The EU AI Act: eight steps to get started

Kickstart your journey with the AI Act with these immediate steps.

Eight steps to get started | How we can help | Trusted AI | Insights on AI | Contact us

Even though EU regulations will take 24 months to fully roll out and be enforced, the road ahead will be challenging for many organisations. The regulatory environment is starting to take shape, but AI applications continue to advance rapidly, adding new features that will subject them to increased levels of oversight as they grow.

Many aspects of the EU AI Act will be challenging for organisations to implement and address, particularly in terms of technical documentation for the testing, transparency, and explanation of AI applications.

Adding to this challenge is the fact that every AI application comes with its own business processes, impacts, and risks. At KPMG, we suggest starting with an overview of your organisation’s current use of AI, and what systems you are using. Once you have this overview, educate yourselves on how to bridge the gap between the legal and practical aspects, as organisations often find it difficult to remain compliant while still getting the correct functions out of their AI systems.

Although there is no silver bullet for compliance, every business can kick-start its journey to compliance with the EU AI Act by taking these immediate steps:

Inventory and classify the current AI landscape
Review existing AI applications and categorise them to identify high-risk applications that require compliance with the EU AI Act. Leveraging an automated detection/ identification solution, automating intake questionnaires, or implementing a workflow platform, for instance, can aid in accelerating the discovery, inventory, and classification activities required to support and map compliance obligations.

Implement (or reimagine) the AI strategy & governance framework
Implement standards and best practices for AI model development, deployment, and maintenance in alignment with the EU AI Act’s requirements and other emerging regulatory standards. Leveraging an automated solution to manage various aspects of compliance mapping, obligations tracking, and workflow management can aid in supporting and scaling various governance activities. 

Conduct a GAP analysis
Conduct a thorough gap analysis to identify areas of non-compliance and develop an immediate action plan to address these gaps. This analysis could be expedited using an automated or rapid AI assessment approach against established governance framework or EU AI Act compliance obligations.  

Automate model management and evaluation
Optimise, automate and streamline AI model management processes, ensuring models are transparent, explainable, and trustworthy. Leverage automation to extract and map technical metrics and data from AI model and application metadata to your governance framework, enabling automated compliance and management processes. 

Review data privacy and security
Review and, if necessary, update data handling practices to ensure they comply with GDPR and other data privacy aspects of the EU AI Act. Leveraging automated threat detection, analysis and intelligence solutions can drastically reduce the level of effort required to support testing and technical documentation of the requirements outlined in the EU AI Act. 

Maintain an AI inventory
This will ensure that AI systems are easily traceable and continuously monitored. Review existing AI systems and use cases and categorise them to identify high-risk systems requiring compliance with the AI Act.

Train your employees
Educate your workforce on the legal and ethical implications and intended use of AI systems, ensuring they are prepared to handle new responsibilities and compliance tasks. Additionally, ensure the right roles and responsibilities within the organisation, as this will help to ensure the correct processes and functioning.

Communicate with all stakeholders
Communicate transparently with all stakeholders, including customers and partners, about how your company addresses the AI Act requirements and outlines expectations and requirements for each stakeholder group in managing ongoing compliance.

How we can help your organisation

We can help you streamline your compliance journey and successfully adapt to the challenges of the AI Act. Our team can operationalise and scale your AI governance, management, and monitoring programs, while sharing key learnings from prior engagements and our own AI automation journey to help improve processes and policies.

We help you fully understand the eight steps, as well as educate your employees so they know how to respond.

Additionally, it is important to ensure that your existing systems are compliant. To achieve the highest level of compliance, we can assist by suggesting alternative systems or developing compliant tools if your current ones are non-compliant. Introducing fairness principles early in the process is also crucial to ensure the final products are ethical and fair. We conduct courses on how fairness can be compromised by the wrongful execution or usage of tools.

We also help clients understand the overlaps between the Artificial Intelligence Act (AIA) and other legislation, such as privacy and security laws.

The need for trusted AI

The EU’s goal for the AI Act is to ensure that AI systems are “safe, transparent, traceable, non-discriminatory and environmentally friendly.” Those priorities are shared by the KPMG Trusted AI framework. 

This ten-pillar guide is KPMG’s strategic framework to help design, build, deploy and use AI solutions in a responsible and ethical manner while also accelerating value. Through our Trusted AI framework, we assist clients in strategically integrating responsible AI practices, from initial assessments and benchmarking to designing AI governance processes that will align with the provisions of the EU AI Act. 

With the race to AI adoption heating up, it's crucial for businesses to not only comply with the EU AI Act but also to build a robust AI framework that enables optimal performance. At KPMG, we recognise this and provide a one-stop-shop solution with our expertise across all aspects of AI, backed by our service lines and competency groups in Forensic, Legal, Compliance, NextGen Operations, and Digital Risk. Our unique approach provides businesses with comprehensive solutions and cutting-edge insights to create the ultimate AI framework.

Whether you require end-to-end advisory and implementation support, regulatory compliance, or tech integration, we've got you covered. Contact us, so we can talk more about how we can assist you.

Learn more about Trusted AI and the KPMG approach below.