How Will The AI Act Be Implemented in France?

To ensure consistent application of the AI Act across Europe, the European AI Board has been established. This board is made up of top representatives from each EU member state and an observer from the European Data Protection Supervisor (EDPS). Additionally, the AI Office, a new institution of the European Commission, will participate in board activities without voting rights.

Supporting the European AI Board are two key bodies. The Advisory Forum, a diverse group of stakeholders, will offer advice to both the European AI Board and the European Commission. Additionally, a Scientific Panel of independent experts will aid the AI Office in supervising general-purpose AI models and assist national authorities with law enforcement activities.

In France, the AI Act requires the designation of one or more authorities to serve as the market surveillance authority for AI. These authorities will ensure proper application of the AI Act within the country. If multiple authorities are designated, one must act as the national contact point to facilitate communication with the European Commission and other relevant bodies.

Specific oversight roles are also defined by the AI Act. The European Data Protection Supervisor (EDPS) will oversee EU institutions, excluding the Court of Justice of the EU in its judicial functions. Data protection authorities will play a role in the market surveillance of many high-risk AI systems. Additionally, existing regulators, such as the French National Agency for the Safety of Medicines and Health Products (ANSM), will continue to oversee high-risk AI systems related to their sectors.

The CNIL, responsible for ensuring compliance with the GDPR, will integrate the AI Act into its regulatory framework. Since the GDPR applies to all IT systems, including those using AI, the CNIL will leverage its principles to ensure that personal data processed by AI systems complies with both the GDPR and the AI Act.

The CNIL plans to use the AI Act requirements to guide and support stakeholders in adhering to both the AI Act and the GDPR. By offering an integrated perspective on the applicable rules, the CNIL aims to help developers and users of AI systems understand their obligations better. This integrated approach will assist in navigating the complexities of both sets of regulations.

Certain practices are prohibited under the AI Act, some of which have already been addressed by data protection authorities. For instance, the CNIL has previously penalised the creation of facial recognition databases through untargeted scraping of images from the internet or CCTV footage. Such enforcement actions demonstrate the CNIL's ongoing commitment to protecting personal data.

The CNIL will continue to apply the GDPR to providers of general-purpose AI models or systems based in France, especially when they are not subject to specific requirements under the AI Act. This includes companies like Mistral AI and LightOn in France, and entities like ChatGPT/OpenAI and Google/Gemini in Ireland.

How Can Gerrish Legal Help?

Gerrish Legal is a dynamic digital law firm. We pride ourselves on giving high-quality and expert legal advice to our valued clients. We specialise in many aspects of digital law such as GDPR, data privacy, digital and technology law, commercial law, and intellectual property. 

We give companies the support they need to successfully and confidently run their businesses whilst complying with legal regulations without the burdens of keeping up with ever-changing digital requirements. 

We are here to help you, get in contact with us today for more information.