Guide to EU AI Act – Why does the AI Act apply to every organisation?

Artificial intelligence is changing the way work is done faster than any previous technological revolution. The EU AI Act brings common rules to the whole of Europe. The essence is simple: AI can be developed and utilised, but not in any way. AI that supports business and works for the benefit of people must be transparent, fair and secure.

Who bears the responsibility if decisions are made by machines? How do we know when we are talking to a machine and when we are talking to another human? Do intelligent machines need human supervision? The rapid development of AI technology challenges us to consider many questions.

AI must be safe and fair for everyone. This principle is at the heart of the world’s first AI legislation, the EU AI Act. Every organisation must ensure that the AI technology used is safe and used in a responsible manner.

The EU’s AI Regulation directs staff to be trained so that everyone understands the operating principles of the AI systems in use, knows how to use them responsibly and is able to assess potential risks and disruptions.

The regulation does not aim to restrict innovation, but to build trust. The goal is to ensure that artificial intelligence is for humans. The decree defines how artificial intelligence is developed, deployed and supervised so that people’s rights, safety and equality remain the starting point at all times.

The safety of artificial intelligence is created as part of the organizational culture: how people use technology, how decisions are justified, and how transparent the operations are. Safety and fairness are built on many levels: from the grassroots level to the strategy.

Mistakes happen, and that’s human. However, minimising the risk of errors is at the core of the AI Regulation. What happens if, for example, an individual employee uses an AI application in such a way that a serious data protection breach occurs, or a new customer information system reveals a bias that affects the lives of many people? It is essential that risks have been anticipated and their management documented in advance.

Risk management related to artificial intelligence often requires close cooperation in the organization, for example, between management, IT and HR. For example, system settings and information management models are primarily technical solutions, but on the other hand, training employees, i.e. users, is often part of HR management and the management of personnel competence development. In mapping risks and ensuring transparency, it is fruitful to involve the entire personnel in the process.

The regulation guides us to examine the ways in which they are used and their effects. The risks are assessed according to the extent to which the use of artificial intelligence may affect people’s fundamental rights, safety, health or livelihoods.

Artificial intelligence itself is not harmless or dangerous. In their work, each employee chooses where and how to use artificial intelligence. Microsoft 365 Copilot is General Purpose AI (GPAI). It can be used for many purposes: writing, brainstorming, problem-solving, decision-making, and on the other hand, also for unethical purposes, such as deceiving people.

Every employee should have imaginary traffic lights in mind. In everyday work, the responsibility lies with both the employer and each individual employee.

🔴 prohibited use, violates people’s fundamental rights or organizational guidelines
🟡 requires consideration and careful assessment, for example, it may concern individual people or decision-making may slip too much from humans to artificial intelligence
🟢 allowed and safe way to use it, but if necessary, you must remember to explain the role of artificial intelligence transparently

The first and most important step towards safe and responsible use of AI is to train your staff. Developing into an AI-native organization in the age of artificial intelligence begins with a fluent AI-literate workforce. This requires investment in the development of competence and the sharing of what has been learned. Cooperation between different teams and experts builds the foundation for the successful use of artificial intelligence.

According to the EU Regulation on Artificial Intelligence (Article 4), the employer is responsible for ensuring that the personnel have sufficient AI skills in their work. In other words, the employer has a duty to ensure that everyone who uses artificial intelligence has a sufficient understanding of the operating principles, uses, limitations and risks of artificial intelligence. It is the skill of asking: can I use this in my job, who can it affect and who will ultimately bear the responsibility? Sufficient competence is determined by each job description. For example, recruiters, teachers, salespeople, managers and analysts need different kinds of AI expertise in their work. That is why the training must also be role-specific.

In practice, the AI literacy of the personnel can be developed and the level of AI competence raised by training the staff in the versatile and responsible use of Microsoft 365 Copilot. In addition to training that is common to all, the AI skills that everyone needs in their own work can be developed by offering role-specific training.

• Staff training

• Up-to-date AI guidance

• Information management model and information security

• Risk assessment and risk management documentation

• AI strategy

It is also important that the organization has clear AI guidelines that define the allowed AI applications and how they can be used. This way, the use of artificial intelligence in various use cases, work tasks and processes is controlled and the organization’s risk management also remains within clear limits. In other words, the development of the AI-native organization of the future begins with AI guidance and staff training.

Finally, it is important to remember that AI is used by ordinary people. In an AI-native organization, artificial intelligence is a natural part of every employee’s workday. Sharing expertise, learning together and continuous training create the basis for utilising the opportunities of artificial intelligence efficiently and safely. Over time, collective understanding and controlled and safe practices emerge.

Microsoft 365 Copilot and Microsoft 365 Copilot Chat are ISO 42001 certified AI systems. The certificate enables controlled, secure use that supports business goals. Microsoft 365 Copilot Chat doesn’t use your organization’s data to train AI models, and your organization’s data isn’t disclosed outside of your organization. Microsoft 365 Copilot is secure even when handling sensitive or confidential information. All conversations and information remain within the organization.

The safe and fair use of artificial intelligence is everyone’s responsibility. While many processes and everyday chores can be automated, maintaining safety requires human supervision. It is important that the final decision-making power in important matters does not flow unnoticed to AI systems, but that people use their expertise to weigh decisions. People shape the direction and people make the important decisions.