High-Risk AI and Compliance – What Businesses Need to Know

Episode 26 of the Illuminating Information podcast showcased part one of our discussions with legal expert Clara Hochleitner-Wanner on the general scope and overview of the EU AI Act. Now, in Episode 27, we dive into part two of our conversation. Part two delves deeper into the definitions of AI per this Act, high-risk AI classifications, and what businesses need to do to comply. Businesses of all sizes are becoming reliant on AI making important decisions across the enterprise, so understanding compliance requirements is crucial for companies operating within or interacting with the EU market.

Understanding the Risk-Based Approach

One of the major portions of this episode covered the idea of a risk-based approach in the context of this new legislation. This  'risk-based classification system‘ is the foundation for the Act in general. AI systems are categorized based on the potential harm they may cause, with high-risk AI facing the most stringent compliance requirements.

"The AI Act differentiates between different types of AI systems depending on the respective risk posed by the AI system to health, safety, and fundamental rights. On the one end of the scale, there are unacceptable risks, leading to the prohibited AI systems, which I have already talked about earlier. On the other end of the scale, there are AI systems that are only associated with a minimal risk to the above-mentioned interests. In between, there are so-called high-risk AI systems and other certain types of AI systems. “ - Clara Hochleitner-Wanner, Master of Laws from the University of Pennsylvania Law School

Some examples of what the Act may consider as a high-risk AI systems include, in the use of hiring and recruitment, credit scoring and financial assessment, critical infrastructure (things like transportation, healthcare, energy management), and those in law enforcement of judicial decisions. Something all of these examples have in common? They all directly impact the well-being of human beings.

Regulatory Obligations for High-Risk AI Systems

If an AI system is classified as high-risk, it must adhere to several key compliance measures as per this new Act. Organizations must establish risk management frameworks to identify and mitigate potential harm. Transparency and explainability requirements ensure that AI decisions are understandable to users, preventing opaque or unaccountable decision-making. Additionally, high-risk AI cannot operate without human oversight, which prevents fully autonomous decision-making in critical areas. Companies must also maintain detailed documentation and records, creating a system of accountability for how AI is developed and used. Finally, strict cybersecurity and accuracy requirements must be met to prevent system malfunctions and biases from negatively impacting individuals or society. To stay ahead of these requirements, businesses developing or deploying high-risk AI should begin internal audits and establish compliance strategies well before enforcement deadlines take effect.

How Businesses Can Prepare

To ensure compliance, organizations should take proactive steps now rather than waiting until regulations are fully enforced. First, companies should identify their AI use cases and assess whether their applications fall under high-risk classifications. Once identified, businesses must implement AI governance frameworks that align with the Act’s transparency and safety requirements. Employee education is equally crucial—staff and stakeholders should be informed about AI compliance measures and risk management strategies to ensure company-wide adherence. Lastly, engaging with legal and technical experts will be essential to staying ahead of evolving regulations and ensuring that all AI-related practices align with the latest requirements.

Final Thoughts

The EU AI Act as a whole represents a significant shift in AI governance, focusing on transparency, accountability, and risk management. While compliance may seem complex, getting ahead of the game will help businesses navigate the regulatory landscape smoothly. High-risk AI systems, in particular, are subject to heightened scrutiny, so companies must prioritize compliance efforts now to avoid regulatory pitfalls later.

Want to ensure your AI systems meet compliance standards? Listen to the full podcast episode, subscribe for updates, and stay informed on AI regulations.