For what it’s worth, I’m optimistic about the EU AI regulation! I think, at least insofar as it is a smoke test, it marks a beginning in much-needed regulation on AI. I am also optimistic about transferability – perhaps not in exact wording or policy, but I like the risk-based approach. I think it gives companies the ability to replace the most risky AIs while keeping the less risky ones, and I think if it is shown to be feasible in the EU, it will likely be adopted elsewhere – if only because companies will already have found replacement solutions for unacceptable-risk AIs.
If there is one complaint I’d levy at it, I think it has been stripped back a little too far. EU laws tend to be vague by design, but even by those standards, this new AI regulation leaves quite a few holes. I am also worried that the initial proposal was much stronger than the current EU AI act, and that this may continue: the scaling back of regulations might even reflect a hesitancy in Court of Justice enforcement. It isn’t impossible that this becomes something like the cookies banners on websites in the EU now. If this happens, I fear that less regulation-savvy bodies (like the US government) might adopt a similar regulation to satisfy public pressure, while doing as little as possible to regulate AI. This might actually hinder efforts at AI regulation, as it would allow the EU and other regulatory bodies to put up a hollow regulation for good press, while leaving the problem unsolved.
Really hope this doesn’t happen, or at least that if it does, the regulation serves as a stepping stone to stronger, future regulations :)
Thanks Neil—I share your concerns. However, to your point on vagueness: most policymakers also think it is more vague than usual. The Commission intends to clarify a lot during the trilogue based on input from the Parliament and the Council. They have also mandated standard-setting organisations ETSI and CEN-CENELEC to develop harmonized standards for operationalizing some of the governance concepts very concretely (E.g. defining techno-operationally what “robustness” is or what constitutes sufficient “human oversight”). They did not want to overspecify the regulations because they want a lot of expert input before enshrining them into law. So in my opinion it is a good thing that they have left it vague, rather than off-the-mark.
For what it’s worth, I’m optimistic about the EU AI regulation! I think, at least insofar as it is a smoke test, it marks a beginning in much-needed regulation on AI. I am also optimistic about transferability – perhaps not in exact wording or policy, but I like the risk-based approach. I think it gives companies the ability to replace the most risky AIs while keeping the less risky ones, and I think if it is shown to be feasible in the EU, it will likely be adopted elsewhere – if only because companies will already have found replacement solutions for unacceptable-risk AIs.
If there is one complaint I’d levy at it, I think it has been stripped back a little too far. EU laws tend to be vague by design, but even by those standards, this new AI regulation leaves quite a few holes. I am also worried that the initial proposal was much stronger than the current EU AI act, and that this may continue: the scaling back of regulations might even reflect a hesitancy in Court of Justice enforcement. It isn’t impossible that this becomes something like the cookies banners on websites in the EU now. If this happens, I fear that less regulation-savvy bodies (like the US government) might adopt a similar regulation to satisfy public pressure, while doing as little as possible to regulate AI. This might actually hinder efforts at AI regulation, as it would allow the EU and other regulatory bodies to put up a hollow regulation for good press, while leaving the problem unsolved.
Really hope this doesn’t happen, or at least that if it does, the regulation serves as a stepping stone to stronger, future regulations :)
Thanks Neil—I share your concerns. However, to your point on vagueness: most policymakers also think it is more vague than usual. The Commission intends to clarify a lot during the trilogue based on input from the Parliament and the Council. They have also mandated standard-setting organisations ETSI and CEN-CENELEC to develop harmonized standards for operationalizing some of the governance concepts very concretely (E.g. defining techno-operationally what “robustness” is or what constitutes sufficient “human oversight”). They did not want to overspecify the regulations because they want a lot of expert input before enshrining them into law. So in my opinion it is a good thing that they have left it vague, rather than off-the-mark.