The European Union (EU) has taken on the challenge of regulating artificial intelligence (AI) with the passage of the world’s first comprehensive legislation in this field. The new law, known as the AI Act, aims to address potential risks and limitations associated with AI technology. However, experts believe that the restrictions outlined in the act may face resistance from member state law enforcement agencies, which are already utilizing these technologies for public security reasons. Kenneth Propp, a senior fellow with the Atlantic Council’s Europe Center, points out that the final version of the legislation may be more accommodating to member states’ security interests.
Although the AI Act has the potential to impact AI regulation globally, there are still hurdles to be overcome before it becomes law. Propp suggests that other regulators may be emboldened by the fines imposed by the EU and seek similar remuneration for violations in their respective countries. Furthermore, other countries might extend auditing requirements to include maintaining outputs from generative models. Despite these challenges, Aaron Mendes, CEO and co-founder of PrivacyHawk, believes that the regulations could ultimately benefit individuals by protecting them from the potential harm caused by AI. Mendes praises the EU for its forward-thinking approach to technology and emphasizes the need to establish safeguards before it is too late.
In the United States, the Securities and Exchange Commission (SEC) has proposed new rules regarding the public disclosure of cybersecurity incidents affecting publicly traded companies. While some industry members express concerns about the potential negative impact on national security and potential overlap with existing legislation, the Digital Forensic Research Lab (DFRLab) offers a more positive outlook on the new rules. DFRLab suggests that increased transparency resulting from the regulations could minimize disparities in the cybersecurity market and enhance industry research and policy-making. Additionally, DFRLab recommends that the SEC allow companies to delay reporting ongoing or uncontained cyber incidents to protect national security interests. The author further suggests that disclosures should focus on the nature and cause of the incident rather than its effects, providing researchers and policymakers with useful public data.
Concerns regarding EU security have led ten member states to restrict or ban Chinese-owned companies Huawei and ZTE from their 5G telecoms networks. However, EU industry chief Thierry Breton believes that other member states are taking too long to follow suit. Breton argues that the slow response poses a major security risk and exposes the EU to dependency on these companies, undermining the Union’s collective security. If member states do not block Huawei and ZTE on their own, the European Commission plans to take matters into its own hands and urge the European Parliament and Council to do the same. Breton emphasized that existing and new contracts should be free from these companies. These comments come in light of a progress report on member states’ response to the EU’s cybersecurity recommendations.
Overall, the EU’s comprehensive legislation on AI regulation, the SEC’s proposed incident disclosure rules, and the debate surrounding the banning of Huawei and ZTE in member states highlight the ongoing efforts to address the challenges posed by emerging technologies. These initiatives aim to strike a balance between promoting innovation and safeguarding individuals’ rights and security, both within the EU and globally. As the world continues to grapple with the rapid advancement of technology, policymakers and regulators are taking proactive steps to ensure responsible and accountable use of AI and cybersecurity practices.