GDPR is one of the most comprehensive global data protection laws and it has claimed over $40 million in fines globally since its inception. Its success has encouraged the European Commission to introduce the idea of a similar regulation targeted towards Artificial Intelligence. This regulation will have implications for businesses that are both inside and outside of the EU that make AI available in the EU. At the time of this article, this is the first regulation targeted specifically towards AI and would have fees as large as €30 million or 6% of the company’s total turnover, whichever is higher. You can find the full proposed regulation here, but we will highlight the main points.
Objective
Overall the goal of this regulation is to improve the functioning of the EU market by establishing rules for the development, marketing, and use of AI in the EU. It’s meant to regulate AI systems that could manipulate persons subliminally, exploit vulnerabilities of particularly vulnerable groups, and perform social scoring. There are four sub-objectives for this regulation:
1) Ensuring AI systems in the EU are safe and respect fundamental rights and values
The use of AI already presents some privacy risks by allowing companies to collect and even create data on customers by analyzing customers’ past trends. Since much of this is done behind the scenes most customers would not even be aware of it and this is why regulations like this are important for protecting consumers.
2) Fostering investment and innovation in AI
AI is already being used in modern life and for it to continue to grow and become more refined it requires investment. The European Commission wants to play an active role in directing how AI is developed and used in the EU.
3) Improve governance and enforcement
This simply speaks to control and oversight of how AI is used in the EU and regards EU citizens. The proposed regulation wants to adopt a risk-based approach to AI governance that will rank all AI systems into one of three categories of risk: unacceptable risk, high risk, and low/minimal risk. All systems in the unacceptable risk range will be prohibited, those in high risk will be strictly regulated to ensure the safety of EU citizens and those with minimal risk would be allowed to operate with minimal supervision.
4) Encouraging a single European market for AI
This simply means that it will create a single set of rules and regulations for the use and sale of AI products within the EU that service providers both locally and globally must adhere to.
Scope
This proposed regulation would cover all artificial intelligence systems, which is defined as “software that is developed with one or more of the techniques and approaches listed in Annex I and can, for a given set of human-defined objectives, generate outputs such as content, predictions, recommendations, or decisions influencing the environments they interact with”.
In terms of the people that it applies to, the main target are “providers”, which are defined as a natural or legal person, public authority, agency, or other body that develops an AI system or that has an AI system developed to place it on the market or put it into service under its name or trademark”. This applies to providers both within the EU and internationally. In addition to providers some responsibilities will fall on the following groups:
- “users”, defined “any natural or legal person, public authority, agency or other body using an AI system under its authority, except where the AI system is used in the course of a personal non-professional activity”
- “importers”, defined as “any natural or legal person established in the Union that places on the market or puts into service an AI system that bears the name or trademark of a natural or legal person established outside the Union”
- “distributors”, defined as “any natural or legal person in the supply chain, other than the provider or the importer, that makes an AI system available on the Union market without affecting its properties”.
Transparency Requirements
One important requirement of this regulation is that it would require that companies disclose the function of certain AI systems to users. This applies to AI systems that interact with human users such as chatbots. If these systems are designed to detect emotion, manipulate emotion, determine associations based on biometric data, or generate/manipulate content then this must be revealed to the customers so that they can decide if they want to interact with the system or not.
How to get more free content
If you like this article and would like to read more of our content for cybersecurity insights, tips and tricks feel free to follow us on our social media. If you’re a struggling business owner who needs help in assessing their business’s cybersecurity posture feel free to take advantage of our free introductory assessment and we’ll help you figure out a game plan for keeping your company safe.
Source:
One Response
This content is fabulous! . ISO certifications have great benefits for company and your information about ISO are of great use . Thankyou soo much.