Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

In Global Rush to Regulate AI, Europe Set to Be Trailblazer

Europe is set to be the trailblazer when it comes to regulating AI such as ChatGPT.

The breathtaking development of artificial intelligence has dazzled users by composing music, creating images and writing essays, while also raising fears about its implications. Even European Union officials working on groundbreaking rules to govern the emerging technology were caught off guard by AI’s rapid rise.

The 27-nation bloc proposed the Western world’s first AI rules two years ago, focusing on reining in risky but narrowly focused applications. General purpose AI systems like chatbots were barely mentioned. Lawmakers working on the AI Act considered whether to include them but weren’t sure how, or even if it was necessary.

“Then ChatGPT kind of boom, exploded,” said Dragos Tudorache, a Romanian member of the European Parliament co-leading the measure. “If there was still some that doubted as to whether we need something at all, I think the doubt was quickly vanished.”

The release of ChatGPT last year captured the world’s attention because of its ability to generate human-like responses based on what it has learned from scanning vast amounts of online materials. With concerns emerging, European lawmakers moved swiftly in recent weeks to add language on general AI systems as they put the finishing touches on the legislation.

The EU’s AI Act could become the de facto global standard for artificial intelligence, with companies and organizations potentially deciding that the sheer size of the bloc’s single market would make it easier to comply than develop different products for different regions.

“Europe is the first regional bloc to significantly attempt to regulate AI, which is a huge challenge considering the wide range of systems that the broad term ‘AI’ can cover,” said Sarah Chander, senior policy adviser at digital rights group EDRi.

Authorities worldwide are scrambling to figure out how to control the rapidly evolving technology to ensure that it improves people’s lives without threatening their rights or safety. Regulators are concerned about new ethical and societal risks posed by ChatGPT and other general purpose AI systems, which could transform daily life, from jobs and education to copyright and privacy.

The White House recently brought in the heads of tech companies working on AI including Microsoft, Google and ChatGPT creator OpenAI to discuss the risks, while the Federal Trade Commission has warned that it wouldn’t hesitate to crack down.

Advertisement. Scroll to continue reading.

China has issued draft regulations mandating security assessments for any products using generative AI systems like ChatGPT. Britain’s competition watchdog has opened a review of the AI market, while Italy briefly banned ChatGPT over a privacy breach.

The EU’s sweeping regulations — covering any provider of AI services or products — are expected to be approved by a European Parliament committee Thursday, then head into negotiations between the 27 member countries, Parliament and the EU’s executive Commission.

European rules influencing the rest of the world — the so-called Brussels effect — previously played out after the EU tightened data privacy and mandated common phone-charging cables, though such efforts have been criticized for stifling innovation.

Attitudes could be different this time. Tech leaders including Elon Musk and Apple co-founder Steve Wozniak have called for a six-month pause to consider the risks.

Geoffrey Hinton, a computer scientist known as the “Godfather of AI,” and fellow AI pioneer Yoshua Bengio voiced their concerns last week about unchecked AI development.

Tudorache said such warnings show the EU’s move to start drawing up AI rules in 2021 was “the right call.”

Google, which responded to ChatGPT with its own Bard chatbot and is rolling out AI tools, declined to comment. The company has told the EU that “AI is too important not to regulate.”

Microsoft, a backer of OpenAI, did not respond to a request for comment. It has welcomed the EU effort as an important step “toward making trustworthy AI the norm in Europe and around the world.”

Mira Murati, chief technology officer at OpenAI, said in an interview last month that she believed governments should be involved in regulating AI technology.

But asked if some of OpenAI’s tools should be classified as posing a higher risk, in the context of proposed European rules, she said it’s “very nuanced.”

“It kind of depends where you apply the technology,” she said, citing as an example a “very high-risk medical use case or legal use case” versus an accounting or advertising application.

OpenAI CEO Sam Altman plans stops in Brussels and other European cities this month in a world tour to talk about the technology with users and developers.

Recently added provisions to the EU’s AI Act would require “foundation” AI models to disclose copyright material used to train the systems, according to a recent partial draft of the legislation obtained by The Associated Press.

Foundation models, also known as large language models, are a subcategory of general purpose AI that includes systems like ChatGPT. Their algorithms are trained on vast pools of online information, like blog posts, digital books, scientific articles and pop songs.

“You have to make a significant effort to document the copyrighted material that you use in the training of the algorithm,” paving the way for artists, writers and other content creators to seek redress, Tudorache said.

Officials drawing up AI regulations have to balance risks that the technology poses with the transformative benefits that it promises.

Big tech companies developing AI systems and European national ministries looking to deploy them “are seeking to limit the reach of regulators,” while civil society groups are pushing for more accountability, said EDRi’s Chander.

“We want more information as to how these systems are developed — the levels of environmental and economic resources put into them — but also how and where these systems are used so we can effectively challenge them,” she said.

Under the EU’s risk-based approach, AI uses that threaten people’s safety or rights face strict controls.

Remote facial recognition is expected to be banned. So are government “social scoring” systems that judge people based on their behavior. Indiscriminate “scraping” of photos from the internet used for biometric matching and facial recognition is also a no-no.

Predictive policing and emotion recognition technology, aside from therapeutic or medical uses, are also out.

Violations could result in fines of up to 6% of a company’s global annual revenue.

Even after getting final approval, expected by the end of the year or early 2024 at the latest, the AI Act won’t take immediate effect. There will be a grace period for companies and organizations to figure out how to adopt the new rules.

It’s possible that industry will push for more time by arguing that the AI Act’s final version goes farther than the original proposal, said Frederico Oliveira Da Silva, senior legal officer at European consumer group BEUC.

They could argue that “instead of one and a half to two years, we need two to three,” he said.

He noted that ChatGPT only launched six months ago, and it has already thrown up a host of problems and benefits in that time.

If the AI Act doesn’t fully take effect for years, “what will happen in these four years?” Da Silva said. “That’s really our concern, and that’s why we’re asking authorities to be on top of it, just to really focus on this technology.”

Related: Innovation Sandbox: Cybersecurity Investors Pivot to Safeguarding AI Training Models

Related: Vulnerability Could Have Been Exploited for ‘Unlimited’ Free Credit on OpenAI Accounts

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Artificial Intelligence

Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems.

Application Security

Thinking through the good, the bad, and the ugly now is a process that affords us “the negative focus to survive, but a positive...

Artificial Intelligence

Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.