Posted on

Inside the EU AI Act: Exclusive Insights from Lead Author, Gabriele Mazzini

On August 1, 2024, the EU AI Act officially came into force, establishing the world’s first comprehensive legal framework for regulating AI technology. In this exclusive interview, we speak with Gabriele Mazzini, the architect and lead author of the Act, to gain an insider’s perspective on its development. Mazzini offers a behind-the-scenes look at the complex policy-writing process, discussing how various stakeholders were consulted, and how consensus was reached on the Act’s risk-based approach. He also provides crucial advice for business leaders navigating compliance, shares important updates since the law took effect, and discusses the global implications of the Act. Most importantly, Mazzini reassures companies that now is not the time to panic, but to prepare for the future of AI regulation.

 

What motivated you to take on the role of the lead author of the EU AI Act? How did your background in law influence your policy-writing process?

I realized from the get-go that AI policy was fascinating. I have been passionate since the beginning, notably in trying to understand the intersection between AI as a technology and law as a tool to govern technology. I drafted a quite comprehensive paper about the intersection between AI and EU law in 2018, way before the Commission started working on the AI Act. At the time, I was working in a department in the Commission, which was not the department that ultimately led the work on the Act but was mostly focused on the liability implications of AI. We were reflecting on whether the liability regime in the EU needed to be changed to enable AI. My background in law and the study put in understanding the complexity of the intersection between AI and EU law was essential for the work I did afterwards on the AI Act. When working in policymaking as a regulator it is essential to think holistically, especially in a field like AI where implications are manifold and broad and where regulatory action takes the form of a horizontal legal framework, like the AI Act, which applies across all sectors. 

 

How did you engage with various stakeholders during the development process? What role did their input play in shaping the Act?

It’s a privilege to interact with many stakeholders as a policymaker and listen to many different views. You also start seeing how society sees your work, and whether they see opportunities or risks. At the same time, it’s also a major responsibility because you have to make sure that whatever choices you make as a policymaker are grounded on facts and evidence and you have as much as possible an up-to-date understanding and knowledge about the matter you regulate.  

It’s both a privilege and a responsibility. I’ve always interpreted that role with much respect and not as a tick-the-box exercise where the job is done after meeting X number of stakeholders. Consulting with and engaging with stakeholders is much more than that. On an individual basis, I’ve always had an open-door policy from the beginning and was willing to meet with whoever was interested in talking to me. The institution as a whole has of course also engaged with stakeholders in a structured way.  

This goes back to a time when the Act was not even in the conception phase. The Commission started engaging with stakeholders already in 2018 and 2019 when it set up an expert group on artificial intelligence. This expert group was composed of around 52 individuals from different backgrounds, namely industry, academia, NGOs, and civil society. That group already gave a broad perspective on the emergence of AI and the policy implications of AI. They also developed ethical guidelines for trustworthy AI which were not a deliverable of the European Commission but of this separate expert group. That work already initiated a structured dialog between the European Commission and the stakeholders.  

That work was also complemented by the establishment of an online platform (the AI Alliance) where citizens and any interested party could provide feedback and suggestions. Another important set of consultation processes took place after the adoption of the White paper. Before the Commission came up with the actual legal framework, which happened in 2021, it adopted a White paper on AI in February 2020, and this was essentially how the institution tried to identify a number of potential ideas for what could be the ultimate draft legal framework and aimed to catalyze feedback on those ideas. That was also another interesting way we consulted widely with stakeholders.  

 

Can you share any particularly challenging moments during the writing process? How did you balance competing interests and priorities to reach a consensus?

No process is perfect. It’s challenging to deal with a legal framework that is so complex and large and ensure everyone fully understands what you’re trying to do. This is because any stakeholder typically tends to have a peculiar perspective when looking at and considering the policy work that is unfolding, which is linked to the needs and interests they represent. When trying to build something horizontal, sometimes the input you receive from several stakeholders does not necessarily fit the overall picture. So, the skill of the policymaker is to try to merge the narrow focus or perspective into the ultimate goal, which is in this case, a broader framework. 

 

What led to the risk-based framework of the EU AI Act?

It was pretty clear to me since the beginning that regulating any AI application or AI technology as such did not make sense. At the same time, also for those applications that may have deserved to be regulated, it did not seem warranted to establish the same type of rules. Hence the idea of a ‘pyramid’-like approach tailored to the actual use case.  

This idea was quite fascinating because we realized that we did not want to regulate AI as a technology.  

We didn’t want to regulate any AI application as if AI always creates risks. To create a balanced legal framework that does not hinder development and intervenes only when necessary, you need to focus on the application level and the use case. Therefore, the risk-based approach was exactly that solution, because depending on the type of risk that the application would generate, the rules would be different. We identified three risk levels where binding legal frameworks apply, plus a fourth level for which no binding rules are foreseen, but certain forms of voluntary compliance are possible. Of course, this choice was not ‘carved in stone’. There is no ontological value in the risk levels either that could have been articulated differently. But I think it was an interesting and groundbreaking idea. 

 

The EU AI Act officially came into force on August 1st. What significant updates or events have unfolded since then that business leaders should take note of?

The fact that the Act entered into force doesn’t mean it’s immediately applicable. The Act is law, so it is binding, but it does not apply in its entirety until after three years.  

There is a so-called transition period. The first applicable rules that companies need to comply with will be the rules on the prohibitions. The top of the risk pyramid, if you want. The second set of rules is around the general-purpose AI models and will be applicable one year after 1 August 2024. Two years after that, on 1 August 2026, all the other rules of the AI Act are applicable except for certain provisions regarding high risk.  

Business leaders need to understand the timeline in which the rules become applicable.  

What has happened since the publication of the Act is that the administrations, both in the Commission and in the Member States, have started to set up internal processes and structures to ensure enforcement. Business leaders, notably those that may be concerned by the rules applicable to the general-purpose AI models, should pay attention to the work that has already started in developing the Code of Practice at the EU level, i.e. facilitated by the Commission. These Codes of practice should be finalized before the entry into application of the relevant chapter of the AI Act, which means before 1 August 2025. 

Another important fact business leaders should keep in mind is that the Act is not 100% clear on all its provisions. In fact, the European Commission will have to develop several executive actions called implementing acts and delegated acts as well as guidelines and templates for about 70 items. There are still many areas where clarification is needed, which is not ideal.  

Therefore, there is an opportunity for business leaders and companies to shape the process of finetuning and clarifying the AI Act in order to determine the actual extent to which certain rules may apply to them. In other words, it is time to make their voices heard. They should be active in the implementation phase now that the legislative phase is finalized, but  so much is still to be clarified.   

 

With penalties for non-compliance potentially reaching up to 35 million euros or 7% of annual turnover, what immediate steps should businesses take to ensure they are not at risk?

They should not consider themselves to be at the receiving end of a process they cannot influence. Instead, now is a time to engage critically with the provisions, especially when those rules provide a certain margin of appreciation. Companies need to proactively engage with the regulators and suggest interpretations, positions, and ideas to make sure that those rules are applied reasonably and sensibly. This is one of the challenges of regulating technology, where there is a knowledge gap between the regulators and the companies that develop those technologies.  

Of course, it goes without saying that regulators should not be dependent only on the company’s views. Although it was not obvious in our case, especially at the beginning of the process, regulators should invest heavily in having internal deepseated expertise on the matters that it intends to regulate. You need to know what you want to regulate in order to do that well. Only if you have your own technical expertise you can properly engage with external stakeholders constructively, while at the same time retaining the independence of judgment that is necessary to take broader societal considerations into account. On the other hand, those who developed the technology and the products must have a say in suggesting the best ways to comply. This exchange needs to happen. I understand sometimes companies, especially the smaller ones, don’t have the resources to engage extensively with the regulators, but I think at this time when so much still needs to be clarified it’s an exercise that is worth doing. It doesn’t have to be individual companies; it could be industry associations.  

 

Many companies are facing a shortage of AI talent. How do you think this skills gap will impact the successful adoption of the EU AI Act?

Because those skills are rare, companies need to increase their strength in certain AI-related skills. The concern is that, as I mentioned before, companies at this stage may have to invest more in compliance than AI skills. That may impact the company’s ability to compete in the AI space.  

If you spend more money on compliance, as opposed to research and development or AI engineers which are also scarce, there is a risk of imbalance. The same may happen with authorities because they must ensure compliance with all these rules and need to equip themselves with several technical skills.  

I hope this set of rules will be somewhat clarified as soon as possible so that companies can hopefully shift more of their budget to AI skills rather than AI compliance. In my view, the successful adoption of AI in Europe depends on the ability to get this legal framework, and the tools needed to implement this framework, working effectively and sensibly as fast as possible. So there is still important work to do. 

 

Who holds the primary responsibility for implementing and enforcing the EU AI Act within organizations?

It should be a team effort. The Act does not foresee a figure like a data protection officer (DPO) in the privacy legislation. This is not an obligation, so the Act does not require, for instance, a Chief AI Officer in companies. The obligations that the Act establishes are on the economic actor, which is the provider, the deployer, so the company itself. This means that the companies can organize themselves as they wish. The Act gives total freedom to organizations to organize themselves depending on their size. I don’t think there is necessarily only one model. Ultimately, the legal responsibility is on the company. If there is a lack of compliance, the company will have to pay the fine.

 

How do you see the EU AI Act influencing AI regulation in other parts of the world?

There is a huge interest around the world. Since I left the Commission, I’ve traveled from South America to Asia, and I have witnessed a growing interest in understanding this piece of legislation. It’s quite normal in this phase because AI governance and regulation is something that is of interest globally. Governments are wondering how to deal with the ‘AI wave’.  

This interest is also reflected by the collective efforts at an international level. For instance, UN agencies are investing heavily in reflecting on AI governance frameworks. As the EU is the first regional actor to come up with such a comprehensive legal framework on AI, it’s normal that countries around the world are looking with interest at that framework and are asking themselves whether they should get inspiration.  

It’s too early to say whether the Act will turn into a regulatory model for other regions around the world. There is a need to understand whether those choices fit the socioeconomic or legal context in those countries. The capacity to implement a framework like the AI Act also differs from country to country. A legal framework is not just a piece of paper. It requires human resources, skills, funding, and structures to turn it into an effective tool that can achieve the objectives it was designed for. It needs to be managed and brought to life. Not all countries are in the same position, and they would be well-advised to consider questions of implementation and enforcement from the get-go, not after the law has been agreed. 

 

Are there any specific areas where you believe the Act could have a significant global impact?

I hope the risk-based approach can be considered as one of the foundational elements. The idea is to consider AI as a tool that has both benefits and risks and is not necessarily dangerous by its nature. It’s a technology with different risk levels depending on how it’s used. I’d like to see this risk-based approach adopted widely. 

The extent to which certain areas of the AI Act may have an impact beyond EU borders could also depend on certain company choices, especially for companies that sell their products and services in the EU. They may adjust their compliance system to the EU legal framework simply because they want to sell in the EU.  

Those companies may therefore decide to adopt the same or similar compliance structure when selling their products outside the EU. It’s up to the companies whether to have two systems, one for the EU market and one for the non-EU market. It’s not for me to say what is economically convenient for companies. But these considerations may be relevant in determining whether we may see a larger or a narrower adoption of certain areas of the Act. 

 

What are the key trends or developments shaping the AI landscape in the coming years? How might the Act need to evolve to address these future challenges?

It will be interesting to see whether the trend in generative AI will continue along the lines we have seen so far. This trend towards developing larger models that require more data, and more computing power, is based on certain underlying architectural choices. Perhaps intelligence will come from other foundational choices that do not necessarily rely on growing data sets or computing power. This will ultimately shape the investments around creating a technology stack to support this.  

From a regulatory and policy point of view, it’s a challenge to keep regulation up to date, but it’s not impossible. When I think about the AI Act, making sure it’s future-proof was one of my main concerns since the beginning. However, certain choices made after the adoption of the Commission proposal, such as regulating foundation models or deleting the possibility of updating the AI definition, do not necessarily go in that direction from my point of view. We will see whether the Act will be able to stand the test of future developments. 

Currently, I’m more concerned about ensuring the Act works now to enable trustworthy innovation in Europe. This is where the Act will prove its value. It should be applied in a way that is accessible, easy to understand, and provides legal certainty to companies so that they can rely on a stable legal framework and focus on building the products.  

 

*The interview answers have been edited for length and clarity.

Posted on

Navigating the EU AI Act: Mitigate Risks and Seize Opportunities

The EU AI Act was finally passed on 9 December 2023, after a grueling 38-hour negotiation. In this exclusive interview with AI expert Walter Pasquarelli, learn about the groundbreaking developments following the EU AI Act’s announcement and key implications for European businesses. Pasquarelli also shares practical insights on how to get started with complying with the EU AI Act and how the Act will impact the progress of AI innovation in organizations.  

 

How does the EU AI Act adapt to the fast-paced changes in AI technology, and how does it categorize different AI applications based on risk levels?

When we started the conversation about an EU AI Act, it was before the launch of generative AI tools like ChatGPT, so we focused on a very different understanding of artificial intelligence. Some have argued that this used to be more of an approach towards products, but the launch of generative AI tools has transformed our understanding of the possibilities of AI. That meant the EU AI Act needed updating. I remember that in the final 38 hours, the amount of information from the trial log was incredible. I’m glad that we made it to where we are right now. 

It’s the world’s first comprehensive legislation that regulates how AI can be used in European markets and the European bloc. 

At its heart, the EU AI Act has four pillars, creating four risk buckets where different AI applications can fall – low risk that will face almost no regulatory action, medium risk, high risk, and prohibited risks at the top. The EU AI Act looks at the AI ecosystem in Europe and categorizes it into these four buckets. Based on that, companies developing tools will face various regulatory actions. Think about the four risk categories and the resulting regulations on products. 

One AI year passes in seconds. For example, the developments that have happened within the AI ecosystem and the technical possibilities that are out there. In two years, the whole environment has changed. We can now produce video generators that look hyper-realistic, and tools that can create entire marketing copy in hours. This will advance faster and faster. This creates a need for regulations that won’t be outdated in a year or two. Can the EU AI Act achieve this? Its broad approach positions it well, but it will certainly need more updates as technological breakthroughs happen. 

 

Will the EU AI Act’s broad approach addresss risks like bias?

The reason why it’s so broad is, on the one hand, the EU AI Act doesn’t seek to regulate AI products per se; it seeks to regulate the risk. It acknowledges that developing European legislation takes ages. The only way to tackle this is by producing something relatively broad. It’s different compared to China, which is very fast in creating regulations using a horizontal approach. They can do it because they have a different kind of legislative process. 

Now, when we look at specific provisions, how do we categorize these risks? The EU AI Act does provide a list of applications that are high-risk. For example, using AI tools for determining the creditworthiness of an individual and AI tools used by the police, which typically have shown elements of bias. If we look at issues such as money laundering, I think the EU will provide descriptions of what these applications are. Much of it will be judged by case law in the upcoming years, and keep in mind that there’s going to be an adaptation period where organizations can consult with the EU on that. 

 

Were AI experts consulted for the EU AI Act?

That’s the million-dollar question: how to involve experts in developing these legislations instead of policymakers. I think, particularly in the AI field, it’s even harder because AI skills are scarce in the government sector. When it comes to involving experts, what regulators and legislators did was conduct so-called stakeholder consultations, gathering opinions and feedback on the EU AI Act. However, only large organizations were able to provide feedback, as they have the necessary bandwidth and resources to formulate their policy positions and understand them. There has been criticism that there are insufficient experts from startups and small companies in drafting appropriate policies. 

 

Is the EU a frontrunner when it comes to AI legislation?

Yes, because it’s the main comprehensive regulation that is out there. China is very fast in regulating these tools, predominantly for their internal domestic reasons, such as a political agenda and economic prerogatives, but also simply because they want to compete internationally at the geopolitical stage, and AI is such an important element of their strategy. Europe has produced the most overarching legislation; it’s a fact of life, and it’s not going to change. It’s going to influence companies in the EU but also companies outside of the EU, which is known as the Brussels effect. The U.S. came up with its own Executive Order on AI, claiming to be the most sweeping act of legislation or policy there is. However, it’s just an executive order, an instruction by the President to various agencies to develop standards and regulations. There’s nothing concrete yet. 

 

How will the EU AI Act affect funding for AI initiatives?

The tech sector is a point of strategic advantage worldwide. In the U.S., legislation is laxer because it allows for wider experimentation by technology firms without worrying about visits from regulators. There are advantages, such as higher risk potential and risk appetite. But at the same time, many things can go wrong, especially for consumers

On the other hand, the EU wants to put consumer protection front and center. There is an advantage in having these regulations to produce predictability and legal certainty. If I want to invest in a company, I know what to expect in terms of regulatory risks. Another thing to consider is whether there is a direct link between regulation and venture capital. European investors are more reluctant to invest similar amounts of funds as their American counterparts, and it’s too early to say whether the EU AI Act will have a positive or negative effect on that. Legislation can support or harm it, but other elements might have an impact on VC funding. 

There are also arguments that legislation will slow down innovation because there’s less room for experimentation. Next, we’re trying to regulate a technology that hasn’t fully matured yet. That’s the challenge of regulating AI because it needs an evolutionary regulatory framework. After all, the technology is still developing and changing. It’s not like regulating nuclear energy, which is still high risk but won’t be much different in 10 years. It’s different for AI, especially in other regions with fully fragmented policy environments, different data governance regimes, and legislations between countries. 

The EU AI Act, although more stringent, has the potential to harmonize legislation across countries. 

 

How have lobbying groups affected the EU AI Act?

At the final stages of the EU AI Act development, a few countries, notably Germany, Italy, and France, said that this kind of legislation is not right for their markets. From what I know, this was a direct result of lobbying from companies saying, ‘No, don’t do this.’ But at the end of the day, they are still stuck with it. So, you could argue about how successful that has been. 

Among some of the larger technology firms, there is not a lot of positive thinking around the EU AI Act. That would imply to me that the lobbying efforts, which have been enormous with millions going into them, haven’t been particularly successful. There might have been certain provisions, minor ones that have been influenced. Surprisingly, most of the European Commission’s efforts to fend off lobbyists have been relatively waterproof. Public relations and public policy between the tech sector and the EU Commission are important because there are many provisions and interactions that need to happen to ensure the legislation matches the requirements of different sectors. 

So, lobbying is a dirty word, but it still needs to happen so that a harmonization process occurs. 

 

Who is responsible in enforcing the EU AI Act?

That is the Achilles’ heel of the EU AI Act. With their Data Protection Officers (DPO), particularly under the GDPR, this used to be a national effort whereby DPOs would enforce Pan-European legislation on a national level. The problem there is, and as I alluded to earlier, the scarcity of AI skills. You might have this big regulation with a huge overarching framework, but implementation will be difficult due to the skills shortage. That is going to be the make or break for the EU AI Act. My understanding from my sources is that even those responsible for developing the EU AI Act have an AI skills shortage. If we have a centralized European AI office, that’s possibly the better approach to combat the skills shortage.  

 

How can multinational companies handle legislation is different countries?

It depends on the strategy that you would prioritize.  

To ensure you’re not infringing any regulations, stick with the EU AI Act as a general regulatory yardstick, and you will be safe in most countries.  

This is because the Act has the strictest interpretation of AI products. It’s more difficult if you come from the U.S., where there is a different understanding of how data should be used and what is ethical or not. Some of my U.S. clients don’t want to deal with the GDPR. It’s easier if you go from Europe to the U.S., or Europe to other regions such as the Middle East. It’s harder if you go from the U.S. to the EU because that means you must adapt.  

 

What business leaders can do to stay ahead of the EU AI Act?

I would advise every company to join the AI Pact. It’s a voluntary association that helps you have a forum for exchange and a direct source of information. Embrace the idea; it’s there, and you have to accept it. 

Another thing to consider is to scan existing AI tools and products for issues. For example, what kinds of data do you use? Who’s your target audience? How have the models been trained? This assessment helps categorize your company’s AI products and determine where they fall into the four risk categories. However, extra considerations are needed for sensitive sectors such as healthcare and insurance, where data needs to be handled carefully. 

After the assessment, plan the right types of regulations and provisions to put in place. It’s not going to happen overnight; the EU AI Act won’t be enforced immediately. I also advise organizations of all sizes to read the EU AI Act; surprisingly, it’s accessible to read. Be aware of the risks of your own products. You want to understand the issues based on the EU AI Act that your products will face. 

Read the piece of legislation, reflect on your products, and I guarantee compliance with the EU AI Act will be achievable. 

 

*The interview answers have been edited for length and clarity 

Posted on

AI Governance: Balancing Competitiveness with Compliance

The AI landscape is innovating at full speed. From the recent release of Google’s Bard and OpenAI’s ChatGPT Enterprise to growing implementation of AI tools for business processes, the struggle to regulate AI continues.

In Europe, policymakers are scrambling to agree on rules to govern AI – the first regional bloc to attempt a significant step towards regulating this technology. However, the challenge is enormous considering the wide range of systems that artificial intelligence encapsulates and its rapidly evolving nature.

While regulators attempt to ensure that the development of this technology improves lives without threatening rights or safety, businesses are scrambling to maintain competitiveness and compliance in the same breadth.

We recently spoke to two experts on AI governance, Gregor Strojin and Aleksandr Tiulkanov, about the latest developments in AI regulation, Europe’s role in leading this charge, and how business leaders can manage AI compliance and risks within their organizations.

 
Gregor Strojin is the Vice Chair of the Committee on Artificial Intelligence at the Council of Europe and former chair of the Ad Hoc Committee on AI. He is a policy expert with various roles including senior adviser to the Slovenian President of the Supreme Court and the State Secretary of the Ministry of Justice.
Aleksandr Tiulkanov is an AI data and digital policy counsel with 18 years of experience in business and law. He has advised organizations on matters relating to privacy and compliances for digital products and in the field of AI.
 

Europe Trailblazing AI Governance

 

Why does AI need to be regulated?

Aleksandr: Artificial intelligence is a technology that we see almost everywhere nowadays. It is comparable to electricity in the past, but more influential. Crucially, it’s not always neutral in how it affects society. There are instances where technologies based on artificial intelligence affects decisions which, in turn, affect people’s lives. In some cases where there is a high risk of impact, we should take care and ensure that no significant harm arises.

Gregor: Regulations are part of how we manage societies in general. When it comes to technology that is as transformative as AI, we are already faced with consequences both positive and negative. When there is a negative impact, there is a responsibility either by designers, producers, or by the state to mitigate and minimize those negative effects on society or individuals. We’ve seen the same being done with other technologies in the past.

 

Former President Barack Obama said that the AI revolution goes further and has more impact than social media has. Do you agree?

Gregor: Definitely. Even social media has employed certain AI tools and algorithms that grab our attention and direct our behavior as consumers, votes, schoolmates – that has completely changed the psychology of individuals and the masses. AI is an umbrella term that encompasses over a thousand other types of users.

AI will change not only our psychology but also logistics and how we approach problem solving in different domains.

Aleksandr: The change is gradual. As Gregor said, we already see it in social media – for example, in content moderation. Those are largely based on language and machine learning models. AI is driving what we see on the platform as well as what we can write and even share. To some extent, it means that some private actors are influencing freedom of speech.

 

Let’s talk about the role of Europe in AI compliance regulations. Can you explain why Europe is a trailblazer here?

Gregor: Europe has a special position geopolitically due to its history. It’s not one country. It’s a combination of countries that are joined by different international organizations or multi-supranational organizations such as the European Union and the Council of Europe to which individuals’ countries have given parts of their sovereignty. This is a huge difference compared to the United States or China which are completely sovereign in their dealing.

When it comes to the European Union in particular, many types of behaviors are regulated by harmonizing instruments of the EU to have a uniform single market and provide some level of quality in terms of safety and security to all citizens – so we don’t have different rules in Slovenia, Germany, France of Spain. Instead, this is one market of over 500 million people.

 

Gregor, can you give us a brief overview of the latest developments in AI regulation and compliance in the EU?

Gregor: There are two binding legal instruments that are in the final phases of development. The most crucial one is from the European Union, the AI Act. It is directed at the market itself and is concerned with how AI is designed, developed, and applied by developers and users. The AI Act addresses a large part of the ecosystem, but it does not address the people who are affected by AI. Here is where the second instrument comes in, the Convention on AI that is being developed by the Council of Europe.

Another thing to mention is that the EU’s AI Act only applies to EU members and is being negotiated by the 27 member states. The Council of Europe’s instrument is being negotiated by 47 member states as well as observer states and non-member states such as the United States, Canada, Japan, Mexico, and Israel. The latter has a more global scope.

In this way, I see the EU’s AI Act as a possible mode of implementation of the rules set by the conventions of the Council of Europe. This is still partially theoretical, but it’s likely we’ll see both instruments finalized in the first half of next year. Of course, there will be a transitory period before they come into effect. This is already a good indication of how businesses must orient themselves to ensure compliance in due time.

 

Should what the EU is doing be a blueprint for the rest of the world?

Gregor: Yes, if they choose to. I think many in Europe will acknowledge that we have different ways of approaching problems and freedom of will, but if you want to do business in Europe, you have to play by Europe’s rules. This is an element in the proposed AI Act as well as the General Data Protection Regulation (GDPR) legislation from the past decade which employs the Brussels effect – meaning that the rules applied by Europe for Europe also apply to companies outside of Europe that do business here even if they do not have a physical presence here. So, if producers of AI from China or the United States wish to sell their technology in Europe, they have to comply with European standards.

 

What are the business implications of the European approach?

Aleksandr: The European approach harmonizes the rules for a single market. It’s beneficial for businesses as they won’t have to adapt to each country’s local market. I say it’s a win-win for businesses who are approaching the European continent. We’ve already seen this happening with the GDPR. As long as they have a European presence, they adopt the European policy globally. This could happen with AI regulations as well.

If you look at the regulatory landscape, we can see some regulatory ideas coming up in North America and other continents. In China, there are some regulatory propositions. But I would say that the European approach is the most comprehensive. Chances are it will be taken as a basis by many companies.

 

Balancing Innovation and Compliance

 

What do you say to concerns that this is just another set of regulations to comply with in a landscape that is constantly innovating at speed?

Gregor: I’ve been working with technology for more than 20 years. I also have experience with analog technology that is regulated, like construction building.

What we’re dealing with here is not just regulation for regulation’s sake, but it benefits corporations in the long run because it disperses risk and consequences of their liabilities. It creates a more predictable environment.

There are many elements of regulation that have been proposed for AI that have been agreed to by different stakeholders in the process. We must consider that the industry was involved in preparing both these regulatory instruments I’ve mentioned.

Some issues like data governance are already regulated. There are, of course, disagreements on elements like transparency because there may be businesses advantages that are affected by regulation. On the other hand, technology does not allow for everything. There are still open questions on what needs to be done to ensure a higher quality in the processes development to mitigate risk.

 

So there needs to be a balance between regulation, competitiveness, and the speed of innovation. How can we be assured that AI regulation does not harm competitiveness in business?

Gregor: The regulation proposed by the European Commission is just one element in the basket of proposals of the so-called Digital Agenda. There are, of course, some other proposals on content moderation that came into existence just recently that are binding. But there are also several instruments which address the promotion and development of AI systems, both in terms of subsidies for companies and individuals to develop digital skills and to create a comprehensive and stable environment for IT technology in Europe. There are billions being thrown into subsidies for companies and innovators. There is a big carrot, and the stick is in preparation, but it is not here yet.

Aleksandr: I must also underline that there are things in place that facilitate the upcoming EU regulation, such as the Regulatory Sandboxes. You may have seen an example of this in Spain. Businesses will be able to test out their hypothesis on how they want to operate these AI systems that could potentially be harmful.

It’s important to understand that the scope of the regulation is not over extensive. I would say it only covers really high-risk systems to a large extent, and some lower risk systems but only where it’s important. For example, there are transparency obligations when it comes to defects for lower risk systems. Then there are meaningful rules for high-risk systems which affect people’s lives – like government aid or the use of AI in law enforcement or hiring.

It’s important to have proper data governance and risk management in place for systems that affect people on a massive scale.

Also, if you look at mature organizations with this technology already in the market, they are making sure that the data used to train their AI systems is good enough. They are doing it themselves as they don’t want to get in trouble with their clients. Regulations are not so unusual.

 

In that case, will innovation be faster than the regulations can keep up with?

Gregor: That’s a pertinent question when it comes to technology. It is imprudent, from the position of a policymaker, to try to regulate future developments as that would impede innovation.

I don’t think there’s any impediment of innovation happening at this moment. Perhaps you could categorize getting subsidies for being compliant with ethical recommendations as that, but it’s not really an impediment.

In the future, there will be limitations to innovation of AI in the same degree as biotechnology, for example, where there are clear limits on what is allowed and under what conditions to prevent harm. That is narrowly defined. The general purpose, of course, is to increase the quality of these products, and create a safe environment and as predictable a playing field for customers in the market.

 

Business Focus: AI-Risk Management

 

What’s coming up next on AI governance that business leaders should consider?

Gregor: At this point, what’s coming up next for policy development is the fight back from those who do not want such legislation. It’s something we’ve already seen this year. Many think we had an AI revolution only this year. No. It’s a technology that’s been around for a few years and there have been calls for regulation of AI on the basis of existential threats.

If we take those calls seriously, we must completely backtrack and change the direction of what is already being developed.

But I do think if we follow through with what has been proposed to ensure the safety and security of this technology, we will also solve the problem of a so-called super intelligence taking over humanity. First, we need to ensure correct application of existing rules to human players.

 

With all this in mind, what advice do you have for business leaders when it comes with regulations and compliance in the field of AI? What can they start with tomorrow?

Aleksandr: Technical standards will be the main thing. I would advise all those developing this technology to take part in technical committees in their national standard setting bodies which can then translate into work on the European level of standards.

Take into account your practical concerns and considerations so that these technical standards can address business concerns in terms of product development. It is important to follow and participate in this work on regulation development for the AI ecosystem.

Another thing is to consider risk management frameworks to address AI-specific risks. The NIST or ForHumanity Risk Management Frameworks are a practical tool for organizations to control how they operate and deploy AI systems in a safe and efficient manner. Business leaders can also begin to appoint people who would be responsible for setting up processes.

There will be a transitional period, as there was with the GDPR. If companies can demonstrate that they are compliant with European standards that are still under development, they will automatically be considered compliant with the EU AI Act. But this is ongoing work.

Start considering broader risk management frameworks as a first step to get the ball rolling in organizations.

Gregor: Technical development skills alone are not sufficient to build a competitive and scalable organization, especially as not only Europe but other regions are preparing to introduce regulatory measures. My advice is similar to Aleksandr’s; build on your capacities for risk and compliance management. I think it will pay back quite soon.

Posted on

The European Energy Crisis: Can Sustainable Energy and Improved Efficiency Save Us? 

In the session, The Global Energy Crisis: Will Sustainable Energy and Improved Efficiency Come to the Rescue of Businesses in Europe? Prof. Dr. Marc Ringel answers burning questions on Europe’s latest sustainable energy innovations, the impact of policy changes on energy efficiency, and offers advice to businesses on how to navigate the current energy crisis.  

 
Prof. Dr. Marc Ringel is the Director of the European Chair for Sustainable Development and Climate Transitions at Sciences Po, Paris, France. He reads energy policy, energy efficiency, and environmental economics as a professor at Nuertingen Geislingen University, Germany; and is a senior associate researcher with the University of Brussels, Belgium. He is also a former official with the Directorate General Energy of the European Commission and the German Federal Ministry of Economics.
 

What are the latest updates on energy efficiency policies in Europe?

We have varying gas dependency across European countries, from over 80% in Bulgaria to almost no dependency in countries like Sweden. Consumer prices have increased by 39%, and households and businesses are finding it hard to tackle energy poverty. That has had enormous political repercussions on the development of energy efficiency.  

Energy efficiency policies have been increased and developed over two issues — tougher regulation and more comprehensive financial support.  

That has been coordinated through the European Commission and the REPowerEU initiative. There are ongoing negotiations that will give us more mandatory objectives in terms of energy efficiency. I think European governments have understood that a speedy transition and phasing of energy savings and energy efficiency come at a cost. What the EU has been doing on the other side is financial support. They have set up a recovery and resilience facility which is designed to support a coordinated transition of energy efficiency to help businesses and consumers save energy. There has been €225 billion worth of loans and €20 billion in grants stemming from the EU Commission trading system to support energy efficiency.  

 

What can we expect from sustainable energy in Europe within the next two years?

Sustainable energy was pretty much on show for larger climate objectives since the EU aims to fully decarbonize by 2050. 80% of European greenhouse gas emissions are energy related. Energy transition and clean energy initiatives were already at the heart of the European decarbonization project. Of course, that has been strongly advanced by the fossil fuel crisis. In concrete terms, this gives the EU a solar energy strategy. The plan is to double the photovoltaic capacity within the EU to 600 gigawatts by 2030. That combined with electrifying the European heating system with heat pumps will see a massive uptake in all EU member states. There will also be stronger regulation of energy efficiency.  

There are two directives setting the scene, one is the Energy Efficiency Directive, which provides regulation on energy efficiency objectives, and encourages the public sector to use and procure energy-efficient products. They also offer financial support for businesses and private customers to go into energy efficiency. On the other side, there’s the Energy Performance of Buildings Directive, which aims to reduce the energy consumption in buildings, and will see tougher and more stringent building standards. There is also a strong strive for green hydrogen, which is hydrogen produced by renewable energies. The strategy of the EU is to develop that partly at home but also get green hydrogen partnerships across the globe.  

 

How will the increase in sustainable energy impact businesses?

There will be two big impacts which are regulation and financial support. We are going to see mandatory energy audits and energy management systems for SMEs in EU member states. Those are designed to support businesses and help them become energy-efficient across the production chain. We will see more regulation in terms of saving energy and being more transparent about it. If it’s well designed as a mandatory measure, it would support the industry to be more systematic about energy savings.  

And there is the question of the amount of money to become fossil-free. It will be an expensive transformation that government budgets alone cannot cover. There has to be private finance stepping in.  Therefore, we are going to see business opportunities for the development of energy services.  

The largest scale is to support private households with building renovations and optimizing production chains. It’s the golden time for energy service companies in terms of getting the transformation along in a market-driven manner.  

We will also see a stronger development of public-private partnerships in the development of technologies and business models. It’s already working in industrial sites and electric mobility. Energy services will be quite active and solicited to delivering market solutions.  

 

What sustainable projects are going to be implemented in Europe?

The combination of photovoltaic systems and heat pumps will create autonomy within households. Heat pump technology will be developed along with the trend for electrification. We will see an increasing number of e-mobility projects. According to Horizon Europe, there is €99 million allocated for clean energy projects in 2022. Over the next few years, there will be projects that will link energy and information technologies at large. For example, optimizing energy systems with artificial intelligence, data, and behavioral economics. Denmark is leading by example as the Danish integration of wind energy has been a strong driver for many other European countries in terms of how to develop offshore wind energy. I would also name Germany for getting energy savings and credit optimization by doing tenders for unused capacity.  

 

When do you think the energy crisis will be resolved?

It will be the role of governments and the European Commission to give us a coherent policy stream. It will be a long development of energy efficiency and energy savings, in addition to phasing renewable energies into heating and cooling, probably to some extent by green hydrogen. In terms of structure, it will be a question of market design and market rules, which will need to favor energy efficiency and energy savings, much more than it has done so far. Many European governments are looking into the market design of electricity markets or heating markets. Europe is still importing most of its energy sources and that import dependence will continue to exist. Another consideration is about new supplier relations defining new energy partnerships. 

 

What will happen if new policies and alternative energy sources are unable to solve the crisis?

Supply dependence and economic dependence. There is still diminished but flowing Russian gas filling up our gas storage. That gas certainly will not be available to fill up our supplies after this winter. Many European governments are preparing for the next winter by finding new partnerships and suppliers. LNG is an option but there is a global demand for LNG, especially in Asia, which raises its price.  

The actual situation will depend on many factors which are outside of our control. Will there be a mild winter so there is no strong need to tack gas supplies? Until now, prices in global energy markets have been moderate because the demand from China and Southeast Asia was not at its usual limits.  

The European governments have been going on a shopping spree on their own, which didn’t necessarily work out to their benefit and led to much higher prices paid. And there is the question of the European Commission coordinating or taking over the buying process globally. In terms of customers and businesses, there is currently strong subsidization of the energy bills for private households.  

There is a clear need for subsidies, but I would caution against prolonging unnecessary subsidies. In the long run, there will be a much stronger need to revise our market rules and pricing to reflect the change towards renewable energies better. In the short term, subsidies work as contingency measures during winter but in the long run, work needs to be done on regulation. 

That is a short list of unknowns, which makes it really hard to predict how bad or how good next winter is going to be. 

 

Do you think that a strong government stance on energy savings will last over the next few years?

I think that by now, governments have understood that we need it for two reasons. Firstly, energy savings translate into price competitiveness. There are bigger problems on the horizon and that is climate policies and climate change because it is a polycentric crisis. Those issues combined will create strong pressure on governments to maintain strong energy efficiency policies. In terms of shortcomings, it’s a problem over the last mile. Many governments over the years have agreed on strong targets but did not follow up in detail.  

That is exactly what’s happening with the negotiations on European energy efficiency regulations. It’s really a question of coordination. Member states are willing to grant the supervising coordinating power to the EU. Energy efficiency is not easy. Policymakers can open up a wind park, photovoltaics, and solar roofs, among others. Those are nice for show-and-tell policies. Energy efficiency is more technical, complicated, and less than visible. There is still the idea that energy savings are a government-run show. There is a clear need for private initiatives and business models to deliver energy savings and efficiency.

 

What can businesses do to maximize energy efficiency, reduce carbon emissions, and improve sustainability and resilience this winter and beyond?

The first thing would be to get an energy manager or professional to guide you in implementing energy efficiency, that’s a no-brainer. But what is often overlooked is that small fuel savings can top up over time and that’s a story of scale. In addition, what has been proven to work is getting professional third-party help. Energy service companies can analyze and scrutinize your production chains and businesses. They can propose not only advice but also financing models and technical solutions. You would want them in over the winter and reduce your costs quickly. 

 

*The transcript has been edited for length and clarity.  

Posted on

Winter is Coming: The Cause and Effect of the European Energy Crisis 

Ana Maria Jaller-Makarewicz shares much-needed insights on the cause of Europe’s energy crisis, the EU’s efforts in alleviating this crisis, the viability of finding alternative energy sources, and more in the session, Decoding the Energy Crisis: The Fight of a Price War Against a Cold Winter

 
Ana Maria Jaller-Makarewicz is an international energy consultant with more than 20 years of experience in the natural gas and power markets. She is currently an energy analyst for IEEFA’s Europe team, focusing on topics related to gas and liquefied natural gas (LNG), as well as other relevant European energy issues. .
 

What is the core cause of the current energy crisis?

The gas crisis has led to the energy issues we’re experiencing now. It’s the dependency of Europe on fossil fuels and Russian gas. The problems with the gas supply from Russia started earlier this year. Europe had already reduced the amount of gas coming through Ukraine and intensified the flows through Turkey, hoping that the Nord Stream 2 pipeline would be operating. In the last decade, Europe has depended too much on one supplier for gas and has not thought of diversifying sources. Why? Because it’s easier and cheaper to buy gas from Russia. Europe has led itself into this dependency. Last year, 37% of gas consumption in Europe was imported from Russia. Even though there’s an ongoing energy transition in place, it’s not happening fast enough.  

Europe chose to rely on the easy option of importing gas at a cheap price. It focused on finding short-term solutions, which is a very human way of reacting. There could be other geopolitical or technical issues that could affect gas coming into Europe. However, I think Europe has made some right decisions this year. For example, filling and taking control of the gas storage. Even the gas storage in Germany was controlled by Russia. Now Europe is reclaiming that control, at least for the winter. The long-term solution for Europe is to diversify energy sources and look for alternatives. 

 

What measures have the EU taken to mitigate the energy crisis?

There have been some good measures like the gas storage I’ve mentioned before. Also, Spain and Portugal have put a price cap on the gas used for electricity. This has helped reduce electricity bills for consumers. I believe the EU is in negotiations to buy gas in bulk. I think we are in a seller’s market right now and the EU needs to work together to make better deals as a buyer. Not all the measures are perfect, but the EU is aiming to help the consumer by offering security of supply and continuing with energy transition goals. 

The challenge is that the energy market is volatile, and we cannot predict anything. Gas storage is already almost 95% full in all of Europe. Also, there are so many industries where demand has been disrupted. The volatility of the energy markets affects the prices that consumers are paying.  

 

Do you think that the U.S. should be allowed to dominate the global energy market?

Since the U.S. has entered the international market, gas prices there have gone up too. There are people in Europe who are suffering from high gas prices because the U.S. is selling. Unless Europe reduces its gas demand, there will always be LNG sellers trying to break the European market. Other than the U.S., Qatar, and Nigeria are expanding their LNG export terminals. Sadly, it’s a crisis and we shouldn’t be where we are. At the same time, the U.S. is just playing the mechanisms of the market. 

 

Are there any hidden business opportunities amid this energy crisis? What is your advice for business leaders?

There has been a growing interest in taking control of the supply chain of solar panels. In addition, I am very much in favor of replacing gas boilers. For example, around 70% to 80% of homes use gas for heating. The heat pump industry is growing in Europe. So, there are business opportunities there. In fact, several Nordic countries have transitioned to heat pumps even before the crisis.  

Any business investment in the energy sector must have three components – energy security, control of energy prices, and energy transition goals. The investments have to result in a sustainable future and help consumers in the long run. There must be a balance between those three components. Smart business leaders in the industry can accelerate technologies taking those three components into consideration.  

My advice to business leaders is to not panic and keep calm. I think any decision made from desperation could have long-term implications. Continue with the energy transition goals that were put in place prior to the crisis and try to find opportunities to invest in other parts of the economy. 

 

How has the energy crisis affected the well-being of consumers?

People in Europe are worried about the possibility of energy poverty. Consumer confidence is going down and they fear economic collapse. The current uncertainty and being bombarded with news every day is affecting their well-being. Right now, we need to find quick solutions because winter is coming. People are going to suffer if their homes are not heated. Not only will there be not enough gas or electricity, but it will become unaffordable. People are concerned that they may have to choose between buying food and buying gas for heat. 

 

Do you think the energy crisis will be solved after the winter season?

I don’t expect the energy crisis to be solved after winter is over. Nothing can be guaranteed because things change all the time. But I think the energy sector will evolve in terms of consumer behavior with guidance from governments and industries. I’m also concerned that we’re talking too much about supply issues. If we can change our demand patterns, maybe we won’t need the same amount of Russian imported gas. While finding other energy sources, we need to work immediately on the demand side. For instance, demand side management, energy efficiency, and replacement of gas boilers. 

 

*The transcript has been edited for length and clarity.  

Posted on

The Russia-Ukraine War: How Will It Impact Future Business Decisions?

What issues do business leaders need to be aware of in the unstable economic climate the Russia-Ukraine war has created? Economists Heleen Mees and Olga Pindyuk answer burning questions on supply chain disruptions, the role of China in the war, trade with Ukraine, and more, in the session, The Cost of War: How are Businesses Paying the Price?  

 
Heleen Mees is an economist, opinion writer, and author. She has done extensive research on China’s economic rise and its global implications. Olga Pindyuk is an economist and country expert for Ukraine at the Vienna Institute for International Economic Studies.
 

The Russian Oil Dilemma 

The energy landscape in the EU has become volatile as more countries announce oil embargos against Russia. Poland became the first country in the EU to commit to decreasing its dependence on Russian oil and gas by the end of the year. Lithuania followed suit and has stopped importing gas from Russia since April 1.  

In response, Russia has doubled down with President Vladimir Putin signing a decree demanding payments for gas to be made only in rubles. This has received backlash from Russia’s biggest customers, Germany and France, as previous transactions were made in dollars or euros, and are considering their backup plans if Russia decides to cut the cord completely. 

What is the likelihood of Russia cutting off its gas supplies to the EU? 

According to Pindyuk, it would not be a rational move as the Russian economy is still badly impacted by Western sanctions. However, she warns that it is not totally impossible as Russia has cut off gas supplies to the EU before in 2009. “It lasted a few weeks and was quite painful for Eastern European countries, as they have the highest consumption of Russian gas,” she says. 

A number of countries in the EU still have a high demand for Russian gas, and although there are plans to explore alternative energy sources, it will take a long time. If Russia ever decides to pull the plug on its gas supplies, Pindyuk says it will be a detrimental move. “In the long run, this would be counterproductive for the Russian economy because it would accelerate the European move towards diversification from Russian fuel. It’s not so easy for the Russians to develop all the necessary infrastructure to supply gas to alternative locations,” she says.  

Mees echoes Pindyuk’s sentiment but says there is still plenty of uncertainty regarding a total oil ban on Russian gas. “The Europeans have difficulty agreeing on a total gas and oil boycott from Russia. But I think [businesses] should really take into account the possibility of President Putin cutting gas supplies, and how irrational it would be from a Russian perspective,” she adds.  

 

China’s Role in the War

China has not made any big moves to support the Russian economy due to fears of secondary sanctions. In fact, several Chinese financial institutions have already discontinued deals with Russian-backed firms and restricted financing for purchases of Russian commodities. However, China is still one of Russia’s biggest allies and has not openly condemned the invasion of Ukraine. Mees talks about the possibility of China being the last resort for Russia when it comes to gas supplies, but this transition will be difficult. “China will be happy to buy Russian oil, they already trying to do transactions in Yuan. Russia will have a problem because it will take time to have the pipelines to deliver gas to China,” she explains.  

Mees also believes that China will prioritize having good trade relations with the West. She says there is much at stake for Xi Jinping politically this year as he plans to hold his position as leader of China for life. “I’m not so sure that once he has been [elected] to lead for life that trade relations with China will stay the way they are. I suggest business leaders prepare for that,” she adds.  

 
For more on the initial economic impact of the war in the EU, check out our previous article, Impact of the Russia-Ukraine War on the Global Economy: What We Know So Far. Click here to read.
 

An Update on Ukraine’s Exports and Imports  

Ukraine supplies a substantial amount of wheat, corn, and vegetable oil to the EU. With imports coming to a halt, food prices in the EU have soared as there is difficulty procuring raw ingredients. European farmers are also feeling the pinch as prices of fertilizers have increased by 142% compared to last year.  

According to Pindyuk, Ukraine is doing what it can to salvage its economic situation. Prior to the war, more than half of its exports were exported through the Black Sea ports. Access to those ports is now completely blocked. “Ukraine is trying to find new logistics routes to transport its exports,” Pindyuk says. Not only is Ukraine’s infrastructure for exports important, but its ability to harvest crops as well. “Ukraine [recently] announced that it’s ready to do some agricultural work in regions which were affected by shelling, but it’s too early to say how successful this would be,” she adds. 

 

More Supply Chain Disruptions Expected 

Almost 300,000 companies in the U.S. and Europe have suppliers in Ukraine and Russia. The global supply chain has taken a turn for the worse, especially in the food production and metal industries. Geopolitical instability due to the war and existing disruptions from the pandemic are spreading supply chains thin. Companies have no choice but to rethink their supply chain strategies, find alternative suppliers, and consider reshoring operations.   

Companies [must] reassess the importance of political risks in their decision making. In terms of their investment decisions about supply chains and locations, these political risks will feature more prominently. There will be an increased urge to assure the resilience of their supply chains as sanctions won’t be lifted anytime soon,” Pindyuk says.  

It seems there is a new Iron Curtain being raised in Europe. The position that Xi Jinping so far has taken should give all businesses a reason to reconsider their own activities around the globe, especially in China. There may be some reshoring but I don’t think it will [happen] quickly. I think we will see businesses resorting to Europe, America, and maybe South America. If Ukraine joins the EU, it would be a wonderful place to reshore part of your activities,” Mees adds. 

 

Emergency Financing Needed for Ukraine 

Ukraine has shifted to a war economy and needs emergency financing as long as the war lasts. “The majority of the population still resides in the country, and the macro-financial situation at the moment is remarkably resilient. This will not last long because about half of the enterprises have stopped operating. Salaries are not being paid; credits are not being repaid. Now, practically all the banks have introduced credit repayment holidays, but the quality of their assets is deteriorating rapidly,” Pindyuk says.  

When the war ends, Ukraine could benefit from extra military aid and a Marshall fund to get the country up and running again. Mees says it is important that a recovery fund be put in place in the EU similar to the one set up during the pandemic, “which will be financed by issuing euro bonds for all the member states.”   

In Ukraine, the GDP per capita is far below other countries that joined the EU. There’s momentum for Ukraine to eventually join the EU. If that happens, Ukraine will become an attractive place for investments,” Mees adds.  

 

Despite ongoing peace talks between Russia and Ukraine, the war shows no signs of ceasing. Furthermore, Russia is expected to be hit with tougher sanctions in light of recent atrocities. Only time will tell the economic toll these additional sanctions will have on businesses and consumers worldwide.   

Posted on

Impact of the Russia-Ukraine War on the Global Economy: What We Know So Far  

Almost a month has passed since Russia’s unprovoked invasion of Ukraine. Sadly, the war and humanitarian crisis are not over. Governments, private companies, and financial institutions have responded to the war by imposing harsh sanctions against Russia. The domino effect of these sanctions has already begun, taking a huge toll on the global economy. During our session titled The Cost of War: Decoding the Economic Crisis on EU, Ukraine, and Russia, we were fortunate to host Artem Kochnev and Olga Pindyuk, economists from The Vienna Institute for International Economic Studies

Both Kochnev and Pindyuk have been doing extensive research on the Ukraine-Russia conflict over the past few years and are subject matter experts on the economic history of Eastern Europe, foreign trade, and financial markets. They give us a clearer picture of the current economic situation, its impact on major sectors, and strategies for leaders to maintain macro-financial stability in an increasingly volatile environment. 

 

Ukraine’s Economy Comes to a Halt 

Available data shows that more than 50% of the economy has completely stopped operating. This has happened in regions that are currently under direct military attack, as well as in regions with infrastructure destruction,” Pindyuk says. 

The Ukrainian city of Odesa, a major port and transport hub, ceased operations when the war began. Once known as the pearl of the Black Sea, Odesa has transformed into a fortress to prepare for a possible Russian attack. 

Pindyuk refers to the economic situation in Donetsk and Luhansk where the military conflict began in 2014, to assess the possible scale of economic loss of the current war. “In the first two years, the territory which was under attack and ended up not being controlled by the government of Ukraine lost almost 70% of GDP,” she says.  

However, the cost of an economic downturn and destruction of physical infrastructure is nothing compared to the loss of human capital. Pindyuk laments that the biggest loss is the “death, health deterioration, displacement, and worsening of living standards of the vast amount of people currently residing in Ukraine.” 

In terms of economic recovery, Kochnev says it depends on the length of the war. The shorter the war, the quicker the recovery, and vice versa. “The longer the time passes, the higher the chance that the skillful population; people who know how to do business, create products, and organize basic public services, will never come back,” he adds.  

The EU’s Support for Ukrainian Refugees 

Over 3 million people have already fled Ukraine – marking the biggest exodus in Europe since World War II. Poland has welcomed most of the refugees, approximately 2 million people. Refugees have also entered Slovakia, Hungary, Romania, and Moldova through the border checkpoints in Western Ukraine. Fortunately, Ukrainians who fled to the EU are allowed to live, work and study for up to 3 years in EU member countries under the newly enacted temporary protection directive.  

Pindyuk says the EU job market will benefit from the influx of Ukrainian citizens and mitigate the aging population issue in the region. “There is a vast network of Ukrainians who are already residing in the EU. If the refugees are here to stay, the chances of integration into the job market are quite high, especially given the fact that the Ukrainian population is on average, quite well educated,” she adds.  

 

Russians Brace for a Major Recession 

According to a recent study by the Central Bank of Russia, the country is going to experience a major recession this year,” Kochnev says. This is inevitable due to the combination of sanctions, high interest rates, rising inflation, and weak consumer confidence. “The consumer prices in Russia are skyrocketing by European standards. The median increase expected by the forecasters is about 20%,” Kochnev warns. Panic buying has been widespread as Russians grapple with shortages of imported goods and an impending cost-of-living crisis. Prices of food products such as sugar and bananas have already increased by 15%. 

Kochnev adds that “sanctions first hit the financial markets in the Russian economy, and we have seen a very strong depreciation of the national currency.” The Russian currency has already depreciated more than 100% (200 rubles per US dollar). A whopping Rb2.5tn was withdrawn from the Russian banking system during the first week of the war. Furthermore, many Russians who earn income in foreign currencies have been unable to receive payments since Visa, Mastercard, Western Union, and PayPal revoked their services. 

The sanctions regime is not going to be uplifted in the near future. I would not expect a quick and robust recovery [for the Russian economy]. It will be a sluggish recovery at best,” Kochnev says.  

 

Significant Effects on the Global Market 

Although Russia and Ukraine are relatively small economies, they account for significant shares of agricultural commodities traded globally, namely wheat and corn. “Ukraine alone exports about 10% of foreign wheat in the world and 16% of all corn. Together with Russia, they account for 30% of global wheat exports. The majority of these exports are geographically concentrated in the Middle East, Southeast Asia, and China,” Pindyuk explains. 

Countries in the EU may feel the pinch of more expensive goods, but Pindyuk points out that less affluent countries may suffer through “increased poverty rates and political risks due to worsening of living standards.” Pindyuk adds that Ukraine and Russia are big players in global metal markets, and the effects can already be seen in prices for many different metals and commodities.  

In addition, the future of energy in Europe hangs in the air with growing restrictions on Russian oil and gas imports. Kochnev expects “an increase in prices of key energy supplies, given the announced plan of the European economy to diversify their energy inputs away from the Russian suppliers.” 

Russia makes up around 40% of the EU’s gas imports. Gas prices in the EU and UK surged at the beginning of the war due to supply shortage worries but seem to have stabilized for now as Russia and Ukraine hold more peace negotiations. Nonetheless, this has not trickled down to consumers as they are still dealing with high energy bills and petrol prices.  

Earlier this month, the EU introduced a plan to remove its dependence on Russian fossil fuels by 2030 by focusing on renewable energy sources and increasing energy efficiency. However, the effects of surging gas prices are already in motion. “Our simulations showed that doubling the gas price would lead to an increase in inflation rates by 3.5%,” Kochnev explains.  

 

Mounting Inflation Rates in the EU

Consumer prices in the Eurozone unexpectedly increased by 0.9% on a monthly basis since the beginning of the year. Economists are predicting inflation will rise above 6% this month due to severe disruptions to the energy and commodity markets. Based on the official forecast by the European Central Bank, EU residents must prepare for an inflation rate of 8.5% by the end of the year. If this happens, Kochnev says it will be the EU’s highest inflation rate in decades.  

Inflation will impact each of the EU’s 19 countries differently. “Poorer countries are going to be hit a little bit stronger, and richer countries probably are going to fare a little bit better,” Kochnev says. Russian regulators and authorities are also keeping a close eye on the financial assets of European companies in the Russian economy. “They account for a significant chunk of the Russian financial market, at least in banking. Russia doesn’t want to lose management competencies to foreign companies. They don’t want to disrupt the consumer patterns in Russia, in addition to what has already happened,” Kochnev adds. 

In terms of trade, Pindyuk says there is no need to panic yet as “the effects are going to be quite small based on our estimates.” Based on her research, there will be a small decline in exports of air transport, mining services, other transport, machinery, and pharmaceuticals.  

What Happens if Russia Surrenders?

Kochnev talks about the effects on investors in the EU if Russia defaults on the war. He reminds us that Russia lacks foreign currency due to ongoing financial sanctions, especially the euro, which is the major currency of Eurobonds issued in the last six years.  

Russia has a very low likelihood of paying its debt obligations in foreign currency. If you have certain obligations in the Russian government or Russian companies, you will probably have to drop their valuations down to zero. You will have to cut your books and recognize certain losses, and then struggle for several months or years to recover those assets, transforming them from ruble to euro,” he adds.  

On the other hand, Kochnev cautions EU citizens that inflation rates are not likely to normalize this year. “The recovery in the EU after the COVID crisis has not finished yet. It is fair to say that inflation will stabilize in the second half of 2023,” he says.  

 

Navigating the Growing List of Sanctions 

According to Kochnev, compliance executives are working around the clock as sanctions against Russia and supporting regulations are being updated on a daily basis. Unfortunately, these sanctions are “not always very carefully elaborated, at least when it comes to the EU regulations.” 

Kochnev splits the sanctions into five categories to provide a useful framework for compliance departments:  

  • Symbolic — For example, media restrictions. “They are not going to have a very big economic impact; they just make the life of the Russian government a bit more complicated.” 
  • Individual — “Government officials, members of Parliament, and top businessmen, account for the largest number of overall sanctions.” 
  • Finance — “These are banks and operations with the Russian Central Bank and state-owned enterprises. This had a particular impact on the Russian financial markets.” 
  • Export bans — This includes arms, gas and oil equipment, and luxury items. “Gas and oil equipment is very significant because it affects the ability to modernize and explore new gas and oil sites and mining locations.” 
  • Import bans (fuels and metals) — These account for 60% to 70% of Russia’s exports. “So far, fuel restrictions were introduced by the United States and Canada because they do not import as much from Russia. The EU also recently introduced a ban on metals.” 
 

Three Key Risks for Industry Leaders 

If your organization conducts business with Russia, what possible risks might you face? Kochnev breaks down the risks in three areas: 

Compliance

“The sanctions list is being updated at least every day. This will be critical in the areas of banking, business and deposits, and investments in European banks. Check for the secondary effects of sanctions, taking the U.S. as the best-case scenario.” 

Regulatory

In European jurisdictions, trade has stopped in both Russia and in Ukraine. You will have to follow up on how to conduct new ways of trade and transfer money from one account to another if you have assets in these jurisdictions.” 

You will have to assess very quickly and carefully. What might asset freezing potentially mean? What are legislators in Russia and Ukraine going to do with imposing restrictions on moving capital and blocking accounts of certain companies?” 

Macro

Due to rising inflation rates, you will either have to reduce your limits when it comes to trading. If you are part of finance, you will need to start actively hedging. Sitting and not doing anything will probably expose you to huge risks and losses in your trading book. You will need to find certain investments that can compensate the losses.” 

 

While it’s still too early to gauge the full impact of the war on the global economy, the crisis has shown that organizational resilience and agility are more important than ever. Industry leaders must monitor the war closely and proactively make changes to their business when necessary.  

Posted on

The Challenges of Data Governance in EU: Two Years Into GDPR

On 25th May of 2018, the now-renowned General Data Protection Regulation (GDPR) was fully implemented across the countries in the European Union (EU).

Superseding the 1995 Data Protection Directive, the GDPR addresses the processing, protection and portability of personal data within the EU and the European Economic Area (EEA).

 

How does the GDPR impact businesses?

 

Not only does the framework provide more control to individuals over the use and collection of their personal data, it also streamlines data regulations for businesses that are operating in the EU or offering their services to clients located in the EU.

Core dna best explains which companies are affected by the GDPR in the diagram below.


 

Through the 7 principles of the GDPR – lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability, organizations are expected to control and process data, whether consumer or company information, in compliance with the regulations.

To clarify, businesses collecting customer data must document and have evidence of consent for every purpose the data will be used for.

 

“[The] generic consent or opt-out consent does not comply with GDPR. […] For example, if someone opts into email marketing, you cannot use this consent to send them a letter or call them or their company.”

GDPR for Business: What is GDPR and How Does it Impact You?

Digital Media Stream

 

What data does the GDPR cover?

 

The GDPR protects any private data that identifies a data subject (the customer), ranging from basic identity information and race or ethnicity to biometric data and political opinions. However, data that is irreversibly anonymous and unidentifiable is not considered as personal data and therefore, is not covered by the GDPR.

Thus far, the length of time a business is expected to store the data has not been firmly established, with the GDPR stating that the information should not be kept longer than necessary or required. In this case, organizations need to determine how long to keep the data based on either the national law or the purpose of the data collection and processing.

 

“Think about what is the purpose you want to achieve, and how long you will need the collected data to fulfill that purpose.”

How Long Should You Keep Personal Data?

Data Privacy Manager

 

The only information that can be kept for longer retention periods are data used “for archiving purposes in the public interest, and for scientific or historical research purposes or statistical purposes.”

 

Who handles the data?

 

According to the GDPR’s Recital 39, the data controller, an individual or company that controls the processing and purpose of data, is responsible for ensuring that the personal data are not kept longer than necessary, and for establishing time limits for data erasure or periodic review.

There is also the data processor, usually a third-party person or organization, that processes the data on behalf of the data controller, which can include implementing security measures to safeguard the data. The controller must ensure that the assigned processor has sufficient guarantees “to implement appropriate technical and organizational measures” in compliance with the regulation.

Based on the GDPR, the regulation requires companies to assign a Data Protection Officer (DPO) if they store or process data on a large scale or if they are a public authority or body. Either internally or externally appointed, the DPO’s responsibilities include:

 

  • Informing and advising the company and employees on compliance requirements;
  • Awareness-raising and training of staff involved with data processing;
  • Monitor compliance and conduct related audits; and
  • Cooperating and acting as contact point with supervisory authority on issues relating to data processing.

 

What challenges are businesses facing in being GDPR-compliant?

 

Although companies are expected to be GDPR-compliant by May 2018, according to research, only 20% have completed their GDPR implementations as of July 2018. More than 2 years later, 27% still have yet to start on GDPR compliance while 60% of tech companies are also not prepared for GDPR.

Many organizations faced, and are still facing, difficulties in their journey to become GDPR-compliant. From changing the way they handle customers’ data to tackling challenges in data retention and deletion, some businesses believe that the regulation limits their ability to operate efficiently or run a profitable company.

 

  • Lack Of Readiness

 

Complacency, lack of understanding, competing laws, unfamiliarity with data processes and usage – these are some of the reasons behind organizations’ lagging or partial compliance with the GDPR. 

Research also stated last-minute data identification and other preparations in the final months before the deadline as another possible reason for the lack of readiness.

For most businesses, both big and small, it has been no simple feat to juggle the different aspects of being GDPR-compliant, from consolidating the data gathered over the years, training employees in data management, and hiring the different required roles, including talents in GDPR program design and implementation.

It’s even more difficult for international companies that need to comply with differing data privacy laws. And more often than not, all the complexities have led businesses to hiring individuals or companies to specifically handle compliance.

 

“My concern is that in the rush to be ready for the GDPR before 2018, and indeed since, many companies have engaged with individuals or organizations which haven’t given them proper advice with regards to their requirements.”

– Brian Honan, CEO of BH Consulting,

GDPR: The First Two Years and Future Challenges

 

In fact, according to TrustArc, 87% of companies needed help with GDPR and used external firms to understand the regulations, to gain tools and tech for automation and operationalization of data privacy, and new policy and process creation.

 

Solution tip: Break the regulations and processes into manageable tasks. Conduct a risk assessment to identify compliance and data security gaps, and establish a formal data governance program to map the type of data collected, its purpose, usage and storage, and how it’s shared.

 

  • Control of External Parties

 

Based on the GDPR, all third-parties that are accessing or will access the data of the controller, including vendors, partners and external data processors, must be in compliance with the regulations.

As Ian Evans, the Managing Director for EMEA at OneTrust, aptly put it, “You now have the obligation to ensure that the people you contract with – and who undertake processing on your behalf – are also going to represent you and your views on privacy as well.”

So how should companies maintain data governance and control arrangements of third-parties?

All contracts with third-parties should be revised to define the data processes, including:

 

  • How information is used, managed and protected;
  • How breaches are reported;
  • What are the customers’ rights;
  • Acting only as per documented instructions;
  • Agreement to not contract a sub-processor without prior approval; and
  • Returning or deleting all data at the end of the contract.

 

Not only do businesses need to ensure that the external firms follow through on the privacy commitments, they’re also required to know their vendors’ privacy policies and ascertain that they have appropriate security measures in line with data protection compliance.

It should be noted that a data breach occurring at a third party or caused by a vendor is a shared responsibility between the parties – the processor must notify the data controller of the breach, and the controller, in turn, is expected to report the incident to a GDPR regulator within 72 hours.

Furthermore, the controller is responsible for informing the data subjects, or customers, of the breach, where the DPO will act as the point of contact between the controller, the regulatory office and the customers.

 

According to Soha Systems, 63% of all data breaches can be linked directly or indirectly to third parties. Additionally, only 37% of controllers believe that they will be notified by the vendor if there was a breach of data.

 

However, less than 20% of companies feel confident in being able to report a breach within the stipulated time while it was discovered that only 45% of EU companies made an effort to report such incidents.

 

Solution tip: To avoid the heavy costs of a vendor data breach, it’s best to have a solid vendor risk management program with strong technology and clear policies and procedures. Detailed audit records and processes also help to catch any issues before they escalate into a breach.

 

  • Data Deletion and Minimization

 

According to Symantec’s State of European Privacy Report in 2016, 90% of organizations believe that deleting customer data will be a challenge for them in regards to GDPR compliance while 60% said they are not equipped with an existing system to delete the data.

As the GDPR dictates businesses from holding unnecessary data and storing data for long periods, companies were determining what data to keep and the data retention period. Since the regulation also provides data subjects the right to data erasure, organizations also need to find the best solutions for permanently removing personal data.

The issue is that some companies may not know where their data is stored within the organization, thus making it difficult to locate and delete the data. There’s also the problem of backups, so how are organizations expected to erase personal data that is “often scattered across multiple applications, locations, storage devices, and backups”?

 

 

Aside from data deletion, data anonymization and pseudonymization are data minimization techniques that are used by businesses to comply with the regulations.

Data that has been anonymized disables the data subjects from being identified, and is excluded from the GDPR regulation as it’s no longer considered as personal data.

On the other hand, data pseudonymization “replaces personal identifiers with non-identifying references or keys”, preventing the identification of the data subject without the key. But data processed using this method is still regulated under the GDPR as the data subject can be re-identified through additional information.

While companies are using these methods to protect their data assets, organizations must ensure that they still comply with the data purpose limitation in Article 5 of the GDPR.

 

Solution tip: Implement automated data discovery software or machine learning technologies that are able to keep track of all the data in the organization’s databases, data lakes and legacy systems. Carefully review if anonymized data is possible for the company’s data use before implementing any anonymization solution or automated erasure software.

 

  • Data Security

 

The COVID-19 pandemic brought many challenges to organizations, one of them being the rise of data breaches as remote working continues to be the norm for companies. In fact, the months between March and June 2020 recorded more than 470 data breaches, pushing CIOs, CISOs and other C-suites to strengthen their cyber security strategies.

Breaches not only indicate a lack of data security, whether on the controller or processor’s part, but can also lead to hefty GDPR fines of up to €20 million, or 4% of the company’s total global turnover.

Reputation damage and loss of customer confidence are other consequences of such incidents, which can be hard to rectify even after containing the breach, seeing as “57% of consumers don’t trust brands to use their data responsibly”.

From low employee awareness of cyber threats and lax online behavior to unsecured endpoints and external access, there are many security gaps that hackers can utilize to gain access to a company’s data. 

 

“Data security does not equal data privacy, but it is an integral part in achieving it.”

– Paige Bartley, Senior Research Analyst at S&P Global Market Intelligence,

Expert Interview: Paige Bartley on Data Privacy

 

CIOs are already focusing on maintaining system security while employee training is a topmost priority for 92% of C-suites, according to our findings.

 

Solution tip: Update policies regarding the access and handling of data when managing it externally, and increase training of employees on the new policies, online safety and rising cyber threats. Limit data access to only authorized personnel, and implement systems to detect illegal access.

 

How should companies stay GDPR-compliant?

 

Executive leadership is vital in ensuring the organization remains compliant with the regulations.

While data compliance and cyber security may be in the realm of the CDOs, CISOs and CIOs, all stakeholders that collect and use customer data should be involved – from marketing and sales to finance and operations – along with the assigned DPO.

Clear and detailed procedures must be established and periodically reviewed to ascertain that the processes continue to adhere to the GDPR. This not only includes the handling and use of the data, but also in answering the requests of data subjects exercising their rights.

Furthermore, organizations should demonstrate accountability and transparency in all processing activities, which extend to keeping records of risks and compliance progress, maintaining a strong data protection and breach response plan, and ensuring the continued compliance of external parties.

Although companies might lament over the obstacles and concerns of being GDPR-compliant, studies showed that among the businesses that have implemented their compliance processes, 74% of organizations say the GDPR has a beneficial impact on consumer trust while 73% believe the regulation has actually boosted their data security.

Overall, the GDPR is showing a positive effect on businesses, especially for companies that show they value the privacy of their customers.