Maria De Lourdes Haynes (American U Dubai) has posted “Governing at a Distance: The EU AI Act and GDPR as Pillars of Global Privacy and Corporate Governance” on SSRN. Here is the abstract:
The European Artificial Intelligence Act (AI Act) constitutes a landmark regulatory framework governing artificial intelligence technologies, with core principles grounded in transparency, accountability, and risk mitigation. While designed to foster innovation and safeguard fundamental rights, the Act poses considerable implementation challenges. Organisations must navigate complex compliance obligations imposed to various actors across the value chain. These requirements entail rigorous reporting, auditing, monitoring and governance mechanisms, placing increased demands on corporate governance structures.A defining feature of the AI Act is its extraterritorial scope, mirroring the reach of the General Data Protection Regulation (GDPR). The AI Act applies not only to entities established within the European Union but also to non-EU businesses operating or placing AI products on the EU Market. Its extensive provision, covering authorised representatives and specific duties for actors across the AI value chain, are expected to incentivise non-EU jurisdictions and corporations to align their AI development and deployment practices with EU standards. Non-compliance may lead to hefty fines and exposure to reputational damage along with an erosion of consumer trust.AI Act is poised to emerge as a global benchmark for AI regulation. Board-level governance bodies must reconcile innovation and business objectives with regulatory imperatives, address liability risks, and embed AI literacy into strategic management and decision-making. As the regulatory framework evolves, it reinforces the necessity of integrating multidisciplinary legal, ethical, and strategic considerations into managerial and corporate governance frameworks to navigate this dynamic environment effectively and mitigate emerging risks.