This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

International In-house Counsel Journal logoInternational In-house Counsel Journal logo
Back to library search

The AI Act and Risk Management in Practice: Who are the Addressees?

April 2025
ITGeneral

Abstract

The AI Act imposes unprecedented regulatory challenges on all categories of market actors. How the Act will affect companies depends on a number of factors including entity type, system modifications, exclusions, prohibitions, etc. There is a general feeling of confusion as firms attempt to navigate complex regulations. This article concentrates on the question of who the real obligation addressees are and how companies can establish with certainty which categories of obligations apply to them. Problems arise from several sources. First, the Act divides risk into four categories: prohibited, high, large language models and others. A single company deploying the AI can come under the scope of multiple categories simultaneously. Second, various entities are covered depending on their status as providers, developers, deployers, users, data set providers, etc. Third, the Act covers value chain separately, indicating that intervention such as trademark usage from an entity not otherwise covered by the Act may put it within its scope. Finally, the fact that the Act depends on data protection and cybersecurity legislation, also changes the scope of obligations and the addressees. This article attempts to clarify different scenarios under which a company may come under the scope of the Act.

Author

Andrej Savin
Professor, Copenhagen Business School, Denmark

Andrej Savin is a professor of IT Law and Internet Law at Copenhagen Business School. His main research interests lie in Information Technology Law, and in particular EU policymaking in the digital single market, the regulation of new business models and Internet governance in the US and in Europe. Andrej Savin also works on law and management in the legal environment, in particular with focus on the interplay between law, ethics, business and society in the digital world. His works include books EU Internet Law, EU Telecommunications Law, Research Handbook on EU Internet Law and others.

Company

Copenhagen Business School

CBS LAW is the law department at Copenhagen Business School.

Related Papers

Prompt Engineering for Lawyers
Every human invention should be celebrated, and generative AI is a true human invention. But too much optimism and hype may lead to the premature use of technologies that are...Read more
Portrait image of James Lau
James Lau
Singapore
The New Digital Landscape Digital Smarts – A Post Covid Necessity for Leaders
The Covid-19 crisis has seen the emergence of a digital divergence. Online businesses are on the quick ascendance, while bricks and mortar businesses are moving in the opposite direction, on...Read more
Portrait image of Jeffery Tan
Jeffery Tan
Group General Counsel & Chief Sustainability Officer , Jardine Cycle & Carriage Limited, Singapore
How in-house legal teams thrive through purposeful integration
For in-house legal teams to thrive, they must be more than a support function - they must be embedded within the organisation’s fabric, with a clear sense of purpose and...Read more
Portrait image of Kerry Phillip
Kerry Phillip
Fractional General Counsel, The Legal Director, UK
Neutrals in Time of War
The proliferation of sanctions on one hand and the growing gap on the other between how “the West” and “the Global South” view the Laws of War present a challenge...Read more
Portrait image of Jürg Gassmann
Jürg Gassmann
Principal, Gassmann Consulting, Ireland