AI and Data Protection in the EU and UK: Regulation and Enforcement

7 марта 2024 г.
12:00 - 01:00 Eastern Standard Time
11:00 - 12:00 Central Standard Time
09:00 - 10:00 Pacific Standard Time

Morgan Lewis partners Vishnu Shankar and Christina Renner and special legal consultant Dr. Axel Spies discussed the latest EU and UK regulations and enforcement actions relating to artificial intelligence (AI) and data protection, including the EU AI Act (the world’s first comprehensive AI legislation) and General Data Protection Regulation (GDPR) related developments. They covered the legal highlights and key business impacts of these landmark legal developments.

Key Takeaways

Top Three EU/UK AI Developments

  1. Very significant artificial intelligence (AI)–focused regulation is (finally) here and will apply to developers and users. The new legislation is expected to impact strategic business operations, products, and engineering, and pose liability risks.
  2. Consider the impact and areas of overlap with existing laws when applied to AI, including the European Union’s Digital Strategy on AI, AI Liability Directive, Digital Services Act, Data Act, Digital Markets Act, and cybersecurity and intellectual property laws.
  3. Don’t forget the General Data Protection Regulation (GDPR)! It is already a law, covers many significant aspects of AI, and is a key focus of regulatory enforcement action.

What Corporations Should Do Next

  • Assess GDPR compliance.
  • AI Act-specific issues
    • Follow the releases of the new AI Office and provide input to the regulators on issues of concern.
    • Assess if the corporation would be defined as a “Deployer” or “Provider,” and whether its status would make one subject to the AI Act’s territorial scope.
    • Assess which “risk” tier the company would fall under. If “high-risk,” plan for the Fundamental Rights Impact Assessments under the EU AI Act.
    • Update internal AI-use policies as needed (e.g., whether employees are permitted to use public generative AI platforms).
    • Determine if intellectual property and copyright policies need to be revised.
    • Host staff training sessions.
    • Review insurance policy and select which product liability type cover would be appropriate.
  • AI supply chain
    • Perform due diligence, particularly in respect to each vendor’s use of training data.
    • Review contract provisions
  • Evaluate the pros and cons of participating in EU and UK regulatory AI Sandbox.


Please contact Annette Barket. For CLE questions, please email CLE Credit Request.

CLE credit: CLE credit in CA, IL, NY, PA, TX, VA, and WA is currently pending approval; CT, FL, and NJ (via reciprocity).