Center for AI and Digital Policy’s Post

On May 21, 2024, the Council endorsed the Artificial Intelligence Act (AI Act), marking a significant milestone as the first set of worldwide rules on AI. The AI Act aims to protect fundamental rights, democracy, the rule of law, and environmental sustainability from high-risk AI while boosting innovation and establishing Europe as a leader in the field. This regulation applies to both public and private AI systems within the EU and is aimed at all types of AI providers.   𝗡𝗲𝘅𝘁 𝗦𝘁𝗲𝗽𝘀: ▶ Publication in the EU’s Official Journal. ▶ The Act will enter into force 20 days after publication and be fully applicable 24 months later, with specific timelines for certain provisions.   𝗖𝗹𝗮𝘀𝘀𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗥𝗶𝘀𝗸-𝗕𝗮𝘀𝗲𝗱 𝗥𝗲𝗴𝗶𝗺𝗲𝘀 𝗼𝗳 𝗔𝗜 𝗦𝘆𝘀𝘁𝗲𝗺𝘀 AI systems are categorized by risk level: ▶ Minimal Risk: Common AI systems, like spam filters and recommender systems, with no additional obligations. ▶ Transparency Risk: General-purpose AI must meet transparency requirements, including compliance with EU copyright law. ▶ Systemic Risk: Providers must perform model evaluations, mitigate systemic risks, and ensure cybersecurity protection. ▶ High Risk: Requires conformity assessment and post-market monitoring, including public registration and transparency measures. ▶ Unacceptable Risk: Prohibited due to threats to citizens' rights.   𝗘𝘅𝗲𝗺𝗽𝘁𝗶𝗼𝗻𝘀 𝗮𝗻𝗱 𝗦𝘂𝗽𝗽𝗼𝗿𝘁 𝗳𝗼𝗿 𝗜𝗻𝗻𝗼𝘃𝗮𝘁𝗶𝗼𝗻 ▶ Fully exempted: AI for research, development, prototyping, and military, defence, or national security purposes. ▶ Providers of free and open-source models are exempt unless they pose systemic risks. ▶ Regulatory sandboxes will be established to support SMEs and start-ups.   𝗣𝗿𝗼𝗰𝗲𝗱𝘂𝗿𝗲𝘀 𝗮𝗻𝗱 𝗙𝗶𝗻𝗲𝘀 Each Member State will designate a national authority to supervise the AI Act. A new European AI Office will oversee general-purpose AI models. Breaches of the AI Act will result in fines based on the severity and type of infringement, with specific thresholds for different categories. Curious to learn more about these cases and their implications? Read the latest blog post written by Kim Lucassen, Nina Orlić,  Kirill Ryabtsev, Stéphanie De Smedt, Emilia Fronczak, Gilles Pitschen, Martijn Schoonewille, Yannick Geryszewski, Marc Ph.M. Wiggers, Ph.D., and Marco de Vries for valuable insights on this topic. Read more: https://lawand.tax/3yMJ4ax #artificialintelligence #innovation #europe #AIproviders #AIact #lawandtax

Great that the Council endorsed the Artificial Intelligence Act, but I wonder how relevant the framework will be when enforced in 24 months (assuming no EU country will be late on that), knowing that AI is making giant leaps every month. #aiact #ai #artificialintelligence

➡ There is a strong attention of the Italian Data Protection Authority about Artificial Intelligence. ✔ Following the well known temporary ban on processing imposed on #OpenAI by the Authority on 30 March of last year, and based on the outcome of its fact-finding activity, on January 2024 the Garante notified breaches of privacy law to OpenAI based on the collected evidences. ✔ Also, on March 2024 the Garante Privacy opened an investigation into OpenAI's "Sora" (the new AI service able to create dynamic, realistic and imaginative scenes from short text instructions), asking OpenAI to provide information on the #algorithm that creates short videos from text instructions. ✔ Finally, this week the Garante wrote to Italian Parliament and Government by highlighting it possesses the necessary competence and independence to implement the #AIAct, in line with the objective of ensuring a high level of protection on fundamental rights. 📢 "Given its impact on people’s rights, AI should fall within the jurisdiction of Authorities with stringent independence requirements, such as #Privacy Authorities, also due to the close interrelation between artificial intelligence and data protection and to the expertise already acquired with regard to automated decision-making.", the Garante wrote in its own communication to the Italian Parliament and Government. 🔊 In the end, it is evident that on the one hand the Garante is stressing (as well as investigating) the synergy between #AI and #DataProtection, and on the other hand it is pushing for their application by a single independent Authority. We'll see how it turns out: stay tuned!

Yesterday the White House signed a sweeping AI directive.......with the following key excerpt....."Blikshteyn specifically pointed to the steps the executive order takes to address privacy issues, which are among the most pressing, given the vast quantities of data that are needed to train effective AI models. The executive order directs the government to prioritize federal support and research for accelerating the development and use of privacy-preserving techniques that allow models to be trained while still preserving individuals' data privacy.Jodi Daniel, who served as the head of health information technology policy for HHS for a decade, highlighted the order's language on privacy-preserving technologies and pointed out the large quantity of data required in developing AI technology."Developing technology that will enable the use of that data while mitigating risk to the privacy of the individual whose data might be used in that development — I think it's really important," said Daniel, who is now a partner at Crowell & Moring LLP." 360ofme can be part of this solution.......as we deploy our Privacy and Consent Management solution ensuring enterprises can have access to consent based LLM for use in AI, all while preserving the privacy of the individual. Ours is the perfect solution that Jodi Daniel referenced in this excellent piece that describes what was signed in the AI directive yesterday. #ethicaldatause #dataprivacylaw #dataprivacy #llm #ai

The White House's executive order 📜 on AI is out, with the fact sheet available for viewing and the full 111-page EO coming any minute today. 🔦 Here are some highlights, with the caveat that an EO like this on its own, much like the White House's blueprint for an AI Bill of Rights last year, carries more influence than actual impact: ❗The National Institute of Standards & Technology (NIST) will be responsible for setting standards for "extensive red-team testing" new AI systems ❗An intense focus on national security, with government reporting requirements when creators test systems and standards to prevent AI from engineering dangerous biological materials ❗The institution of best practices for detecting AI-generated content and authenticating official content (which will affect Google searches & SEO immensely) ❗Protect Americans' privacy and strengthen privacy-preserving research 7 technology, including stronger privacy guidelines for government agencies to account for AI risk ❗Above all else, catalyze *safe* AI research across the country, with particular references to using AI to enhance the healthcare and education sectors This executive order is just the beginning, with it calling for the need to develop a host of new standards and guidelines for assessing AI risk, but every process has to start somewhere 📍 ✍️ Check out our take on if Congress will be up to the challenge of passing meaningful AI legislation here: https://lnkd.in/d95QvpgD 📓 And see the EO's fact sheet here: https://lnkd.in/engu8BUv #AI #thewhitehouse #executiveorder #dataprivacy

Artificial intelligence is vampirizing our personal data 🧛♂️ And we probably haven't even realized to what extent AI is everywhere: 👉 GenAI that require huge amount of data to train - personal or not… 👉 smartwatches, 👉 voice assistants, 👉 social networks... And they greedily suck up our personal data, often without our knowledge 😡 For example, Automattic, the company behind Tumblr and WordPress, is selling user data from blog posts, comments, articles, etc. to OpenAI and Midjourney. ➡️ The crux of the problem? There is a total lack of transparency about the various AI players who have access to our data: we might have agreed to setting up an account to create a blog, but not for our personal data to be used otherwise. 🚨 Spoiler alert: GDPR does not dissolve in AI! Freely given, informed and specific consent is required - probably more than ever. Quite the opposite: the brand new AI Act is based on Article 16 of the Treaty on the Functioning of the EU, which is the cornerstone of the protection of personal data in Europe. 👉 the AI Act prohibits “high risk AI systems” such as using biometric data when it creates a “significant risk of harm, to the health, safety or fundamental rights of natural persons.” The sanctions are severe for companies that won’t follow suit: up to 7% of annual, global turnover for non-compliance. But is that enough to ensure that we don’t end up being the products in a GenAI world? What do you think of this stance taken by the EU? 💫 Regain your free will online #DataPrivacy #GDPR #AIAct #EUInitiative #DataProtection #Transparency #DigitalPrivacy #EURegulation #EthicalAI #DataSecurity

Its finally here. :) EU's New "Artificial Intelligence Act". 👨⚖️ A legislation that marks a significant step towards responsible AI usage. This legislation attempts to balance the dynamism of innovation with the needs for security and privacy. By implementing rules that protect fundamental rights and promote transparency, it strengthens trust in AI technologies and ensures responsible usage. As an expert in Architecture, AI, information security, and data management, I see several positive aspects: - Protection of Fundamental Rights By limiting the use of AI for biometric identification and surveillance, the law addresses crucial privacy concerns. - Framing High-Risk AI Clearly defining and regulating high-risk AI systems is crucial to prevent potential harm. - Support for Innovation and SMEs The law encourages the development and testing of new AI technologies, which is vital for continued growth in the AI sector. However, there are challenges. The risk of overregulation and implementation challenges require careful monitoring. it's important for the law to remain technologically neutral and flexible enough to adapt to AI's rapid development. In summary, the "Artificial Intelligence Act" is a necessary step to ensure that AI technology develops in a way that respects our fundamental values and societal norms in the EU while promoting innovation and growth. Your thoughts and insights on this are very welcome! Please leave a comment! 😊 #ai #aiAct #eu

🇪🇺 EU AI Act: Implementation Timeline The EU AI Act was published in the Official Journal of the EU on 12 July 2024. Swipe through to see key dates and requirements for the EU AI Act implementation. Are you prepared? 🚀 1 August 2024: Entry into Force • Act officially becomes law • 20 days after publication • Marks the beginning of the transition period 🛡️ 2 February 2025: Prohibitions Effective Ban on unacceptable risk AI practices takes effect, includes: • Subliminal manipulation • Exploitation of vulnerabilities • Social scoring by public authorities • Real-time biometric identification in public spaces (with exceptions) 💼 2 August 2025: GPAI Obligations Begin Obligations for general purpose AI (GPAI) model providers start. Requirements include: • Model documentation • Risk mitigation measures • Incident reporting • Compliance with EU copyright law 📊 2 February 2026: High-Risk AI Guidance European Commission to issue guidance on: • Practical implementation of high-risk AI requirements • List of practical examples of high-risk and not high-risk use cases • Clarification on application of the AI system definition 🔐 2 August 2026: Full Application • Complete enforcement of the AI Act begins • Exceptions for certain AI systems in EU law areas of freedom, security, and justice • All providers, users, and importers must comply with applicable requirements 📝 2 August 2027: Commission Report • European Commission to report on use of delegated powers • Assessment of need for amendment of the definition of AI systems • Evaluation of implementation and effectiveness of codes of practice Is your organization ready for the EU AI Act? Let's connect and discuss how these changes might impact your business. Share your thoughts in the comments! 👓 Want more? Please follow me for regular updates on #dataprivacy and #AIGovernance from China, Hong Kong, Singapore and more. #EUAIACT #AI #Privacy #DateProtection #PrivacyPros

Artificial intelligence is vampirizing our personal data 🧛♂️ And we probably haven't even realized to what extent AI is everywhere: 👉 GenAI that require huge amount of data to train - personal or not… 👉 smartwatches, 👉 voice assistants, 👉 social networks... And they greedily suck up our personal data, often without our knowledge 😡 For example, Automattic, the company behind Tumblr and WordPress, is selling user data from blog posts, comments, articles, etc. to OpenAI and Midjourney. ➡️ The crux of the problem? There is a total lack of transparency about the various AI players who have access to our data: we might have agreed to setting up an account to create a blog, but not for our personal data to be used otherwise. 🚨 Spoiler alert: GDPR does not dissolve in AI! Freely given, informed and specific consent is required - probably more than ever. Quite the opposite: the brand new AI Act is based on Article 16 of the Treaty on the Functioning of the EU, which is the cornerstone of the protection of personal data in Europe. 👉 the AI Act prohibits “high risk AI systems” such as using biometric data when it creates a “significant risk of harm, to the health, safety or fundamental rights of natural persons.” The sanctions are severe for companies that won’t follow suit: up to 7% of annual, global turnover for non-compliance. But is that enough to ensure that we don’t end up being the products in a GenAI world? What do you think of this stance taken by the EU? 💫 Regain your free will online #DataPrivacy #GDPR #AIAct #EUInitiative #DataProtection #Transparency #DigitalPrivacy #EURegulation #EthicalAI #DataSecurity

Artificial intelligence is vampirizing our personal data 🧛♂️ And we probably haven't even realized to what extent AI is everywhere: 👉 GenAI that require huge amount of data to train - personal or not… 👉 smartwatches, 👉 voice assistants, 👉 social networks... And they greedily suck up our personal data, often without our knowledge 😡 For example, Automattic, the company behind Tumblr and WordPress, is selling user data from blog posts, comments, articles, etc. to OpenAI and Midjourney. ➡️ The crux of the problem? There is a total lack of transparency about the various AI players who have access to our data: we might have agreed to setting up an account to create a blog, but not for our personal data to be used otherwise. 🚨 Spoiler alert: GDPR does not dissolve in AI! Freely given, informed and specific consent is required - probably more than ever. Quite the opposite: the brand new AI Act is based on Article 16 of the Treaty on the Functioning of the EU, which is the cornerstone of the protection of personal data in Europe. 👉 the AI Act prohibits “high risk AI systems” such as using biometric data when it creates a “significant risk of harm, to the health, safety or fundamental rights of natural persons.” The sanctions are severe for companies that won’t follow suit: up to 7% of annual, global turnover for non-compliance. But is that enough to ensure that we don’t end up being the products in a GenAI world? What do you think of this stance taken by the EU? 💫 Regain your freewill online #DataPrivacy #GDPR #AIAct #EUInitiative #DataProtection #Transparency #DigitalPrivacy #EURegulation #EthicalAI #DataSecurity