Regulating AI in the EU: An Insightful Exploration

The EU's Ambitious Bid to Regulate AI: A Comprehensive Insight - Responsible Cyber

The European Commission's proposed Artificial Intelligence Act in April 2021 has sent ripples across the tech world. Given the EC's regulatory clout demonstrated by GDPR, the AI Act is seen as a potential benchmark for global AI regulation.


Core Themes

Global Impact of European Regulation

Due to the "Brussels Effect", European regulations often have de facto implications for many countries, notably evident from GDPR. As the first major jurisdiction attempting to comprehensively regulate AI, this AI Act could serve as a reference point for countries like the US and the UK.

Focus on Risk Management: One of the significant cornerstones of the Act is risk management. AI's potential risks, ranging from accidents to misuse, necessitate that businesses deploying AI systems have reliable mechanisms to identify, assess, and respond to them. The Act's stress on risk management is accentuated when AI is integrated into high-stakes situations, like critical infrastructures.

Voluntary AI Risk Management Frameworks

By 2022, many standard-setting entities were working on voluntary AI risk management frameworks, like the NIST AI Risk Management Framework and ISO/IEC 23894. The application of existing frameworks, like COSO ERM 2017, in the AI realm has already begun.

Dissecting Article 9

Central to the AI Act, Article 9 mandates high-risk AI system providers to have a robust risk management system. The Act employs a risk-based approach—prohibiting AI with unacceptable risks, imposing requirements on high-risk AI systems, but relatively lax on minimal-risk systems. The Act, through Article 9, essentially calls for a double-check system ensuring that even after adhering to AI Act's specifications, residual risks are further minimised.

The Role of Standards

In the Act's regulatory architecture, standards hold a pivotal position. By adhering to harmonized standards, entities can display their compliance. The importance of such standards is highlighted, even though they might not exist in some realms.

Analysis & Opinion

The AI Act, in essence, is the EU's attempt to ensure that AI's rapid development doesn't outpace the regulations needed to govern it. Their risk-based approach is great, focusing attention on potential areas of grave concern while providing leeway for benign AI uses.

One potential concern is the AI Act's reliance on harmonized standards that aren't yet defined or existent. Given the rapid evolution of AI, waiting for the development of these standards might mean playing perpetual catch-up with the industry. Another significant point is the Act's potential for global implications. Similar to GDPR, businesses worldwide may need to tailor their AI applications according to EU standards if they wish to operate or serve customers in the European Union. While this might lead to a universal rise in AI safety standards, it could also be seen as the EU exerting excessive influence on global tech standards.

The European Commission's AI Act is undeniably a monumental step in the realm of AI regulation. It strikes a balance between fostering innovation and ensuring public safety. However, its success will largely depend on its final version, the speed with which it can adapt, and how the global tech community responds. The Act serves as a testament to the EU's intent to lead the charge in creating a world where AI thrives within defined ethical and safe boundaries.

Back to blog