This article provides a nonexhaustive overview of key terms that should be considered to enable businesses to effectively integrate international standards into their contractual agreements when managing AI or international trade to minimize risk, enhance transparency and build trust among the involved parties.
In today's globalized economy, companies frequently engage in cross-border transactions, necessitating contracts that are not only legally compliant but also aligned with international best practices and standards. The European Union (EU) Parliament's adoption of the “AI Act” on March 13 and the expansion of international trade laws and regulations underscores the importance of ensuring that contracts with overseas entities remain up to date and precise. This article provides a nonexhaustive overview of key terms that should be considered to enable businesses to effectively integrate international standards into their contractual agreements when managing AI or international trade to minimize risk, enhance transparency and build trust among the involved parties.
Artificial Intelligence
In an era of heightened focus on artificial intelligence (AI), regulations are emerging across various jurisdictions and industries. The EU AI Act will come into effect in the coming months, which will impact many businesses that use AI in the EU or who offer their AI products in the EU. In addition to U.S. state and federal laws that have passed or that are under consideration, other countries are working on legislation, and regulatory agencies around the world have indicated that they will use their current authority to regulate AI. Ensuring compliance with diverse AI-related laws and regulations while contracting across different jurisdictions requires careful attention to regulatory requirements and proactive risk management strategies.
Companies should:
- Identify what relevant laws and regulations apply to their business and the business of the counterparty.
- If subject to the EU AI Act, determine whether the planned AI usage is classified as prohibited, high risk, or lower risk under the EU AI Act. This will determine the company's obligations as a “provider” (i.e., vendor) or “deployer” (i.e., user) of AI. The provision of high-risk AI will require compliance with extensive obligations, such the implementation of a quality management system.
- Implement ISO/IEC 42001, an international standard that includes guidance for establishing, implementing, maintaining, and improving an AI management system. ISO/IEC 42001 is expected to be adopted as a “harmonized standard” under the EU AI Act, meaning that if a company that provides high-risk AI is in compliance with ISO/IEC 42001, it would be presumed to be complaint with its core obligations under the EU AI Act as a high-risk provider.
- Identify what personal data will be shared between the parties and whether such data can be used to train AI.
- Assess IP rights in the model (including updates as the model is trained), prompts entered into the model, and the outputs of the model.
- If licensing an AI product, conduct a risk impact assessment based on the nature of the AI and how it will be used. Continually monitor its use, including through the use of bias audits and other mechanisms.
- Add contractual provisions based on the foregoing.
- For instance, ISO/IEC 42001 provides that companies using third-party AI should ensure that the supplier of such AI provides adequate technical and system documentation and takes corrective action if the AI does not perform as intended. These requirements should be included in the contract with the AI vendor.
- It is expected that the EU will develop non-binding contractual clauses as part of the AI Act's implementation, which can be used as a guide for parties providing or deploying AI.
International Trade
Over the past several years, and particularly since Russia invaded Ukraine in February 2022, many countries have imposed or expanded existing international trade laws and regulations. The United States continues to be the leader in this effort, but Australia, Canada, the EU, Japan, South Korea, the United Kingdom, and others are also extending trade restrictions. These restrictions pertain to exports of items and technology to certain destinations or end-users, and more general sanctions that prohibit engaging in any transactions with designated parties. In some cases imports are banned too, for example, when an imported product is deemed to have been manufactured using forced labor. Similarly, many countries are aggressively enforcing laws related to bribery and corruption.
Generally speaking, international trade laws cover both individuals and companies, as well as any agent or other representative acting on behalf of another person: a party cannot avoid liability simply by acting improperly through a representative.
Due diligence on transactions and transaction partners is essential to protect against international trade violations.
Moreover, contracts that cover cross-border business need to include international trade provisions requiring compliance with the following:
- Export controls, including as appropriate reference to specific export regimes such as the U.S. Export Administration Regulations or the U.S. International Traffic in Arms Regulations.
- Economic sanctions, including as appropriate reference to certain sanctioned parties such as designated Russian oligarchs or prohibited military end-uses.
- Import controls, particularly as to the absence of forced labor in the supply chain.
- Anti-bribery, including as appropriate reference to specific laws such as the UK Bribery Act.
Originally published by Law.com, 17 June 2024
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.