EU’s AI Regulation

When it comes to AI, the world is like the Wild West. AI tools are being utilized more frequently to make critical decisions that affect people’s lives with little to no supervision or accountability. Inadequate marks for pupils, erroneous arrests, and even financial devastation might result from this. People of color, women, and members of underrepresented groups frequently bore the brunt of AI’s tendency toward inaccuracy and overreach.

 

The AI Act, the mother of all AI laws, is what the European Union believes to be the answer. As the first law to regulate the entire industry, it tries to reduce these harms. If the EU is successful, it may establish a new global standard for AI oversight. 

 

However, the realm of EU law can be confusing and opaque. The EU’s AI Act is covered in the following concise guide. Members of the European Parliament and nations of the EU are currently amending the law.

 

What’s the big deal?

 

The AI Act is hugely ambitious. It would require extra checks for “high risk” uses of AI that have the most potential to harm people. This could apply to tools used in hiring staff, grading tests, or assisting judges with legal and judicial decisions. The bill’s initial draft also prohibits the use of AI for “inappropriate” purposes, such as assigning people a trustworthiness score.

The bill would also limit the use of facial recognition technology by law enforcement agencies in public areas. There is a vocal group of influential people who demand a complete ban or moratorium on its usage in public by both law enforcement and private corporations, claiming that the technology allows for mass surveillance. This group includes members of the European Parliament and nations like Germany. 

One of the greatest technical restrictions to date would be achieved if the EU is successful in doing this. Facial recognition is subject to limitations in some US states and cities, such as San Francisco and Virginia, but the EU’s ban would cover 27 nations with a combined population of over 447 million people.

 

How will it affect citizens? 

 

In theory, it should protect humans from the worst side effects of AI by ensuring that applications face at least some level of scrutiny and accountability. According to Brando Benifei, an Italian member of the European Parliament and a significant contributor to the team revising the legislation, people can have faith that they will be shielded from the most dangerous types of AI. 

The legislation mandates that people be informed when they come across deep fakes, biometric identification tools, or AI programs that claim to be able to read their emotions. Legislators are also debating whether the law needs to establish a process for those who have been harmed by an AI system to file complaints and seek remedies.

The European Parliament, one of the EU institutions working on amending the bill, is also pushing for a ban on predictive policing systems. These systems employ AI to analyze massive data sets in an effort to either try and forecast a person’s perspective criminality or to pre-emptively deploy police to crime-prone locations. These systems are quite contentious, and their detractors claim that they frequently display racism and lack transparency.

 

What about outside the EU?

 

The GDPR, the EU’s data protection regulation, is the bloc’s most famous tech export, and it has been copied everywhere from California to India. The majority of developed nations concur with the approach to AI that the EU has taken, which focuses on the riskiest AI. If Europeans can successfully govern technology, it may serve as a model for other nations wishing to do the same.

 

What are the biggest challenges? 

 

Some of the provisions in the bill are currently technically impractical to implement. The bill’s initial version stipulates that data sets must be error-free and that people must be able to “completely understand” how AI systems operate. The size of the data sets required to train AI systems makes it impossible for a person to verify that they are truly error-free without investing countless hours of labor. Furthermore, modern neural networks are so complicated that even their designers are unsure of how they come to their findings. In order to implement the law, IT businesses are also extremely uneasy about having to provide external auditors or regulators with access to their source code and algorithms.

There is also debate over whether the AI Act should outright forbid the use of facial recognition. It’s controversial because EU nations despise it when Brussels tries to tell them how to handle concerns of law enforcement or national security. Many nations, like France, want to grant exceptions for employing facial recognition technology to safeguard national security. In contrast, the newly elected government of Germany, a sizable European nation with a significant say in EU policy-making, has stated that it is in favor of a complete ban on the use of face recognition technology in public spaces.

Another big fight will be over what kinds of AI get classified as “high risk.” The AI Act has a list that ranges from lie detection tests to systems used to allocate welfare payments. There are two opposing political camps—one fearing that the vast scope of the regulation will slow down innovation, and the other arguing that the bill as written will not do enough to protect people from serious harm. 

 

Won’t this stifle innovation? 

 

Failure to comply can result in fines of up to €30 million ($31 million) or, in the case of corporations, up to 6% of annual global revenue. And history demonstrates that Europe is not averse to fining tech corporations. For violating the GDPR, Amazon was fined €746 million ($775 million) in 2021, while Google was fined €4.3 billion ($4.5 billion) for breaking the EU’s antitrust laws in 2018.

 

When will it come into effect? 

 

It will be at least another year before a final text is set in stone, and a couple more years before businesses will have to comply. It’s possible that working out the specifics of a complete measure with so many difficult issues would take much longer. The GDPR was negotiated for more than four years, and it took another six years for it to go into effect. Anything is conceivable when it comes to enacting laws in the EU. Take the first step towards a secure your organization’s data by scheduling a call with our privacy expert team at Tsaaro Solutions today.