Tag Archives: Itsiq Benizri

Limited-Risk AI—A Deep Dive Into Article 50 of the European Union’s AI Act

by Martin Braun, Anne Vallery, and Itsiq Benizri

Photo of the authors

Left to right: Martin Braun, Anne Vallery and Itsiq Benizri (photos courtesy of the authors)

This blog post focuses on the transparency requirements associated with certain limited-risk artificial intelligence (AI) systems under Article 50 of the European Union’s AI Act.

As explained in our previous blog post, the AI Act’s overall risk-based approach means that, depending on the level of risk, different requirements apply. In total, there are four levels of risk: (1) unacceptable risk, in which case AI systems are prohibited (see our blog post on prohibited AI practices for more details); (2) high risk, in which case AI systems are subject to extensive requirements, including regarding transparency; (3) limited risk, which triggers only transparency requirements; and (4) minimal risk, which does not trigger any obligations.

Continue reading

Prohibited AI Practices—A Deep Dive into Article 5 of the European Union’s AI Act

by Dr. Martin Braun, Anne Vallery, and Itsiq Benizri

photo of authors

From left to right: Dr. Martin Braun, Anne Vallery and Itsiq Benizri. (Photos courtesy of Wilmer Cutler Pickering Hale and Dorr LLP).

Article 5 of the AI Act essentially prohibits AI practices that materially distort peoples’ behavior or that raise serious concerns in democratic societies.

As explained in our previous blog post, this is part of the overall risk-based approach taken by the AI Act, which means that different requirements apply in accordance with the level of risk. In total, there are four levels of risk: unacceptable, in which case AI systems are prohibited; high risk, in which case AI systems are subject to extensive requirements; limited risk, which triggers only transparency requirements; and minimal risk, which does not trigger any obligations.

Continue reading

Certification Under the EU-U.S. Data Privacy Framework

by Dr. Martin BraunKirk J. Nahra, Tamar Y. PintoShannon Togawa MercerItsiq Benizri, and Valentino Halim

Photos of the authors

Top left to right: Dr. Martin Braun, Kirk J. Nahra, and Tamar Y. Pinto.
Bottom left to right: Shannon Togawa Mercer, Itsiq Benizri, and Valentino Halim.
(Photos courtesy of Wilmer Cutler Pickering Hale and Dorr LLP)

On July 10, 2023, the European Commission adopted an adequacy decision for the new EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the successor to the EU-U.S. Privacy Shield, which the Court of Justice of the European Union deemed invalid on July 16, 2020. The U.S. Department of Commerce (“DoC”) is charged with administering and monitoring the EU-U.S. DPF program.

On July 17, 2023, the DoC International Trade Administration launched its EU-U.S. DPF website. Companies are now able to review the key requirements for participating organizations, including how to join the program and how to recertify.

Continue reading

Significant Improvements for International Transfers of Personal Data – Adequacy Decision for the New EU-U.S. Data Privacy Framework Adopted by the European Commission

by Dr. Martin Braun, Kirk J. Nahra, Frédéric Louis, Benjamin A. Powell, Anne Vallery, Itsiq Benizri, Valentino HalimAli A. Jessani, and Shannon Togawa Mercer

Photos of the authors

Top left to right: Dr. Martin Braun, Kirk J. Nahra, Frédéric Louis, Benjamin A. Powell, and Anne Vallery.
Bottom left to right: Itsiq Benizri, Valentino Halim, Ali A. Jessani, and Shannon Togawa Mercer.
(Photos courtesy of Wilmer Cutler Pickering Hale and Dorr LLP)

On July 10, 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (“Adequacy Decision”). This ends a three-year journey to set up a successor to the EU-U.S. Privacy Shield mechanism, which the Court of Justice of the European Union (“CJEU”) deemed invalid on July 16, 2020. U.S. President Joe Biden welcomed the Adequacy Decision, stating that it “will provide greater data privacy protections and economic opportunities.”

The Adequacy Decision concludes that the U.S. provides for an adequate level of protection under the EU’s General Data Protection Regulation (“GDPR”) when personal data of individuals in the European Economic Area (“EEA”) is transferred to U.S. companies certified under the new EU-U.S. Data Privacy Framework.

Continue reading