Artificial intelligence (AI) has worked its way into nearly every aspect of our lives — work and social. So, we need a legal framework to help ensure that it’s used correctly — and in the best interest of all parties.

This blog was written by Chris Lewis, Founder of Lewis Insight and The Great Telco Debate, Independent Telecoms Industry and Accessibility Analyst, Strategic Advisor, and Public Speaker.

Artificial intelligence (AI) has worked its way into nearly every aspect of our lives — work and social. So, we need a legal framework to help ensure that it’s used correctly — and in the best interest of all parties. This includes not only the large language models (LLMs) being generated throughout the world, but also the locally generated models and retrieval-augmented generated (RAG) models, specific to a particular company or market. For the telecoms industry, this means that everything — from the operations of the networks through to the customer experience — will be significantly reshaped as AI finds its level in all parts of the business.

This article looks at how the rise of AI and enforcement of various regulations, such as GDPR, the EU AI Act and the EU Accessibility Act can help to create an enhanced and more inclusive customer experience. 

GDPR legislation has impacted our businesses globally and AI is set to experience a similar treatment with legislation through the EU AI Act. Regulations often cause the technology industry to roll its eyes and question its validity. However, because AI cuts across every aspect of the way in which we run companies and manage customers, there’s an absolute need to have a legal framework within which AI is going to be used and managed by all stakeholders. The EU AI Act will be essential for helping to put guardrails in place, as well as the right infrastructure, architecture, program management and, of course, a financial model.

The Proposed Structure of the EU AI Act

Formalized in 2024, and with a staggered implementation into 2026, the EU AI Act identifies four levels of risk against which AI should be measured.

Risk

Example

Unacceptable risk (prohibited)

  • Social scoring by authorities
  • Subliminal or manipulative AI that harms vulnerable people
  • Real-time remote biometric identification in public spaces

High risk (permitted under strict regulation):

  • Critical infrastructure (e.g., transport, energy)
  • Education (e.g., grading systems)
  • Employment and HR, Law enforcement
  • Migration, and justice
  • Health care diagnostics

Limited risk

  • Subject to transparency obligations (e.g., users must be informed when interacting with an AI system like a chatbot).

Minimal risk

No specific obligations

Requirements against the “High risk” category, where telecoms sits, include:

  • Robust risk management
  • High-quality training data
  • Human oversight
  • Technical documentation

Conformity assessments and market monitoring include the following:

  • Transparency and accountability
  • Users must be informed when AI is used
  • Decisions affecting rights must be explainable
  • Providers of foundation models (e.g., LLMs) must disclose AI-generated content

In short, the EU AI Act is designed to preserve jobs and human oversight, while enabling innovation and economic growth. The telecom industry is one where the critical nature of the infrastructure means it will be under scrutiny as to how it uses AI.  

It’s known that legislation almost always lags behind market activity. The potential impact on peoples’ jobs is evident, as is the changing nature of how we do business and live our lives. However, there are some schools of thought that there’s hesitance in replacing humans because trust in machines is still low.

For the telecom industry, which faces the dual threats of needing to reduce operational expenditure on the one hand and poor customer experience on the other, AI comes at a very fortuitous time. AI’s ability to take enormous workloads and datasets and deliver outcomes both inside the network operations as well as in the customer-facing parts of the business, means it can help to transform telcos, which are generally conservative and risk-averse companies, into more customer-focused and efficient organizations.

The Right Data in the Right Place

Much of the industry discussion is around how LLMs as well RAG models will refine the process, remove more bias, and get closer to the answers and outcomes we require. This assumes that the data upon which the original models are built as well as subsequent models and in-organization refinements like RAG are all clean. This is blatantly not the case today.

Many departments and lines of business fiercely guard what they believe to be their data and insight into customers or operations. Without a corporate-level view of data, cleaning that data and making that data accessible to all departments to produce the most appropriate outcome for the business and the customer, there’s a never-ending barrier to the success of AI deployments.

So, cleaning up and opening resulting data to the business must take place in order to allow the thousand blooming flowers of AI initiatives to flourish. Similar to cloud deployments in IT departments in the past, AI is springing up in every niche part of the business.

A framework for understanding where these buds are appearing must be in place to avoid significant data leakage — and to help ensure that rogue agents aren’t sweeping through a company and mopping up critical data while running amuck. Hence, governance within every organization — and the ability to identify where AI activity is taking place — are prerequisites for securing the business. This can also allow innovation to thrive in the emerging environment.

Geopolitical Issues and Sovereignty

Geographical differences have always played a major role in the telecoms industry. As analysts, we roll things up into global trends. But the telecom industry is now heading in the opposite direction and going local. This is in contrast to the trend of hyperscalers, device manufacturers and other technology companies taking on the mantle of global players.

Recent geopolitical activities have focused many countries on how to build and protect a sovereign position based on the right infrastructure to support AI initiatives as well as fostering innovation and economic activity for their country. The fact that local data will likely remain local, and not available to the global models for ingestion or inference, presents both a potential barrier and an opportunity.

National AI factories are beginning to appear and local services aimed at providing national or regional support will thrive. Protecting intellectual property and stimulating economic activity will be a prerequisite for governments and business alike.

It should also be noted that this is European legislation, but that it has an impact on any non-European businesses wanting to do business inside the EU.

The European Accessibility Act

In parallel with the EU AI Act is the imminent arrival of the EU Accessibility Act, which comes into force at the end of June 2025. As the name suggests, the legislation is focused around ensuring that all interfaces and communications with customers are accessible to all. This aims to allow for equal access and interaction on the terms of the user rather than of platforms or technologies dictated by the provider of the service.

The European Accessibility Act applies to internal operational systems to allow access to management systems, call logs and all activities — regardless of any disability or impairment.

Marrying the EU AI Act with the European Accessibility Act

This marriage comes about partly due to the timing of both pieces of legislation, but also from the perspective of aiming to ensure that all systems and services are accessible. This is the compelling appeal of Inclusive Design, where all user types and permutations are baked into an offering from the start, rather than being bolted on as a clunky and often ineffective add-on.

Customer Experience and Identity

Companies go to great lengths to assure us that personal data isn’t used in training AI models and create inference. While this is key in terms of not abusing personal data, there is a question around identity and how the knowledge of a person’s circumstances will help in delivering the right service in the right format.

As a blind person I know that I will get better service if the agent I’m dealing with (human or AI) is aware of my limitations in seeing web pages, navigating apps or interacting via various channels. But balancing that personalization versus protecting the individual’s privacy is a tricky line to tread.

If bias remains in the system, then the prejudice is only likely to be amplified. However, if bias has been removed at all stages, then the benefits of identity playing a key role in offering the most appropriate interaction, product offering or problem resolution should justify sharing of personal information.

After all, AI is especially capable at translating between different channels, let alone languages.  However, the use of data falls mainly under GDPR legislation — not the EU AI Act.

Who Supports Users?

Phrases like customer experience, customer journey and Voice of the Customer are often used in the telecoms industry. However, as one former Group CIO of a European telco said, “For telcos, customers are an abstract concept.”

This means that, historically, the customer hasn’t been the focus of the industry. This is changing with many senior telco executives now acknowledging the need to be more focused on the demand side, both consumer and business as well as ecosystem partners.

At the same time, the use of AI in nearly all corners of the ecosystem means that telcos need to understand their customers, their needs and which service best match those requirements. If the company doesn’t offer the “best” option for a particular customer, it’s highly likely that another ecosystem player will do so.

Hence, there will be numerous AI systems analyzing offerings and customer requirements — and recommending the most appropriate for the individual or business. This will remove some of the discrepancies in the telecom world, (where people remain on unsuitable tariffs) to deliver a better balance of supply and demand. Customer inertia has played a major role in the survival of many of these older tariffs, but the time has come to be more open with product recommendations.

Balancing Regulatory Risks and Fostering Inclusive Digital Ecosystems

Nobody doubts the impact of AI. It’s paramount for all industries to establish the appropriate levels of regulation to allow for innovation while helping to protect all stakeholders from misuse.

The EU AI Act will face many challenges as it attempts to build a legal framework around what is an enormous number of variables and permutations of AI activity in every business. Some suggest that establishing a set of principles around the use of AI would be more appropriate than the more prescriptive EU risk-based set of criteria.

From a telecom perspective, the opportunities to build a more efficient network and IT environment that leverages AI is unquestionable. Perhaps even more importantly, given the relative roles of connectivity in future business models, businesses should focus on enhancing an emphatic and personalized customer experience.

Geopolitical shifts and a national focus of telcos, combined with sovereignty requirements and local AI factory infrastructure commitments, will give telcos an opportunity to build additional market presence. By harmonizing obligations of the EU AI Act with EAA standards, telecom providers can help mitigate regulatory risks while fostering inclusive digital ecosystems.

To learn more about how your company can adhere to the EU AI Act and EAA standards while fostering inclusive CX, connect with Lewis Insight today.