The AI legislation introduced by the European Union represents a significant step towards solving the ethical, social and economic challenges posed by AI.
By Gigi Agassini*
In the first part of this column, presented in the previous edition (28-2) we analyze in depth the birth of Artificial Intelligence (AI) and how it presents humanity with both unprecedented opportunities and profound risks. In addition, we review some aspects of the "Artificial Intelligence Law", prepared by the Parliament of the European Union in order to regulate this technology and which is presented as the first comprehensive law on the subject in the world.
Advantages of AI Legislation in Europe:
1. Ethical Governance: The legislation prioritizes ethical considerations in the development and deployment of AI, emphasizing transparency, accountability, and fairness. By establishing clear guidelines for transparency and algorithmic accountability, it seeks to mitigate the risk of bias and discrimination in AI systems.
2. Data Protection and Privacy Rights: The legislation introduces robust safeguards to protect the privacy and data rights of individuals in the face of increased surveillance and exploitation of AI data. Aligning with existing data protection regulations such as the GDPR (General Data Protection Regulation), it seeks to maintain the sacredness of individual autonomy in the digital age.
3. Promoting Innovation: Although it imposes regulatory restrictions, the legislation also encourages innovation by providing a clear regulatory framework and promoting investment in AI research and development. By positioning Europe as a leader in responsible AI innovation, it seeks to improve competitiveness in the global AI landscape.
4. Global Leadership: The legislation reinforces Europe's commitment to ethical AI governance, positioning the EU as a global leader in shaping the future of AI. By advocating for human-centered AI development, it sets a precedent for other regions to follow, fostering international collaboration and cooperation in addressing AI challenges.
The Commission proposes a risk-based approach, so the law contemplates four levels of risk of AI systems, as well as an identification of the specific risks of general-purpose models:
1. Minimal risk: All other AI systems can be developed and used in accordance with existing legislation, without additional legal obligations. The vast majority of artificial intelligence systems currently used or likely to be used in the EU fall into this category. On a voluntary basis, providers of these systems can choose to apply the requirements of trustworthy artificial intelligence and adhere to optional codes of conduct.
2. High risk: A limited number of artificial intelligence systems defined in the proposal that have a potential negative impact on people's security or fundamental rights, as protected by the EU Charter of Fundamental Rights, are considered to be high risk.
They will always be considered high-risk when they are subject to a third-party conformity assessment under that sectoral legislation.
3. Unacceptable risk: This is a very limited set of particularly harmful uses of artificial intelligence that are contrary to EU values because they violate fundamental rights and will therefore be prohibited:
* Social scoring for public and private purposes;
* Exploitation of people's vulnerable points, use of subliminal techniques;
* Remote biometric identification, in real time, in places of public access by law enforcement agencies, with limited exceptions;
* Biometric categorization of natural persons based on biometric data to infer or infer their race, political opinions, trade union membership, religious or philosophical beliefs, or sexual orientation; it will continue to be possible to filter biometric-based datasets in law enforcement;
* Individual predictive policing;
* Recognition of emotions in the workplace and in educational institutions, unless it is for medical or safety reasons (e.g. monitoring the degree of fatigue of a pilot);
* Non-selective extraction from the internet or CCTV for facial images in order to create or expand databases.
4. Specific risk to transparency: For certain AI systems, specific transparency obligations are imposed, e.g. where there is a clear risk of manipulation (e.g. through the use of conversational robots). Users should be aware that they are interacting with a machine.
The AI law also considers the systemic risks that could arise from general-purpose artificial intelligence models, included in large generative artificial intelligence models. Some of these models could train systemic risks if they are highly capable or widely used. (source: European Commission).
If you are a supplier of high-risk AI systems, before placing your product on the EU market, you must submit it to a conformity assessment to demonstrate that the system complies with mandatory requirements such as data quality, documentation and traceability, transparency, human supervision, accuracy, cybersecurity and robustness. If you modify the product, you will need to resubmit it for another evaluation.
In addition to the above, the suppliers of these systems will have to implement quality and risk management systems to ensure their compliance with the new requirements and to minimise the risks to users and affected persons, even after the products have been placed on the market.
Examples of high-risk use cases include:
• Certain critical infrastructure, such as roads, water, gas, electricity;
• Vocational education and training, such as assessing teaching outcomes, directing the learning process;
• The employment/management of contract staff, such as filtering candidate applications for selection and evaluation;
• Assessment of the solvency of individuals;
• Some systems used for border control and policing;
• Evaluation and classification of emergency calls, among others.
Within the same law there are sections that refer to how they will regulate general-purpose artificial intelligence models, it also indicates the threshold for general-purpose systems with systematic risks. It explains how it regulates biometric identification and why standards for remote biometric identification are necessary.
It also talks about how fundamental rights norms are protected. It tackles racial and gender bias in AI. It refers to when the law will be fully applicable, as well as how it will be enforced.
Something very interesting to mention is that all this proposed legislation, the generation of the law is clear that it cannot be handled in the same way, so the EU has created the "European Committee on Artificial Intelligence" its function will be to facilitate a fluid, effective and harmonized application of the new regulation on AI.
In addition, it will make recommendations and opinions to the European Commission on high-risk AI systems and on any aspect related to the uniform application of the new rules, for which each member state must designate a national supervisory authority, which will also represent the country in the Committee.
In addition, the Commission will create a new "European Office for Artificial Intelligence" that will oversee general-purpose AI models, cooperate with the European AI Committee and be supported by a Scientific Commission of independent experts.
Obviously, the penalties for non-compliance ranging from 7.5 to 35 million euros, depending on the infraction, cannot be missing. The law provides for the right to file a complaint with a national authority and indicates what must be done by persons affected by the violation of a rule.
In short, it is a law that will obviously have a considerable regulatory burden and like all legislations it cannot fail to be ambiguous or too complex at some points, and of course it generates concerns for those who are dedicated to the development of these technologies; there are concerns that rigorous regulatory requirements could hinder AI research and development by imposing limitations on data access and experimentation.
In conclusion, the AI legislation introduced by the European Union represents a significant step towards solving the ethical, social and economic challenges posed by AI. While it offers numerous benefits in terms of ethical governance, data protection, and promotion of innovation, it also faces challenges related to regulatory burden, ambiguity, and global competitiveness.
Balancing these considerations will be crucial to shaping a regulatory framework that maximizes the benefits of AI while mitigating its risks.
It is important to look at what other countries are doing and educate ourselves well about what is happening in our environment, especially if we work in a global company or that has expansion plans, we cannot just wait for legislation to arrive at our door, take anticipated actions such as the generation of well-established policies and processes, it is the first step in establishing limits and uses.
Constant training to talk about the new and the risks it entails is very important, especially if you are using this type of technology and if you do not use it yet, I invite you to explore and implement it as a powerful tool in your work, just do not forget the biases it has and the risks it represents.
Until next time!
*Gigi Agassini, CPP
International Security Consultant
GA Advisory
[email protected]
