EU AI Act to lead to period of legal uncertainty, European Parliament advisor says
There will be a period of legal uncertainty once the EU Artificial Intelligence Act comes into effect due to issues among naming and definitions as well as the sheer number of authorities enforcing the act, an advisor to the European Parliament said. The UK’s sector-specific approach to AI regulation could be more successful than the horizontal structure of the EU’s upcoming AI Act, according to the advisor. But ultimately the two approaches are sufficiently similar, agreed experts speaking on lessons learned from the GDPR that might inform the new act.
29 February 2024
By Frank Hersey
There will be a period of legal uncertainty once the EU Artificial Intelligence Act comes into effect due to issues among naming and definitions as well as the sheer number of authorities enforcing the act, an advisor to the European Parliament said.
The UK’s sector-specific approach to AI regulation could be more successful than the horizontal structure of the EU’s upcoming AI Act, according to the advisor. But ultimately the two approaches are sufficiently similar agreed experts speaking on lessons learned from the GDPR that might inform the new act.
The EU’s AI Act has done a better job of foreseeing some uncertainties than the drafting stages for the EU’s General Data Protection Regulation, which went global, but it will lead to periods of “large and strong legal concerns which are very bad for companies trying to figure out what to do to become compliant,” Kai Zenner, head of office and digital policy adviser to EU lawmaker Axel Voss, who handles the AI Act for the European Parliament, said at a privacy conference in London.*
Issues surrounding naming such as “end user” and “affected persons,” as mentioned in the AI Act, could cause initial confusion, said Zenner. There will then be a couple of hundred authorities across EU member states that are implementing the act across their remits, with some states more pro-consumer than others.
The bloc’s recently introduced AI Office is one of those authorities that will be involved in AI oversight. “The European Central Bank may not like if the AI Office tells them what to do on financial services and AI,” Zenner said.
Further complications will develop if law enforcement and legal systems interpret and enforce the act differently.
Zenner also said that companies are better prepared for new technology regulation and have more resources at the trade association level.
EU vs UK
The EU is taking a broad approach to AI, compared to the sector-specific regulation in the UK, where existing regulators interpret existing legislation for AI developments in their remits.
“As a lawyer, I think what you are doing [in the UK] in regulating AI is superior compared to the AI Act,” said Zenner. “The AI Act is a horizontal approach that is trying to address every AI system in every sector in the same way or at least in a rather similar way… but you miss the opportunity to make the regulation specific enough to really address a certain issue.”
Mark Durkee, head of data and technology at the Responsible Technology Adoption Unit, part of the UK’s technology ministry, sees the two approaches ultimately converging.
“The reality of what they do, I suspect, will not be that different. The standards they're looking for the processes, the assurance mechanisms, I think it's the same ecosystem,” Durkee said, adding that both jurisdictions must commit to stay aligned.
“The benefit if we get it right in the UK with our current approach is we can get regulators moving faster, or so goes the principle,” said Durkee, “So if there isn't an AI regulation coming, regulators are both empowered also, forcing them to get their act together quickly and start making decisions about what guidance they want to issue with the existing regulations.”
But he acknowledged that the sector approach will not be a natural fit for “huge-scale” general purpose models.
Brussels effect
Zenner believes the ‘Brussels effect’ of the GDPR may have been “exaggerated.” Jurisdictions such as states in the US have picked and chosen the parts they wants, leaving out parts that are “really very European-specific, that make sense in our region, within our legal system.”
From a US perspective, enterprises should learn from the cultural shift they made for the GDPR, said Evi Fuelle, director of global policy at Credo AI.
“When you build something with AI, it's incredibly expensive and a supreme waste of resources. If you haven't gone through that cultural shift already in, you build something they have to scrap entirely because it doesn't have these protections built in,” said Fuelle.
*'IAPP Data Protection Intensive: UK 2024,' London, Feb. 28-29, 2024
MLex
Prepare for tomorrow's regulatory change, today.
Guest articles from MLex: The specialist news and analysis you need to stay ahead of fast-moving regulatory shifts in the UK and across the globe.