Source URL: https://cloudsecurityalliance.org/blog/2025/01/29/how-can-iso-iec-42001-nist-ai-rmf-help-comply-with-the-eu-ai-act
Source: CSA
Title: Use ISO 42001 & NIST AI RMF to Help with the EU AI Act
Feedly Summary:
AI Summary and Description: Yes
**Summary:** The text discusses the European Union’s AI Act, which aims to regulate artificial intelligence practices within the EU starting from August 2024. It highlights the growth of AI adoption among organizations and details the classification of AI systems based on risk. The Act includes compliance requirements and penalties for non-compliance, emphasizing the importance of managing risks associated with AI technologies.
**Detailed Description:** The text provides a comprehensive overview of the newly established EU AI Act and its implications for organizations operating within or doing business with the EU. Key points include:
– **Growing Adoption of AI Technologies:**
– Significant rise in AI usage from 58% in 2019 to 72% by 2024.
– Generative AI usage nearly doubled from 2023 to 2024, increasing from 33% to 65%.
– **Overview of the EU AI Act:**
– Regulation (EU) 2024/1689 creates a common regulatory framework for AI in the EU, with implementation starting on August 1, 2024.
– Exempts military, national security, and certain research uses of AI from its regulations.
– **Regulatory Framework and Compliance:**
– The Act facilitates innovation while ensuring safety and the protection of fundamental rights, such as privacy.
– Establishes clear guidelines for risk management, ongoing monitoring, and human oversight in AI.
– **Risk Classification of AI Systems:**
– **Unacceptable Risks:** Prohibited AI systems include those enabling manipulation, exploitation, and social control. This includes techniques like subliminal messaging and biometric identification.
– **High Risks:** Systems impacting safety and fundamental rights, such as facial recognition in law enforcement.
– **Limited Risks:** AI systems like chatbots that require transparency about AI interaction but face lighter regulations.
– **Minimal Risks:** Includes low-risk AI systems like spam filters, which remain unregulated.
– **Penalties for Non-Compliance:**
– Fines for violating prohibited practices can reach up to EUR 35 million or 7% of annual turnover.
– Non-compliance with high-risk requirements attracts fines up to EUR 15 million or 3% of turnover.
– **Standards and Frameworks:**
– Introduction of ISO/IEC 42001, which provides a structured approach to managing AI risks and ensures the responsible development of AI.
– References to the NIST AI Risk Management Framework, emphasizing ethical and trustworthy AI practices.
– **Author Background:**
– Ashwin Chaudhary, the author, is an experienced cybersecurity professional and CEO of Controllo.ai, focusing on compliance audits and governance across various security domains.
This text is particularly relevant for professionals engaged in AI development, compliance, and security, as it outlines essential regulatory frameworks that need to be understood to navigate the evolving landscape of AI technology responsibly.