Course overview
The Supreme Court of Appeal's judgement in ENS v Hawarden has highlighted critical liabilities in data protection and cyber fraud. The landscape of AI integration is more complex than ever. Take this course, designed to equip you with the knowledge and tools to responsibly deploy General Purpose AI (GPAI) models, especially those with systemic risks. Drawing from authoritative sources, it will untangle the "nexus of responsibility" – from provider verification to risk mitigation – ensuring your deployments comply while innovating.This course transforms regulatory challenges into actionable strategies, blending legal insights, real-world case studies (e.g., Fashion ID, Breyer, and Vals-Polisaras), and best practices from industry leaders like OpenAI, Google DeepMind, and Anthropic.
Course objectives
Participants will obtain an understanding of :
- Understand deployer obligations for GPAI integration: Focus on systemic risk models.
- Explore the intersection of the EU AI Act, GDPR, and sectoral laws: Ensure seamless due diligence with regulations like the Digital Services Act.
- Master a structured approach to provider verification: Assess risks and exemptions in AI lifecycles.
- Identify and mitigate risks: Use frameworks, evaluations, and collaborative practices.
- Operationalize compliance: Implement contracts, documentation, and ongoing monitoring to avoid penalties and foster trust.
Course outline
Participants will learn about:
Module 1: Foundations of Due Diligence and Risk
- Provider Verification and Compliance: Identify providers, check legal details, market placement, and code adherence. Use KYC checks and official sources.
- Systemic Risk Assessment: Verify classifications (e.g., 10^25 FLOPs), notifications, and reclassification history. Guidance from EDPB Opinion 8/2024 and CNIL's 2025 recommendations.
- Exemptions and Internal Governance: Scrutinize open-source claims, licenses, and provider roles/responsibilities.
Module 2: Risk Assessment and Mitigation
- Transparency and Documentation: Review completeness, dynamic updates, and information sharing under NDAs.
- Copyright and TDM Compliance: Navigate DSM Directive, opt-outs, output filters, and redress mechanisms.
- Safety & Security Measures: Implement mitigations for alignment, cybersecurity (e.g., encryption, red teaming), and continuous assessments. Case studies from Mistral AI and Stability AI.
- Collaboration and Integration Risks: Foster value-chain partnerships, avoid role shifts via modifications, and prepare for high-risk classifications (Annex III).
Module 3: Operationalizing Compliance
- Contracts and Readiness: Craft SLAs, NDAs, DPAs, and usage restrictions. Embed instructions for use and content labeling (Article 52).
- Proportionality for SMEs and Sandboxes: Leverage accommodations, regulatory sandboxes, and real-world testing for innovation.
- Future-Proofing Deployments: Evolve risk scenarios, adapt to threats, and build collaborative vigilance.
