Navigating Legal Implications: EU's Potential AI Regulation and its Impact on Corporate Counsel

Jun 30, 2023


In the realm of artificial intelligence (AI), the European Union (EU) stands as a trailblazer in crafting regulations for this swiftly evolving technology. A recent piece in The Guardian by Dan Milmo titled “TechScape: Can the EU bring law and order to AI?” provides a deep dive into the EU’s AI Act, uncovering its implications for various sectors. In this blog post, we embark on a journey through the legal intricacies faced by large corporations and their legal representatives, exploring how divergent regulations across markets could potentially shape AI’s path while considering the role of legal firms.

Decoding the EU’s AI Act: A Glimpse into the Regulatory Framework:

The proposed AI Act by the EU introduces a groundbreaking classification system that strategically places AI systems on a spectrum based on their associated risk levels. This risk-based categorization, ranging from “unacceptable risk” to “minimal or no risk,” effectively becomes the compass directing the extent of regulatory oversight. In other words, the higher the perceived risk, the more comprehensive and stringent the regulatory framework.

  • Unacceptable Risk: This category serves as the threshold for outright prohibition. AI systems that fall under this classification exhibit characteristics that pose severe risks to users and society at large. A prime example could be AI applications encouraging dangerous behavior in children or facilitating invasive surveillance through technologies like real-time facial recognition.
  • High Risk: AI systems designated as high risk have the potential to negatively impact safety or fundamental rights. These systems undergo rigorous assessments before entering the market and continuous monitoring thereafter. Examples encompass AI systems deployed in critical infrastructure operation, law enforcement evidence evaluation, and even management of asylum, migration, and border control.
  • Limited Risk: For AI systems presenting limited risk, compliance requirements are comparatively more relaxed. However, these systems must still adhere to minimum transparency standards, ensuring users are informed when interacting with AI-generated content like deepfakes or generative text responses.
  • Minimal or No Risk: AI systems categorized in this bracket, often applied in video games or spam filters, enjoy the least regulatory obligations under the proposed act. The European Commission notes that a substantial majority of AI systems fall within this low-risk category.
man climbing on rock mountain
Photo by Martin on

Concrete Examples of Implications:

Consider an AI-driven education system that scores exams. As an AI system with high-risk potential due to its influence on students’ academic futures, it would require thorough evaluation before deployment and consistent monitoring to ensure fairness and accuracy.

On the other hand, an AI application aiding in medical diagnosis, classified as high risk, demands meticulous scrutiny to prevent misdiagnoses and uphold patient safety. AI embedded within self-driving cars is something that would fall within the high-risk category due to the potential impact on road safety.

Conversely, an AI-powered recommendation engine for a streaming service, categorized as limited risk, may require only minimal transparency in informing users when recommendations are AI-generated.

In essence, the proposed AI Act’s categorical system ensures a tailored regulatory approach that aligns with the inherent risk levels of diverse AI applications, safeguarding user rights and societal well-being.

A Tapestry of Regulations:

This nuanced approach ushers in an era of regulatory diversity. Legal firms representing corporate giants are now faced with the herculean task of keeping pace with varying AI regulations across diverse jurisdictions. The ramifications of non-compliance are daunting – from hefty fines to potential reputational turmoil. It becomes the prime responsibility of legal experts to guide their clients skillfully through these intricate waters, offering bespoke counsel to ensure adherence to a myriad of regulations.

Guarding Data Privacy and Protection:

AI’s foundation in data prompts substantial concerns regarding data privacy and protection. Corporations must tread carefully through a labyrinth of data protection regulations, from the formidable General Data Protection Regulation (GDPR) to local data privacy laws in various global pockets. The legal fraternity dons the hat of safeguarding as they help corporations implement formidable data protection protocols, guaranteeing transparency in AI’s data utilization and preparing defenses against potential legal maelstroms.

royal guard standing beside building
Photo by Roméo on

Liability and Accountability in an AI-Driven Universe:

With AI’s increasing autonomy comes a barrage of questions about liability and accountability. Pinning down responsibility in instances where AI systems influence legal outcomes is intricate. Legal firms play a pivotal role in constructing frameworks that apportion responsibility between human and machine, thereby embedding accountability in the case of AI-related incidents. This dynamic setting necessitates legal expertise in formulating sturdy guidelines that sync with evolving legal frameworks.

Fortifying Intellectual Property in the AI Epoch:

The integration of AI often births invaluable intellectual property assets. Corporations must wield the shield of patents, copyrights, or trade secrets to protect these treasures. Legal envoys with expertise in intellectual property serve as guardians, advising on AI-oriented IP strategies, negotiating licensing agreements, and skillfully resolving disputes concerning AI technology ownership. Their stewardship ensures that corporations unearth maximum value from AI innovations while honoring legal stipulations.

A Global Paradigm: The “Brussels Effect” and Beyond:

The EU’s resonance in tech regulation, evident in milestones like GDPR, ripples into the proposed AI Act. However, other global players – including the US, UK, and China – are orchestrating their AI regulations. This dynamic tapestry adds a layer of complexity, beckoning legal virtuosos to grasp regulations that span beyond the EU. Legal champions are expected to choreograph compliance across diverse global norms.


The impending EU law tailored for AI heralds an ensemble of legal implications for both corporations and their legal avatars. As AI embarks on its transformative voyage, corporate counsel adorns the mantle of navigators, steering their clients through the intricate AI regulatory labyrinth. By staying armed with insights, pre-empting legal crossroads, and orchestrating robust compliance maneuvers, corporations are poised to gracefully navigate a future where AI sails under the banner of diverse regulations across distinct markets. Legal protagonists stand as vanguards, ensuring AI’s voyage stays ethically anchored and compliant within a fluid and ever-evolving legal edifice.


Q: What is the central approach of the proposed EU AI Act?

A: The proposed EU AI Act introduces a risk-based classification system for AI systems, categorizing them from “unacceptable risk” to “minimal or no risk,” which dictates the level of regulatory oversight.

Q: Can you explain the significance of the “unacceptable risk” category?

A: AI systems falling under the “unacceptable risk” category are outright banned due to their potential severe threats, such as encouraging harmful behavior in children or invasive surveillance methods like real-time facial recognition.

Q: How are AI systems categorized as “high risk” treated under the proposed AI Act?

A: AI systems categorized as “high risk” undergo comprehensive assessments before being allowed in the market. They are continuously monitored, covering areas like critical infrastructure operation, law enforcement evidence evaluation, and migration management.

Q: What distinguishes AI systems in the “limited risk” category?

A: AI systems with “limited risk” are subjected to more lenient compliance standards. These systems, which generate content like deepfakes or generative text, must still meet transparency requirements to inform users when they interact with AI-generated content.

Q: Which AI applications fall under the “minimal or no risk” category, and what are their obligations?

A: AI systems in the “minimal or no risk” category, such as those used in video games or spam filters, have minimal regulatory obligations. The European Commission estimates that a significant majority of AI systems fall into this category.

Original Article: Milmo, Dan. “TechScape: Can the EU bring law and order to AI?” The Guardian, June 27, 2023.