to not only minimize legal risks, but also to gain the trust of investors and customers. Compliance with these regulations can be crucial for a company’s market access and long-term success. In this blog post, I will highlight the most important aspects of the AI Act and how AI startups can successfully prepare for compliance with these new regulations. The AI Act requires companies to undertake comprehensive strategic planning to ensure that all aspects of AI development and application comply with the legal requirements. This requires not only technical know-how, but also a deep understanding of the legal framework. Companies must continuously adapt and be prepared to revise their strategies to meet evolving regulatory requirements.

The basics of the EU AI Act

The EU AI Act is an ambitious set of rules aimed at regulating the development and use of AI systems in the European Union. It distinguishes between different risk categories of AI applications, with high-risk AI systems being subject to special requirements. These categories range from minimal risk to impermissible applications, such as manipulative systems that could influence human behavior in a harmful way. Article 5 of the AI Act lists specific practices that are considered impermissible, while Articles 6 and 7 define the criteria for high-risk systems. For AI start-ups, this means that they must first assess their applications in terms of risk classification. The categorization has a direct impact on the compliance requirements that must be met. A thorough understanding of these categories is crucial in order to plan the right steps for compliance. Companies must be prepared for the fact that compliance with these regulations is not just a one-off task, but requires continuous adjustments. This requires close collaboration between technical developers and legal experts, as well as regular employee training. The ability to adapt quickly to new regulatory developments will be a key factor for success.

High-risk AI systems and their requirements

High-risk AI systems are the focus of the EU AI Act and are subject to strict requirements. These include requirements for transparency, safety and accuracy of the systems in accordance with Articles 8 to 15 of the AI Act. Companies must prove that their AI systems are robust and safe and do not provide discriminatory results. This requires comprehensive technical documentation and regular reviews of the systems by independent bodies or internal audits. Startups must also ensure that their systems are comprehensible and can be explained if necessary – an aspect often referred to as “explainability”. These requirements can pose a considerable challenge for young companies, but also offer the opportunity to differentiate themselves in the market through high standards. The implementation of such standards can not only minimize legal risks, but also strengthen user confidence. Companies should therefore invest in technologies that promote transparency and traceability, as well as in training programs for their employees. In addition, it is important to take proactive measures to continuously improve system performance.

Documentation and reporting obligations

A central component of the EU AI Act is the extensive documentation and reporting obligations that apply in particular to high-risk AI systems. Article 11 of the AI Act requires companies to keep detailed records of the development, operation and monitoring of their AI systems. This documentation is not only used for internal traceability, but is also essential in order to be able to prove compliance with the legal requirements to supervisory authorities. This includes technical specifications, test protocols and risk assessments. The challenge is to keep this documentation up to date while ensuring that it meets the complex requirements of the AI Act. A well-structured documentation system can also help to optimize internal processes and identify potential weaknesses at an early stage. Companies should invest in digital tools that enable the automatic recording and updating of data in order to minimize the administrative burden. A regular review of this documentation is necessary to ensure that it always complies with current standards.

Data protection and ethical considerations

In addition to the technical requirements, the EU AI Act attaches great importance to the protection of personal data and ethical considerations when dealing with AI. Article 13 emphasizes the need for AI systems to operate in compliance with data protection regulations and to avoid any unlawful intrusion into the privacy of users. This requires close collaboration between technical developers and data protection experts within the company itself to ensure that all data processing operations are transparently lawful In addition, the AI Act requires companies to develop ethical guidelines to promote responsible use These guidelines should include aspects of fairness transparency non-discrimination Implementing such guidelines can not only minimize legal risks but also strengthen user trust Companies should regularly conduct ethical audits adapt their guidelines to new technological developments Clear communication of these guidelines to all stakeholders is also crucial to maintain trust.

Strategies for successful compliance

To meet the requirements of the EU AI Act, AI startups should develop a comprehensive compliance strategy at an early stage This strategy should cover all aspects of legal requirements from risk assessment and documentation to the implementation of ethical guidelines in accordance with Articles 14 to 17 of the AI Act An interdisciplinary team of technical developers and legal experts is essential for effective implementation Regular employee training is crucial to ensure that all parties involved understand the requirements and can implement them. In addition, engaging external consultants can help identify blind spots and implement best practices A proactive approach to compliance can not only avoid legal issues but also increase efficiency and innovation Companies should also invest in technology that facilitates compliance, such as compliance management systems Clear communication of compliance measures to all stakeholders promotes transparency and trust.

Support in drafting contracts and advice

As a lawyer with many years of experience in the digital sector, I offer comprehensive support in implementing the requirements of the EU AI Act From developing customized compliance strategies to drafting contracts, I advise AI startups Drafting contracts is crucial for legally compliant operation of AI systems in accordance with specific requirements of the AI Act (Articles 18 to 21) This is not only about compliance with legal requirements but also about Ensuring intellectual property protection and fair business relationships with partners and customers My experience helps startups not only overcome legal challenges but also successfully realize business goals Let’s work together on this By working closely together, we can ensure that all legal aspects are covered Your company is on a solid foundation ready to successfully tackle future challenges!

Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.