Our experts Klaus Brisch and Marco Müller-ter Jung, from our Legal team, have published an article in the August edition of BOARD, a magazine for German supervisory boards, on the legal framework for AI-based business decisions. Besides the potential for decision makers to use AI and the challenges arising from this, it outlines the central aspects of the draft European AI Regulation and the requirements for AI governance structures within the business. This regulation is relevant to the governance bodies of European companies, and as well to their management.
AI systems can support decision makers in companies by analysing, preparing and presenting information; they can take on the tasks of acquiring information or making autonomous decisions, but data protection and employment law have to be taken into account, among other things.
The AI Regulation, expected to enter into force at the end of 2023, will establish a Europe-wide uniform legal framework for the use of AI systems. Within companies, those charged with governance and management have to make strategic decisions about who will be responsible for implementing AI governance.
To avoid liability, the selection and quality of AI systems is particularly crucial if decision makers employ them to delegate managerial responsibilities. However, bad decisions by the board based on information from AI does not necessarily issue in liability as long as the business judgment rule is observed.
In using AI systems, those charged with governance and management face two issues. They can use AI systems to manage its supervisory,advisory and leadership duties. At the same time, the management and those charged with governance are required to oversee the observance of legal and ethical conditions when AI systems are employed.
It is recommended that management and those charged with governance use the time before the AI Regulation comes into force to analyse whether and to what extent AI systems are already in use within their company and which risk class they fall under. The decision about where responsibility for AI systems should lie within the company should also be tackled. The negative experiences surrounding the introduction of the requirements of the General Data Protection Regulation (GDPR) owing to the length of implementation should not be repeated.
You can read the full article here, in the August edition of BOARD (in German, fee charged).