FOR EDUCATIONAL AND KNOWLEDGE SHARING PURPOSES ONLY. NOT-FOR-PROFIT. SEE COPYRIGHT DISCLAIMER.

CNBC. TECH NEWS. Europe takes aim at ChatGPT with what might soon be the West’s first A.I. law.  Here’s what it means

MON, MAY 15 2023

Ryan Browne

@RYAN_BROWNE

FOR EDUCATIONAL PURPOSES

  • A committee of lawmakers in the European Parliament on Thursday approved the EU’s AI Act, making it closer to becoming law.

  • The regulation takes a risk-based approach to regulating artificial intelligence.

  • The AI Act specifies requirements for developers of “foundation models” such as ChatGPT, including provisions to ensure that their training data doesn’t violate copyright law.

A key committee of lawmakers in the European Parliament have approved a first-of-its-kind artificial intelligence regulation — making it closer to becoming law.

The approval marks a landmark development in the race among authorities to get a handle on AI, which is evolving with breakneck speed. The law, known as the European AI Act, is the first law for AI systems in the West. China has already developed draft rules designed to manage how companies develop generative AI products like ChatGPT.

The law takes a risk-based approach to regulating AI, where the obligations for a system are proportionate to the level of risk that it poses.

The rules also specify requirements for providers of so-called “foundation models” such as ChatGPT, which have become a key concern for regulators, given how advanced they’re becoming and fears that even skilled workers will be displaced.

What do the rules say?

The AI Act categorizes applications of AI into four levels of risk: unacceptable risk, high risk, limited risk and minimal or no risk.

Unacceptable risk applications are banned by default and cannot be deployed in the bloc.

They include:

  • AI systems using subliminal techniques, or manipulative or deceptive techniques to distort behavior
  • AI systems exploiting vulnerabilities of individuals or specific groups
  • Biometric categorization systems based on sensitive attributes or characteristics
  • AI systems used for social scoring or evaluating trustworthiness
  • AI systems used for risk assessments predicting criminal or administrative offenses
  • AI systems creating or expanding facial recognition databases through untargeted scraping
  • AI systems inferring emotions in law enforcement, border management, the workplace, and education

Several lawmakers had called for making the measures more expensive to ensure they cover ChatGPT.

To that end, requirements have been imposed on “foundation models,” such as large language models and generative AI.

Developers of foundation models will be required to apply safety checks, data governance measures and risk mitigations before making their models public.

They will also be required to ensure that the training data used to inform their systems do not violate copyright law.

“The providers of such AI models would be required to take measures to assess and mitigate risks to fundamental rights, health and safety and the environment, democracy and rule of law,” Ceyhun Pehlivan, counsel at Linklaters and co-lead of the law firm’s telecommunications, media and technology and IP practice group in Madrid, told CNBC.

“They would also be subject to data governance requirements, such as examining the suitability of the data sources and possible biases.”

It’s important to stress that, while the law has been passed by lawmakers in the European Parliament, it’s a ways away from becoming law.

Why now?

Privately held companies have been left to develop AI technology at breakneck speed, giving rise to systems like Microsoft-backed OpenAI’s ChatGPT and Google’s Bard.

Google on Wednesday announced a slew of new AI updates, including an advanced language model called PaLM 2, which the company says outperforms other leading systems on some tasks.

Novel AI chatbots like ChatGPT have enthralled many technologists and academics with their ability to produce humanlike responses to user prompts powered by large language models trained on massive amounts of data.

But AI technology has been around for years and is integrated into more applications and systems than you might think. It determines what viral videos or food pictures you see on your TikTok or Instagram feed, for example.

The aim of the EU proposals is to provide some rules of the road for AI companies and organizations using AI.

Tech industry reaction

The rules have raised concerns in the tech industry.

The Computer and Communications Industry Association said it was concerned that the scope of the AI Act had been broadened too much and that it may catch forms of AI that are harmless.

“It is worrying to see that broad categories of useful AI applications – which pose very limited risks, or none at all – would now face stringent requirements, or might even be banned in Europe,” Boniface de Champris, policy manager at CCIA Europe, told CNBC via email.

“The European Commission’s original proposal for the AI Act takes a risk-based approach, regulating specific AI systems that pose a clear risk,” de Champris added.

“MEPs have now introduced all kinds of amendments that change the very nature of the AI Act, which now assumes that very broad categories of AI are inherently dangerous.”

What experts are saying

Dessi Savova, head of continental Europe for the tech group at law firm Clifford Chance, said that the EU rules would set a “global standard” for AI regulation. However, she added that other jurisdictions including China, the U.S. and U.K. are quickly developing their sown responses.

“The long-arm reach of the proposed AI rules inherently means that AI players in all corners of the world need to care,” Savova told CNBC via email.

“The right question is whether the AI Act will set the only standard for AI. China, the U.S., and the U.K. to name a few are defining their own AI policy and regulatory approaches. Undeniably they will all closely watch the AI Act negotiations in tailoring their own approaches.”

Savova added that the latest AI Act draft from Parliament would put into law many of the ethical AI principles organizations have been pushing for.

Sarah Chander, senior policy adviser at European Digital Rights, a Brussels-based digital rights campaign group, said the laws would require foundation models like ChatGPT to “undergo testing, documentation and transparency requirements.”

“Whilst these transparency requirements will not eradicate infrastructural and economic concerns with the development of these vast AI systems, it does require technology companies to disclose the amounts of computing power required to develop them,” Chander told CNBC.

“There are currently several initiatives to regulate generative AI across the globe, such as China and the US,” Pehlivan said.

“However, the EU’s AI Act is likely to play a pivotal role in the development of such legislative initiatives around the world and lead the EU to again become a standards-setter on the international scene, similarly to what happened in relation to the General Data Protection Regulation.”

LEARN MORE

AI Act: a step closer to the first rules on Artificial Intelligence – EU News

  • Once approved, they will be the world’s first rules on Artificial Intelligence
  • MEPs include bans on biometric surveillance, emotion recognition, predictive policing AI systems
  • Tailor-made regimes for general-purpose AI and foundation models like GPT
  • The right to make complaints about AI systems

To ensure a human-centric and ethical development of Artificial Intelligence (AI) in Europe, MEPs endorsed new transparency and risk-management rules for AI systems.

On Thursday, the Internal Market Committee and the Civil Liberties Committee adopted a draft negotiating mandate on the first ever rules for Artificial Intelligence with 84 votes in favour, 7 against and 12 abstentions. In their amendments to the Commission’s proposal, MEPs aim to ensure that AI systems are overseen by people, are safe, transparent, traceable, non-discriminatory, and environmentally friendly. They also want to have a uniform definition for AI designed to be technology-neutral, so that it can apply to the AI systems of today and tomorrow.

Risk based approach to AI – Prohibited AI practices

The rules follow a risk-based approach and establish obligations for providers and users depending on the level of risk the AI can generate. AI systems with an unacceptable level of risk to people’s safety would be strictly prohibited, including systems that deploy subliminal or purposefully manipulative techniques, exploit people’s vulnerabilities or are used for social scoring (classifying people based on their social behaviour, socio-economic status, personal characteristics).

MEPs substantially amended the list to include bans on intrusive and discriminatory uses of AI systems such as:

  • “Real-time” remote biometric identification systems in publicly accessible spaces;
  • “Post” remote biometric identification systems, with the only exception of law enforcement for the prosecution of serious crimes and only after judicial authorization;
  • Biometric categorisation systems using sensitive characteristics (e.g. gender, race, ethnicity, citizenship status, religion, political orientation);
  • Predictive policing systems (based on profiling, location or past criminal behaviour);
  • Emotion recognition systems in law enforcement, border management, workplace, and educational institutions; and
  • Indiscriminate scraping of biometric data from social media or CCTV footage to create facial recognition databases (violating human rights and right to privacy).

High-risk AI

MEPs expanded the classification of high-risk areas to include harm to people’s health, safety, fundamental rights or the environment. They also added AI systems to influence voters in political campaigns and in recommender systems used by social media platforms (with more than 45 million users under the Digital Services Act) to the high-risk list.

General-purpose AI – transparency measures

MEPs included obligations for providers of foundation models – a new and fast evolving development in the field of AI – who would have to guarantee robust protection of fundamental rights, health and safety and the environment, democracy and rule of law. They would need to assess and mitigate risks, comply with design, information and environmental requirements and register in the EU database.

Generative foundation models, like GPT, would have to comply with additional transparency requirements, like disclosing that the content was generated by AI, designing the model to prevent it from generating illegal content and publishing summaries of copyrighted data used for training.

Supporting innovation and protecting citizens’ rights

To boost AI innovation, MEPs added exemptions to these rules for research activities and AI components provided under open-source licenses. The new law promotes regulatory sandboxes, or controlled environments, established by public authorities to test AI before its deployment.

MEPs want to boost citizens’ right to file complaints about AI systems and receive explanations of decisions based on high-risk AI systems that significantly impact their rights. MEPs also reformed the role of the EU AI Office, which would be tasked with monitoring how the AI rulebook is implemented.

Quotes

After the vote, co-rapporteur Brando Benifei (S&D, Italy) said: “We are on the verge of putting in place landmark legislation that must resist the challenge of time. It is crucial to build citizens’ trust in the development of AI, to set the European way for dealing with the extraordinary changes that are already happening, as well as to steer the political debate on AI at the global level. We are confident our text balances the protection of fundamental rights with the need to provide legal certainty to businesses and stimulate innovation in Europe”.

Co-rapporteur Dragos Tudorache (Renew, Romania) said: “Given the profound transformative impact AI will have on our societies and economies, the AI Act is very likely the most important piece of legislation in this mandate. It’s the first piece of legislation of this kind worldwide, which means that the EU can lead the way in making AI human-centric, trustworthy and safe. We have worked to support AI innovation in Europe and to give start-ups, SMEs and industry space to grow and innovate, while protecting fundamental rights, strengthening democratic oversight and ensuring a mature system of AI governance and enforcement.”

Next steps

Before negotiations with the Council on the final form of the law can begin, this draft negotiating mandate needs to be endorsed by the whole Parliament, with the vote expected during the 12-15 June session.

FOR EDUCATIONAL AND KNOWLEDGE SHARING PURPOSES ONLY. NOT-FOR-PROFIT. SEE COPYRIGHT DISCLAIMER.