Companies must prepare for a wave of EU technology regulation

The work underway in the European Union on new technology regulations should prompt companies to take steps in advance to adapt to operating in an increasingly challenging legal environment, according to lawyers at DLA Piper. Already today, many firms recognise that taking pre-emptive action is an opportunity to build customer trust and strengthen its market position.

While supporting the digitalisation of European economies, the European Union is, at the same time, attempting to regulate the use of technologies such as artificial intelligence and machine learning so that they are safe for citizens, protect their privacy and prevent discrimination and misinformation. The new NIS 2 Cyber Security Directive is due to come into force soon, while in early December the Council of the European Union adopted a common position on the Artificial Intelligence Regulation.

Although adapting to the emerging legal regime means additional costs and the final shape of the regulation is not yet known, as is the case with the Artificial Intelligence (AI) regulation, companies should keep a close eye on the dialogue taking place in Brussels. Some are already doing so and are proactively implementing solutions that may soon be required by the European Commission and other regulators. As Ewa Kurowska-Tober, head of the IPT practice at DLA Piper in Warsaw co-leading the Global Data Protection, Privacy and Cyber Security Team, points out, such tactics can have positive effects.

“We observe that already today some companies are voluntarily developing policies regarding, among other things, the use of artificial intelligence taking into account EU guidelines and recommendations. Companies are showing customers that they are aware of the risks posed by new technologies and take security seriously. In this way, they are building trust and can distinguish themselves from their competitors," says Ewa Kurowska-Tober.

An example of this could be the code of ethics of the British-Swedish pharmaceutical company AstraZeneca, which communicates the company's values and principles in the use of artificial intelligence and the requirements for technology service providers.

The second reason why companies should be thinking about adaptation measures today is that they cannot afford to postpone digitalisation until the final shape of regulation is known. Therefore, despite the economic downturn, they continue to invest in new technologies and try to minimise the regulatory risks associated with their use.

“The process of developing new solutions, for example, applications, sometimes takes up to two years. If future regulatory requirements are not taken into account during this process, it can mean that the functionality that application may be severely limited, its market introduction could be delayed, and project costs might increase. In order to prevent such a situation, many companies try to involve lawyers in the project from the very beginning,” adds Ewa Kurowska-Tober.

At the same time, unlike a few years ago, companies are aware that they will be able to adapt to the new regulations.

“When the EU Data Protection Regulation (GDPR) came into force in 2018, it was a real tsunami. A completely new philosophy and a huge challenge for companies,” says Mark O'Conor, partner in DLA Piper's London office and head of the global technology team. “However, the huge effort companies have had to make to comply with GDPR has meant that the regulations being prepared by Brussels today are no longer view as a barrier to overcome.”