Course overview
In the wake of the Supreme Court of Appeal's judgement in ENS v Hawarden, which highlighted critical liabilities in data protection and cyber fraud, the landscape of AI development and deployment is more complex than ever. Take this comprehensive course, designed to equip you with the knowledge and tools to responsibly provide General Purpose AI (GPAI) models. Drawing from authoritative sources and best practices from industry leaders like OpenAI, Google DeepMind, and Anthropic, we'll unpack the "nexus of responsibility" – from data flows to systemic risks – ensuring your innovations comply while thriving.
Course objectives
Participants will obtain an understanding of :
- Understand the core obligations for GPAI providers: Focus on models posing systemic risks.
- Explore the intersection of the EU AI Act, GDPR, and sectoral laws: Ensure seamless compliance with regulations like the Digital Services Act.
- Master a structured approach to assess personal data involvement: Evaluate legal roles and lawfulness in AI lifecycles.
- Identify and mitigate risks: Use frameworks, evaluations, and collaborative practices.
- Operationalize compliance: Implement contracts, documentation, and ongoing monitoring to avoid penalties and foster trust.
Course outline
Participants will learn about:
Module 1: Foundations of Responsibility and Risk
- Provider Liability and GDPR Integration: Dive into joint and several liability (e.g., Fashion ID case), financial penalties (up to 4% global turnover), and reputational risks. Learn how GDPR principles (lawfulness, fairness, accountability) underpin AI processing.
- Structured Compliance Approach: Assess personal data in AI lifecycles, determine legal roles (controller/processor), verify data origins, and conduct DPIAs. Guidance from EDPB Opinion 8/2024 and CNIL's 2025 recommendations.
- Systemic Risk Designation: Explore triggers (e.g., 10^25 FLOPs), qualitative indicators, and obligations under Articles 51-55.
Module 2: Risk Assessment and Mitigation
- Internal Governance and Documentation: Build robust frameworks for roles, incident reporting, and dynamic updates. Verify transparency summaries and model integrity.
- Copyright and TDM Compliance: Navigate DSM Directive, opt-out mechanisms, and output filters to prevent infringement.
- Safety & Security Measures: Implement mitigations for value alignment, cybersecurity (e.g., encryption, red teaming), and continuous assessments. Case studies from Mistral AI and Stability AI.
- Collaboration and Integration Risks: Foster value-chain partnerships, avoid role shifts via modifications, and prepare for high-risk classifications (Annex 3).
Module 3: Operationalizing Compliance
- Contracts and Readiness: Craft SLAs, NDAs, DPAs, and usage restrictions. Embed instructions for use and content labeling (Article 52).
- Proportionality for SMEs and Sandboxes: Leverage accommodations, regulatory sandboxes, and real-world testing for innovation.
- Future-Proofing AI: Evolve definitions of systemic risk, adapt to emerging threats, and build perpetual vigilance.
