Jakob Mokander,Maria Axente,Federico Casolari,Luciano Floridi

DOI: https://doi.org/10.48550/arXiv.2111.05071

2021-11-09

Computers and Society

Abstract:The proposed European Artificial Intelligence Act (AIA) is the first attempt to elaborate a general legal framework for AI carried out by any major global economy. As such, the AIA is likely to become a point of reference in the larger discourse on how AI systems can (and should) be regulated. In this article, we describe and discuss the two primary enforcement mechanisms proposed in the AIA: the conformity assessments that providers of high-risk AI systems are expected to conduct, and the post-market monitoring plans that providers must establish to document the performance of high-risk AI systems throughout their lifetimes. We argue that AIA can be interpreted as a proposal to establish a Europe-wide ecosystem for conducting AI auditing, albeit in other words. Our analysis offers two main contributions. First, by describing the enforcement mechanisms included in the AIA in terminology borrowed from existing literature on AI auditing, we help providers of AI systems understand how they can prove adherence to the requirements set out in the AIA in practice. Second, by examining the AIA from an auditing perspective, we seek to provide transferable lessons from previous research about how to refine further the regulatory approach outlined in the AIA. We conclude by highlighting seven aspects of the AIA where amendments (or simply clarifications) would be helpful. These include, above all, the need to translate vague concepts into verifiable criteria and to strengthen the institutional safeguards concerning conformity assessments based on internal checks.

Philipp Hacker

2023-10-06

Abstract:This chapter provides a comprehensive discussion on AI regulation in the European Union, contrasting it with the more sectoral and self-regulatory approach in the UK. It argues for a hybrid regulatory strategy that combines elements from both philosophies, emphasizing the need for agility and safe harbors to ease compliance. The paper examines the AI Act as a pioneering legislative effort to address the multifaceted challenges posed by AI, asserting that, while the Act is a step in the right direction, it has shortcomings that could hinder the advancement of AI technologies. The paper also anticipates upcoming regulatory challenges, such as the management of toxic content, environmental concerns, and hybrid threats. It advocates for immediate action to create protocols for regulated access to high-performance, potentially open-source AI systems. Although the AI Act is a significant legislative milestone, it needs additional refinement and global collaboration for the effective governance of rapidly evolving AI technologies.

Computers and Society,Artificial Intelligence

Philipp Hacker,Johann Cordes,Janina Rochon

DOI: https://doi.org/10.1017/err.2023.81

2023-12-13

European Journal of Risk Regulation

Abstract:Artificial intelligence (AI) is not only increasingly being used in business and administration contexts, but a race for its regulation is also underway, with the European Union (EU) spearheading the efforts. Contrary to existing literature, this article suggests that the most far-reaching and effective EU rules for AI applications in the digital economy will not be contained in the proposed AI Act, but in the Digital Markets Act (DMA). We analyse the impact of the DMA and related EU acts on AI models and underlying data across four key areas: disclosure requirements; the regulation of AI training data; access rules; and the regime for fair rankings. We demonstrate that fairness, under the DMA, goes beyond traditionally protected categories of non-discrimination law on which scholarship at the intersection of AI and law has focused on. Rather, we draw on competition law and the FRAND criteria known from intellectual property law to interpret and refine the DMA provisions on fair rankings. Moreover, we show how, based on Court of Justice of the European Union jurisprudence, a coherent interpretation of the concept of non-discrimination in both traditional non-discrimination and competition law may be found. The final section sketches out proposals for a comprehensive framework of transparency, access and fairness under the DMA and beyond.

Jakob Mokander

DOI: https://doi.org/10.1007/s44206-023-00074-y

2024-07-07

Abstract:AI auditing is a rapidly growing field of research and practice. This review article, which doubles as an editorial to Digital Societys topical collection on Auditing of AI, provides an overview of previous work in the field. Three key points emerge from the review. First, contemporary attempts to audit AI systems have much to learn from how audits have historically been structured and conducted in areas like financial accounting, safety engineering and the social sciences. Second, both policymakers and technology providers have an interest in promoting auditing as an AI governance mechanism. Academic researchers can thus fill an important role by studying the feasibility and effectiveness of different AI auditing procedures. Third, AI auditing is an inherently multidisciplinary undertaking, to which substantial contributions have been made by computer scientists and engineers as well as social scientists, philosophers, legal scholars and industry practitioners. Reflecting this diversity of perspectives, different approaches to AI auditing have different affordances and constraints. Specifically, a distinction can be made between technology-oriented audits, which focus on the properties and capabilities of AI systems, and process oriented audits, which focus on technology providers governance structures and quality management systems. The next step in the evolution of auditing as an AI governance mechanism, this article concludes, should be the interlinking of these available (and complementary) approaches into structured and holistic procedures to audit not only how AI systems are designed and used but also how they impact users, societies and the natural environment in applied settings over time.

Computers and Society,Artificial Intelligence

Manuel Wörsdörfer

DOI: https://doi.org/10.1002/joe.22238

2023-11-14

Global Business and Organizational Excellence

Abstract:Abstract In light of the rise of generative AI and recent debates about the socio‐political implications of large‐language models, chatbots, and the like, this paper analyzes the E.U.’s Artificial Intelligence Act (AIA), the world's first comprehensive attempt by a government body to address and mitigate the potentially negative impacts of AI technologies. The paper critically analyzes the AIA from a business and computer ethics point of view—a perspective currently lacking in the academic (e.g., GBOE‐related) literature. It evaluates, in particular, the AIA's strengths and weaknesses and proposes reform measures that could help to strengthen the AIA. Among the AIA's strengths are its legally binding character, extra‐territoriality, ability to address data quality and discrimination risks, and institutional innovations such as the AI Board and publicly accessible logs and database for AI systems. Among its main weaknesses are its lack of effective enforcement, oversight, and control, absence of procedural rights and remedy mechanisms, inadequate worker protection, institutional ambiguities, insufficient funding and staffing, and inadequate consideration of sustainability issues. Reform suggestions include establishing independent conformity assessment procedures, strengthening democratic accountability and judicial oversight, introducing redress and complaint mechanisms, ensuring the participation and inclusion of workers, guaranteeing political independence of the AI Board, providing enhanced funding and staffing of market surveillance authorities, and mandating “green AI.”

Philipp Hacker,Johann Cordes,Janina Rochon

2023-08-24

Abstract:Artificial intelligence is not only increasingly used in business and administration contexts, but a race for its regulation is also underway, with the EU spearheading the efforts. Contrary to existing literature, this article suggests, however, that the most far-reaching and effective EU rules for AI applications in the digital economy will not be contained in the proposed AI Act - but have just been enacted in the Digital Markets Act. We analyze the impact of the DMA and related EU acts on AI models and their underlying data across four key areas: disclosure requirements; the regulation of AI training data; access rules; and the regime for fair rankings. The paper demonstrates that fairness, in the sense of the DMA, goes beyond traditionally protected categories of non-discrimination law on which scholarship at the intersection of AI and law has so far largely focused on. Rather, we draw on competition law and the FRAND criteria known from intellectual property law to interpret and refine the DMA provisions on fair rankings. Moreover, we show how, based on CJEU jurisprudence, a coherent interpretation of the concept of non-discrimination in both traditional non-discrimination and competition law may be found. The final part sketches specific proposals for a comprehensive framework of transparency, access, and fairness under the DMA and beyond.

Computers and Society,Artificial Intelligence

Diptish Dey,Debarati Bhaumik

DOI: https://doi.org/10.48550/arXiv.2309.14876

2023-12-12

Abstract:As artificial intelligence (AI) systems increasingly impact society, the EU Artificial Intelligence Act (AIA) is the first serious legislative attempt to contain the harmful effects of AI systems. This paper proposes a governance framework for AI innovation. The framework bridges the gap between strategic variables and responsible value creation, recommending audit as an enforcement mechanism. Strategic variables include, among others, organization size, exploration versus exploitation -, and build versus buy dilemmas. The proposed framework is based on primary and secondary research; the latter describes four pressures that organizations innovating with AI experience. Primary research includes an experimental setup, using which 34 organizations in the Netherlands are surveyed, followed up by 2 validation interviews. The survey measures the extent to which organizations coordinate technical elements of AI systems to ultimately comply with the AIA. The validation interviews generated additional in-depth insights and provided root causes. The moderating effect of the strategic variables is tested and found to be statistically significant for variables such as organization size. Relevant insights from primary and secondary research are eventually combined to propose the APPRAISE framework.

Computers and Society

Johann Laux,Sandra Wachter,Brent Mittelstadt

DOI: https://doi.org/10.1016/j.clsr.2024.105957

IF: 2.707

2024-07-01

Computer Law & Security Review

Abstract:Under its proposed Artificial Intelligence Act (‘AIA’), the European Union seeks to develop harmonised standards involving abstract normative concepts such transparency, fairness, and accountability. Applying such concepts inevitably requires answering hard normative questions. Considering this challenge, we argue that there are three possible pathways for future standardisation under the AIA. First, European standard-setting organisations (‘SSOs’) could answer hard normative questions themselves. This approach would raise concerns about its democratic legitimacy. Standardisation is a technical discourse and tends to exclude non-expert stakeholders and the public at large. Second, instead of passing their own normative judgments, SSOs could track the normative consensus they find available. By analysing the standard-setting history of one major SSO, we show that such consensus tracking has historically been its pathway of choice. If standardisation under the AIA took the same route, we demonstrate how this would lead to a false sense of safety as the process is not infallible. Consensus tracking would furthermore push the need to solve unavoidable normative problems down the line. Instead of regulators, AI developers and/or users could define what, for example, fairness requires. By the institutional design of its AIA, the European Commission would have essentially kicked the ‘AI Ethics’ can down the road. We thus suggest a third pathway which aims to avoid the pitfalls of the previous two: SSOs should create standards which require “ethical disclosure by default.” These standards will specify minimum technical testing, documentation, and public reporting requirements to shift ethical decision-making to local stakeholders and limit provider discretion in answering hard normative questions in the development of AI products and services. Our proposed pathway is about putting the right information in the hands of the people with the legitimacy to make complex normative decisions at a local, context-sensitive level.

law

Philipp Hacker

2024-03-07

Abstract:Current proposals for AI regulation, in the EU and beyond, aim to spur AI that is trustworthy (e.g., AI Act) and accountable (e.g., AI Liability) What is missing, however, is a robust regulatory discourse and roadmap to make AI, and technology more broadly, environmentally sustainable. This paper aims to take first steps to fill this gap. The ICT sector contributes up to 3.9 percent of global greenhouse gas (GHG) emissions-more than global air travel at 2.5 percent. The carbon footprint and water consumption of AI, especially large-scale generative models like GPT-4, raise significant sustainability concerns. The paper is the first to assess how current and proposed technology regulations, including EU environmental law, the General Data Protection Regulation (GDPR), and the AI Act, could be adjusted to better account for environmental sustainability. The GDPR, for instance, could be interpreted to limit certain individual rights like the right to erasure if these rights significantly conflict with broader sustainability goals. In a second step, the paper suggests a multi-faceted approach to achieve sustainable AI regulation. It advocates for transparency mechanisms, such as disclosing the GHG footprint of AI systems, as laid out in the proposed EU AI Act. However, sustainable AI regulation must go beyond mere transparency. The paper proposes a regulatory toolkit comprising co-regulation, sustainability-by-design principles, restrictions on training data, and consumption caps, including integration into the EU Emissions Trading Scheme. Finally, the paper argues that this regulatory toolkit could serve as a blueprint for regulating other high-emission technologies and infrastructures like blockchain, Metaverse applications, and data centers. The framework aims to cohesively address the crucial dual challenges of our era: digital transformation and climate change mitigation.

Computers and Society

Claudio Novelli,Philipp Hacker,Jessica Morley,Jarle Trondal,Luciano Floridi

2024-05-11

Abstract:Regulation is nothing without enforcement. This particularly holds for the dynamic field of emerging technologies. Hence, this article has two ambitions. First, it explains how the EU's new Artificial Intelligence Act (AIA) will be implemented and enforced by various institutional bodies, thus clarifying the governance framework of the AIA. Second, it proposes a normative model of governance, providing recommendations to ensure uniform and coordinated execution of the AIA and the fulfilment of the legislation. Taken together, the article explores how the AIA may be implemented by national and EU institutional bodies, encompassing longstanding bodies, such as the European Commission, and those newly established under the AIA, such as the AI Office. It investigates their roles across supranational and national levels, emphasizing how EU regulations influence institutional structures and operations. These regulations may not only directly dictate the structural design of institutions but also indirectly request administrative capacities needed to enforce the AIA.

Computers and Society,Artificial Intelligence

Inioluwa Deborah Raji,Peggy Xu,Colleen Honigsberg,Daniel E. Ho

DOI: https://doi.org/10.48550/arXiv.2206.04737

2022-06-09

Computers and Society

Abstract:Much attention has focused on algorithmic audits and impact assessments to hold developers and users of algorithmic systems accountable. But existing algorithmic accountability policy approaches have neglected the lessons from non-algorithmic domains: notably, the importance of interventions that allow for the effective participation of third parties. Our paper synthesizes lessons from other fields on how to craft effective systems of external oversight for algorithmic deployments. First, we discuss the challenges of third party oversight in the current AI landscape. Second, we survey audit systems across domains - e.g., financial, environmental, and health regulation - and show that the institutional design of such audits are far from monolithic. Finally, we survey the evidence base around these design components and spell out the implications for algorithmic auditing. We conclude that the turn toward audits alone is unlikely to achieve actual algorithmic accountability, and sustained focus on institutional design will be required for meaningful third party involvement.

Merlin Stein,Milan Gandhi,Theresa Kriecherbauer,Amin Oueslati,Robert Trager

2024-09-04

Abstract:Artificial Intelligence (AI) Safety Institutes and governments worldwide are deciding whether they evaluate and audit advanced AI themselves, support a private auditor ecosystem or do both. Auditing regimes have been established in a wide range of industry contexts to monitor and evaluate firms' compliance with regulation. Auditing is a necessary governance tool to understand and manage the risks of a technology. This paper draws from nine such regimes to inform (i) who should audit which parts of advanced AI; and (ii) how much capacity public bodies may need to audit advanced AI effectively. First, the effective responsibility distribution between public and private auditors depends heavily on specific industry and audit conditions. On the basis of advanced AI's risk profile, the sensitivity of information involved in the auditing process, and the high costs of verifying safety and benefit claims of AI Labs, we recommend that public bodies become directly involved in safety critical, especially gray- and white-box, AI model evaluations. Governance and security audits, which are well-established in other industry contexts, as well as black-box model evaluations, may be more efficiently provided by a private market of evaluators and auditors under public oversight. Secondly, to effectively fulfill their role in advanced AI audits, public bodies need extensive access to models and facilities. Public bodies' capacity should scale with the industry's risk level, size and market concentration, potentially requiring 100s of employees for auditing in large jurisdictions like the EU or US, like in nuclear safety and life sciences.

Computers and Society

Sarah H. Cen,Rohan Alur

2024-10-07

Abstract:Artificial intelligence (AI) is increasingly intervening in our lives, raising widespread concern about its unintended and undeclared side effects. These developments have brought attention to the problem of AI auditing: the systematic evaluation and analysis of an AI system, its development, and its behavior relative to a set of predetermined criteria. Auditing can take many forms, including pre-deployment risk assessments, ongoing monitoring, and compliance testing. It plays a critical role in providing assurances to various AI stakeholders, from developers to end users. Audits may, for instance, be used to verify that an algorithm complies with the law, is consistent with industry standards, and meets the developer's claimed specifications. However, there are many operational challenges to AI auditing that complicate its implementation. In this work, we examine a key operational issue in AI auditing: what type of access to an AI system is needed to perform a meaningful audit? Addressing this question has direct policy relevance, as it can inform AI audit guidelines and requirements. We begin by discussing the factors that auditors balance when determining the appropriate type of access, and unpack the benefits and drawbacks of four types of access. We conclude that, at minimum, black-box access -- providing query access to a model without exposing its internal implementation -- should be granted to auditors, as it balances concerns related to trade secrets, data privacy, audit standardization, and audit efficiency. We then suggest a framework for determining how much further access (in addition to black-box access) to grant auditors. We show that auditing can be cast as a natural hypothesis test, draw parallels hypothesis testing and legal procedure, and argue that this framing provides clear and interpretable guidance on audit implementation.

Computers and Society,Machine Learning

Victor Ojewale,Ryan Steed,Briana Vecchione,Abeba Birhane,Inioluwa Deborah Raji

2024-03-14

Abstract:Audits are critical mechanisms for identifying the risks and limitations of deployed artificial intelligence (AI) systems. However, the effective execution of AI audits remains incredibly difficult. As a result, practitioners make use of various tools to support their efforts. Drawing on interviews with 35 AI audit practitioners and a landscape analysis of 390 tools, we map the current ecosystem of available AI audit tools. While there are many tools designed to assist practitioners with setting standards and evaluating AI systems, these tools often fell short of supporting the accountability goals of AI auditing in practice. We thus highlight areas for future tool development beyond evaluation -- from harms discovery to advocacy -- and outline challenges practitioners faced in their efforts to use AI audit tools. We conclude that resources are lacking to adequately support the full scope of needs for many AI audit practitioners and recommend that the field move beyond tools for just evaluation, towards more comprehensive infrastructure for AI accountability.

Computers and Society

Ugo Pagallo,Jacopo Ciani Sciolla,Massimo Durante

DOI: https://doi.org/10.1108/tg-07-2021-0121

2022-06-21

Transforming Government: People, Process and Policy

Abstract:Purpose The paper aims to examine the environmental challenges of artificial intelligence (AI) in EU law that regard both illicit uses of the technology, i.e. overuse or misuse of AI and its possible underuses. The aim of the paper is to show how such regulatory efforts of legislators should be understood as a critical component of the Green Deal of the EU institutions, that is, to save our planet from impoverishment, plunder and destruction. Design/methodology/approach To illustrate the different ways in which AI can represent a game-changer for our environmental challenges, attention is drawn to a multidisciplinary approach, which includes the analysis of the initiatives on the European Green Deal; the proposals for a new legal framework on data governance and AI; principles of environmental and constitutional law; the interaction of such principles and provisions of environmental and constitutional law with AI regulations; other sources of EU law and of its Member States. Findings Most recent initiatives on AI, including the AI Act (AIA) of the European Commission, have insisted on a human-centric approach, whereas it seems obvious that the challenges of environmental law, including those triggered by AI, should be addressed in accordance with an ontocentric, rather than anthropocentric stance. The paper provides four recommendations for the legal consequences of this short-sighted view, including the lack of environmental concerns in the AIA. Research limitations/implications The environmental challenges of AI suggest complementing current regulatory efforts of EU lawmakers with a new generation of eco-impact assessments; duties of care and disclosure of non-financial information; clearer parameters for the implementation of the integration principle in EU constitutional law; special policies for the risk of underusing AI for environmental purposes. Further research should examine these policies in connection with the principle of sustainability and the EU plan for a circular economy, as another crucial ingredient of the Green Deal. Practical implications The paper provides a set of concrete measures to properly tackle both illicit uses of AI and the risk of its possible underuse for environmental purposes. Such measures do not only concern the "top down" efforts of legislators but also litigation and the role of courts. Current trends of climate change litigation and the transplant of class actions into several civil law jurisdictions shed new light on the ways in which we should address the environmental challenges of AI, even before a court. Social implications A more robust protection of people's right to a high level of environmental protection and the improvement of the quality of the environment follows as a result of the analysis on the legal threats and opportunities brought forth by AI. Originality/value The paper explores a set of issues, often overlooked by scholars and institutions, that is nonetheless crucial for any Green Deal, such as the distinction between the human-centric approach of current proposals in the field of technological regulation and the traditional ontocentric stance of environmental law. The analysis considers for the first time the legal issues that follow this distinction in the field of AI regulation and how we should address them.

Abeba Birhane,Ryan Steed,Victor Ojewale,Briana Vecchione,Inioluwa Deborah Raji

2024-01-26

Abstract:One of the most concrete measures to take towards meaningful AI accountability is to consequentially assess and report the systems' performance and impact. However, the practical nature of the "AI audit" ecosystem is muddled and imprecise, making it difficult to work through various concepts and map out the stakeholders involved in the practice. First, we taxonomize current AI audit practices as completed by regulators, law firms, civil society, journalism, academia, consulting agencies. Next, we assess the impact of audits done by stakeholders within each domain. We find that only a subset of AI audit studies translate to desired accountability outcomes. We thus assess and isolate practices necessary for effective AI audit results, articulating the observed connections between AI audit design, methodology and institutional context on its effectiveness as a meaningful mechanism for accountability.

Computers and Society

Martin Ebers,Veronica R. S. Hoch,Frank Rosenkranz,Hannah Ruschemeier,Björn Steinrötter

DOI: https://doi.org/10.3390/j4040043

2021-10-08

J

Abstract:On 21 April 2021, the European Commission presented its long-awaited proposal for a Regulation “laying down harmonized rules on Artificial Intelligence”, the so-called “Artificial Intelligence Act” (AIA). This article takes a critical look at the proposed regulation. After an introduction (1), the paper analyzes the unclear preemptive effect of the AIA and EU competences (2), the scope of application (3), the prohibited uses of Artificial Intelligence (AI) (4), the provisions on high-risk AI systems (5), the obligations of providers and users (6), the requirements for AI systems with limited risks (7), the enforcement system (8), the relationship of the AIA with the existing legal framework (9), and the regulatory gaps (10). The last section draws some final conclusions (11).

David Manheim,Sammy Martin,Mark Bailey,Mikhail Samin,Ross Greutzmacher

2024-04-11

Abstract:Auditing of AI systems is a promising way to understand and manage ethical problems and societal risks associated with contemporary AI systems, as well as some anticipated future risks. Efforts to develop standards for auditing Artificial Intelligence (AI) systems have therefore understandably gained momentum. However, we argue that creating auditing standards is not just insufficient, but actively harmful by proliferating unheeded and inconsistent standards, especially in light of the rapid evolution and ethical and safety challenges of AI. Instead, the paper proposes the establishment of an AI Audit Standards Board, responsible for developing and updating auditing methods and standards in line with the evolving nature of AI technologies. Such a body would ensure that auditing practices remain relevant, robust, and responsive to the rapid advancements in AI. The paper argues that such a governance structure would also be helpful for maintaining public trust in AI and for promoting a culture of safety and ethical responsibility within the AI industry.

Computers and Society,Artificial Intelligence

Anna-Katharina Meßmer,Martin Degeling

DOI: https://doi.org/10.48550/arXiv.2302.04556

2023-02-09

Computers and Society

Abstract:Today's online platforms rely heavily on recommendation systems to serve content to their users; social media is a prime example. In turn, recommendation systems largely depend on artificial intelligence algorithms to decide who gets to see what. While the content social media platforms deliver is as varied as the users who engage with them, it has been shown that platforms can contribute to serious harm to individuals, groups and societies. Studies have suggested that these negative impacts range from worsening an individual's mental health to driving society-wide polarisation capable of putting democracies at risk. To better safeguard people from these harms, the European Union's Digital Services Act (DSA) requires platforms, especially those with large numbers of users, to make their algorithmic systems more transparent and follow due diligence obligations. These requirements constitute an important legislative step towards mitigating the systemic risks posed by online platforms. However, the DSA lacks concrete guidelines to operationalise a viable audit process that would allow auditors to hold these platforms accountable. This void could foster the spread of 'audit-washing', that is, platforms exploiting audits to legitimise their practices and neglect responsibility. To fill this gap, we propose a risk-scenario-based audit process. We explain in detail what audits and assessments of recommender systems according to the DSA should look like. Our approach also considers the evolving nature of platforms and emphasises the observability of their recommender systems' components. The resulting audit facilitates internal (among audits of the same system at different moments in time) and external comparability (among audits of different platforms) while also affording the evaluation of mitigation measures implemented by the platforms themselves.