At a glance.
- The EU takes on the challenge of regulating AI.
- The benefits of the SEC's proposed incident disclosure rules.
- Senior EU official urges member states to ban Huawei and ZTE.
The EU takes on the challenge of regulating AI.
As we’ve discussed, this week the EU passed the world’s first comprehensive legislation regulating artificial intelligence. The Atlantic Council offers their thoughts on the new law and what it means for AI in Europe and across the globe. The AI Act prohibits the use of AI for riskier applications like remote biometric identification and predictive policing, but Kenneth Propp, a senior fellow with the Atlantic Council’s Europe Center, says this restriction will likely face resistance. “Member state law enforcement agencies are sure to push back against aspects of these bans, since some of them are already using these technologies for public security reasons,” Propp says. “The final version could well be more accommodating of member states’ security interests.” Steven Tiell, a senior fellow with the Atlantic Council’s GeoTech Center, notes that the new legislation will likely impact AI regulation in other parts of the world. “It can be assumed that many future regulations will mimic many components, big and small, of the EU’s AI Act, but where they deviate will be interesting. Expect to see other regulators emboldened by the fines and seek commensurate remuneration for violations in their countries. Other countries might extend more of the auditing requirements to things such as maintaining outputs from generative models.” The experts also note that the AI Act still has some hurdles to pass before it becomes law. “It can be assumed that many future regulations will mimic many components, big and small, of the EU’s AI Act, but where they deviate will be interesting,” Propp explains. “Expect to see other regulators emboldened by the fines and seek commensurate remuneration for violations in their countries. Other countries might extend more of the auditing requirements to things such as maintaining outputs from generative models.
(Added, 9:30 PM ET, June 16th, 2023. Aaron Mendes, CEO and co-founder of PrivacyHawk, thinks the regulations could ultimately benefit individuals by protecting them from potential malign effects of AI on individuals. “Just like it led the world in privacy rights, the EU continues to show that it is a forward-thinking and technology-aware governing body. With this new AI legislation, they are setting the stage for the rest of the world to take the dangers of AI seriously and put guard rails in place before it’s too late. This will also help protect the privacy and personal data of individuals from being misused intentionally or unintentionally by artificial intelligence.”)
The benefits of the SEC’s proposed incident disclosure rules.
The US Securities and Exchange Commission recently proposed new rules regulating public disclosure of cybersecurity incidents impacting publicly traded companies. Some industry members have expressed concerns that the new requirements could negatively impact national security, and that they will likely overlap with the 2022 Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). DFRLab addresses these concerns and offers a more positive take on the new rules, stating that the increased transparency will minimize disparities in the cybersecurity market for both companies and consumers, as well as allow for more productive industry research and policy making. As well, the disclosure rules could strengthen existing enforcement mechanisms, encouraging better cybersecurity behavior. To address concerns, DFRLab recommends the SEC allow companies to delay reporting for ongoing or uncontained cyber incidents or when disclosure could have a negative effect on national security. As well, the author suggests, disclosures should focus more on the nature and cause of the incident rather than the effects. “For researchers and policymakers, this information would create more usable, public data about cybersecurity practices, critical product classes, and sector-specific trends in cybersecurity outcomes,” the author states.
Senior EU official urges member states to ban Huawei and ZTE.
In response to concerns regarding risks to EU security, ten member states have already recently restricted or banned Chinese-owned companies Huawei and ZTE from their 5G telecoms networks. Reuters reports that at a press conference in Brussels yesterday, EU industry chief Thierry Breton said the other member states are taking too long in doing the same. “This is too slow, and it poses a major security risk and exposes the Union's collective security, since it creates a major dependency for the EU and serious vulnerabilities," Breton stated. The South China Morning Post notes that Breton indicated if member states do not block Huawei and ZTE on their own, the European Commission will take matters into their own hands, and urge the European Parliament and Council to do the same. “We will ask our connectivity services to tell suppliers to be free from Huawei and ZTE, and this applies of course for new and existing contracts,” Breton added. As EuroNews explains, Breton’s comments come in response to a recently released progress report on how member states have responded to the EU’s cybersecurity recommendations.