AI use within international enterprises refers to the deployment of artificial intelligence in operational, commercial, or decision-support processes. At Musch Legal, we have been assisting companies since 2024 with the implementation of the EU AI Act, which is becoming the global standard for AI regulation. Those who do not yet have AI governance face unacceptable risks — fines of up to 7 percent of global revenue and legal responsibility for AI output.
What is the legal issue? (Which AI risks do entrepreneurs underestimate?)
AI systems introduce new risks: unpredictable output, bias, hallucination, data loss, and regulatory requirements. Who is responsible if an AI system causes damage? Who trains on which data? Who has rights to the output? The EU AI Act imposes strict requirements on high-risk AI and general-purpose AI. Without clear contractual and internal governance, a stalemate arises regarding liability and compliance.
What does the law say? (Which regulations affect AI?)
The EU AI Act (Regulation (EU) 2024/1689) entered into force on 1 August 2024 with phased implementation. Ban on prohibited AI since 2 February 2025. General-purpose AI obligations since 2 August 2025. High-risk AI obligations from 2 August 2026. Fines of up to 35 million euros or 7 percent of global turnover under Article 99. The AI Liability Directive (proposal COM/2022/496) eases the burden of proof. Product Liability Directive 2024/2853 explicitly includes AI.
GDPR (Regulation 2016/679) continues to apply to the processing of personal data.
AI risk category
Example
Main obligation
Prohibited
Social scoring, real-time biometric
Complete ban since 2 February 2025
High-risk
Credit assessment, job application
CE conformity, register, monitoring
Limited risk
Chatbots, deepfakes
Transparency obligation
Minimal risk
Spam filter, AI games
No specific obligation
General Purpose AI
ChatGPT, Claude, Gemini
Transparency + technical documentation
AI risk category
Example
Main obligation
Prohibited
Social scoring, real-time biometric
Complete ban since February 2, 2025
High-risk
Credit assessment, job application
CE conformity, register, monitoring
Limited risk
Chatbots, deepfakes
Transparency obligation
Minimal risk
Spam filter, AI games
No specific obligation
General Purpose AI
ChatGPT, Claude, Gemini
Transparency + technical documentation
What risks do companies face? (What threatens AI infringement?)
Fines under the EU AI Act run up to 7 percent of global turnover. Lack of clarity regarding IP rights on output leads to conflicts and licensing costs. Misuse of confidential data in training can result in GDPR fines. Liability for erroneous output can fall to you via Product Liability Directive 2024/2853. For the financial sector, this is supplemented by MiCA and Wft supervision. Bias claims via anti-discrimination law.
Practical example from our practice (How did we arrange high-risk AI deployment?)
Musch Legal assisted a Dutch fintech company with the implementation of AI-based credit assessment (high-risk under Annex III of the EU AI Act). We conducted risk assessment, implemented a conformity assessment procedure, registered in the EU database, concluded contracts with the provider regarding the division of roles (provider vs. deployer), and built in human oversight and logging. A total compliance investment of 120,000 euros avoided an estimated scenario of a multi-million euro fine and operational disruption.
What can you do? (What AI governance are you building?)
Inventory all AI systems in your enterprise (AI Register). Classify by EU AI Act risk category. Determine the role for each system (provider vs. deployer under Article 3 of the EU AI Act). Implement human oversight for high-risk systems. Incorporate contractual AI clauses: data usage, output ownership, liability allocation. Align with the GDPR for personal data. Train employees on AI literacy. Engage Musch Legal for AI governance package.
AI clauses in commercial contracts