2025 Supervisors Symposium

M.L.S. in Cybersecurity, Risk & Governance Master the Law. Mitigate the Risk. Lead in Cybersecurity.

EU AI Act

 Goal: The AI Act aims to establish a “ comprehensive legal framework on AI worldwide” for “ foster[ing] trustworthy AI in Europe and beyond, by ensuring that AI systems respect fundamental rights, safety, and ethical principles and by addressing risks of very powerful and impactful AI models.”  Applies to : AI Act applies to providers and developers of AI systems that are marketed or used within the EU (including free-to-use AI technology), regardless of whether those providers or developers are established in the EU or another country.  Territorial Scope : U.S. -based companies that market or provide AI-based technology within the EU may be subject to the Act’s potential penalties for noncompliance.  Privacy : The Act does not separately address AI systems that process EU citizens' personal information; however, it does state that existing EU law (i.e., GDPR!) on the protection of personal data, privacy and confidentiality applies to the collection and use of any such information for AI based technologies.

FFIEC

17

MLS in Cybersecurity, Risk & Governance :

M.L.S. in Cybersecurity, Risk & Governance Master the Law. Mitigate the Risk. Lead in Cybersecurity.

EU AI Act

 Categorizing AI Systems (Tiers) : The AI Act adopts a risk-based approach for categorizing AI systems into four tiers. These tiers generally correspond to 1) the sensitivity of the data involved and 2) the particular AI use case or application.  Regulator: The newly created EU AI Office will oversee implementation and enforcement of the AI Act.  Penalties: For noncompliance, penalties, depending on the violation(s), range from EUR 35 million or 7 percent of worldwide annual turnover to EUR 15 million or 3 percent of worldwide annual turnover to EUR 7.5 million or 1 percent of worldwide annual turnover .

FFIEC

18

MLS in Cybersecurity, Risk & Governance :