Flick Fisher on the EU AI Act and Its Impact on US Companies

Michael Koenig: This episode of between two COOs is brought to you by fellow the only all in one meeting management platform, helping you and your team have fewer, more effective meetings. Thousands of companies like Shopify HubSpot and MyFitnessPale use fellow to solve their meeting problem by offering integrated action items, collaborative meeting notes, and AI recordings and transcription. Fellow helps teams and organizations get more done with less. Organizations leveraging Fellow are seeing an average savings of seven hours per week per manager. Between two COO's listeners get five free AI meeting recordings. Go to fellow. co To start your free trial and start having better meetings today.[00:01:00] Hello and welcome to Between Two COOs where phenomenal chief operating officers come to share their knowledge and advice. I'm your host Michael Koenig and I'm shaking things up today. I was digging around the show analytics and one of the most popular episodes actually wasn't even with another COO. It was episode 26 on data privacy and GDPR with Flick Fisher. a European Privacy Specialist and partner in FieldFisher's top ranked Privacy, Security, and Information group, and one of Global Data Review's top 40 under 40 data privacy lawyers. Throughout my career as a COO, I've dealt with a ton of legal stuff, so it makes sense that an episode on data privacy and GDPR would be one of the most popular. That in mind, I'm excited to launch a new recurring spot called The Legal Opinion, where we'll chat with extremely talented attorneys like Flick on some legal topics that COOs need to be aware of and with that all said, I'm excited to welcome Flick Fisher back to the show. Flick, welcome.

Flick Fisher: Yeah. Thank you very much. Great to have to be [00:02:00] invited back.

Michael Koenig: You'll always be invited back. So last time we talked, we explored the intricacies of GDPR and data privacy. That was before generative AI exploded on the world. I imagine that has shaken things up. How has the EU reacted?

Flick Fisher: Yeah, it definitely has shaken things up. And this podcast is extremely timely because we've just had a kind of final version of the EU AI Act, which has been leaked, it was leaked earlier this week. Um, and just taking a step back, this new act is the first legislative, uh, you know, law out there to, and an attempt to regulate AI for the first time globally. So I don't think we've got any other, uh, similar attempts worldwide to regulate AI. The EU is the first to kind of take that step forward. Um, and we have the first piece of law. And it was [00:03:00] agreed back in December off the back of some really complex and long winded sort of discussions between the European Parliament, Council and Commission. And we had a provisional agreement on the new Act back in December. And we were kind of waiting for the final draft to be published and kind of come into force. Someone leaked it on Sunday, which caused all of us privacy lawyers to go into a frenzy yesterday, reading, uh, the new act. Uh, so really excited to kind of dig into that and to give you some insight into what it says, what it means for people who should be concerned about it, who shouldn't, um, yeah. So we can get stuck in.

Michael Koenig: Awesome. And I'm trying to understand. So yesterday, if you were trying to reach a privacy attorney, they were probably just not taking calls even because they were reading and just so enthused.

Flick Fisher: Well, they definitely would have been taking calls because we're always happy to hear from clients. But yes, the nerds amongst us would have been reading through the hundreds of pages of the new EU AI Act. [00:04:00] Now, of course, we've been following many European privacy lawyers like myself, we've been following this act as it's worked. its way through the legislative kind of process. Um, it's a piece of legislation that kind of owes its origins back to 2021, when we saw the kind of first, uh, iterations of the act. Um, and it's kind of been interesting to watch because the act was kind of put out there, uh, before we had this massive explosion in generative AI. So a lot of. agreement and sort of work had been done on the act. But then we had OpenAI and ChatGBT explode onto the scene and grab the headlines. And all of the regulators suddenly thought, hold up a second. I think we also need to include some provisions that not just regulate general kind of AI, uh, but we also need some specific provisions that factor. between all the unique privacy risks, um, and other societal risks that generative AI kind of presents, uh, to European consumers. And so a lot of the holdup actually, and a lot of the [00:05:00] sort of last minute negotiations were kind of over what some of those, uh, provisions and, and how we were going to regulate generative AI in Europe. Um, but what we have is a horizontal piece of legislation, which means the AI Act applies to all AI, but what it does is it applies accepting that not all AI is equal in terms of the risks it presents. It takes very much a risk based approach to legislating. So we've got certain types of AI systems. Laura said it's absolutely unacceptable those types of systems and we're going to completely ban them. So there's a bunch of AI that's now prohibited or will be prohibited under the Act when it comes into force. Um, and then we've got a sort of second bucket of AI systems. where the, where the legislators have accepted that these should be treated as higher risk types of A. I. given the potential threats that they pose to people's fundamental rights or safety concerns or [00:06:00] environmental concerns. Um, and so we've got a higher risk. bucket of AI, and then a sort of acknowledgement of other types of AI, which might have limited or minimal risk, where there is minimal attempts to regulate it, but some provisions there. So the bulk of all of this sort of law is really focused on people who are, um, providers of high risk AI systems, which is where the law has said, uh, we need to impose, uh, certain additional requirements now, really with the aim of making sure that Europe is, uh, kind of leading the way in, in requiring that people think about designing transparent, ethical, safe, and environmentally friendly AI. And that's really the whole goal here.

Michael Koenig: And the reason we're talking about Europe also just for listeners is that Europe moves more quickly than the U. S. and Europe also has a high degree of value on personal privacy. So what happens in Europe tends to be a model, but also for U. S. companies, you have to abide [00:07:00] by. European regulation if you're selling to the EU, so this is relevant in either direction And that's why we're talking so much about the EU so flick two questions the first Can you give us an example of what is considered higher risk and what is considered minimal risk? And then I think, let's dive into the AI Act and what

Flick Fisher: we learned. Yeah, absolutely. And just to kind of pick up on your point around sort of, um, the impact of European legislation, here we really see the Brussels effect potentially working its way. We, the GDPR was a kind of landmark piece of privacy legislation that, uh, essentially ended up. creating a global privacy standard given its extraterritorial effect. And we saw many jurisdictions off the back of that law coming into effect and it's sort of doing copycat GDPR like laws and companies bringing and elevating their compliance to meet GDPR standards. So it became that de facto, um, sort of standard for, for good, uh, privacy compliance, the [00:08:00] question is, will we see that happen with the EU AI act? And I think it's definitely the sort of intention behind this regulation is that it. It's the first of its kind and the thought is that this is going to set a kind of global standard for the way in which we should all, all providers and users of AI systems should be factoring in a number of societal concerns and risk related concerns. Um, it has extra territorial effect much like the GDPR. So even if you're not based in Europe, if you are designing systems that will be used in Europe by European consumers or the outputs of those systems could be used, then This act is going to apply to you. So very important that we could see this having a similar effect to the GDPR in terms of setting a global standard. And you're right. We've not seen many other jurisdictions out there, um, you know, yet implementing the same kind of horizontal legislation. The U S has. So we've got the New York City law, which is focused on, um, you know, [00:09:00] bias assessments if you're doing certain monitoring in the context of recruitment related activities, but we've not seen any kind of federal attempt yet. There are lots of state laws focused on things like insurance or. particular sectors like credit monitoring and things like that, or health related, you know, use of AI in a health context or in the context of elections. This is very much a groundbreaking piece of legislation because it's applying across the use of AI systems and potentially has global impact. To answer your specific question about risk, so, The sort of types of things which are going to be regulated as high risk really include things like the use of AI systems in an employment and recruitment context. So if you're using an AI system to make employment related or workplace decisions about people, who should be promoted, who shouldn't, who should we select as a candidate. It's also going to be, uh, the use of like biometric systems, um, The use [00:10:00] of any kind of AI system for immigration and asylum related use cases, that type of things. We're really looking at really kind of all the use of AI systems for critical infrastructure, uh, in, in that scenario. So those, those types of, of scenarios. We've also got this long list of, um, AI systems, which are going to be completely outright prohibited, um, because they are deemed to kind of present an unacceptable risk. And that's really things like emotion recognition systems in the workplace or, or in, in, educational context, um, any kind of biometric categorization system, which is using sensitive characteristics, or a kind of clear view type scenario where we're scraping lots of facial images to build a facial recognition database, all not going to be something that's tolerated in, in Europe anymore. Um, or if we've got kind of, uh, a scenario where we're building certain, you know, products where we're using AI systems, it could be really [00:11:00] manipulative in the way that we're trying to deceive people through subliminal techniques or manipulative ways. So think a toy that's directed at a child that's trying to kind of manipulate them in some way. The other bucket of sort of high risk scenarios or systems also includes those that are currently subject to the product safety legislation in Europe. So think toys, aviation, that kind of stuff.

Michael Koenig: Flick, we've had this leak happen. What have we learned? What is surprising? and what is just generally interesting. Yeah,

Flick Fisher: I mean, uh, the sort of, um, leaked draft really reflects a lot of what we had seen in the, in the version everyone was looking at back in June, uh, 2023. But there are some interesting new, um, provisions in there. I think everybody is hyper focused on the definition of what constitutes AI under the Um, and there is some history to that. So in the original proposals, [00:12:00] there was a very broad definition which potentially included pretty much any type of software which had an analytical, statistical kind of focus. Um, now we've got a, a definition which really reflects what the OECD had always put out there, which is, you know, machine based systems that are designed to operate with varying levels of autonomy, really talking about sort of anything which has, which involves machine learning. But where the debate has kind of kicked in is that there are some nuances. So that definition, which clearly reflect a sort of desire to make sure that we're heavily and reflecting generative AI, um, in the definition. But some are criticizing it and saying, hang on a second, we now kind of got a definition which potentially doesn't actually capture all types of AI systems. So things like rule based AI systems, potentially excluded from that definition now. And that's where I've seen quite a lot of the early debate. There's also, um, in the new, um, or the leaked version, [00:13:00] confirmation that things like open source software is going to be exempt from a lot of the requirements, um, unless that open source software is really being used for high risk type scenarios. If it's being used, um, for employment, immigration, critical infrastructure type scenarios, or for that. within those products that are governed by existing product safety legislation. Um, but a lot of people happy to see that's some wriggle room there for the open source side of things. We've still got, um, provisions in there which are regulating kind of, um, foundation models or what we call general purpose AI. But, and this isn't really new, but it's important to know that there's a kind of two tier approach to regulating that general purpose AI. So we've got, um, you know, your bog standard foundational models, so think ChatGBT and other things. There's basic rules that are going to apply to those, any kind of generative AI model. So they're going to have to adhere to certain codes of practice, [00:14:00] etc. But if you are doing or have, um, general purpose AI models that have been classified as, um, you know, involving some kind of systemic risk, they're going to be subject to more stringent obligations. So they're going to have to conduct model evaluations, they're going to have to assess and mitigate systematic risks, do adversarial testing, provide certain information to people who are going to be using these models. So there's going to be certain transparency obligations. And if you yourselves are using those general purpose models as a user, then you're going to have to make sure that you are factoring in the transparency that's provided into your own risk assessments and things. And then there's kind of energy efficiency requirements as well for those models that present more risk. So we've definitely got confirmation in the final text that, you know, generative AI models definitely clearly regulated there. Um, but I think it's important to take a step back. Obviously, this is an act that's received enormous attention AI getting [00:15:00] regulated. Um, but I think for the bulk of, of companies out there, actually, a lot of this is not necessarily going to apply directly to you. Um, if you are not a provider of a AI system that is high risk, then really you're just looking at pretty basic or light touch requirements that would apply to other types of minimal risk AI focused on transport. Transparency and making sure that you've got good governance in your organization so people understand and are literate on AI related issues. But really the bulk of these obligations is going to fall on those guys who are, are developing AI systems in those high risk areas. And if you're just a user of those systems, then the law is pretty light touch. You've got things you're going to have to think about, but it's relatively light touch compared to the obligations that apply to people who are actually developing these systems.

Michael Koenig: Now in terms of the users of AI, are we talking about consumer users or business users and is there a difference in just how they're

Flick Fisher: treated? So we're talking about anybody. [00:16:00] So there's kind of like two definitions really that you need to be aware of. We've got this concept of a provider, which is really a person that develops at the AI system as I mentioned. So think Google, Microsoft, Meta, OpenAI, Anthropic, those guys. Then you've got this concept of a user also known as a deployer. It's really a company that operates or implements or integrates that AI system. So it's really any person under whose authority The system is used. We're really talking about the, the sort of, I guess we're principally talking about the, the companies who are using those AI systems that have been provided by the providers. So I think Microsoft would be the provider if you're using Copilot in your organization, you're going to be the deployer there, the user. You

Michael Koenig: mentioned open source as having an exemption. Can you tell me a little bit about that? Yeah,

Flick Fisher: so we're really a lot of this is really focused on the sort of general purpose AI models. So if those are provided for free, and [00:17:00] in an open source way, then a lot of the provisions that require that are applicable to those general purpose AI models, you know, thinking, um, about some of that, um, model evaluation requirements, data governance requirements, incident reporting requirements and transparency requirements, won't apply to those who have got those free and open kind of models available to people, except if the models are to be used in those high risk. So it's kind of a sort of um, acknowledgement that a lot of the transparency around how those models have been developed should already be out there with those open source models. So they've got a little bit more wriggle room there, um, and aren't as heavily regulated.

Michael Koenig: We'll be right back. Okay, does this sound familiar? You wake up, take a look at your calendar, and see it's filled with meetings. Project meetings, stand ups, weekly check ins, one on ones, town halls, and those are just the internal ones. Some are productive, but some are a total waste of [00:18:00] time and treasure. Be honest with yourself. How many times have you thought this meeting could have totally been an email? I bet a bunch. Now consider that in the U. S. there are 55 million meetings happening each day and 85 to 90 percent have no agenda. Fellow is on a mission to solve the meeting problem by offering the only meeting management tool that covers every part of your meeting workflow. By offering 500 meeting templates, integrated action items, collaborative meeting notes. An AI recording and transcription fellow helps teams and organizations get more done with less between two COOs listeners. Yes. You get five free AI meeting recordings. Go to fellow. co to start your free trial and start having better meetings today. Now, the general purpose AI, or those foundational models, are those falling into higher risk or minimal risk categories, just by the nature of being the building blocks for everything else?

Flick Fisher: [00:19:00] Yeah, so they can be. So, um, it depends in many ways, um, in the context in which they're used. So, um, If they're not, you know, they're not automatically treated as high risk, although you've got this two, as I mentioned, this two tier approach, so certain general or foundation models will be treated as, let's call them higher risk or involve more systematic risk is the real terminology. Um, if, um, they have, you know, been, um, designed, well, I think it's 10 to the 25 amount of computational flops is how we're defining them. So if, um, they've been, you know, the amount of energy it's basically taken to the train them has involved a certain amount, then they're automatically considered a riskier bucket of foundational model or will be subject to more stringent requirements. And then there's this whole concept of, well, if the model is being used in a scenario which we decide is high risk. So in those categories, which I mentioned, so in an asylum context and an employment context, then yes, it could [00:20:00] end up tripping into the high risk category as well. Um, the other thing that you should also be aware of is that if, you know, most users of these models, again, will be subject to relatively light touch requirements, but if they make really substantial changes to that model, you know, in terms of the, um, you know, uh, making them a bespoke model and it's a significant change, then they themselves could end up becoming a provider of that model and being subject to additional requirements. So you've got to be quite careful about how you deploy the models if you are doing a lot of work on those models. Then you could end up flipping from being just a user where your obligations are more light touch and focus on transparency and good governance around the way you're using those models, to actually having to do more significant work to justify or be able to use those models compliantly if you suddenly become a provider.

Michael Koenig: So if you're OpenAI, if you're Anthropic, and you're reading this. Are you

Flick Fisher: happy? Good question. I mean, [00:21:00] I think those companies have all, you know, certainly publicly said that they're all in favor of good regulation of AI. I think there is genuine concern that has been raised that, um, Europe may potentially stifle innovation through some of its legislative attempts. Has it gone too soon with some of the stuff? Is it not flexible enough to allow for, you know, innovation in the space? There are some major concerns there. Um, is there enough freedom for people to properly train and develop these models without being caught? You know, there are exemptions from the, the whole act, um, for work that's being done on models. you know, before they're put onto the market. So all of that pre work isn't necessarily caught by the act. And we're really talking about looking at them in the, in the context of their, uh, deployment in certain scenarios. But yeah, I think people will, you know, OpenAI Anthropic are going to have a huge amount of work here to be able to comply with these requirements. So they may, you know, may ruffle some feathers in those [00:22:00] organizations and they may feel a bit of concern. I think some of the challenge. is that the law talks about, well, there's going to be codes of conduct, there's going to be risk assessment frameworks, people are going to have to be mindful of. We don't have sight of those codes of conduct yet. We don't really have a collective agreement on how to assess some of the risks that we know we need to assess when we're using AI. And so some of this is actually probably going to require some sort of global effort to agree on standardized frameworks for doing some of these, you know, risk assessments that the law is now going to require people to do if you're designing, developing, and in some cases using these AI systems. Um, so yeah, there's a huge amount of uncertainty at this point, and I should say that even though we've had a leaked draft, we know that, um, the law will hopefully get final approval in the next few weeks, there's still a lot to be worked out in terms of how to practically comply with some of these requirements. There'll be a phased approach to its implementation, [00:23:00] so we won't all be subject to these requirements as soon as it comes into force. You're going to have six months from the date it enters into force to stop using those prohibited AI systems. And then you're expected to comply with the general purpose AI provisions within 12 months. But then you've got 36 months to sort your compliance out if you're using a high risk or you are a provider of a high risk AI system. So a bit of time to get up to speed and figure out, um, you know, and embed the compliance you're going to need to have in place.

Michael Koenig: And the banned systems? Is that just going to be effective

Flick Fisher: immediately? Six months. So you're going to have six months to get that, yeah. And that's going to attract the highest fines. So if you fail to sort of identify the use of prohibited systems in your organization or you're designing and implementing those, um, systems as a, as a provider, then you could be hit with a 35 million euro fine or 7 percent of global turnover. And the fines then kind of go down based on the risks, um, you know, the [00:24:00] risk of what you're doing. But the top fines are 35 million euros.

Michael Koenig: This is flying in terms of speed. I feel like it's moving much more quickly than GDPR. Is that correct? Is that a fair assumption?

Flick Fisher: Well, the GDPR took a hefty six years to negotiate and has taken many companies, uh, I mean many companies still working on their GDPR compliance, but yeah, this is, as I say, it kind of, um, owed its origins to a framework that was published back in 2021. So, You know, I guess relative to the GDPR, it's actually gone quite quickly, this legislative uh, proposal. We, you know, many of us were sceptical as to whether or not it would get agreed before the end of last year, and they rushed to get it agreed. There's a huge momentum here. In Europe to, um, you know, be the first to sort this out and, and, and to be a leader globally in terms of regulating AI and to be an innovation hub as well. Whether or not those two sort of, um, objectives will align. Are we going to [00:25:00] stifle innovation through this act? Are we going to stop people having the same, you know, European consumers may not get as much access to some of these systems, um, as others as a result of this act, we'll wait to see. But I, I predict that this is going to set a global standard that people are, you know, other countries are going to look to, to, to address compliance with AI requirements. The other. Awful scenarios that we get huge fragmentation and everybody's trying to grapple with all kinds of different governance frameworks and requirements, uh, that get published and that may emerge as well. Um, so we'll, we'll see, but I'm, I'm hopeful this will kind of inspire and set the standard.

Michael Koenig: Can't really think about this without thinking back to social and how everyone has been catching up to, put the toothpaste back in the tube, which you can't really do. And. I can't help but think that, almost regulators want a second crack at this and are looking at AI as the perfect opportunity and rightfully so it's even [00:26:00] it has the potential to be even more damaging than social.

Flick Fisher: Yeah, I mean, I think there are genuine real world harms that regulators here are trying to regulate to protect consumers. And in Europe, we're always trying to protect people's, you know, we're talking about European residents fundamental human rights here. Um, we're trying to make sure there is transparency and there's thoughts for ethics and, you know, environmental considerations. And so we're really trying to design and make a law that forces people to think about the risks that could arise from the use of these systems in, in certain scenarios. And of course, the law is always going to be trying to keep up because this is, as you've already mentioned, an incredibly fast moving base in terms of the innovation and development of speed with which some of this technology is evolving. So we hope that the law in having these sort of risk based approach is going to be flexible enough to, um, sort of be there to regulate, uh, AI systems as they evolve and develop, but we'll wait to see. [00:27:00] Yes, it's going to be interesting to see how all of these requirements are going to be complied with in practice, what it's going to mean for people's experience of AI systems in Europe, whether it's going to stop them, you know, getting the same updates and, uh, as others around the world. Will China end up leading the way because it has, is regulating in a different way? We'll wait to see, but, um, it's certainly, um, interesting to follow this act and to see how people are going to. you know, ramp up to meet these compliance requirements, which are hefty if you're caught.

Michael Koenig: And you've mentioned a word that we often think of, as an afterthought, which is the environmental impacts. Can you tell me a little bit about that?

Flick Fisher: Yeah, I mean, um, for some of the, there's some consideration, um, in the law for having to, to think about energy efficiency when you're designing and developing AI systems. So there, there's some nod to that in the law as well. And that people who are developing those high risk systems are [00:28:00] going to have to be mindful of as well. So, you know, I think it's a, it's a smaller part of the legislation. The bulk of the provisions that apply to those high risk, uh, systems providers are really about kind of, um, thinking almost along product safety lines. So it's Like, in many ways, it's a product safety legislation for AI systems and so we're going to see requirements around conformity testing, risk assessments, data governance, thinking about the quality of the data that's used for training, ensuring there's some level of human oversight by suitably qualified people in the development of these systems, so there's going to be new jobs for people. new governance requirements. Um, there's going to be requirements to keep certain technical documentation throughout the life cycle of the development process and to be providing that to people who are using these systems so they can do their own risk assessments. So, it's going to be a whole uh, joyous compliance project for those high risk [00:29:00] providers. They're going to have to do a huge amount, they're going to have to ramp up, they're going to have to do those technical assessments, they're going to have to get on the European database to flag they have a high risk, uh, system and they're going to have to design with transparency and energy considerations and ethical considerations in mind, all of which is great for consumers will hopefully, we'll just see how it sort of impacts the, um, The innovation, I guess, in the space.

Michael Koenig: And what's interesting also is, I believe it was Sam Altman who called for, comparing this to, nuclear energy and having something akin to the International Atomic Energy Agency going out there and assessing, and looking at different foundation models, does this act start to support that?

Flick Fisher: Yeah, so there's going to be new, uh, bodies that are going to be set up to sort of oversee the act and to help with coming up with guidance and supporting people understanding what risk assessment looks, looks like. And so there's going to be a whole regulatory regime that's going to need to be set up to [00:30:00] back this up. Um, supported by codes of conduct, standardised contract templates, things like that. So there's a huge amount. be worked out here and to be set up in terms of, um, compliance infrastructure, um, to, to manage all of this. So yeah, we're going to see new bodies, we're going to see potentially new regulators or existing regulators being, you know, additional tasks being added to their day to day jobs. And we're going to see internally new compliance roles arising for people who understand AI governance.

Michael Koenig: What else do we need to know about the Act? at this point.

Flick Fisher: Yeah, I mean, I think if you're an employer and you're going to be using any of those higher risk systems to do kind of employee type monitoring recruitment related activities to help you sift through candidates, determine who's up for promotion, who isn't. If you're doing any of that, then those types of AI systems are going to be deemed higher risk. And so if you're using those systems, you're [00:31:00] going to have to provide much more transparency to your employees to let them know that you've been using those high risk. systems and you're also going to have to do your own risk assessments behind the scene and consider your wider obligations under existing privacy laws. So that's going to be an impact for people there. I think if you're also a vendor who's kind of helping any of those AI providers in developing those systems, you're going to be subject to additional contractual obligations moving forward. So that's going to hit. And then everybody's going to be needed. to be mindful of their obligations to consider good AI governance and good transparency around how systems are being used and developed. So I think there's going to be enormous focus and push on risk assessments, governance, and, um, and sort of good overall data management there.

Michael Koenig: Flick, what is your legal opinion?

Flick Fisher: What's my legal opinion? My legal opinion is, yeah, so I think the AI Act, really important, it's going to [00:32:00] be a revolutionary piece of legislation. Will it impact everyone in quite the same way as the GDPR? I don't think so. I think if you're in the high risk category, you've got a huge amount of work to do. But if you're not in that category, I think it's very light touch in terms of the requirements. So some of the headlines around, sort of, fear mongering around what The AI Act might mean for lots. I think it's not going to be as heavy hitting as the GDPR or, um, and so AI Act, keep track of it, figure out if you're caught, if you're doing anything that's prohibited, you're going to have to act quickly. If you're in the high risk category, you've got 36 months. But if you're anybody else, a lot of it's light touch and it's going to be about sort of tweaking your governance and transparency and thinking about sort of best practices and maybe even considering sort of how some of the codes of practice that are going to be issued, whether they make sense for your organization. So not something for everybody to fear, but people should be aware of it and we'll see if it becomes the new de facto global standard. All right,

Michael Koenig: fantastic. And [00:33:00] Of course, if you're concerned, have questions, reach out to Flick or Field Fisher, and this is not a paid sponsorship spot. It's just, I've worked with Flick for years. She's really, really good and the rest of her team is as well. Well, Flick, thanks so much for coming on the podcast. Uh, where can people go to learn more about this and learn

Flick Fisher: more about you? Yeah, so like you, Michael, we're aspiring podcasters ourselves and we, you know, so we have our own FieldFisher data, um, podcast, which you can find on Spotify or the usual places. Uh, we also have a webinar, which we do regularly from through our Silicon Valley office, and you can find recordings of that on our YouTube channel, or if you're interested in being signed up to our distribution list, please do reach out and I'll, I'm happy to add you. And of course, if anyone has any questions on the AI Act, GDPR, or anything European privacy. Related. I would be very happy to answer your questions. And I may not be the world's cyber expert, but we have fantastic cyber people in our team who are all over that stuff. So, also can put [00:34:00] you in good hands to answer those questions.

Michael Koenig: Well, there you have it, everyone. And, uh, Flick, thank you so much for coming on. Again, I can't wait for our next one. Um, let me know when something

Flick Fisher: Thanks

Michael Koenig: for listening to Between 2 COOs. I m your host Michael Koenig and a very special thank you to our returning guest Flick Fischer for joining us. Tune in next time for our next COO chat or Legal opinion on between two CEOs and be sure to subscribe on Apple podcasts, Spotify, or wherever you listen to podcasts. So you never miss an episode, just visit between two CEOs. com for more. And if you have a minute, please, please, please leave us a review on Apple podcasts and tell others about it so they can get great advice. This does wonders to help us reach more people. So I really appreciate it. Thanks for listening. Tune in next time. And until then so [00:35:00] long.