The European AI Act imposes obligations not only on developers and providers of artificial intelligence, but also on organizations that use AI systems. Whether it concerns medical decision-making, chatbots, CV screening, or automatic invoice processing, users will face specific responsibilities. This article outlines what these obligations entail and how organizations can prepare for them.
Organizations that use AI must take active measures. Passive use is no longer sufficient. Policies must be put in place, oversight procedures must be established, employees must be trained in AI literacy, and responsibilities must be defined. These obligations apply not only to high-risk systems, but also to applications that indirectly affect people or processes. Consider, for example, a chatbot that automatically handles customer questions. Here too, you must ensure control and transparency from the outset.
The quality of AI systems depends entirely on the data they are trained on. Users must ensure that sufficiently representative and relevant data is used. This means checking whether the data is appropriate for the intended use and whether different perspectives and target groups are adequately represented. For example, avoid datasets that only contain data from one specific age group, gender, or cultural background. This will help you prevent biased or one-sided outcomes.
In addition, users must assess data quality based on the objectives for which the system is being used. Determine in advance which outcomes the system must support, and check whether the data is suitable, complete, and up to date for this purpose.
Incidents in which the AI system fails, causes damage, or generates unexpected outcomes must be reported by the user to both the provider and the competent supervisory authority. Depending on the AI used, different supervisory authorities may be competent. Identify these in advance. Timely reporting prevents further damage, limits legal liability, and protects the organization's reputation. Therefore, ensure that you have a reporting protocol in place that specifies the supervisory authority for each AI, clearly defines responsibilities, and trains employees to recognize incidents.
For AI systems, users must register the actual use of these systems in a database managed by the EU. This increases market surveillance and ensures transparency about where and how AI is used within the Union.
Does your organization use a GPT or Copilot solution, for example? In that case, registration is usually not necessary for simple applications, such as text suggestions or email support. However, as soon as AI is used for decision-making that impacts people, such as personnel selection or assessment, registration is mandatory. It is therefore important to carefully analyze the use and determine whether your application falls under this obligation.
The AI Act marks a turning point in the way organizations deal with artificial intelligence. Not only developers, but also users bear responsibility for safe, fair, and transparent use. Taking measures, training staff, ensuring human oversight, and complying with reporting and registration requirements are not optional choices; they form the basis for future-proof AI applications within a European framework.
A proactive approach not only protects the end user, but also strengthens confidence in technology.
