Lawfare Archive: Itsiq Benizri on the EU AI Act

Lawfare Host

The following podcast contains advertising to access an ad free version of the Lawfare Podcast. Become a material supporter of lawfare@patreon.com lawfare that's patreon.com Lawfair also check out Lawfare's other podcast offerings, Rational Security, Chatter, Lawfare, no Bull and the Aftermath.

Hesi Jo

Ever feel like you're carrying something heavy and don't know where to put it down? Or wonder what on earth you're supposed to do when you just can't seem to cope? I'm Hesi Jo, a licensed therapist with years of experience providing individual and family therapy, and I've teamed up with BetterHelp to create mind if We Talk? A podcast to demystify what therapy's really about. In each episode, you'll hear guests talk about struggles we all face, like living with grief or managing anger. Then we break it all down with a fellow mental health professional to give you actionable tips you can apply to your own life. Follow and listen to Mind if We Talk on Apple Podcasts, Spotify, Amazon Music, or wherever you get your podcasts. And don't forget your happiness matters.

Alltrails Advertiser

Out here, we feel things the sore calves that lead to epic views, the cool waterfall mist during a hot hike, and the breeze that hits just right at the summit. But hey, don't just listen to us. Experience it for yourself. Alltrails makes it easy to discover the best of the outdoors, with more than 450,000 trails around the world, points of interest along the trail, and offline maps for always on navigation. Download the free app today and find your next outdoor adventure.

Eugenia Lothari Laufer

Foreign.

Mary Ford

I'm Mary ford, intern at Lawfare, with an episode for the Lawfare Archive for July 5, 2025. This week, in a 99. 1 vote, senators voted to kill an AI moratorium that would have prevented states and localities from enforcing any new AI law or regulation over the next 10 years. AI regulation remains important, though, and President Trump's actions on cybersecurity, data privacy, and AI have sweeping implications for the United States allies, especially those in the European Union. For today's arXiv episode, I selected an episode from February 16, 2024, in which Lawfare Fellow in Technology Policy and Law Virginia Lottrians spoke with counsel at the law firm Wilmer Hale Brussels Itzik Benisri, about European AI regulation in the EU AI Act. They talked about how domestic policy shape the legislation, if this act sets a roadmap for how the international community regulates AI and more.

Eugenia Lothari Laufer

I am Eugenia Lothari Laufer's fellow in Technology Policy and law and this is The Laufer Podcast February 16, 2024 the EU has finally agreed to its AI Act. Despite the political agreement reached in December 2023, some nations maintained some reservations about the text, making it uncertain whether there was a final agreement or not. They have recently reached an agreement on the technical text, therefore moving the process closer to a successful conclusion. The challenge now will be effective implementation. To discuss the act and its implications, I was joined by Itzik Benisri, counsel at law firm Wilmerheil Brussels. We discussed how domestic politics shape the final text, how governments and businesses can best prepare for new requirements, and whether the European act will set the international roadmap for AI regulation. It's the law Firm podcast for February 16th. Itzik Venus re on the EU AI act so, Itzik, before we dive into some of the recent developments about the EU AI act, could you maybe provide a brief recap of the fundamentals of the act that our listeners should keep in mind throughout the conversation?

Lawfare Host

Sure, sure. So we've already covered the main rules in our last podcast, so I'll just give a quick rundown of the key points of the Act. Basically, the AI act takes a risk based approach. It categorizes AI into four levels of risk, and each level has different requirements. So first you've got minimal risk AI which doesn't pose any real danger and so doesn't have specific requirements. Then there is limited risk AI which only need to meet basically transparency requirements. Moving up, you've got high risk systems which have stricter rules to follow. And the most prominent requirement for high risk AI systems is probably the obligation to carry out a conformity assessment before you put your AI product or AI service on the market. And the objective here is to make sure that your product or your service is safe enough. There are other requirements too, like being able to prove compliance to regulators, or also, for example, having proper human oversight. And finally there's AI that poses unacceptable risks. So those are systems that cause serious concerns, usually because they jeopardize people's safety or fundamental rights. Maybe one more thing in terms of scope. So the AI act isn't just for AI companies. It lay out obligations for providers, importers, distributors, and obviously manufacturers of AI systems. And so it even applies to those who deploy AI systems. And that's basically people and companies using AI for work purposes. Just regarding the scope, one last thing again, there are some things that the AI act doesn't cover, like AI systems used for military purposes or solely for scientific research. The AI act also Excludes free and open source AI systems unless they're high risk. So all of this is out of scope.

Eugenia Lothari Laufer

That's great. Thank you for that overview. Now, the act has been in the making for a very long time. Back in December of last year, policymakers reached a political agreement on the Act. A few weeks ago, they agreed on the technical text. Now, just some days ago, two committees in the European Parliament ratified the provisional agreement on it. Now, for all of those of us who are less used at following these negotiations, all this back and forth, can you explain the difference between these moments and how they fit into the larger process?

Lawfare Host

Yeah, sure. So that's an excellent summary. So back in December, lawmakers reached a political agreement, and that was just on the key principles. And then it was all hands on deck to finalize the actual text. Honestly, what happened is that negotiators were just swamped. I remember officials saying that there was no way they could tackle all the open issues in detail in time. And obviously time was a major factor here. So the only way forward was for everyone involved to agree on the main political points by the end of last year and then give themselves a few more weeks early this year to hash out all the technical details. And so that's the difference between what happened back in December and what happened more recently. So the last set date for negotiations between the Parliament, the Council and the Commission was in the first week of February, and that was cutting it close. As I said, negotiators had to wrap up a final text by early February so that lawmakers would have time to vote in the Parliament in March or April before the European elections in June. You know, my concern is that officials already knew, even at that time, I would say around October, November last year, that even if they went this route, they still wouldn't be able to iron out all the technical issues in time. It's like they were admitting that the AI act would have some flaws and that we'd need a lot of guidance from the Commission to fill in the gaps left by last minute negotiations. I'm not sure if people realize how worrying this is, but from what I've seen of the draft, I wouldn't call it a masterpiece. In fact, even the legal services of the Parliament, the Council and the Commission, they all said that the quality of the legal drafting is not up to EU standards. So when you're talking about general principles, it's fine, but once you start delving into the specific provisions and how they interact with, it's a whole different ballgame. But obviously, once we'll have a final text published in the official journal of the eu. We'll just have to roll up our sleeves and make it work. I guess that's the idea.

Eugenia Lothari Laufer

So between now and the moment that the final text is published, do you think that there's hope that some of those concerns will be addressed? Is there an opportunity for that to happen?

Lawfare Host

So it depends on how optimistic you are. Some people, obviously those who are involved in the legislative process, say that there will be guidelines, there will be some interactions between lawmakers and the industry in general. But frankly, I'm afraid the text is here and it's just, it's probably a bit late now.

Eugenia Lothari Laufer

You mentioned that there was agreement back in December on the main political points. Right. But some of the reporting indicated actually that shortly before the agreement, then on the technical text, the adoption of the act was not really guaranteed. Now, is it normal, is it typical to have such uncertainty this late in the game? And if it's not, which I'm guessing it's not, what contributed to it?

Lawfare Host

In this case, yes, I wouldn't say it's something that happens all the time with EU legislation, but it's not exactly the first time either. In this case, I think this uncertainty comes from a mix of mainly three things. So it's probably first about the significance of the issue because Europe really wanted to lead the way in AI regulation. The second thing is probably about the big differences in opinion among lawmakers. And the third thing I'd mention is the timing with the European elections. So the negotiations were pretty tense because the parliament and national governance had very different views. For example, the parliament was dead set against using facial recognition tech, but the member states, they were okay with that for law enforcement purposes. So we had this big debate about whether to ban these technologies altogether or just restrict them in certain situations. There were also some heated discussions about what should be classified as high risk, high risk AI. And there was also a major split over how to regulate generative AI. So I think another. Another big point of contention was government governance. Sorry. And enforcement as well. So as we get closer to the end of the year 2023, especially from October onwards and certainly November, tensions started to run high. It was fairly obvious that lawmakers were really pushing to strike a deal. But with the European elections coming up in June 2024, time was running out to get the text finalized, and that's not easy. Right. You need, for example, to translate the regulation into all the languages, the official languages of the eu, and there are a lot of them. So Long story short, everyone knew that if we didn't have an agreement by the end of 2023, all the hard work would have been for nothing. Europe was dead set on being the first to regulate AI, but it really looked like that might just not happen. So December was a total whirlwind. On December 6th, lawmakers met, I think at 3pm they had negotiations for 20 hours, I think, and still they couldn't come to an agreement, especially on stuff like foundation models or generative AI. So it was really crunch time for negotiations. And then finally on December 8th, after three days of literally non stop talks, EU legislators announced that they had hammered out a political agreement. And as you just said, at the start of February, national governments gave the final text their seal of approval. And just two days ago, as you correctly indicated, the Parliament's committee did the same. So it looks like now we're all set for the final vote by the Parliament mid April this year.

Eugenia Lothari Laufer

When we look at the way in which some countries, for example France or Germany, have been taking positions, that could be understood as them standing up for there would be national champions in this space. Do you think that lends credence to the concern that the EU is being protectionist and trying to slow down foreign dominance over AI development?

Lawfare Host

Yeah, that's a very good question. So initially the European Parliament proposed regulating foundation models. That's basically the technology behind generative AI. And then as you said, France, Germany and Italy as well pushed back against this idea. They made it clear that they didn't want any regulation of foundation models. They basically prefer these models to be self regulated through codes of conduct rather than strict EU regulation. And then only general purpose AI such as ChatGPT, for example, would be regulated. So basically what happened is that France and Germany were concerned that heavy handed regulation might be too challenging for their most promising AI startups. So you have for example, Mistral in France and Aleph Alpha in Germany. Mistral was just founded in April 2023 and so remarkable growth within just a few months and is now what we call a unicorn. And Aleph Alpha was founded a bit earlier, I think that was in 2019, but I raised half a billion dollar in November 2023. So you probably understand how these sort of success stories influence the positions of France and Germany. Ultimately, the compromise led to the adoption of minimum standards for general purpose AI models and then stricter rules for what is called, and that's a bit technical, high impact foundation models with systemic risks. So those minimum standards, they primarily focus on transparency and copyright and the stricter rules I mentioned, they apply only if the model was trained with more than 10 to the power of 25 flops. So I'm sorry, this is getting a bit technical, but that's essential about measuring the model's power. So, practically speaking, currently only OpenAI's GPT4 and possibly Google's Gemini exceed this threshold. For example, Mistral, the French startup, does not. It does not exceed that threshold. And that's because there seems to be a trend toward developing smaller models. But it's worth noting that models like Bard and ChatGPT3 also fall below the threshold for stricter requirements, but they still present significant challenges. Right, so the reason I wanted to explain all those things is that, yes, there was a clear intention to support potential future national champions in Europe, but it's not clear whether this came at the expense of non European companies. In fact, you might even question whether Europe went too easy on non European players while attempting to bolster fast growing European startups. But the thing is, the Commission retains the authority to classify an AI system as high impact, even if it doesn't mean the threshold. So, you know, again, the compromise remains a central theme in this discussion.

Eugenia Lothari Laufer

Could you maybe tell us a little bit what are some of the main ways in which the act has changed over the course of the negotiations? And in particular, I'm interested in hearing your opinion about how those changes connect to some of the political considerations that you've been touching on.

Lawfare Host

Sure, sure. So I would probably start by diving into the very definition of what artificial intelligence is. That's obviously super important because it sets the boundaries for what businesses need to do or cannot do under the AI Act. Initially, the Commission's definition get a lot of flack for being too broad. The final definition of AI in the act is now very much inspired by the OECD definition, which is widely accepted. And so in practice, it's not just about the autonomy of AI systems anymore. It's also about their ability to figure things out from the info they get and then their ability to generate input on that basis. When it comes to governance, the final act creates a new European AI Office within the European Commission. The AI Office should facilitate the uniform application of the act and help the Commission prepare guidelines to support its practical implementation. Interaction with national authorities and the AI Board will be delicate and complex. And also the new AI Office will also oversee the implementation and enforcement of the new rules on general purpose AI models, which will be centralized at EU level. Now, coming back to your question about the political aspects, the whole deal with the AI office. It really reflects the compromise that lawmakers had to reach. So the parliament looked at what happened with the gdpr. With the gdpr, clearly getting all the national authorities to work together is a bit of a headache. So the parliament wanted everything to be centralized at the EU level, but you know how it is. National governments like to keep some of the power for themselves. And so we end up with an AI office at EU level, but then with fairly limited powers. Now, other than that, I would mention that lawmakers did agree eventually to ban real time remote biometric identification in public, but with some exceptions for law enforcement. You also have new things about high risk. So high risk systems are still mostly about AI used in critical infrastructure that could put people's lives at risk. But there is now an exemption for AI systems that don't really pose a big risk to people's health, safety or rights. Like if an AI system is just doing some basic tasks or spotting decision making patterns without taking over from humans, it's not subject to high risk AI systems obligations. I won't mention them all, but then you also have specific rules about transparency when it comes to generative AI and deepfakes. And maybe one last word. I guess I should probably mention fines because they're even higher than they used to be in the Commission's proposal. So basically under the final text, violation of unacceptable risk could lead to up to 7% of global annual turnover or 30 million euros. How do you choose? Well, it's basically whichever is higher. Then without being too specific very quickly, it's going to be 3% or 50 million euros for high risk systems and 1.5% for disclosing inaccurate information. So pretty high fines overall.

Eugenia Lothari Laufer

Can I actually ask you to discuss a little bit how the changes impacted deepfakes? I think that's something that's been around for a long time, but it's been in the news recently. I would be interested to hear how the AEO is planning on tackling that challenge.

Lawfare Host

Sure. So basically the key idea behind that regulation is that you should have transparency. So, you know, if you're using a deepfake, you should, you should tell users and viewers and basically everyone that it's a deep fake. That's, that's the key idea. Now, of course, it's fairly simple. Some people would probably argue that it's not going far enough and it was not like a huge concern when they were negotiating. I think lawmakers were focusing more on generative AI rather than deepfakes, which is as far as I'M concerned that's a bit surprising. But again, it just that they had so much to discuss and they just couldn't do everything last minute. So I've seen a lot of people claiming that this is not ambitious enough. They're probably right. Let's see.

Alltrails Advertiser

This summer Instacart is bringing back your favorites from 1999 with prices from 1999. That means 90s prices on juice pouches that ought to be respected, 90s prices on box Mac and cheese and 90s prices on ham, cheese and cracker lunches. Enjoy all those throwbacks and more at throwback prices only through Instacart. $4.72 maximum discount per $10 of eligible items. Limit one offer per order. Expires September 5 while supplies last Discount based on CPI comparison.

Lawfare Host

If you're alignment in charge of keeping the lights on, Grainger understands that you go to great lengths and sometimes heights to ensure the power is always flowing. Which is why you can count on Grainger for professional professional grade products and next day delivery so you have everything you need to get the job done. Call 1-800-GRAINGER clickgranger.com or just stop by Granger for the ones who get it done.

Hesi Jo

Ever feel like you're carrying something heavy and don't know where to put it down? Or wonder what on earth you're supposed to do when you just can't seem to cope? I'm Jesu Jo, a licensed therapist with years of experience providing individual and family therapy, and I've teamed up with BetterHelp to create mind if We Talk a podcast podcast to demystify what therapy's really about. In each episode, you'll hear guests talk about struggles we all face, like living with grief or managing anger. Then we break it all down with a fellow mental health professional to give you actionable tips you can apply to your own life. Follow and listen to Mind if we talk on Apple Podcasts, Spotify, Amazon Music, or wherever you get your podcasts. And don't forget, your happiness matters.

Eugenia Lothari Laufer

So it's interesting that you mention the focus on generative AI, right? Because if I recall correctly, when the Commission first proposed the act, they talked about intending for it to be future proof. And then ChatGPT happened and they actually realized that they had not foreseen this technology and it just became the big thing to address. While we may not know right now what the next leap in that technology is going to be, do you think the act is now better designed to face that uncertainty? Or is it suffering from basically the same problem where you didn't focus on deepfakes. So now it doesn't really address that, or it won't be useful to address whatever comes next.

Lawfare Host

Yeah, I think that's really the big question that everyone's pondering. The goal was clearly to create a regulation that's as tech neutral and future proof as possible, considering how quickly AI tech and markets are evolving. Honestly, I don't think the final AI act is any less likely to achieve this goal compared to the Commission's original proposal. But the recent amendments, and I think you've said that very well, the recent amendments do show that there are limits to what lawmakers can achieve. So, for example, if you take the Commission's proposal from April 2021, it didn't even mention generative AI. And just a year and a half later, ChatGPT caused such a stir that it became impossible to talk about AI regulation without specific rules for generative AI. And this just shows to me that when you're dealing with rapidly changing tech, it's hard to predict what we'll be facing in a couple of years, let alone five. And trying to regulate stuff we don't even know about yet is obviously even more difficult. That's a big challenge. So, look, I don't think the act is any less prepared to handle the future changes in AI, but I also don't think it's specifically tailored for that either. I think we just need to be humble and accept that there are limits to what laws can do when it comes to tech. And yeah, sure, authorities and courts will do their best to interpret the rules, but as far as I'm concerned, I think this is probably not ideal. At the same time, it's also true that you can't keep tweaking the law every time there's a new tech trend or it will become outdated real quick. So I guess we'll probably need to talk about AI act number two in a few years.

Eugenia Lothari Laufer

Do you think we'll talk about AI Act 2 before or after this one actually comes into effect?

Lawfare Host

Yeah, that's a very good question. I'm sure the debate will, you know, people will keep discussing. I would say probably give it another five years and then we'll need to discuss the next iteration of the Act.

Eugenia Lothari Laufer

Okay, let's talk again in five years and see whether we were right. You mentioned something at the beginning of your last answer that I just, I want to clarify. You talked about the Commission presenting a proposal that would be future proofed, but also tech neutral. What does it look like to develop an act for artificial intelligence that is at the same time supposed to be technology neutral. What does that mean in that context?

Lawfare Host

Yeah, that's a very good question. And frankly, that's the big challenge that they faced when they drafted the law. So essentially, I think it means having general principles that you could apply to different systems. And that's what I think I tried to. I meant when I said you just don't know what's coming. So, yes, on paper, it's a very good idea to say I'm going to have a very general principle that can apply not only to one specific tech, but might be expanded or adapted to another variation of that technology. But the thing is, this is so new, it's so ambitious, it's so big. And the idea that you would just have big principles that would apply to everything, it sounds very theoretical. So that's why you would probably have to. You would probably need authorities to issue guidance to explain how general principles in the act apply to, you know, specific tech that we would probably only see in a few years from now. You would probably also need courts to make judgments explaining how rules should be interpreted. But that's why I said, I'm not sure that's ideal, because you need to develop that expertise first. You need to make sure you are familiar with systems that you don't know yet. So how do you do that? And at the same time, is there anything else you could do? Probably not. So it's going to be very, very, very challenging in practice.

Eugenia Lothari Laufer

Speaking of challenges, let's look forward. What do you expect are going to be the challenges to the enforcement of the Act?

Lawfare Host

Yes, so governance is definitely going to be a huge challenge. So, you know, each European country will have its own national market surveillance authorities, and those authorities will be responsible for overseeing the implementation of the Act. But then on top of that, as mentioned before, there's the AI Board. At EU level, the AI Board will be made up of national representatives, and that board will act as sort of central hub for coordination and advice to the Commission and European national governments. And then in addition to that, you also have what is called the AI Office. And the AI Office is tasked with ensuring the AI act is applied consistently. And that office should also help the Commission come up with practical guidelines. So juggling all these different bodies and their interaction is going to be quite a dense. The AI Office also has the, you know, very difficult job of making sure that the rules for general purpose AI models are put into action. But again, figuring out who's responsible for what in this Whole setup. You know, that's the tricky part of the compromise that we mentioned. As I said, the Parliament wanted centralized enforcement, but national governments prefer to keep it local. So that's how we've ended up with this, frankly, overly complex governance model in the Act. And I've actually spared you the nitty gritty details. So that's probably the first big challenge, the super complex model for governance that has been created under the Act. And then obviously authorities will need money, right? I think that's very clear. But enforcing the act requires more than just cash. It needs a lot of skilled folks with serious technical know how to make sure these super complex AI systems are following the rules. So that again, that's a massive challenge. There's, there's no doubt about it. So, you know, putting ambitious rules on paper is one thing, but making them work in the real world is really a different ballgame. So personally I'm a bit skeptical, to be honest. But again, everyone says we need to be optimistic, so let's stay optimistic.

Eugenia Lothari Laufer

The applications on AI models won't start until, until after a year from when the act actually enters into force, which is still some months away. Right now, how would you recommend that different stakeholders that are going to be impacted by it make the most out of that time to ensure that they are prepared for a successful enforcement? What does being optimistic entail in practice?

Lawfare Host

Good question. So I think both authorities and businesses will need to prepare for this, and in this context, I think the timeline is important. So as you said, basically the act is rolling out in phases when it comes to implementation and enforcement. It's a bit of a maze, but basically national authorities need to be appointed around April 2025, and most of the Act's rules kick in about a year later. Right. April 2026. So that means that national authorities will have some time to prepare. The question, of course, is whether they'll have enough time given the huge challenges they are facing now. Things are a bit different at EU level, and that's because the obligations on providers of generative AI are slated to come into play around April 2025. So since the Commission will be handling enforcement for these models, that basically means that the Commission's timeline is more aggressive compared to that of national authorities. And so in essence, the Commission will need to be ready a year earlier. Now, that's the context and I think it's important because getting authorities up and running with the right resources within that time frame will be challenging. As I said, they'll need both funding and skilled personnel, and they'll need to wrap their heads around these new rules, which are frankly uncharted territory for everyone. Everyone. And authorities will also need to figure out where to focus their enforcement efforts. So I think rushing into enforcement isn't the way to go now. I think when people try to say, or try to be optimistic about this, I think what I mean is that to really make this work, authorities are going to, they'll need to collaborate closely with AI companies because frankly, both national regulators and the European Commission lack expertise in this field. And they will, or at least I think they should, heavily rely on valuable insights from the industry. So hopefully in the months ahead, companies will also receive guidelines from both the Commission and national authorities. So you see, I'm really trying to be optimistic here, but it might happen. And as far as companies are concerned, I think it's also crucial for all of them to ensure that their teams are well educated about the AI Act. And even non AI companies need to step up their game. They need to understand the tech and they need to set their own risk thresholds to navigate compliance effectively. So being optimistic means basically hoping that authorities will interact with the industry and businesses won't do the same mistake that they did with the GDPR and won't wait until the very last minute to start to launch compliance programs.

Eugenia Lothari Laufer

The EU is popularly considered to be a regulatory powerhouse, right? But unlike what happened with other tech issues, this time when it comes to AI, you have more countries, you have more groups that are also thinking about how to regulate AI, how to assess, exert international influence. What do you think this means for the AI Act? Do you think it will become an international roadmap in the same way as, for example, the GDPR was?

Lawfare Host

So that's probably what the EU is hoping for, and I think that's quite likely. But we should probably separate two things here. There is on one hand the real world impact, and then on the other hand, the legal ramifications. I think the real world impact will be significant. And that's because the AI act is going to cover all products or services hitting the European market, regardless of where the company behind them is based. So you have a pretty massive extraterritorial effect. And we've seen before that companies tend to tweak their offerings and play by European rules rather than just leaving the European market. So I'd say it's possible that some companies might cherry pick bits of the act, even for products sold outside Europe, because, you know, sometimes it just makes more financial and operational sense to have one version of your product. Globally rather than separate ones. And also, meeting European standards often means you're covered for other countries requirements, which are usually usually less stringent. So that's another reason to have European standards, even when you're sold in your product outside eu. But then, of course, not every company will want to apply stricter rules across the board. That's where things might differ, I think. Some rules in the ACT are more likely to spread far and wide, while other rules might not have such a big impact depending on company's game plan. So, for example, changing product designs could be challenging. So you might say, well, I'm going to have just one product design globally. But then transparency rules, for example, that's very different because it might be easier to tweak and apply transparency rules differently in Europe and elsewhere. Now, when it comes to the legal ripple effect beyond Europe, it's a bit like deja vu with the gdpr. Lots of countries might take a leaf out of Europe's book when crafting their own rules, and that's probably especially true given the heavy lifting Europe's done on the AI Act. But I would say that borrowing from the actual doesn't mean carbon copying it like with the gdpr. I think non EU regulators will pick and choose which European rules suit them and they'll just ditch the ones they're not keen on. And another thing you might see is some countries holding off until they've seen how things pan out in Europe. And maybe they'll just tweak bits here and there to dodge any downsides they spot.

Eugenia Lothari Laufer

That's great. Thank you, Itzhak. Now, before we wrap up the conversation, I wanted to give you some space in case there's, you know, any final thoughts that you want to leave our listeners with.

Lawfare Host

Sure. You know, one thing that is really important to me is I'd like to emphasize that AI regulation in Europe isn't just about the AI Act. So obviously the AI act will be key, it will be central, and we've talked a lot about it, but it's going to be mingling with a bunch of other regulations. So, for example, you can take the gdpr. The GDPR already gives individuals the right not to have decisions made about them solely by automated processes in certain situations. So that sounds complicated, but that's typically AI. Basically, the EU is also working on other instruments to hold companies liable for damages caused by defects in their AI systems. And the EU is seeking to make it easier for victims to prove their product liability claims, and that includes when they relate to AI systems. So you'll also need to think about the Data act when it comes to AI in IoT connected devices. Right. And you'll need to think about the Digital Services act that we call the DSA when it comes to AI in content moderation and systems for promoting personalized content in social media. Maybe, you know, I could go on and on, but maybe the last one I would mention is the dma, the Digital Markets Act. This is something that larger the largest players will also need to consider when it comes to competition rules. So yeah, I'd say. I think I'd just say buckle up because it's going to be a wild ride navigating this maze of regulations in the AI world. But I think the spirit in Brussels at the moment is basically worth the fun without a bit of a challenge.

Eugenia Lothari Laufer

It's exciting. Thank you so much for joining me today. This was a great conversation.

Lawfare Host

Thanks. You really enjoyed it.

Eugenia Lothari Laufer

The Lawfare Podcast is produced in cooperation with the Brookings Institution. You can get an ad free version of this and other Lawfur podcasts by becoming a Lawfur material supporter@patreon.com lawfur. You'll also get access to special events and other content that's available only to our supporters. Please rate and review us wherever you get your podcasts. Look out for our other podcasts including Rational Security, Chatter, Allies and the Aftermath. Our latest Law Firm podcast series on the Government's response to 1-6-6. Check out our written work@lawformedia.org the podcast is edited by Jen Patehowel and your audio engineer. This episode was Noam Osmand of Goat Rodeo. Our music is performed by Sophia Yan. As always, thank you for listening.

Alltrails Advertiser

If you're an experienced pet owner, you already know that having a pet is 25% belly rubs, 25% yelling drop it. And 50% groaning at the bill from every vet visit. Which is why Lemonade Pet insurance is tailor made for your pet and can save you up to 90% on vet bills. It can help cover checkups, emergencies, diagnostics, basically all the stuff that makes your bank account nervous. Claims are filed super easily through the Lemonade app and half get settled instantly. Get a'@lemonade.com pet and they'll help cover the vet bill for whatever your pet swallowed after you yelled drop it.