What will EU regulation of AI-based products and services look like?
As the hype around artificial intelligence continues to grow, the European Union takes a crucial step towards the world’s first attempt at AI regulation. The European Parliament has approved the current draft of the legislation known as the AI Act.
This is our first look at what regulation of AI-based products and services could look like, though there are details yet to be worked out. Among the headline provisions are outright bans on the use of live facial recognition technology and predictive policing.
Facial recognition software has been legal worldwide, with just two countries (Belgium and Luxembourg) ever having banned it. Its use is often associated with China, representing a critical piece to its larger “social credit” project. Predictive policing is also currently being used in the United States, United Kingdom, Denmark, Japan, China, and more as the list looks likely to grow. It’s an approach that uses personal data (such as past convictions, location, and group affiliations) to predict future behaviour. The AI Act’s ban on these technologies was welcomed by groups such as Amnesty International but didn’t come without a fight.
Another focus of the AI Act was generative AI applications such as ChatGPT. The growing popularity of this technology was clearly prevalent in the minds of legislators. The approved draft text places obligations on these applications, including the labelling of AI-generated media and reporting what copyrighted material was used to train underlying models. Furthermore, there is a general requirement that every step in training AI models abides by all European laws. Contravention of these provisions risks deletion of the offending application or a fine of up to 7% of revenue.
This legislation arrives at a time when the conversation around AI is split between its innovative potential and possible regulation. Lawmakers in much of the rest of the world are still unsure about how this legal framework would come together. The EU, on the other hand, has progressed at a pace that even those who welcomed regulation are weary of.
Some of those concerns are reportedly technical, with the copyrighted materials requirement particularly standing out as “impossible” to comply with. Civil society organisations are also concerned with some of the AI Act’s current blindspots pertaining to human rights.
The draft legislation is now set to be negotiated further among the European Commission and Council, including the heads of state and government leaders of European countries. Though the bloc is hoping to reach an agreement by the end of the year, there’s a lot to figure out. Questions include, but are most certainly not limited to:
- How, specifically, will the AI Act be enforced?
- What will the final list of High-Risk Systems look like?
- What are the rules governing the interplay between the AI Act and, say, GDPR?
- How do individuals seek redress, as the AI Act currently states, if they determine they were harmed by in-scope services? Furthermore, how would they even know they were harmed, to begin with?