A place where tipping is allowed!


Preparing for the EU AI Act: Getting governance right

The European Artificial Intelligence Act, while not yet law, is driving new levels of human oversight and regulatory compliance for artificial intelligence (AI) within the European Union. Similar to GDPR for privacy, the EU AI Act has potential to set the tone for upcoming AI regulations worldwide.  

The European Parliament reached a provisional agreement on the EU AI Act in December 2023, it is now making its way through the final phases of the legislative process and is expected to rollout in stages in the second half of 2024. Understanding the provisions of the EU AI Act and readying for compliance is essential for any organization who develops, deploys or uses AI — or is planning to.

The AI Act aims to “strengthen Europe’s position as a global hub of excellence in AI from the lab to the market, ensure that AI in Europe respects set values and rules, and harnesses the potential of AI for industrial use.” European Parliament News

The EU AI Act in brief

The primary focus of the EU AI Act is to strengthen regulatory compliance in the areas of risk management, data protection, quality management systems, transparency, human oversight, accuracy, robustness and cyber security. It aims to drive transparency and accountability into how AI systems are developed and deployed, helping to ensure that AI products placed in the market are safe for individuals to use.

The EU AI Act aims to meet the challenge to develop and deploy AI responsibly across industries including those that are highly regulated such as healthcare, finance and energy. For industries providing essential services to clients such as insurance, banking and retail, the law requires the use of a fundamental rights impact assessment that details how the use of AI will affect the rights of customers.

The cornerstone of the EU AI Act: safeguards to prevent unacceptable risk

The EU AI Act requires that general purpose AI models, including generative AI systems such as large language (LLMs) and foundation models, adhere to a classification system based on systematic risk tiers. Higher risk tiers have more transparency requirements including model evaluation, documentation and reporting. They also involve assessment and mitigation of system risks, reporting of serious incidents and providing protections against cybersecurity. In addition, these transparency requirements include maintenance of up-to-date technical documentation, providing a summary of the content used for model training, and complying with European copyright laws.

The EU AI act follows a risk-based approach, using tiers to classify the level of risk that AI systems pose to an individual’s health, safety or fundamental rights. The three tiers are:  

  • Low risk systems such as spam filters or video games have few requirements under the law other than transparency obligations. 
  • High-risk AI systems such as autonomous vehicles, medical devices and critical infrastructure (water, gas, electric, etc.) require developers and users to adhere to additional regulatory requirements:
    • Implement risk management, provide accuracy, robustness and a framework for accountability that includes human oversight
    • Meet transparency requirements provisioned for users, record keeping, and technical documentation
  • Prohibited systems with little exception are systems posing unacceptable risk such as social scoring, facial recognition, emotion recognition and remote biometric identification systems in public spaces.

The EU AI Act also imposes rules as to how customers are notified when using a chatbot or when an emotion recognition system is used. There are addition requirements for labeling deep fakes and identifying when generative AI content is used in the media.

Not complying with the EU AI Act can be costly:  

7.5 million euros or 1.5% of a company’s total worldwide annual turnover (whichever is higher) for the supply of incorrect information. 15 million euros or 3% of a company’s total worldwide annual turnover (whichever is higher) for violations of the EU AI Act’s obligations. Dec 19, 2023

The European AI Act is currently the most comprehensive legal framework for AI regulations. Governments worldwide are taking note and actively discussing how to regulate AI technology to ensure their citizens, business and government agencies are protected from potential risks. In addition, stakeholders from corporate boards to consumers are prioritizing trust, transparency, fairness and accountability when it comes to AI.

Getting ready for upcoming regulations with IBM

IBM watsonx.governance accelerates responsible, transparent and explainable AI workflows

IBM® watsonx.governance™ accelerates AI governance, the directing, managing and monitoring of your organization’s AI activities. It employs software automation to strengthens the ability to mitigate risks, manage regulatory requirements, and govern the lifecycle for both generative AI and predictive machine learning (ML) models.

 watsonx.governance drives model transparency, explainability and documentation in 3 key areas:

  • Regulatory compliance –manage AI to meet the upcoming safety and transparency regulations, policies and standards worldwide. Automate the identification of regulatory change to applicable requirement, connect regulatory data to key risk controls and policies, and use factsheets to automate the capture and reporting of model metadata in support of inquiries and audits.
  • Risk management – preset risk thresholds, and proactively detect and mitigate AI model risks. Monitor for fairness, drift, bias and new generative AI metrics. Gain insights into the state of risk across your organization with use-based dashboards and reports. Integrate all risk data, risk/control assessments, internal and external loss events, key risk indicators and issue/action plan management – within a single environment.
  • Lifecycle governance Lifecycle governance – govern both generative AI and predictive machine learning models across the lifecycle using integrated workflows/approvals, pre-set alerts, dashboards and customizable reports. Monitor metrics and status for use cases, in-process change requests, challenges, issues and assigned tasks.

‘Break open the black box’ with AI governance

The post Preparing for the EU AI Act: Getting governance right appeared first on IBM Blog.

Related articles