EU AI Act to lead to period of legal uncertainty, European Parliament advisor says
There will be a period of legal uncertainty once the EU Artificial Intelligence Act comes into effect due to issues among naming and definitions as well as the sheer number of authorities enforcing the act, an advisor to the European Parliament said. The UK鈥檚 sector-specific approach to AI regulation could be more successful than the horizontal structure of the EU鈥檚 upcoming AI Act, according to the advisor. But ultimately the two approaches are sufficiently similar, agreed experts speaking on lessons learned from the GDPR that might inform the new act.
29 February 2024
By
There will be a period of legal uncertainty once the EU Artificial Intelligence Act comes into effect due to issues among naming and definitions as well as the sheer number of authorities enforcing the act, an advisor to the European Parliament said.
The UK鈥檚 sector-specific approach to AI regulation could be more successful than the horizontal structure of the EU鈥檚 upcoming AI Act, according to the advisor. But ultimately the two approaches are sufficiently similar agreed experts speaking on lessons learned from the GDPR that might inform the new act.
The EU鈥檚 AI Act has done a better job of foreseeing some uncertainties than the drafting stages for the EU鈥檚 General Data Protection Regulation, which went global, but it will lead to periods of 鈥渓arge and strong legal concerns which are very bad for companies trying to figure out what to do to become compliant,鈥 Kai Zenner, head of office and digital policy adviser to EU lawmaker Axel Voss, who handles the AI Act for the European Parliament, said at a privacy conference in London.*
Issues surrounding naming such as 鈥渆nd user鈥 and 鈥渁ffected persons,鈥 as mentioned in the AI Act, could cause initial confusion, said Zenner. There will then be a couple of hundred authorities across EU member states that are implementing the act across their remits, with some states more pro-consumer than others.
The bloc鈥檚 recently introduced AI Office is one of those authorities that will be involved in AI oversight. 鈥淭he European Central Bank may not like if the AI Office tells them what to do on financial services and AI,鈥 Zenner said.
Further complications will develop if law enforcement and legal systems interpret and enforce the act differently.
Zenner also said that companies are better prepared for new technology regulation and have more resources at the trade association level.
EU vs UK
The EU is taking a broad approach to AI, compared to the sector-specific regulation in the UK, where existing regulators interpret existing legislation for AI developments in their remits.
鈥淎s a lawyer, I think what you are doing [in the UK] in regulating AI is superior compared to the AI Act,鈥 said Zenner. 鈥淭he AI Act is a horizontal approach that is trying to address every AI system in every sector in the same way or at least in a rather similar way鈥 but you miss the opportunity to make the regulation specific enough to really address a certain issue.鈥
Mark Durkee, head of data and technology at the Responsible Technology Adoption Unit, part of the UK鈥檚 technology ministry, sees the two approaches ultimately converging.
鈥淭he reality of what they do, I suspect, will not be that different. The standards they're looking for the processes, the assurance mechanisms, I think it's the same ecosystem,鈥 Durkee said, adding that both jurisdictions must commit to stay aligned.
鈥淭he benefit if we get it right in the UK with our current approach is we can get regulators moving faster, or so goes the principle,鈥 said Durkee, 鈥淪o if there isn't an AI regulation coming, regulators are both empowered also, forcing them to get their act together quickly and start making decisions about what guidance they want to issue with the existing regulations.鈥
But he acknowledged that the sector approach will not be a natural fit for 鈥渉uge-scale鈥 general purpose models.
Brussels effect
Zenner believes the 鈥楤russels effect鈥 of the GDPR may have been 鈥渆xaggerated.鈥 Jurisdictions such as states in the US have picked and chosen the parts they wants, leaving out parts that are 鈥渞eally very European-specific, that make sense in our region, within our legal system.鈥
From a US perspective, enterprises should learn from the cultural shift they made for the GDPR, said Evi Fuelle, director of global policy at Credo AI.
鈥淲hen you build something with AI, it's incredibly expensive and a supreme waste of resources. If you haven't gone through that cultural shift already in, you build something they have to scrap entirely because it doesn't have these protections built in,鈥 said Fuelle.
*'IAPP Data Protection Intensive: UK 2024,' London, Feb. 28-29, 2024
MLex
Prepare for tomorrow's regulatory change, today.
Guest articles from MLex: The specialist news and analysis you need to stay ahead of fast-moving regulatory shifts in the UK and across the globe.