The EU became the first regulator in the world to propose a legal framework for artificial intelligence in 2021. The framework aims to standardize AI regulations and mitigate associated risks, and will inform the EU’s proposed Artificial Intelligence Act.
Frans van Bruggen is the Policy Officer on FinTech and AI at the Dutch central bank, De Nederlandsche Bank (DNB). He’s also one of the policymakers behind the EU’s upcoming AI act.
In this week’s Business of Data podcast, van Bruggen speaks to us about what rules the act might impose, the four categories that makes up its risk-based approach to AI and what this all means for business.
“The European Commission is still negotiating the AI act,” van Bruggen says. “This will be a horizontal regulation, and making it risk-based means the higher the risk the AI poses to the public, the more it will be regulated. Unacceptable risk applications [such as social scoring or biometric systems used for law enforcement in public spaces] will be completely prohibited.”
Our research suggests that company executives outside of risk- and AI-focused teams still generally lack a complete understanding of the role AI ethics plays in a modern enterprise and why it’s important. While concerns such as explainability and bias are usually top of the agenda, van Bruggen believes there are other areas that should be getting more attention.
He explains: “There’s what I call the ‘responsibility gap’. Now that we have more machines deployed across [financial] institutions and making certain decisions, it doesn’t take the responsibility of the AI’s outcomes from humans. Sometimes, we think, ‘It’s a machine. I’m not responsible for the output.’
“Where in the organization do you place the responsibility? I think it should be placed high up, with the Chief Risk Officer or a similar role. Another area to consider is federated learning. That means data to train the model is centralized, the algorithm goes to the data, and this helps address some privacy concerns around AI.”
Ultimately, van Bruggen predicts that new EU regulations for responsible AI use will come into effect in 2024. That means, AI-focused executives have roughly two years to prepare their organizations.
“Negotiating its terms takes a lot of time because there are a lot of member states involved,” he concludes. “Each one is coming with its own values so there are different perspectives on what should be regulated. For instance, there are a lot of issues around the definition of AI, what its scope is and which applications should be in the unacceptable risk category.
“If the GDPR is anything to go by, this regulation could have global implications. So, it’ll have to be reviewed regularly, because we don't know how AI is going to develop in the future.”
To get more insights from Europe's data & analytics experts, attend our event, Chief Data & Analytics Officers, Europe taking place in Amsterdam on 18-30 October. Register your interest to get updates about the latest speakers, agenda sessions and ticket options.