Ronan Hamon,Henrik Junklewitz,Josep Soler Garrido,Ignacio Sanchez

DOI: https://doi.org/10.1109/access.2024.3391021

IF: 3.9

2024-05-03

IEEE Access

Abstract:This article examines the interplay between artificial intelligence (AI) and cybersecurity in light of future regulatory requirements on the security of AI systems, specifically focusing on the robustness of high-risk AI systems against cyberattacks in the context of the European Union's AI Act. The paper identifies and analyses three challenges to achieve compliance of AI systems with the cybersecurity requirement: accounting for the diversity and the complexity of AI technologies, assessing AI-specific risks, and developing secure-by-design AI systems. The contribution of the article consists in providing an overview of AI cybersecurity practices and identifying gaps in current approaches to security conformity assessment for AI systems. Our analysis highlights the unique vulnerabilities present in AI systems and the absence of established cybersecurity practices tailored to these systems, and emphasises the need for continuous alignment between legal requirements and technological capabilities, acknowledging the necessity for further research and development to address the challenges. It concludes that comprehensive cybersecurity practices must evolve to accommodate the unique aspects of AI, with a collaborative effort from various sectors to ensure effective implementation and standardisation.

computer science, information systems,telecommunications,engineering, electrical & electronic

Konstantinos Kalodanis,Panagiotis Rizomiliotis,Dimosthenis Anagnostopoulos

DOI: https://doi.org/10.1108/ics-10-2022-0165

2023-11-23

Abstract:Purpose The purpose of this paper is to highlight the key technical challenges that derive from the recently proposed European Artificial Intelligence Act and specifically, to investigate the applicability of the requirements that the AI Act mandates to high-risk AI systems from the perspective of AI security. Design/methodology/approach This paper presents the main points of the proposed AI Act, with emphasis on the compliance requirements of high-risk systems. It matches known AI security threats with the relevant technical requirements, it demonstrates the impact that these security threats can have to the AI Act technical requirements and evaluates the applicability of these requirements based on the effectiveness of the existing security protection measures. Finally, the paper highlights the necessity for an integrated framework for AI system evaluation. Findings The findings of the EU AI Act technical assessment highlight the gap between the proposed requirements and the available AI security countermeasures as well as the necessity for an AI security evaluation framework. Originality/value AI Act, high-risk AI systems, security threats, security countermeasures.

Martin Ebers,Veronica R. S. Hoch,Frank Rosenkranz,Hannah Ruschemeier,Björn Steinrötter

DOI: https://doi.org/10.3390/j4040043

2021-10-08

J

Abstract:On 21 April 2021, the European Commission presented its long-awaited proposal for a Regulation “laying down harmonized rules on Artificial Intelligence”, the so-called “Artificial Intelligence Act” (AIA). This article takes a critical look at the proposed regulation. After an introduction (1), the paper analyzes the unclear preemptive effect of the AIA and EU competences (2), the scope of application (3), the prohibited uses of Artificial Intelligence (AI) (4), the provisions on high-risk AI systems (5), the obligations of providers and users (6), the requirements for AI systems with limited risks (7), the enforcement system (8), the relationship of the AIA with the existing legal framework (9), and the regulatory gaps (10). The last section draws some final conclusions (11).

Martin Ebers

DOI: https://doi.org/10.2139/ssrn.3900378

2021-01-01

SSRN Electronic Journal

Abstract:On April 21, 2021, the European Commission presented its long-awaited proposal for a Regulation “laying down harmonized rules on Artificial Intelligence”, the so-called “Artificial Intelligence Act” (hereinafter: AIA). Most of the provisions of the AIA deal with high-risk systems, setting out obligations on providers, users and other participants across the AI value chain, establishing in particular, conformity assessment procedures to be followed for each type of high-risk AI system.At the heart of the proposal is the idea of co-regulation through standardization based on the New Legislative Framework (NLF). According to Recital (61) AIA, “[s]tandardization should play a key role to provide technical solutions to providers to ensure compliance with this Regulation”. Accordingly, this chapter provides a critical analysis of the proposal, discussing in particular, how the envisaged system of co-regulation, standardization and certification could contribute to European governance of AI and address the manifold ethical and legal concerns of (high-risk) AI systems.

Jakob Mokander,Maria Axente,Federico Casolari,Luciano Floridi

DOI: https://doi.org/10.48550/arXiv.2111.05071

2021-11-09

Computers and Society

Abstract:The proposed European Artificial Intelligence Act (AIA) is the first attempt to elaborate a general legal framework for AI carried out by any major global economy. As such, the AIA is likely to become a point of reference in the larger discourse on how AI systems can (and should) be regulated. In this article, we describe and discuss the two primary enforcement mechanisms proposed in the AIA: the conformity assessments that providers of high-risk AI systems are expected to conduct, and the post-market monitoring plans that providers must establish to document the performance of high-risk AI systems throughout their lifetimes. We argue that AIA can be interpreted as a proposal to establish a Europe-wide ecosystem for conducting AI auditing, albeit in other words. Our analysis offers two main contributions. First, by describing the enforcement mechanisms included in the AIA in terminology borrowed from existing literature on AI auditing, we help providers of AI systems understand how they can prove adherence to the requirements set out in the AIA in practice. Second, by examining the AIA from an auditing perspective, we seek to provide transferable lessons from previous research about how to refine further the regulatory approach outlined in the AIA. We conclude by highlighting seven aspects of the AIA where amendments (or simply clarifications) would be helpful. These include, above all, the need to translate vague concepts into verifiable criteria and to strengthen the institutional safeguards concerning conformity assessments based on internal checks.

Nuno Sousa e Silva

2024-08-31

Abstract:This article provides a critical overview of the recently approved Artificial Intelligence Act. It starts by presenting the main structure, objectives, and approach of Regulation (EU) 2024/1689. A definition of key concepts follows, and then the material and territorial scope, as well as the timing of application, are analyzed. Although the Regulation does not explicitly set out principles, the main ideas of fairness, accountability, transparency, and equity in AI underly a set of rules of the regulation. This is discussed before looking at the ill-defined set of forbidden AI practices (manipulation and e exploitation of vulnerabilities, social scoring, biometric identification and classification, and predictive policing). It is highlighted that those rules deal with behaviors rather than AI systems. The qualification and regulation of high-risk AI systems are tackled, alongside the obligation of transparency for certain systems, the regulation of general-purpose models, and the rules on certification, supervision, and sanctions. The text concludes that even if the overall framework can be deemed adequate and balanced, the approach is so complex that it risks defeating its own purpose of promoting responsible innovation within the European Union and beyond its borders.

Computers and Society,Artificial Intelligence

François Terrier

DOI: https://doi.org/10.48550/arXiv.2311.06263

2023-09-27

Computers and Society

Abstract:The explosion in the performance of Machine Learning (ML) and the potential of its applications are strongly encouraging us to consider its use in industrial systems, including for critical functions such as decision-making in autonomous systems. While the AI community is well aware of the need to ensure the trustworthiness of AI-based applications, it is still leaving too much to one side the issue of safety and its corollary, regulation and standards, without which it is not possible to certify any level of safety, whether the systems are slightly or very critical.The process of developing and qualifying safety-critical software and systems in regulated industries such as aerospace, nuclear power stations, railways or automotive industry has long been well rationalized and mastered. They use well-defined standards, regulatory frameworks and processes, as well as formal techniques to assess and demonstrate the quality and safety of the systems and software they develop. However, the low level of formalization of specifications and the uncertainties and opacity of machine learning-based components make it difficult to validate and verify them using most traditional critical systems engineering methods. This raises the question of qualification standards, and therefore of regulations adapted to AI. With the AI Act, the European Commission has laid the foundations for moving forward and building solid approaches to the integration of AI-based applications that are safe, trustworthy and respect European ethical values. The question then becomes "How can we rise to the challenge of certification and propose methods and tools for trusted artificial intelligence?"

Irena Barkane,Irena Nesterova

DOI: https://doi.org/10.3233/ip-211524

2022-04-22

Information Polity

Abstract:Artificial Intelligence (AI)-based surveillance technologies such as facial recognition, emotion recognition and other biometric technologies have been rapidly introduced by both public and private entities all around the world, raising major concerns about their impact on fundamental rights, the rule of law and democracy. This article questions the efficiency of the European Commission’s Proposal for Regulation of Artificial Intelligence, known as the AI Act, in addressing the threats and risks to fundamental rights posed by AI biometric surveillance systems. It argues that in order to meaningfully address risks to fundamental rights the proposed classification of these systems should be reconsidered. Although the draft AI Act acknowledges that some AI practices should be prohibited, the multiple exceptions and loopholes should be closed, and in addition new prohibitions, in particular to emotional recognition and biometric categorisation systems, should be added to counter AI surveillance practices violating fundamental rights. The AI Act should also introduce stronger legal requirements, such as third-party conformity assessment, fundamental rights impact assessment, transparency obligations as well as enhance existing EU data protection law and the rights and remedies available to individuals, thus not missing the unique opportunity to adopt the first legal framework that truly promotes trustworthy AI.

Francesco Sovrano,Giulio Masetti

DOI: https://doi.org/10.1145/3560107.3560253

2022-09-12

Abstract:The AI Act has been recently proposed by the European Commission to regulate the use of AI in the EU, especially on high-risk applications, i.e. systems intended to be used as safety components in the management and operation of road traffic and the supply of water, gas, heating and electricity. On the other hand, IEC 61508, one of the most adopted international standards for safety-critical electronic components, seem to mostly forbid the use of AI in such systems. Given this conflict between IEC 61508 and the proposed AI Act, also stressed by the fact that IEC 61508 is not an harmonised European standard, with the present paper we study and analyse what is going to happen to industry after the entry into force of the AI Act. In particular, we focus on how the proposed AI Act might positively impact on the sustainability of critical infrastructures by allowing the use of AI on an industry where it was previously forbidden. To do so, we provide several examples of AI-based solutions falling under the umbrella of IEC 61508 that might have a positive impact on sustainability in alignment with the current long-term goals of the EU and the Sustainable Development Goals of the United Nations, i.e., affordable and clean energy, sustainable cities and communities.

Computers and Society

Marijana Mladenov

DOI: https://doi.org/10.5937/ptp2300032m

2023-01-01

Pravo - teorija i praksa

Abstract:Artificial intelligence (AI) has the capacity to improve not only the individual quality of life, but also economic and social welfare. Although the AI systems have many advantages, they also pose significant risks, creating a wide range of moral and legal dilemmas. The European Union has been creating a legal framework for developing, trading, and using AI-driven products, services, and systems to reduce the risks connected with the AI systems and to prevent any possible harm they may cause. The main focus of this paper refers to the analysis of the Proposal for the Artificial Intelligence Act submitted by the European Commission in April 2021. The goal of the article is to move toward a possible resolution to the dilemma of whether the AIA proposal is appropriate for the AI era by addressing the scope of its application, the prohibited AI practices, rules on high-risk AI systems, specific transparency obligations, as well as certain regulatory gaps. The article should be viewed as an initial analysis of the AIA proposal in order to provide a useful framework for the future discussion.

Aude Cefaliello,Miriam Kullmann

DOI: https://doi.org/10.1177/20319525221114474

2022-10-20

European Labour Law Journal

Abstract:In April 2021, the European Commission published its first draft of the Proposal for a Regulation on Artificial Intelligence. Since AI in the work context has increasingly become important in organising work and managing workers, the AI Act will undoubtedly have an impact on EU and national labour law systems. One aim of the proposal is to guarantee ‘consistency with existing Union legislation applicable to sectors where high-risk Artificial Intelligence systems are already used or likely to be used in the near future’, which includes the EU social acquis. It could be argued that ensuring true consistency with EU law means guaranteeing that the way the AI Act will be implemented and applied will still allow the other pieces of EU labour law to fulfil their purpose. It is undeniable that the implementation of the AI Act will overlap with various fields of EU law, especially considering the increasing use of AI technology at work. Thus, this article seeks to identify ways to refine the AI Act, insofar as it impacts work. The contribution discusses the current AI Act as proposed in April 2021, thereby focusing on two particular areas, EU non-discrimination law and EU law on occupational health and safety (OSH), as these two areas are, more or less explicitly, addressed as legal fields in the AI Act. The article starts with taking the perspective of EU labour law influencing the development of AI systems used in the employment context. We argue that providers should respect EU labour law throughout the development of the AI system (section 2). Then, the areas where EU labour law and the AI overlap are identified, thereby viewing it from an employer's perspective, i.e., the user of the AI system (section 3). Using two specific EU labour law areas (the right not to be discriminated against and the right to healthy and safe working conditions) the article provides a first assessment of how the AI Act might influence work and the regulation thereof (section 4). Finally, the conclusion critically explores whether and to what extent AI in employment situations warrants particular attention (section 5).

Patrick Glauner

DOI: https://doi.org/10.48550/arXiv.2105.15133

2021-05-27

Abstract:In April 2021, the European Commission published a proposed regulation on AI. It intends to create a uniform legal framework for AI within the European Union (EU). In this chapter, we analyze and assess the proposal. We show that the proposed regulation is actually not needed due to existing regulations. We also argue that the proposal clearly poses the risk of overregulation. As a consequence, this would make the use or development of AI applications in safety-critical application areas, such as in healthcare, almost impossible in the EU. This would also likely further strengthen Chinese and US corporations in their technology leadership. Our assessment is based on the oral evidence we gave in May 2021 to the joint session of the European Union affairs committees of the German federal parliament and the French National Assembly.

Computers and Society

Philipp Hacker

2023-10-06

Abstract:This chapter provides a comprehensive discussion on AI regulation in the European Union, contrasting it with the more sectoral and self-regulatory approach in the UK. It argues for a hybrid regulatory strategy that combines elements from both philosophies, emphasizing the need for agility and safe harbors to ease compliance. The paper examines the AI Act as a pioneering legislative effort to address the multifaceted challenges posed by AI, asserting that, while the Act is a step in the right direction, it has shortcomings that could hinder the advancement of AI technologies. The paper also anticipates upcoming regulatory challenges, such as the management of toxic content, environmental concerns, and hybrid threats. It advocates for immediate action to create protocols for regulated access to high-performance, potentially open-source AI systems. Although the AI Act is a significant legislative milestone, it needs additional refinement and global collaboration for the effective governance of rapidly evolving AI technologies.

Computers and Society,Artificial Intelligence

Claudio Novelli,Philipp Hacker,Jessica Morley,Jarle Trondal,Luciano Floridi

DOI: https://doi.org/10.1017/err.2024.57

2024-10-26

Abstract:Regulation is nothing without enforcement. This particularly holds for the dynamic field of emerging technologies. Hence, this article has two ambitions. First, it explains how the EU's new Artificial Intelligence Act (AIA) will be implemented and enforced by various institutional bodies, thus clarifying the governance framework of the AIA. Second, it proposes a normative model of governance, providing recommendations to ensure uniform and coordinated execution of the AIA and the fulfilment of the legislation. Taken together, the article explores how the AIA may be implemented by national and EU institutional bodies, encompassing longstanding bodies, such as the European Commission, and those newly established under the AIA, such as the AI Office. It investigates their roles across supranational and national levels, emphasizing how EU regulations influence institutional structures and operations. These regulations may not only directly dictate the structural design of institutions but also indirectly request administrative capacities needed to enforce the AIA.

Computers and Society,Artificial Intelligence

Gabriele Mazzini,Filippo Bagni

DOI: https://doi.org/10.3389/frai.2023.1277544

2023-11-10

Abstract:The proposal for the Artificial Intelligence regulation in the EU (AI Act) is a horizontal legal instrument that aims to regulate, according to a tailored risk-based approach, the development and use of AI systems across a plurality of sectors, including the financial sector. In particular, AI systems intended to be used to evaluate the creditworthiness or establish the credit score of natural persons are classified as "high-risk AI systems". The proposal, tabled by the Commission in April 2021, is currently at the center of intense interinstitutional negotiations between the two branches of the European legislature, the European Parliament and the Council. Without prejudice to the ongoing legislative deliberations, the paper aims to provide an overview of the main elements and choices made by the Commission in respect of the regulation of AI in the financial sector, as well as of the position taken in that regard by the European Parliament and Council.

Johann Laux,Sandra Wachter,Brent Mittelstadt

DOI: https://doi.org/10.1016/j.clsr.2024.105957

IF: 2.707

2024-07-01

Computer Law & Security Review

Abstract:Under its proposed Artificial Intelligence Act (‘AIA’), the European Union seeks to develop harmonised standards involving abstract normative concepts such transparency, fairness, and accountability. Applying such concepts inevitably requires answering hard normative questions. Considering this challenge, we argue that there are three possible pathways for future standardisation under the AIA. First, European standard-setting organisations (‘SSOs’) could answer hard normative questions themselves. This approach would raise concerns about its democratic legitimacy. Standardisation is a technical discourse and tends to exclude non-expert stakeholders and the public at large. Second, instead of passing their own normative judgments, SSOs could track the normative consensus they find available. By analysing the standard-setting history of one major SSO, we show that such consensus tracking has historically been its pathway of choice. If standardisation under the AIA took the same route, we demonstrate how this would lead to a false sense of safety as the process is not infallible. Consensus tracking would furthermore push the need to solve unavoidable normative problems down the line. Instead of regulators, AI developers and/or users could define what, for example, fairness requires. By the institutional design of its AIA, the European Commission would have essentially kicked the ‘AI Ethics’ can down the road. We thus suggest a third pathway which aims to avoid the pitfalls of the previous two: SSOs should create standards which require “ethical disclosure by default.” These standards will specify minimum technical testing, documentation, and public reporting requirements to shift ethical decision-making to local stakeholders and limit provider discretion in answering hard normative questions in the development of AI products and services. Our proposed pathway is about putting the right information in the hands of the people with the legitimacy to make complex normative decisions at a local, context-sensitive level.

law

Marion Ho-Dac

DOI: https://doi.org/10.48550/arxiv.2402.16869

2024-01-23

Computers and Society

Abstract:In the European context, both the EU AI Act proposal and the draft Standardisation Request on safe and trustworthy AI link standardisation to fundamental rights. However, these texts do not provide any guidelines that specify and detail the relationship between AI standards and fundamental rights, its meaning or implication. This chapter aims to clarify this critical regulatory blind spot. The main issue tackled is whether the adoption of AI harmonised standards, based on the future AI Act, should take into account fundamental rights. In our view, the response is yes. The high risks posed by certain AI systems relate in particular to infringements of fundamental rights. Therefore, mitigating such risks involves fundamental rights considerations and this is what future harmonised standards should reflect. At the same time, valid criticisms of the European standardisation process have to be addressed. Finally, the practical incorporation of fundamental rights considerations in the ongoing European standardisation of AI systems is discussed.

Natali Helberger,Nicholas Diakopoulos

DOI: https://doi.org/10.1080/21670811.2022.2082505

IF: 5.4

2022-07-31

Digital Journalism

Abstract:No potential conflict of interest was reported by the authors. 1 Proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on Artificial Intelligence (Artificial Intelligence Act) and amending certain Union legislative acts, COM/2021/206 final. Please note: at the time of writing, the AI Act was still a first proposal. This commentary discusses the act in the version that was published by the European Commission on 21 April 2021. The substance of the regulation as well as the article numbers can change in the final version of the law. 2 Independent High-Level Expert Group on Artificial Intelligence, Ethics Guidelines for Trustworthy AI, Brussels, 8 April 2019. 3 Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/ECCOM/2020/825 final, the Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on contestable and fair markets in the digital sector (Digital Markets Act), COM/2020/842 final. 4 Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on European data governance (Data Governance Act), COM/2020/767 final, Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on harmonised rules on fair access to and use of data (Data Act), Brussels, 23.2.2022, COM(2022) 68 final. 5 COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS On the European democracy action plan, COM/2020/790 final; Call for Evidence for an Impact Assessment, Safeguarding media freedom and pluralism in the internal market (Media Freedom Act), Ares(2021)7899801 - 21/12/2021. 6 Recital 11 draft AI Act. 7 Art. 2 (1) draft AI Act, Recital 6. 8 Art. 3 (1) draft AI Act. 9 For excellent more comprehensive descriptions o f the content of the regulation see (Veale and Zuiderveen Borgesius 2021 Veale, Michael , and Frederik Zuiderveen Borgesius . 2021 . " Demystifying the Draft EU Artificial Intelligence Act ." Computer Law Review International 22 (4): 97 – 112 . [Crossref] , [Google Scholar] ; Spindler 2021 Spindler, Gerald. 2021 . " Der Vorschlag Der EU-Kommission Für Eine Verordnung Zur Regulierung Der Künstlichen Intelligenz ." CR 37 (6): 361 – 374 . [Google Scholar] ; Floridi 2021 Floridi, Luciano. 2021 . " The European Legislation on AI: A Brief Analysis of Its Philosophical Approach ." Philosophy & Technology 34 (2): 215 – 222 . [Crossref], [PubMed] , [Google Scholar] ). 10 Art. 29 draft AI Act. 11 Art. 7 (2) draft AI Act. 12 Art. 26 of the Digital Services Act. 13 Art. 53 draft AI Act. 14 Art. 52(1) draft AI Act. 15 https://thefix.media/2021/10/12/digital-revolution-high-end-digitization-solutions-from-the-biggest-norwegian-daily/ 16 https://www.bbc.com/news/business-56278411 17 Point 6(c) of Annex III in conjunction with Article 6(2) of AI Act. 18 Art. 69 draft AI Act. 19 Recommendation CM/Rec(2020)1 of the Committee of Ministers to member States on the human rights impacts of algorithmic systems, Adopted by the Committee of Ministers on 8 April 2020. 20 European Commission, Proposal for a Regulation of the European Parliament and of the Council on the transparency and targeting of political advertising, Brussels, 25.11.2021, COM(2021) 731 final.

communication

Dmitryi Leonidovich Kuteynikov,Osman Alikovich Izhaev

DOI: https://doi.org/10.17323/2713-2749.2023.3.97.116

2023-10-31

Legal Issues in the Digital Age

Abstract:The article delves into the risk-based approach underpinning the draft EU ArtificialIntelligence Act. Anticipated to be approved by the end of 2023, this regulation ispoised to serve as a cornerstone in the European Union’s legal framework forgoverning the development and deployment of artificial intelligence systems (AIsystems). However, the ever-evolving technological landscape continues to presentnovel challenges to legislators, necessitating ongoing solutions that will span yearsto come. Moreover, the widespread proliferation of foundation models and generalpurpose AI systems over the past year underscores the need to refine the initialrisk-based approach concept. The study comprehensively examines the inherentissues within the risk-based approach, including the delineation of AI systemcategories, their classification according to the degree of risk to human rights, andthe establishment of optimal legal requirements for each subset of these systems.The research concludes that the construction of a more adaptable normative legalframework mandates differentiation of requirements based on risk levels, as well asacross all stages of an AI system’s lifecycle and levels of autonomy. The paper alsodelves into the challenges associated with extending the risk-oriented approach toencompass foundation models and general purpose AI systems, offering distinctanalyses for each.

English Else