Skip to main content

The EU AI Act has finally been Passed; Towards a legislative framework for AI.

 


Towards a legislative framework for AI.

The EU have finally passed the EU AI Act. The following represent most complete attempts at a legislative approach to AI regulation I've so far come across.

The EU AI Act will probably have the greatest impact, for now. But for today I want to concentrate upon the UNESCO Ethics against the provisions set out in the EU AI Act.

Both the UNESCO Recommendation on the Ethics of Artificial Intelligence and the EU AI Act aim to guide the development of ethical AI. The UNESCO recommendation outlines 10 principles,
  • Proportionality and Do No Harm
  • Safety and security
  • Fairness and non-discrimination
  • Sustainability
  • Right to Privacy, and Data Protection
  • Human oversight and determination 
  • Transparency and explainability
  • Responsibility and accountability
  • Awareness and literacy 
  • Multi-stakeholder and adaptive governance and collaboration
It also suggests concrete policy actions on these principles. 

The EU AI Act, on the other hand, is a binding regulation that sets out rules for the development and use of AI in the EU. It includes requirements for high-risk AI systems, such as transparency, human oversight, and data protection. It's concentration on risk management strongly suggests that it is more concerned with risk management and implementation of AI, than it is about ethical considerations. This is a  significant weakness, as far as I can tell.

The Act defines risk by classifying AI systems into different categories based on their potential risk level. The Act proposes three categories of AI systems: (1) unacceptable risk, (2) high risk, and (3) limited risk. High-risk AI systems are those that pose significant risks to health, safety, or fundamental rights, such as biometric identification, critical infrastructure, and educational admissions. The Act mandates various development and use requirements for high-risk AI systems, such as transparency, human oversight, and data protection. The Act also requires that high-risk AI systems undergo a conformity assessment before they can be placed on the market or put into service. The conformity assessment must be carried out by a notified body, and it must verify that the AI system complies with the requirements of the Act.

The high risk systems will likely have the greatest ramifications: the act Act requires providers of high-risk AI systems to implement a risk management system. The risk management system should be designed to reduce individual, collective, and societal risks, not just risks to the provider of high-risk AI systems. The Act mandates that the risk management system should be implemented within 24 months after the AI Act enters into force, although the Council has proposed to extend this period to 36 months. The risk management process in the AI Act seems to be inspired by ISO/IEC Guide 51. The Act does not define most terms, but it provides building blocks for high-risk AI systems. The Act also requires that high-risk AI systems undergo a conformity assessment before they can be placed on the market or put into service. The conformity assessment must be carried out by a notified body, and it must verify that the AI system complies with the requirements of the Act.

The artificial intelligence act eu, under a section of 'how can it be improved?' notably point out:

'There are several loopholes and exceptions in the proposed law. These shortcomings limit the Act’s ability to ensure that AI remains a force for good in your life. Currently, for example, facial recognition by the police is banned unless the images are captured with a delay or the technology is being used to find missing children.

In addition, the law is inflexible. If in two years’ time a dangerous AI application is used in an unforeseen sector, the law provides no mechanism to label it as “high-risk”.'

Legislation, without an initially adopted ethical framework in place and operating, seems destined to keep the courts busy, some lawyers well enumerated and the problems in place for years, whilst the justice procedures drag on. 

The question for me, and perhaps you, is, do we have those years, are they affordable in terms of the harms that may accrue?

Labels:

Comments

Post a Comment

Popular posts from this blog

The Whispers in the Machine: Why Prompt Injection Remains a Persistent Threat to LLMs

 Large Language Models (LLMs) are rapidly transforming how we interact with technology, offering incredible potential for tasks ranging from content creation to complex analysis. However, as these powerful tools become more integrated into our lives, so too do the novel security challenges they present. Among these, prompt injection attacks stand out as a particularly persistent and evolving threat. These attacks, as one recent paper (Safety at Scale: A Comprehensive Survey of Large Model Safety https://arxiv.org/abs/2502.05206) highlights, involve subtly manipulating LLMs to deviate from their intended purpose, and the methods are becoming increasingly sophisticated. At its core, a prompt injection attack involves embedding a malicious instruction within an otherwise normal request, tricking the LLM into producing unintended – and potentially harmful – outputs. Think of it as slipping a secret, contradictory instruction into a seemingly harmless conversation. What makes prompt inj...
Post a Comment
Read more

AI Agents and the Latest Silicon Valley Hype

In what appears to be yet another grandiose proclamation from the tech industry, Google has released a whitepaper extolling the virtues of what they're calling "Generative AI agents". (https://www.aibase.com/news/14498) Whilst the basic premise—distinguishing between AI models and agents—holds water, one must approach these sweeping claims with considerable caution. Let's begin with the fundamentals. Yes, AI models like Large Language Models do indeed process information and generate outputs. That much isn't controversial. However, the leap from these essentially sophisticated pattern-matching systems to autonomous "agents" requires rather more scrutiny than the tech evangelists would have us believe. The whitepaper's architectural approaches—with their rather grandiose names like "ReAct" and "Tree of Thought"—sound remarkably like repackaged versions of long-standing computer science concepts, dressed up in fashionable AI clot...
Post a Comment
Read more

Podcast Soon Notice

I've been invited to make a podcast around the themes and ideas presented in this blog. More details will be announced soon. This is also your opportunity to be involved in the debate. If you have a response to any of the blog posts posted here, or consider an important issue in the debate around AGI is not being discussed, then please get in touch via the comments.  I look forward to hearing from you.
Post a Comment
Read more