Top 10 operational impacts of the EU AI Act – Understanding and assessing risk
This article provides insight into understanding and assessing risk in relation to the EU AI Act.
Published: 24 July 2024
This article is part of a series on the operational impacts of the EU AI Act. The full series can be accessed here, with the other articles in the series listed below.
A defining feature of the EU AI Act that has stood out since the European Commission's first proposal in 2021 is the now largely favored "risk-based approach." However, this is not the first time the approach has been featured in EU regulation. For example, the EU General Data Protection Regulation requires safeguards to be implemented according to the level of risk associated with data processing activities. Similarly, the AI Act places obligations on operators depending on the risk category of their AI use. The goal is to mitigate the risk of AI while promoting innovation to reap the benefits of this transformative technology.
The reason behind this model of regulation is an implicit acknowledgment that technology, such as AI, can be beneficial or risky depending on its uses. By placing risk regulation central to the new law, legislators have sought to craft a legislation that does not regulate a particular technology but what we make of the technology through its use. This is even more relevant in the context of AI, given its role as an emerging technology that can, and will, be deployed for almost unlimited applications from the very trivial to the existential.
This article provides insights on how risk is defined and addressed in the AI Act and unpacks the risk-based approach through a breakdown of the definitions and classification criteria for each risk category identified under the new law.
Top 10 operational impacts of the EU AI Act
The overview page for the series can be accessed here.
- Subject matter, definitions, key actors and scope
- Understanding and assessing risk
- Obligations on providers of high-risk AI systems
- Obligations on nonproviders of high-risk AI systems
- Obligations for general-purpose AI models
- Governance: EU and national stakeholders
- AI Assurance across the risk categories
- Post-market monitoring, information sharing and enforcement
- Regulatory implementation and application alongside EU digital strategy
- Leveraging GDPR compliance
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Top 10 operational impacts of the EU AI Act – Understanding and assessing risk
This article provides insight into understanding and assessing risk in relation to the EU AI Act.
Published: 24 July 2024
Contributors:
Uzma Nazir Chaudhry
Former AI Governance Center Fellow, IAPP
CIPP/E
Eduardo Ustaran
Partner, Hogan Lovells
AIGP, CIPP/E
This article is part of a series on the operational impacts of the EU AI Act. The full series can be accessed here, with the other articles in the series listed below.
A defining feature of the EU AI Act that has stood out since the European Commission's first proposal in 2021 is the now largely favored "risk-based approach." However, this is not the first time the approach has been featured in EU regulation. For example, the EU General Data Protection Regulation requires safeguards to be implemented according to the level of risk associated with data processing activities. Similarly, the AI Act places obligations on operators depending on the risk category of their AI use. The goal is to mitigate the risk of AI while promoting innovation to reap the benefits of this transformative technology.
The reason behind this model of regulation is an implicit acknowledgment that technology, such as AI, can be beneficial or risky depending on its uses. By placing risk regulation central to the new law, legislators have sought to craft a legislation that does not regulate a particular technology but what we make of the technology through its use. This is even more relevant in the context of AI, given its role as an emerging technology that can, and will, be deployed for almost unlimited applications from the very trivial to the existential.
This article provides insights on how risk is defined and addressed in the AI Act and unpacks the risk-based approach through a breakdown of the definitions and classification criteria for each risk category identified under the new law.
Top 10 operational impacts of the EU AI Act
The overview page for the series can be accessed here.
- Subject matter, definitions, key actors and scope
- Understanding and assessing risk
- Obligations on providers of high-risk AI systems
- Obligations on nonproviders of high-risk AI systems
- Obligations for general-purpose AI models
- Governance: EU and national stakeholders
- AI Assurance across the risk categories
- Post-market monitoring, information sharing and enforcement
- Regulatory implementation and application alongside EU digital strategy
- Leveraging GDPR compliance
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Tags:
Related resources
Global AI Governance Law and Policy: Jurisdiction Overviews
US State Privacy Legislation Tracker
Organizational Digital Governance Report 2025
US State Comprehensive Privacy Laws Report
