The EU AI Act: New Legislation for Reliable and Compliant Generative AI for E-commerce
iAdvize

The Artificial Intelligence Act is a data law that was recently passed by the European Parliament to establish a regulatory framework for the use and creation of artificial intelligence systems. This is the first time a major regulatory body, like the EU, has addressed AI and its uses so comprehensively. Its goal is to ensure that AI applications are safe, ethical, transparent, and respectful of fundamental human rights. This new regulation incorporates all the considerations our legal team has been intensively working on since the integration of generative AI into our products. In this article, you’ll discover their analysis and vision for safe technology in the service of e-commerce.
Preparing iAdvize Copilot™ for Compliance: What Was Done Prior to the EU AI Act
The AI regulation project is not a recent development. In fact, it predates OpenAI's introduction of generative AI to the general public. After years of deliberation, research, and analysis, an official proposal for the act was made in April 2021.
From the initial integration of AI for e-commerce retailers on its platform in 2023, iAdvize has worked to proactively respond to and keep up with changing data compliance regulations, like the AI Act, the CCPA, and the GDPR. Once aware that this new regulatory framework would be put into action, we began incorporating its compliance standards into our AI customer solutions. This ensured that all iAdvize products would be aligned with the most up-to-date best practices and laid the groundwork for full compliance once the act was adopted.
Our integration of all the EU AI Act’s provisions demonstrates our commitment to being a responsible AI provider and highlights the importance we place on using this technology in a regulated and ethical way. This is also why our AI shopping assistant, iAdvize Copilot™, was developed with the concept of 'Trusted Generative AI' in mind, ensuring it meets all necessary data security and privacy standards required for e-commerce businesses.
Key Contributions of the EU AI Act and Positioning of Our Trusted Generative AI
Officially passed on May 21, 2024, the act’s main purpose is to classify high-risk AI systems and high-risk applications, ranging from minimal to unacceptable. This hierarchy allows regulators to focus their efforts on uses that are most likely to impact the safety and rights of citizens.
When classifying our iAdvize Copilot™ solution according to the AI Act’s divisions, we found that, because it’s considered a chatbot powered by generative artificial intelligence, it falls into the ‘limited risk’ category.
This meant that, according to Article 50 of the AI Act, iAdvize must implement transparency requirements in the form of clearly informing users about the presence of AI, its functionalities, and the security measures in place to protect their data and respect their privacy.
By emphasizing transparency, data security, and respect for individual rights, we build trust with our users and stakeholders and ensure that our generative AI is not only technologically advanced, but also safe and aligned with our values.
How iAdvize Complies With the Requirements of the EU AI Act
The act is an opportunity to innovate responsibly in the field of generative artificial intelligence. At iAdvize, we see the regulatory framework established by this legislation as a competitive advantage. It guides us in deploying new features that not only comply with legal requirements, but also ensure the security and data protection of our clients.
To comply with the requirements imposed by the AI Act, our solution incorporates three key features:
1. Personalization of Introductory Messages
When shoppers visit one of our client’s e-commerce websites and start using our AI tools, personalizing the first message they receive is essential for establishing transparency.
We recommend explicitly communicating that the interaction they’re about to have is with an artificial intelligence model. This ensures that site visitors are immediately informed about what they can expect from their conversations with companies, and enhances their understanding of AI-generated responses, which improves the overall customer experience.
This first step can be complemented by providing more information to online shoppers through the customizable "legal notice" found within the live chat.
2. Customization of Legal Notices
When using our solution, iAdvize allows you to customize your chatbot’s legal notices, giving users greater clarity on how their data is being processed by the brand they’re chatting with.
This customization ensures that users are well informed about our data management practices and enhances trust in the service we’re providing. It’s crucial that this information is clear, accessible, and comprehensive, so users can make informed decisions about their interactions with the AI.
However, written information is not always the most effective way to quickly convey messages to visitors. This is why iAdvize also created a specific design for our iAdvize Copilot™'s user interface.
3. Transparency in AI Chatbot Design
The interface design plays a crucial role in how users perceive and accept AI. iAdvize has developed specialized designs to clearly signal to site visitors that they are interacting with artificial intelligence. These design elements include icons, colors, and layouts that differentiate an AI-managed conversation from a human conversation.
These choices help prevent potential confusion and ensure that shoppers understand from the beginning that they’re receiving assistance from artificial intelligence. This can positively influence their reception and interaction with the system, as they adjust their expectations accordingly.
Other Essential Data Privacy Regulations: ISO 27001, CCPA, GDPR
As mentioned earlier, compliance is at the heart of our product development process. Going beyond the basic requirements of the AI Act, we incorporate transparency features that enhance trust and clarity for our users. These features not only meet the minimum standards but also allow our clients to manage data processing and maintain complete control of the AI tools.
Our commitment to compliance extends to adhering to all data protection regulations, such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States. This global approach is crucial to ensure our solutions are reliable and secure on an international scale.
Additionally, our commitment to data security and privacy has been reinforced by maintaining ISO 27001 certification for several years.