With AI’s growing influence in the financial sector, understanding its impact is more important than ever. That’s why we are introducing a new series of posts that will cover the important aspects of AI in finance curated by our Associate Consultant Oleksandra Karpeko.

This series will explore key trends, regulations, and case studies, giving an in-depth look at how AI is shaping the future of financial services.

In our first post, we examine the EU AI Act vs. the US Executive Order on AI. While the comparison does not focus solely on AI, understanding these regulatory frameworks is crucial for banks and financial institutions operating internationally. Since regulatory requirements differ, understanding these distinctions is essential for compliance and strategic planning on both sides of the Atlantic. So, let’s dive in!

1. Scope and Applicability

The EU AI Act is a comprehensive legislative framework designed to regulate AI systems across all member states. It applies directly to providers, deployers, importers, and distributors of AI systems within the EU, aiming to ensure the protection of fundamental human rights, transparency, and accountability.

In contrast, the US Executive Order on AI, issued by President Biden, focuses on setting standards for the safe, secure, and trustworthy development and use of AI across various sectors. Unlike the EU AI Act, the Executive Order leverages the authority of the Presidency to mandate that primary executive departments develop industry standards and regulations. This approach can lead to differing standards across sectors and lacks the uniformity seen in the EU’s approach.

2. Privacy Protection

Both regulatory frameworks prioritize the protection of individual privacy. The EU AI Act aligns with the General Data Protection Regulation (GDPR), emphasizing strict data governance and protection measures for high-risk AI systems. It mandates the conduct of data protection impact assessments (DPIAs) for such systems to ensure compliance with privacy standards.

The US Executive Order calls for the creation of a new privacy regime, recognizing the absence of a comprehensive nationwide privacy regulation in the US. It focuses on developing privacy protections specifically tailored to AI technologies. Both frameworks prohibit exceptions to privacy laws for AI training purposes, underscoring the importance of safeguarding personal data.

3. Testing and Monitoring

Thorough testing and continuous monitoring are critical components of both the EU AI Act and the US Executive Order. The EU AI Act mandates rigorous pre-deployment testing and ongoing post-market oversight for high-risk AI systems to ensure their safety, reliability, and compliance. This includes regular audits, documentation, and human oversight mechanisms.

Similarly, the US Executive Order emphasizes the need for continuous assessment of AI systems to confirm their safety and performance. It advocates for comprehensive testing protocols and monitoring standards to ensure AI technologies meet the required safety and ethical benchmarks.

4. Cybersecurity Standards

Both regulatory efforts address the cybersecurity risks associated with AI. The EU AI Act requires AI systems to adhere to robust cybersecurity standards, focusing on preventing misuse and ensuring system integrity. However, the Act does not heavily emphasize protection against cyber threats specific to large-scale AI models.

The US Executive Order distinctly highlights the importance of cybersecurity, particularly regarding the misuse of AI models by malicious actors. It calls for stringent cybersecurity measures to protect AI technologies from threats, ensuring their safe deployment and operation.

5. Regulatory Reach and Legal Authority

A key difference between the two frameworks lies in their regulatory reach and legal authority. The EU AI Act aims to create a unified regulatory framework applicable across all member states, directly imposing binding regulations with strict compliance requirements and significant penalties for violations. This approach ensures uniformity and consistency in AI regulation across Europe.

In contrast, the US Executive Order focuses on developing standards and guidelines through executive departments, which are not legally binding but serve as best practices for AI development and use. This can result in varying implementation across sectors and potentially less stringent enforcement compared to the EU’s approach.

Best regards,

Oleksandra Karpeko