- About CW
- Topics
- Events
- Research
- Membership
“For tracking litigation, enforcement, and regulatory developments, Compliance Week
should be your prime source.”- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
EU AI Act next GDPR? Proof in the pudding as boardrooms prioritize data governance
By 
Ruth Prickett2024-12-23T10:00:00
Breaches of the EU’s ground-breaking General Data Protection Regulation (GDPR) can cost companies substantial sums and huge reputational damage. Now some are warning that the implementation of the EU’s AI Act, the first phase of which begins in February 2025, will be just as far-reaching, and could potentially lead to similar numbers of cases. Meanwhile, increasing digital regulation is refocusing boards’ attention on data governance, including GDPR compliance.
The AI Act is expected to set a new global standard that others will follow, so even organizations that are not directly in scope should be paying attention.
In a white paper published in October, the Information Systems Audit and Control Association (ISACA) wrote: “The act is touted as the first comprehensive AI law in the world. Given the broad and thorough nature of the act, it is possible that future AI laws and regulations could be modelled off the EU AI Act, similar to what happened with the EU’s [GDPR].”
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumExperts: Companies ‘underestimate risk’ as first provisions of EU AI Act come into force
A European Union-wide ban on AI systems with “unacceptable” risk came into force on Feb. 2 as the first provisions of the EU’s AI Act took effect. Problems persist, however, over what the legislation requires and what corporate practices or uses of data may risk flouting the rules.
-
PremiumEDPB shift forces AI firms to embed procurement, risk management in GDPR considerations
Efforts to clarify the circumstances in which artificial intelligence models may or may not be violating the General Data Protection Regulation could result in yet more confusion for tech firms, companies deploying the technology, and even data protection authorities, according to experts.
-
PremiumCJEU ruling adds to GDPR liability over unfair competition, AML/CFT
Legal cases and fines for noncompliance with EU’s GDPR could rise sharply after a court found that a breach was a source of unfair competition. The judgment also opens doors to civil cases over companies that ignoring expensive or challenging rules, such as those regarding AML/CFT.
More from Regulatory Policy
-
News BriefFinCEN drops BOI requirement for U.S. companies, persons
The U.S. Treasury Department’s Financial Crimes Enforcement Network issued a final interim rule that eliminates beneficial ownership information reporting obligations for U.S.-based companies and persons.
-
News BriefTrump nominates Fed’s Bowman as vice chair for supervision
Federal Reserve Board member Michelle Bowman has been nominated as the board’s vice chair for supervision, a position that oversees regulation of the nation’s largest banks.
-
Basic PageSEC postpones compliance date for amendments to investment company names rule
Investment companies will have six additional months to comply with an update to the Securities and Exchange Commission rule aimed at making investment fund names more accurate.