Tesi etd-08212025-192230 |
Link copiato negli appunti
Tipo di tesi
Tesi di laurea magistrale
Autore
VILLA HERNANDEZ, ANA SOFIA
URN
etd-08212025-192230
Titolo
Right-Sizing AI Governance: Legal Challenges and Scalable Compliance Strategies for Small and Mid-Sized Enterprises. EU–U.S. Legal Challenges and a Scalable Compliance Toolkit.
Dipartimento
GIURISPRUDENZA
Corso di studi
DIRITTO DELL'INNOVAZIONE PER L'IMPRESA E LE ISTITUZIONI
Relatori
relatore Prof. Passaglia, Paolo
Parole chiave
- AI governance
- compliance
- EU–U.S. legal challenges
- small and medium companies
Data inizio appello
15/09/2025
Consultabilità
Completa
Riassunto
Artificial Intelligence (AI) has become an essential part of how businesses operate for large technology companies, but also for “Small and Medium-sized Enterprises (SMEs)”. Both need to deal with the advantages, but also with the burdens that come with it. From automated decision-making to their daily tools needed to do business, AI has been embedded in a daily basis such as AI chatbots to interact with customers, the use of AI systems on the recruitment processes, as well as analytic platforms.
In this sense, from a legal perspective there are several frameworks available to bear in mind when dealing with AI. Depending on the business geography of the business, companies need to comply with different frameworks. On one hand, the European AI Act recently released establishes several compliance obligations from a risk-based approach as we will talk about later on this thesis. On the other hand, the United States (US) has a sectorial approach and has approved AI law and frameworks that we will also review.
1.2 Research Problems
No one can deny that regulation for AI was crucial at this point, and the European Union went far beyond other countries when approving the EU AI Act that applies for companies in the EU, but also for companies that target European citizens, such as technological enterprises. Nevertheless, the current AI regulation as well as public debates are more targeting large technology companies that usually deploy great percentage of AI Systems.
In this sense, SMEs do not usually have a clear map of how to walk through AI Regulation first of all, because it is a fact that the law is usually thought for the big tech, but also because SMEs usually lack of infrastructure and resources. The main problem is that there can be a compliance gap due to lack of guidance, complexity of frameworks and disproportionate burden that could lead to non-compliance, legal uncertainty and barriers to innovation.
The purpose of this thesis is not to criticize the existing regulation in Europe and in the US, but to map the clearest path for SMEs on how to understand AI regulation, and most importantly to provide a smooth toolkit for AI compliance for SMEs operating in the US and in Europe.
The research question is how can SMEs implement AI governance practices that align with the EU AI Act, GDPR, and U.S. frameworks without excessive burden?
Sub-questions:
• What are the specific legal challenges SMEs face under these frameworks?
• How can these obligations be translated into practical tools for SMEs?
This thesis is structured as follows: Chapter 2 outlines the regulatory frameworks in the EU and US.; Chapter 3 analyzes the compliance challenges for SMEs; Chapter 4 proposes a scalable toolkit; Chapter 5 applies the toolkit to a case study; and Chapter 6 presents conclusions and recommendations.
In this sense, from a legal perspective there are several frameworks available to bear in mind when dealing with AI. Depending on the business geography of the business, companies need to comply with different frameworks. On one hand, the European AI Act recently released establishes several compliance obligations from a risk-based approach as we will talk about later on this thesis. On the other hand, the United States (US) has a sectorial approach and has approved AI law and frameworks that we will also review.
1.2 Research Problems
No one can deny that regulation for AI was crucial at this point, and the European Union went far beyond other countries when approving the EU AI Act that applies for companies in the EU, but also for companies that target European citizens, such as technological enterprises. Nevertheless, the current AI regulation as well as public debates are more targeting large technology companies that usually deploy great percentage of AI Systems.
In this sense, SMEs do not usually have a clear map of how to walk through AI Regulation first of all, because it is a fact that the law is usually thought for the big tech, but also because SMEs usually lack of infrastructure and resources. The main problem is that there can be a compliance gap due to lack of guidance, complexity of frameworks and disproportionate burden that could lead to non-compliance, legal uncertainty and barriers to innovation.
The purpose of this thesis is not to criticize the existing regulation in Europe and in the US, but to map the clearest path for SMEs on how to understand AI regulation, and most importantly to provide a smooth toolkit for AI compliance for SMEs operating in the US and in Europe.
The research question is how can SMEs implement AI governance practices that align with the EU AI Act, GDPR, and U.S. frameworks without excessive burden?
Sub-questions:
• What are the specific legal challenges SMEs face under these frameworks?
• How can these obligations be translated into practical tools for SMEs?
This thesis is structured as follows: Chapter 2 outlines the regulatory frameworks in the EU and US.; Chapter 3 analyzes the compliance challenges for SMEs; Chapter 4 proposes a scalable toolkit; Chapter 5 applies the toolkit to a case study; and Chapter 6 presents conclusions and recommendations.
File
| Nome file | Dimensione |
|---|---|
| Thesis_A...Villa.pdf | 1.31 Mb |
Contatta l’autore |
|