EU AI Act Introduces Unique Tiered System for Risks
With the full text of the EU AI Act made public, Truyo President Dan Clarke read through the Act in its entirety to identify key elements that will be crucial to compliance for organizations in scope. The Act includes the conventional components of transparency, privacy, education, security, non-discrimination, and risk assessment.
Where it differs from current and proposed AI legislation, according to Clarke, is in the tiered system and the different obligations for each level based on relative risk. “This comprehensive act applies to all companies utilizing or offering systems based on AI within the EU, regardless of origination or size. It is remarkably consistent with the White House executive order and subsequent blueprint for an AI bill of rights, including emphasis on safety and protection against discrimination/bias.”
Clarke posits, “From a commercial perspective, we expect the most common high-risk AI systems will be centered around education, security (facial recognition), and the employment/recruiting function, especially for multinationals based outside the EU. Unacceptable risk is centered around discrimination and bias, especially via subliminal or similar techniques applied to vulnerable or disadvantaged groups.”
Introducing a Tiered System for Unacceptable and High AI Risk
The tiered system includes unacceptable and high risk. The unacceptable risk tier effectively bans social scoring and systems employing subliminal techniques beyond an individual’s consciousness to distort behavior, causing potential physical or psychological harm. The law also forbids the use of AI systems exploiting susceptibilities associated with age or physical or mental disability, leading to harm for individuals within those specific groups.
The Act defines the following tier as high-risk and prescribes obligations for companies engaged with high-risk systems, introducing the following requirements:
- Implementation of a risk management system
- Data quality analysis and data governance program
- Technical documentation
- Record-keeping
- Transparency and provisions of information to users
- Human oversight
- Accuracy, robustness, and cybersecurity
For high-risk AI systems, companies must provide users with comprehensive information about the system’s ownership, contact details, characteristics, limitations, performance metrics, and potential risks. This includes specifications for input data, changes to the system, human oversight measures, and expected lifetime with maintenance details. The development of such AI systems, especially those using model training, demands strict adherence to guidelines for quality datasets, considering design choices, biases, and specific user characteristics.
This demand for greater transparency and human oversight aims to enable users to understand and utilize outputs appropriately, with technical solutions required to address exposures like data poisoning and adversarial examples. “This regulation is a significant step, and I think most importantly launches terms like ‘responsible AI’ and ‘trustworthy AI’ to the front of our discussion. This is the true beginning of regulated AI governance,” says Clarke.
Ethical Principles Outlined in the EU AI Act
The EU AI Act emphasizes several ethical principles that align with its objectives and regulations. These principles are crucial for ensuring the responsible development, deployment, and use of AI systems. The key ethical principles compatible with the EU AI Act include:
- Respect for Human Autonomy: Ensuring AI systems support human decision-making without undermining human agency and the ability to make choices freely and independently.
- Prevention of Harm: Prioritizing the safety and security of AI systems to prevent physical, psychological, and financial harm to individuals and society.
- Fairness and Non-Discrimination: Designing and operating AI systems in a way that prevents bias and discrimination, ensuring equitable treatment and outcomes for all users.
- Transparency and Explainability: AI systems should be transparent, with decisions made by these systems being understandable and explainable to users and affected parties.
- Privacy and Data Governance: Upholding high standards of data protection and privacy, ensuring the confidentiality and integrity of personal data processed by AI systems.
- Societal and Environmental Well-being: Ensuring the development and use of AI contributes positively to societal progress and environmental sustainability.
- Accountability: Establishing clear responsibilities for AI system developers, deployers, and operators to ensure they can be held accountable for the functioning and impacts of these systems.
These core principles reflect the EU AI Act’s commitment to fostering an AI ecosystem that is safe, trustworthy, and respects the fundamental rights and values of consumers. In next week’s blog we’ll outline best practices for conducting AI risk assessments in compliance with the EU AI Act. Click here to subscribe to Truyo’s AI Newsletter to get the latest on AI governance recommendations and regulatory updates.