EU draft legislation on artificial intelligence requires awareness

06 October 2021 4 min. read

Artificial intelligence (AI) is a rapidly growing part of our daily (business) life. As exciting and groundbreaking its possibilities are, the technology can also come with major risks. To protect citizens against misuse, the EU this spring proposed a draft legislation impacting basically every party that develops AI-applications. 

Our daily life is becoming more and more intertwined with AI, a catch-all term for a machine or system that makes decisions, based on large amounts of data, and improves itself while learning. The algorithms that recommend new information based on your search behaviour on social media, the face recognition on photos on your smartphone, or computers that select job applicants. It’s all AI. 

“It’s cheaper, faster and more accurate than people, so there’s almost no industry that does not experiment or work with AI,” say Tjakko de Boer and Owen Strijland from consultancy firm Protiviti. They follow the developments in the space closely and advise companies how to prepare their organisations’ risk and governance structure for the EU AI legislation.

Tjakko de Boer en Owen Strijland - Proviti

Huge responsibility

AI is already much bigger than most people can imagine, and we are only at the beginning. Owen: “Do you know what information is used about who you are, what you’re doing and what you’re looking for? And which information will be used in the future?” 

Companies and governments that are making and using those intelligent machines or systems have a huge responsibility as it comes to the data they use. “How can you apply AI for your own interest and prevent conflicts with the interests of individuals at the same time?” 

“If AI applications affect our fundamental rights like personal freedom, privacy and health or the functioning of democracy, you enter a sensitive area,” explains Tjakko. “The biggest danger is that both people with good and bad intentions can use AI.” Deepfakes (images, sounds and texts created by artificially intelligent software) for instance, already form a serious problem.

Worldwide standard

This is exactly why Brussels thinks it’s about time to limit the dangers of AI and protect European citizens with legislation. Goal is to make AI in all industries legally, ethically and technically robust by using a so-called pyramid of criticality. The higher the risk of misuse, the more requirements apply to AI systems. The law is expected to come into effect in about two or three years. 

“Like with the GDPR, it wouldn’t surprise us if the EU regulation on artificial intelligence becomes a de facto worldwide standard.” Tjakko and Owen are convinced this is a positive development. “A legal framework like this, stimulates the use of (more) AI applications, and increases confidence and benefits.”

With the new EU legislation in mind, Protiviti wants to alert directors and board members to be properly prepared. Although the law is still a draft proposal, the core of it will not change. “It’s already pretty clear what the requirements will be. Every AI system you develop today, must comply with this law in three years. And it’s very hard and expensive, if not impossible, to correct these complex systems afterwards,” explains Owen.

Be prepared

Therefore it’s important to know where AI is being developed and governed within your organisation.” Either way you need to build-in checks and balances to make sure new and existing AI systems comply continuously with the law, and that you are able to prove it,” says Tjakko. 

“More so than with the introduction of the GDPR, you’d better prepare for the new regulation immediately, because tomorrow’s systems are being developed today. So, be sure to put this high on the company’s agenda, and identify your current and desired governance and risk management.” 

Owen and Tjakko think this new EU regulation requires broad awareness in companies that work with AI. “Search within your organisation for applications making use of such models that are already there, but also for new possibilities. Companies who are in control with a solid governance and risk structure, will be more confident in reaping the benefits of AI while preventing any nasty surprises.”