At a glance.
- EU lawmakers agree to tougher AI rules.
- Rockwell Automation's Chinese operations under investigation.
- NCSC highlights the benefits of transparency.
EU lawmakers agree to tougher AI rules.
Following two years of negotiations, the European Parliament voted yesterday to include several measures that will toughen up its long-awaited Artificial Intelligence Act. German MEP Svenja Hahn told Reuters the vote is the result of compromise between conservative and left-wing legislators. "We have succeeded in finding a compromise that would regulate AI proportionately, protect civil rights, and boost innovation and the economy," Hahn said. Legislators agreed that AI tools will be assigned risk classification levels which will determine the obligations of the governments and companies using them. As well, under the proposed bill facial recognition will be banned in public spaces and predictive policing tools will be prohibited. And AI apps like ChatGPT will be required to adhere to heightened transparency rules. Experts say the new measure, once passed, will be the most comprehensive legislation focused on AI tech. Greens MEP Kim van Sparrentak stated, "This vote is a milestone in regulating AI, and a clear signal from the Parliament that fundamental rights should be a cornerstone of that. AI should serve people, society, and the environment, not the other way around." The bill will now go to the European Parliament for a plenary vote, and then details of the rule will be finalized in "trilogue" talks between Parliament, the Council of the European Union, and the European Commission.
Rockwell Automation’s Chinese operations under investigation.
The US government has launched an investigation of Rockwell Automation to determine if the industrial tech and information giant could be putting critical data at risk at one of its China-based branches. As the Wall Street Journal notes, the investigation is a reflection of the growing distrust between the US and China as Beijing seeks to bolster the country’s technological capabilities. Based in the US state of Wisconsin, Rockwell supplies productivity-improvement and cybersecurity services for systems supporting the national power grid, the US Navy, Coast Guard, and other federal government bodies, which means the data the company handles could pose a massive risk to national security if it falls in the wrong hands. The inspectors general at the Energy Department and the Defense Department and the Justice Department’s Commercial Litigation Branch will be heading up a probe to focused on employees at Rockwell’s Dalian, China offices, to determine whether their operations might violate a federal directive prohibiting vendors from countries deemed a threat to national security from working with the federal government. According to a January memorandum, a whistleblower was interviewed by government investigators testimony from a whistleblower interviewed by government representatives of the three agencies leading the investigation. When asked for comment, a Rockwell spokesperson said the company was unaware of the investigation, but stated that the company’s operations comply with the appropriate regulations.
NCSC highlights the benefits of transparency.
In a blog post for the UK’s National Cyber Security Centre (NCSC), two of the nation’s top cybersecurity officials discuss the importance of transparency when it comes to reporting cyberattacks. Eleanor Fairford, Deputy Director of Incident Management at the NCSC, and Mihaela Jembei, Director of Regulatory Cyber at the Information Commissioner’s Office (ICO), highlight how disclosing cyberincidents not only helps other organizations and the government better understand and prepare for future threats, but also allows the victim organization to access the necessary resources to recover from the incident and prevent further attacks. They also warn against paying ransoms, comparing them to accepting “a pinky promise from criminals.” Fairford and Jembei go on to say that as attackers increasingly resort to double-extortion tactics, data backups do little to protect victims from the fallout of an attack. As well, they tackle the myth that if there is no evidence of data theft, the ICO will not impose any fines on the breached organization. (Spoiler alert: a leak is not the only determinant of fines.)