| The LES South Africa Life Sciences Committee held a virtual meeting on 6 February 2025 entitled “The EU AI Act – Navigating its impact on South Africa” |
|
|
| Quick recap |
|
| Andre, Esha, and Leanne discussed the setup for an upcoming meeting and the potential for developing a South African-specific privacy law course. Leanne then provided a detailed overview of the European Union’s AI Act, its implications, and the steps South African companies can take to comply with it. The conversation ended with a discussion on the implications of AI legislation in various countries and the importance of transparency in balancing productivity and privacy. |
|
| Next steps |
|
| • South African companies to conduct an AI inventory and assess their AI systems to identify risk categories. |
| • South African companies to update existing risk frameworks to embed AI compliance. |
| • South African companies to update policies and future-proof contracts related to AI usage. |
| • South African companies to conduct due diligence on AI suppliers and vendors. |
| • South African companies to assign AI champions within different business functions. |
| • South African companies to implement AI literacy training and awareness programs for staff. |
| • South African companies to create policies for internal and external use of AI. |
| • South African companies operating in the EU to review their AI systems to ensure they are not in the banned category. |
| • South African AI providers operating in the EU to appoint an authorized representative in Europe if required. |
| • LES members to share the presentation slides and recording with their teams. |
|
|
| Summary |
|
| Upcoming Meeting Setup and Protocol |
| Andre, Esha, and Leanne discussed the setup for an upcoming meeting. Esha, who initially set up the meeting, planned to leave before its end, so Andre was made the host. The meeting was set to have a waiting room and participants would join on mute. Leanne was based in Amsterdam, while Esha was in Scotland. The meeting was recorded at Andre’s request, and participants were encouraged to ask questions via chat. |
|
| Upcoming Presentation and Law Firm Dynamics |
| Andre and Leanne discuss the upcoming presentation, noting that they expect around 40 attendees, which is considered a good turnout for a non-mandatory event. They briefly touch on the current busy period at Andre’s law firm, with the financial year-end approaching. Leanne reflects on the differences between working in-house and at a law firm, mentioning the challenges of the billable hour model and the availability of resources. They also discuss privacy certifications and the potential for developing a South African-specific privacy law course. |
|
| Pretoria Office Memories and Zoom Tips |
| In the meeting, Leanne and Andre reminisced about their time at the Pretoria office, mentioning colleagues like Donnie Strachan and the American company where Donnie now works. Andre shared his experience of being late to Zoom meetings due to updates and not using it often. Esha suggested starting meetings a minute after the scheduled time to accommodate late joiners. Andre agreed to start the meeting and record it, while Esha offered to stay for 15 minutes to assist with any issues. |
|
| AI’s Impact on IP and Regulation |
| Andre discussed the evolving topic of AI and its implications on IP, noting its potential to be as important as data protection. He highlighted the EU AI Act as a significant regulatory framework and suggested that South Africa’s regulatory framework might be influenced by it. Andre then introduced Leanne Fulman, a data privacy and AI expert, to discuss the EU AI Act in more detail. Leanne agreed to address any questions or comments during her presentation. |
|
| AI Act: EU’s Risk-Based Regulation |
| Leanne discussed the AI Act, a principles-based law that takes a risk-based approach to regulating AI in the EU. She explained that the act supports innovation while preventing harm, and its main goal is to protect human rights and fundamental European values. Leanne clarified that the act has global coverage, applying to any AI system with a link to the EU, regardless of where the system is used. She also differentiated between AI models and AI systems, noting that each has different legal obligations. Leanne then discussed the roles of providers and deployers under the act, with providers having the majority of obligations and deployers having fewer but still significant responsibilities. Lastly, she mentioned the requirement for an authorized representative to be appointed by a provider outside the EU in certain cases. |
|
| EU AI Act Risk Levels Explained |
| Leanne discussed the European Union’s AI Act, which categorizes AI systems into four risk levels: prohibited, high risk, limited risk, and minimal risk. She explained that the higher the risk of harming someone, the stricter the obligations become. Leanne provided examples of prohibited practices, such as using AI devices to monitor children and social scoring, which would be banned under the act. She also gave examples of high risk, such as AI-powered quality monitoring systems in municipal border treatment facilities and employee monitoring software. Lastly, she mentioned limited risk examples, such as AI-generated Coca-cola ads and virtual beauty assistants. |
|
| Understanding and Complying With AI Act |
| Leanne discussed the importance of understanding and complying with the AI Act, particularly for South African companies operating AI systems linked to the EU. She highlighted the need for companies to identify their AI role, establish their risk category, and comply with the rules accordingly. Leanne also mentioned the phased approach to compliance, with the first phase requiring AI literacy for employees and the next phase involving the enforcement of rules on AI categories. She acknowledged the challenges of compliance, such as costs and cross-border administration, but also emphasized the opportunities, including building a competitive edge and aligning with the global standard. Leanne concluded by suggesting steps South African companies can take to comply with the AI Act. |
|
| AI Inventory and Risk Assessment |
| Leanne discussed the importance of conducting an AI inventory and assessing AI systems to identify their risk category. She suggested updating current risk frameworks to embed AI compliance, reviewing vendor contracts, and assigning AI champions. Leanne also emphasized the need for AI literacy and staff training, and the importance of creating policies for internal and external use of AI. She recommended several resources, including a slide deck and a Microsoft tool, to help build compliance frameworks and assess risks. |
|
| AI Legislation and Productivity Balance |
| In the meeting, Leanne and Andre discussed the implications of AI legislation in various countries, particularly focusing on Japan and the European AI Act. They noted the potential for ambiguity in the interpretation of these acts, and the challenges of balancing innovation with copyright protection. Andre encouraged all attendees to join the Les sessions, which are held regularly and cover a variety of topics. Leanne also shared her thoughts on the balance between monitoring productivity and privacy, emphasizing the importance of transparency. The conversation ended with Andre thanking Leanne for her contribution and promising to distribute the meeting’s recording and presentation. |
|
