EU agrees new AI regulation

EU agrees new AI regulation

EU flag.jpg

On Friday, EU Parliament and Council negotiators reached a provisional agreement on the Artificial Intelligence Act.

The regulation aims to ensure that fundamental rights, democracy, the rule of law and environmental sustainability are protected from high-risk AI. It marks the first time that regional regulation on AI has been deployed, following the approval of the act back in June.

At the same time though, the regulation aims to ensure that the EU solidifies itself as a leader in AI research and innovation.

The rules establish obligations for AI based on its potential risks and level of impact, and includes a number of banned applications of the technology.

Specifically, it restricts biometric categorisation systems that use sensitive characteristics such as political, religious, philosophical beliefs, sexual orientation and race. It also prohibits untargeted scraping of facial images from the internet or CCTV footage to create facial recognition databases.

It also prohibits emotion recognition in the workplace and educational institutions; social scoring based on social behaviour or personal characteristics; AI systems that manipulate human behaviour to circumvent their free will and AI used to exploit the vulnerabilities of people (due to their age, disability, social or economic situation).

Co-rapporteur, Brando Benifei, an MEP from Italy, said the horizontal legislation “will keep the European promise - ensuring that rights and freedoms are at the centre of the development of this ground-breaking technology”.

However, negotiators did agree on a series of safeguards and “narrow exceptions” for the use of biometric identification systems (RBI) in publicly accessible spaces for law enforcement purposes. These must be subject to prior judicial authorisation and are for strictly defined lists of crime.

MEP’s included a mandatory fundamental rights impact assessment for AI systems classified as high-risk. Citizens will have a right to launch complaints about AI systems and receive explanations about decisions based on high-risk AI systems that impact their rights.

Transparency requirements are also to be met under the new rules. Technical documentation will have to be drawn up for General-purpose AI (GPAI) systems and they will have to comply with EU copyright law.

Detailed summaries about the content used for training will also need to be distributed.

“For the average non-specialist business it is the references to GPAI systems which they should heed initially,” Neil Thacker, CISO EMEA at SASE provider Netskope told Capacity.

Where the aforementioned copyright law and model training information is not available, Thacker said organisations will need to control the use of the technology.

“I was particularly pleased to see explicit requirements for detailed summaries about the content used in training the system included within the legislation,” Thacker said.

High-impact GPAI models will have even more stringent requirements associated with them.

These obligations may include model evaluations, a requirement to assess and mitigate systemic risks, adversarial testing, reporting to the Commission on serious incidents, cybersecurity requirements and reporting on energy efficiency.

“The AI Act sets rules for large, powerful AI models, ensuring they do not present systemic risks to the Union and offers strong safeguards for our citizens and our democracies against any abuses of technology by public authorities,” said Dragoş Tudorache, an MEP from Romania and the chair of the Special Committee on Artificial Intelligence in the Digital Age.

Until harmonised EU standards are published, GPAIs with systemic risk must rely on codes of practice to comply with the regulation.

The EU also acknowledged a risk that large players control the AI value chain, and want to create an environment that allows SME’s to also flourish.

Non-compliance with the rules can lead to fines ranging from 35 million euro or 7% of global turnover to 7.5 million or 1.5 % of turnover, depending on the infringement and size of the company.

“Correct implementation will be key - the Parliament will continue to keep a close eye, to ensure support for new business ideas with sandboxes, and effective rules for the most powerful models,” Benifei said.

 

Gift this article