Cyber security data transfer and systems

Artificial Intelligence Act

EU’s new Artificial Intelligence Act (AI Act) imposes a significant number of obligations on providers and deployers of AI systems. AI requires diligence also in complying with data protection, trade secret, and intellectual property obligations as well as cybersecurity. With Insta's expertise combining law, technology, and cybersecurity, we support our clients in achieving compliance with the AI Act obligations and ensuring thereto required level of cybersecurity.

Preparing for AI Act

The AI Act applies to providers of AI systems, as well as deployers. Obligations are also imposed on importers and distributors. As the AI Act is a horizontal regulation, it must be complied with in almost all industry fields.

The first obligations under the AI Act must be met within six months of the coming into force in the fall of 2024. Obligations will be phased in gradually, with the majority taking effect 24 months after in 2026.

The workload to achieve compliance can be significant, and preparation should begin well in advance. When implementing a new AI system, it is advisable not to overlook the obligations of the AI Act anymore!


Prohibited AI practices

The risk posed by prohibited AI practices has been deemed so high that their use is generally prohibited.

Included in the scope of prohibition are, for example, certain biometric categorization, exploitation of vulnerabilities of vulnerable groups of people, as well as emotion recognition systems in workplaces and educational institutions.

High risk AI systems

The use of high risk AI systems is permitted only when adhering to certain obligations and procedures set out in the AI Act. A significant portion of the obligations under the AI Act apply to providers and deployers of high risk AI systems. High risk AI systems include products and safety components that require third-party conformity assessment procedures, as well as AI systems falling within certain listed areas. These areas cover, for example, employment, workers management and access to self-employment, education and vocational training, and critical infrastructure. An AI system performing profiling of natural persons is inherently classified as high risk.

Limited risk AI systems

The limited risks related to the transparency of AI are mitigated by obligations that ensure individuals are aware of the use of AI in data creation or being the subject of AI.

Transparency risks concern, for example, AI systems interacting with persons (e.g., chatbots) and the use of AI in creating content addressed to persons (e.g., deepfake).

Minimal risk AI systems

Use cases of AI that fall outside of the above classifications are of such minimal risk or risk free by nature that the AI Act imposes minimal obligations. However, voluntary compliance and adherence to the AI Act principles can still be recommended. It should also be remembered that ensuring the lawfulness of personal data processing, as well as maintaining trade secret protection and cybersecurity, is always advisable irrespective of the AI risk classification.

Examples of minimal risk AI falling outside the scope of the most significant obligations include spam filter solutions.

By combining expertise in law, technology and cybersecurity, Insta supports its clients in achieving compliance with the use of AI and ensuring the cybersecurity of their system as a whole.

Insta Services

Training, guidelines, and policies

  • Targeted info session for example to management.

  • AI training, guidelines, and policies.

  • Supports the achievement of sufficient level of AI literacy as required in the AI Act.

Implementing measures based on risk classification of AI

  • Assisting in compliance with requirements for high risk AI usage, such as risk management, data and data governance, preparation of technical documentation, and cybersecurity.

  • Assisting in fundamental rights impact assessments (FRIA).

  • Assisting in compliance with transparency requirements.

Data Protection Impact Assessment (DPIA)

  • Carrying out Data Protection Impact Assessments in accordance with data protection regulations, considering the specific effects of AI usage and the requirements of the AI Act regarding the processing of personal data.

  • As appropriate, we combine DPIA and FRIA.

Cyber security consultation

Our services help your organization choose the right strategies for cyber risk management. We can also provide assistance with the strategies, policies, guidelines, and requirements that are required for the further development of information security and data protection.

Stay on top of the industry trends and subscribe to our newsletter

The most important news, inspiring articles, and up-to-date insights from our experts across various industries and information about our upcoming events.

Accept the terms and conditions. We handle your information responsibly.
Please review our privacy policy.