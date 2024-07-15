BY Rafael Lourenco3 minute read

As GenAI becomes more capable of handling complex tasks in a variety of industries, lawmakers and government agencies are racing to provide guidance and regulations that meet the moment. While it’s still early days in most parts of the world for AI-related business regulations, regulations are coming, so retailers and other businesses should be prepared.

Heavily regulated sectors like banks and healthcare will likely see AI-related rules first, but they won’t be the last. Retailers and e-commerce businesses need to anticipate the kinds of compliance they may eventually face regarding their own AI initiatives and vendor-provided AI solutions. Planning now will make future compliance easier, and it can offer other benefits in the meantime. AI RULES ON THE BOOKS AND IN THE WORKS The EU AI Act is a major, comprehensive new law that will ban some types of AI and heavily regulate certain use cases, based on risk level. There will be grace periods after the law takes effect in May or June. Those windows vary depending on the use case. After they close, penalties for noncompliance will be steep, including fines as high as US$38 million, or 7% of the noncompliant company’s worldwide revenue.

Subscribe to the Compass newsletter. Fast Company's trending stories delivered to you daily Privacy Policy | Fast Company Newsletters

Most e-commerce and retail businesses won’t be affected by the bans on what the EU considers unacceptable-risk AI use cases, like behavioral manipulation and data-scraping for facial recognition. Large commerce businesses that develop AI models and operate in the EU, like Amazon and eBay, will need to comply with the AI Act’s general purpose AI (GPAI) requirements, which include creating and sharing technical documentation, complying with the EU’s Copyright Directive, and publishing “a sufficiently detailed summary about the content used for training the GPAI model.” Businesses using third-party AI tools that fall into the law’s limited-risk category must comply with the act’s transparency requirements. For example, ecommerce sites that use AI chatbots or generate marketing images or content with AI must inform end users that the chat or content they’re engaging with is AI. AI regulation is not as far along in the U.S., but it’s advancing. Half the states introduced AI-related legislation in 2023, and 18—plus Puerto Rico—passed laws or resolutions related to AI. These initiatives mostly focus on current and potential AI use cases within state government agencies, but the scope is likely to widen in future legislative sessions.

WHERE TO START AI COMPLIANCE PLANNING Knowing where AI is and what it does within your company’s ecosystem is a key first step. As more software providers and platforms incorporate AI into their products, your AI use case list will grow. But keeping a list will let you quickly identify areas that need to comply with current or future regulations. An overview of your organization’s existing compliance requirements can also shape your AI compliance plans. It’s fair to assume that existing regulations will be expanded to address AI use cases. For example, existing data privacy regulations will likely soon address the use of customer data to train AI models and require disclosure and a process for opting out. The Federal Trade Commission has already issued a reminder this year that AI use cases that violate companies’ data privacy promises could incur penalties under existing consumer protection rules.

advertisement

Your company’s legal team should also review existing and future AI applications for litigation risk. The FTC recently weighed in on the possibility that AI models trained on creative works without the creators’ consent could be violating copyright laws, while output from such models could “constitute an unfair method of competition or an unfair or deceptive practice” if consumers believe that the generated content was made by a real artist or author. A number of media outlets are already suing generative AI creators over concerns about copyright infringement. Finally, assessing your company’s AI use cases through an ethical framework, like the White House’s Blueprint for an AI Bill of Rights, can put you in a better position to align with evolving compliance requirements. MORE REASONS TO PREPARE NOW