The European Commission recently proposed Northern Ireland should have to comply with EU laws regulating Artificial Intelligence systems.
The EU’s AI Act came into force in August 2024. The UK hasn’t yet enacted legislation specifically regulating AI.
Rory Campbell, tech law specialist and partner in the Belfast office of law firm Lewis Silkin says that as and when UK AI laws are enacted, NI businesses may well have to comply with the laws of both jurisdictions.
“There will be minimal impact for NI AI businesses planning to sell AI systems into the EU, as they would already have to comply with EU AI rules,” says Mr Campbell.
This announcement follows an established pattern where laws of a jurisdiction often extend to external businesses offering services to customers within the jurisdiction – for example, any ROI business providing data services to UK customers may well have to comply with the UK version of the GDPR.
Whilst the UK and EU versions of GDPR are very similar, AI regulation in the UK is heading in a different direction to the EU’s law, Lewis Silkin says.
READ MORE: Pauline McKeating completes purchase of MBNI Holdings in 'significant' new chapter for the company
UK and AI laws: different directions
EU AI law takes a risk-based approach - the higher the risk posed by the AI tool, the greater the level of regulation. The EU divides AI systems into four categories: unacceptable, high, low and minimal risk.
Unacceptable risk systems (for example, social credit scoring systems, emotion-recognition systems using biometric data, although exceptions apply) are banned from February this year.
High risk systems (for example, using AI in recruitment processes) may not be banned, but any business which provides or deploys the systems has a large number of legal obligations.
Providers and deployers of low-risk systems like text generators or chatbots, have fewer obligations, and mainly have to focus on making it clear that users are dealing with a machine
Minimal risk systems, such as spell-checkers, video games, have no extra obligations.
The EU legislation will be policed by a central AI Office which opened in May 2024.
In contrast, the UK’s take on regulation is anticipated to follow the US towards a lighter touch, business and innovation friendly approach, without a central enforcement body.
NI businesses therefore face the challenging possibility of spanning two diverging regimes driven by two different regulatory bodies.
Providers and Deployers
The EU rules aren’t anything unexpected for NI AI businesses who’d been planning on selling to customers in the EU.
However, the rules also apply to “deployers” as well as providers. NI businesses who pay for the deployment of an AI system to be used by their staff or customers may not have expected that they, too, will have to comply with EU law.
“With this latest update from the European Commission, any such business should check the risk status of the AI system it uses and then identify the legal obligations which the EU AI Act imposes on that category of risk,” says Mr Campbell.
“Whilst the EU’s proposal is not set in stone, we’re advising businesses check carefully whether proper contractual comfort is given by the provider of the AI system to the NI business deploying the AI system.
“It is possible with this development that in the near future we may see the NI judiciary having to consider a plaintiff’s case on the basis of two different, possibly conflicting, laws.”
The EU’s proposal will be determined at the EU/UK Withdrawal Approval Joint Committee’s next meeting.
For more information on Lewis Silkin’s AI advice please visit lewissilkin.com
Read the latest edition, Spring 2025, of Sync NI here completely free of charge.
Subscribe to the Sync NI newsletter for all the latest technology news, jobs and upcoming events in Northern Ireland.
Visit Sync NI online for the latest technology news in Northern Ireland.
