This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

International In-house Counsel Journal logoInternational In-house Counsel Journal logo
Back to library search

The AI Act and Risk Management in Practice: Who are the Addressees?

April 2025
ITGeneral

Abstract

The AI Act imposes unprecedented regulatory challenges on all categories of market actors. How the Act will affect companies depends on a number of factors including entity type, system modifications, exclusions, prohibitions, etc. There is a general feeling of confusion as firms attempt to navigate complex regulations. This article concentrates on the question of who the real obligation addressees are and how companies can establish with certainty which categories of obligations apply to them. Problems arise from several sources. First, the Act divides risk into four categories: prohibited, high, large language models and others. A single company deploying the AI can come under the scope of multiple categories simultaneously. Second, various entities are covered depending on their status as providers, developers, deployers, users, data set providers, etc. Third, the Act covers value chain separately, indicating that intervention such as trademark usage from an entity not otherwise covered by the Act may put it within its scope. Finally, the fact that the Act depends on data protection and cybersecurity legislation, also changes the scope of obligations and the addressees. This article attempts to clarify different scenarios under which a company may come under the scope of the Act.

Author

Andrej Savin
Professor, Copenhagen Business School, Denmark

Andrej Savin is a professor of IT Law and Internet Law at Copenhagen Business School. His main research interests lie in Information Technology Law, and in particular EU policymaking in the digital single market, the regulation of new business models and Internet governance in the US and in Europe. Andrej Savin also works on law and management in the legal environment, in particular with focus on the interplay between law, ethics, business and society in the digital world. His works include books EU Internet Law, EU Telecommunications Law, Research Handbook on EU Internet Law and others.

Company

Copenhagen Business School

CBS LAW is the law department at Copenhagen Business School.

Related Papers

Tech Branded as “Legal Tools” are Actually Enterprise Tools
Corporate legal departments have long deployed specialized tools to aid their workflows: look no further than matter management, document management, contract lifecycle management, and e-billing/spend management – not to mention...Read more
Portrait image of Cat Carroll
Cat Carroll
Legal Operations Manager, iManage, USA
Prompt Engineering for Lawyers
Every human invention should be celebrated, and generative AI is a true human invention. But too much optimism and hype may lead to the premature use of technologies that are...Read more
Portrait image of James Lau
James Lau
Singapore
The New Digital Landscape Digital Smarts – A Post Covid Necessity for Leaders
The Covid-19 crisis has seen the emergence of a digital divergence. Online businesses are on the quick ascendance, while bricks and mortar businesses are moving in the opposite direction, on...Read more
Portrait image of Jeffery Tan
Jeffery Tan
Group General Counsel & Chief Sustainability Officer , Jardine Cycle & Carriage Limited, Singapore
Adopting Generative AI for Your Organization
This paper reflects my experiences and studies from the past two years in adopting Generative AI. You can follow the steps outlined here to accelerate the adoption of Generative AI...Read more
Portrait image of Raymond Ng
Raymond Ng
Knowledge Management Systems and Support Officer, DLA Piper, China