FPF and OneTrust Release Collaboration on Conformity Assessments under the proposed EU AI Act: A Step-by-Step Guide & Infographic 

Today, the Future of Privacy Forum (FPF) and OneTrust released a collaboration on Conformity Assessments under the proposed EU AI Act: A Step-by-Step Guide and accompanying Infographic. Conformity Assessments are a key and overarching accountability tool introduced in the proposed EU Artificial Intelligence Act (EU AIA or AIA) for high-risk AI systems.

Conformity Assessments are expected to play a significant role in the governance of AI in the EU, and the Guide and Infographic provide a step-by-step explanation of what a Conformity Assessment is–designed for individuals at organizations responsible for the legal obligation to perform one–along with a roadmap outlining the series of steps for conducting a Conformity Assessment.

The Guide and Infographic can serve as an essential resource for organizations who want to prepare for compliance with the EU AIA’s final text, which is expected to be adopted by the end of 2023 and become applicable in late 2025.

Key aspects of the Guide and Infographic include:  

• Information and background about the proposed EU AI Act & Conformity Assessments. The proposed EU AIA is a risk-based regulation with enhanced obligations for high-risk AI systems, including the obligation to conduct Conformity Assessments. In the EU context, the Conformity Assessment obligation is not new: the EU AIA aims to align with the processes and requirements found in laws that fall under the New Legislative Framework (NLF), and Conformity Assessments are also part of several EU laws on product safety, such as the General Product Safety Regulation, the Machinery Regulation, or the in vitro diagnostic Medical Devices Regulation.
• The Conformity Assessment applicability for AI systems. A Conformity Assessment is the process of verifying and/or demonstrating that a high-risk AI system complies with the requirements enumerated under Title III, Chapter 2 of the EU AIA. The first step in the Conformity Assessment journey is determining whether an organization’s AI system falls under the Conformity Assessment legal obligation, and the Guide and Infographic include a flowchart of questions for an organization to answer in order to determine whether they need to comply with the Conformity Assessment obligation.
• Conformity Assessment requirements for high-risk AI systems. The Guide describes each Conformity Assessment requirement, its meaning, and at what phase of the AI system’s life cycle each requirement should be met. These requirements include Risk Management System; Data and Data Governance; Technical Documentation; Record Keeping; Transparency Obligations; Human Oversight; Accuracy, Robustness and Cybersecurity.
• Overview of EU Plans for Standards & Presumption of Conformity. The European Commission is looking to obtain standards that provide “procedures and processes for conformity assessment activities related to AI systems and quality management systems of AI providers.” Such standards will be crucial to developing operational guidance for the implementation of Conformity Assessments and are expected to facilitate compliance with the technical obligations prescribed by the EU AIA. Given that the EU AIA is still under negotiation, the draft standardization request that was issued by the European Commission in December 2022 may be amended when the AIA is finally adopted. 

For more information about the EU AIA, Conformity Assessments, and the Guide and Infographic, please contact Katerina Demetzou at [email protected].