Panelist Franziska Weindauer

Franziska Weindauer

TÜV AI.Lab

Germany

Franziska Weindauer is the CEO of TÜV AI.Lab, a joint venture founded by companies in the certification industry in Germany and beyond. TÜV AI.Lab is paving the way for trustworthy AI by developing conformity criteria and test methods for AI systems. It is also helping to prepare the AI ecosystem for new regulatory requirements, such as the European Union’s AI Act. Previously, Weindauer was a senior adviser on digital policy in the German Federal Chancellery; head of policy at Bitkom, Europe’s largest digital industry association; and an adviser to a member of the European Parliament. She has attended universities in the Netherlands, the U.K., and Turkey and has a background in European studies.

Voting History

Statement	Response
Organizations will be ready to meet the requirements of the EU AI Act as they phase in over the next 12 months. Disagree	“We should clearly differentiate: Companies will be ready if and when they have to be, even if it takes a lot of effort. But companies only have to be compliant in case they fall under the regulation — that is, provide or deploy a high-risk or general-purpose AI (GPAI) product/system falling under the scope of Annex 1 or 3 or GPAI provisions. This means that most of the AI use cases we see will not fall under the AI Act and won’t have to be compliant. Secondly, AI systems falling under Annex 1 (medical, machinery, toys, etc.) will have three years to comply; AI systems falling under Annex 3 (education, HR, public administration) will have two years to comply; and GPAI systems with systemic risks falling under the scope of the regulation will have one year to comply.”
Organizations are sufficiently expanding risk management capabilities to address AI-related risks. Disagree	“My feeling is that most organizations still behave like a rabbit caught in headlights. They know something is coming but are rather paralyzed in their response, as they simply don’t know how to deploy or deal with prevalent AI systems, let alone address their possible risks. The two biggest issues, in my mind, are (a) a lack of knowledge, as well as qualified staff, and (b) missing frameworks and guidelines developed by knowledgeable actors in the field to help them implement a risk management system.”

Statement

Response

Organizations will be ready to meet the requirements of the EU AI Act as they phase in over the next 12 months. Disagree

“We should clearly differentiate: Companies will be ready if and when they have to be, even if it takes a lot of effort. But companies only have to be compliant in case they fall under the regulation — that is, provide or deploy a high-risk or general-purpose AI (GPAI) product/system falling under the scope of Annex 1 or 3 or GPAI provisions. This means that most of the AI use cases we see will not fall under the AI Act and won’t have to be compliant. Secondly, AI systems falling under Annex 1 (medical, machinery, toys, etc.) will have three years to comply; AI systems falling under Annex 3 (education, HR, public administration) will have two years to comply; and GPAI systems with systemic risks falling under the scope of the regulation will have one year to comply.”

Organizations are sufficiently expanding risk management capabilities to address AI-related risks. Disagree

“My feeling is that most organizations still behave like a rabbit caught in headlights. They know something is coming but are rather paralyzed in their response, as they simply don’t know how to deploy or deal with prevalent AI systems, let alone address their possible risks. The two biggest issues, in my mind, are (a) a lack of knowledge, as well as qualified staff, and (b) missing frameworks and guidelines developed by knowledgeable actors in the field to help them implement a risk management system.”