In the first in a series of articles, Tim Hickman, Partner, and Aishwarya Jha, Associate, at White & Case LLP, discuss the impact of the EU’s AI Act on data protection, starting with the concept of an 'AI System'.
The EU’s Artificial Intelligence Act (the ‘AI Act’) is nearing final form, with the compromise text (the 'draft text'), the product of trialogue negotiations between EU legislative bodies, having been leaked in January 2024. The overlap between the AI Act and the GDPR/ UK GDPR remains somewhat unclear. On the one hand, Article 2(5b) of the AI Act states that the AI Act ‘shall not affect’ the GDPR. On the other hand, it appears that any organisation using AI Systems — a term explained below — to process personal data will potentially be subject to the overlapping compliance obligations of both the GDPR/UK GDPR and the AI Act.
In order to address the practical consequences of this overlap, it is essential for organisations to understand whether their data processing activities involve the use of any AI Systems within the meaning of the AI Act. This is because the question of whether the AI Act applies will depend, to a large extent, up- on the question of whether an AI System is in use. However, as will become clear, defining AI Systems can be beguilingly complicated.
Reproduced with permission from Data Protection Ireland journal.
This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.
