European AI Act Takes Effect
The European Artificial Intelligence Act (“AI Act”), which entered into force on 1 August 2024, has established that laws governing AI systems should apply a risk-based approach that considers potential societal harm. It establishes guidelines to help consumers understand how artificial intelligence works, how AI systems are supervised and used, and how personal data is processed and secured. The new legislation is applicable to providers of AI systems to be marketed or used in the EU; consumers of AI systems in the EU; and providers and consumers of AI systems outside the EU where the products of use – even if located outside the EU – are utilized in the EU.
Turkish AI commission to be established
A research commission to discuss developments in AI will be established in the Turkish Parliament. It will cover topics such as the development of AI programs; the reliability of said programs and their compliance with the principle of transparency; protection of personal data; and assuming responsibility towards users. The commission will consult with public institutions and organizations, representatives of AI companies in Türkiye, academics, and IT experts. It is unclear if the research will result in preparation of a bill.
Chatbot data breaches in the Netherlands
The Netherlands’ data protection authority has reported receiving multiple data breach notifications linked to the use of AI, specifically noting that employees frequently use chatbots independently and in violation of employer agreements. The authority explained that where company policy allows employee use of chatbots it will not constitute a data breach – but may still pose questions of legality. It has advised companies to set clear rules on employee use of chatbots and specify which data may be entered into relevant systems.
Türkiye’s AI strategy published
Türkiye has published its “National AI Strategy 2021-2025” (“AI Strategy”) developed by the Presidency Digital Transformation Office and the Ministry of Industry and Technology with input from all stakeholders. The AI Strategy’s vision is to create value on a global scale through an agile and sustainable AI ecosystem for a prosperous Türkiye. Six strategic priorities have been defined: (i) training AI experts and increasing employment in the sector; (ii) supporting research, entrepreneurship and innovation; (iii) expanding access to quality data and technical infrastructure; (iv) accelerating socioeconomic adaptation; (v) strengthening international cooperation; (vi) accelerating structural and labor transformation.
California’s first AI safety bill progresses
A California state assembly bill aimed at mitigating the dangers associated with AI has been approved. The legislation mandates that businesses assess their AI models, with the goal of preventing them being employed for harmful means and reveal security measures to the public. A Senate vote is still required before the bill can be sent to the governor for approval. OpenAI, Google, and Meta, among other leading AI companies, have confirmed they oppose the proposed laws.
UN greenlights Global Cybercrime Treaty
Despite opposition from human rights groups and tech companies, a global cybercrime treaty has been approved by the United Nations (“UN”). The treaty, which was approved after three years of debate, still requires a vote from the General Assembly. UN member states are mandated to create legislation that addresses unauthorized access to information systems, online child exploitation, device misuse, and computer-related crimes.
ABA publishes ethical opinion on AI tools
The American Bar Association (“ABA”) has issued its first formal opinion on the ethical obligations of lawyers when using generative AI tools. These include verifying the output of the AI model utilized and protection of client data.
Denmark allows telephone speech recognition system
Following an investigation, the Denmark’s data protection authority has announced an insurance intermediary, which transcribes audio files using speech recognition, may use AI to improve service by recording and analysis of customer calls. It did however note that the intermediary had not obtained subject consent for the practice.