The AI Act
Generative AI, already revolutionary in our daily lives, is finding crucial applications in cybersecurity. It contributes to improved productivity and cyber resilience by automating repetitive tasks and enhancing threat detection.
📅 On December 11, 2023, a crucial milestone was reached with the agreement on the AI Act in Europe. This legislation, claimed as the first comprehensive legal framework on AI, aims to ensure ethical and safe development and use of AI, while addressing potential risks in cybersecurity and data protection.
🔒 Impact on Cybersecurity:
The AI Act introduces key measures to improve the resilience of AI systems against cyberattacks:
• Secure Design: AI developers are now required to consider cybersecurity risks from the design phase.
• Cooperation Framework: A regulatory framework will foster collaboration between cybersecurity authorities and AI players. These initiatives aim to reduce the vulnerability of AI systems, particularly against machine learning-based attacks, thus strengthening overall cyber resilience.
🛡 Data Protection:
The AI Act also establishes guidelines for the protection of personal data:
• Data Protection Principles: AI developers must adhere to principles such as data minimization, transparency, and consent.
• Data Protection Cooperation Framework: A regulatory framework for collaboration between data protection authorities and AI players is established.
🚀 Towards a Distinction between Private and Public Uses of AI:
The distinction between private and public AI becomes crucial, particularly in terms of data management and GDPR compliance. Companies are moving towards a more regulated use of AI, with ethical charters and dedicated governance committees.
⚠ Risk-Based Categorization:
• AI systems are classified according to the level of risk they present, with prohibitions for those posing an “unacceptable risk” and various levels of obligations for “high-risk” or “limited-risk” systems.
• The law covers a wide range of AI applications, from chatbots (limited risk) to AI used in sensitive systems like welfare or education (high risk), and prohibits certain uses like social scoring and emotion recognition at work.
👮🏾 Enforcement and Penalties:
• The Act will apply to providers and deployments of AI systems used in the EU or having an effect in the EU, regardless of their location.
• Penalties for non-compliance are substantial, modeled on the GDPR fine structure, with fines up to 35 million euros or 7% of the global annual turnover for the most serious violations.
🌍 Perspectives:
With the adoption of the AI Act, Europe positions itself at the forefront of AI regulation.
This regulation aligns with the G7 guidelines for safe and trustworthy AI, balancing security needs and competitiveness. However, concerns exist about the speed of the Act’s passage, with some suggesting that more time should have been taken to understand the complexities of AI before legislating. There is also apprehension about the potential negative impacts on the European economy and the AI sector as a whole.
🔗 To learn more about the AI Act and its impact on cybersecurity, visit Reuters and the European Commission website.