AI & Data Compliance

Seeing through the thicket of regulations

Even today, many different legal frameworks must be observed when using Data and AI:

Copyright

The German Act on Copyright and Related Rights (Urheberrechtsgesetz) protects texts, music, images and computer programs from unauthorized use. Particularly in AI training and generative AI, the Act on Copyright and Related Rights contains numerous stumbling blocks. There is a threat of infringement of third-party property rights and that one’s own AI model or its output may not be used. In the worst case, the persons involved can be prosecuted. We show you a way through the jungle of copyright law.

Data protection

For AI practice, the GDPR, which has been in force since May 2018, has proven to be an obstacle to innovation: The transparency, purpose limitation and data minimization required by Art. 5(1) GDPR often conflict with the technical requirements of AI. In the case of particularly sensitive data, the especially strict requirements of Art. 9 GDPR must also be observed. In addition, Art. 22 GDPR provides for a ban on automated decisions. The silver bullet (where sensible) is the use of anonymous or synthetic data.

Prohibition of discrimination

The German General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz) contains a prohibition of direct and indirect discrimination. The General Act on Equal Treatment is particularly relevant for AI training and the use of AI systems. Certain criteria may not be used for decision-making, so that AI models must be adapted. If, in addition, the representativeness of the training data is not ensured, there is a risk of (probability-driven) discrimination against individuals.

Liability

The German Civil Code (Bürgerliches Gesetzbuch) and the German Product Liability Act (Produkthaftungsgesetz) provide for a variety of liability situations for the production and use of software. In addition, there are special legal liability traps. The European Union is also planning a revision of national liability regulations for the use of artificial intelligence.

Trade Secrets Act

When it comes to confidential data, AI promises special insights. The German Law on the Protection of Trade Secrets (Geschäftsgeheimnisgesetz), which came into force in 2019, sets requirements for handling data. If these are not met, the data will no longer be considered a protected trade secret. We support you in protecting your crown jewels.

Regulated sectors

There are special laws for regulated industries – such as insurance, financial products, automobiles, medical devices, pharmaceuticals, critical infrastructure. The requirements often seem out of date, e.g. because they fit physical products but not modern technologies. With our interdisciplinary consulting approach we find ways to unleash potential.

… and many more.

Aitava removes stumbling blocks and supports sustainable AI deployment. We can draw on many years of technical and legal consulting experience in the AI environment. We drive the development of best practices.

Upcoming legislative changes

EU Data Act – Game Changer in the Data Economy

The planned Data Act has the potential to fundamentally change the legal framework of the data economy. First of all, far-reaching real-time access rights to data are to be created – which not only threatens a leakage of secrets. The market value of certain data is also likely to decline. In addition, considerable obligations will be imposed on providers and manufacturers that are difficult to reconcile with the GDPR. Keyword: access by design. The Data Act also provides for the requirement of a data license: Anyone who wants to use certain non-personal data needs the consent of the respective users.

The legislative process for the EU Data Act has picked up speed in a remarkable way:

February 2022: First draft by the EU Commission
February 2023: Resolution of the EU Parliament
March 2023: Decision of the Council of the EU
Currently: Trilogue phase
End of 2023 (forecast): Entry into force of the Data Act
Implementation deadline for companies: 12 months after entry into force

Almost every company that collects, exchanges, processes or commercializes data is potentially affected by the Data Act. Given the ambitious timeline, swift action is required. Aitava helps you be prepared. As a thought leader, we provide you with decisive impetus.

EU AI Act – a comprehensive technology regulation

The planned AI Act is primarily a preventive prohibition law that bans the use of IT or makes it dependent on technical and organizational requirements. Numerous software solutions are classified by the AI Act as so-called high-risk AI systems. This classification results in far-reaching catalogs of obligations with regard to data quality, explainability, documentation and IT design, among other things, as well as a compliance test. The AI Act is to apply horizontally, i.e. across all business and industry sectors.

The legislative process for the AI Act has recently picked up speed:

April 2021: First draft by the EU Commission
December 2022: Decision of the EU Council
June 2023: Plenary decision of the EU Parliament, followed by trilogue phase
Early / mid 2024 (forecast): Entry into force of the AI Act
Implementation period for companies: 24 months after entry into force

The impending bans of the AI Act pose the greatest challenges to the development and operation of AI. There is already an enormous need for action, for example in the implementation of new products and business models. Companies are well advised to deal with the foreseeable requirements as soon as possible. We provide ongoing and comprehensive advice on the AI Act. So that you can sleep better.

We help you turn compliance into a competitive advantage.

Compliance as a competitive advantage

Compliance is not an agile process, but a proactive one. The focus is on setting a strategic course, for example in product development or the establishment of databases. The AI Act and Data Act will come into force soon. Those who think along with the new set of obligations conceptually will be at least one step ahead of the competition. On the other hand, anyone who rests on the status quo or concentrates solely on DSGVO issues is endangering their own business model. Aitava supports you to move forward as efficiently as possible. AI & Data Compliance thought holistically. With a business focus.

In addition, growing thickets of Data and AI law offer new value creation opportunities:

Data providers: the value of data is likely to increasingly depend on the legally required preparation and documentation.
IT providers: the need for technical compliance solutions is increasing enormously. This relates, for example, to the planned labeling obligations (AI Act) and data access obligations (Data Act).
XAI: Already today, Art. 13 AI Act (transparency) is fuelling research and development on Explainable AI.
And many more! Feel free to let us talk about it.

Ready for a competitive edge?

Dr David Bomhard
Physicist & Lawyer

‭+49 175 6692479‬

david.bomhard@aitava.com

We also advise on:

AI & Data Strategy

If you want to be relevant tomorrow, you need to make strategic decisions today. Aitava removes obstacles so that companies can seize the opportunities of AI.

Learn more

Data Sharing

Many companies are sitting on a treasure trove of data. Other companies can make use of this treasure trove of data. We help with data exchange.

Learn more

Intellectual Property and Protection of Secrets

Is it okay to train AI with other people's data? Who owns the training data? The trained system? And the prompts? We have answers and more questions.

Learn more

Liability in the Use of AI

In a world where decisions are increasingly made by AI, the damages caused by AI use are also increasing. We help you identify and mitigate liability risks.

Learn more

AI & Data