‘A means, not an end’: EU proposes ‘human centric’ approach to AI regulation in draft rules

The European Commission has proposed regulations on the use of artificial intelligence (AI) through a risk-based rules framework that calls for heavy fines, partial bans on surveillance, and safeguards for high-risk applications.

Companies breaching regulations banning the use of ‘unacceptable’ AI or not adhering to a number of “strict obligations” could face fines as much as 6% of their worldwide turnover, or €30 million (whichever is higher) under the draft rules announced by Brussels on Wednesday.

“AI is a means, not an end. It has been around for decades but has reached new capacities fuelled by computing power. This offers immense potential in areas as diverse as health, transport, energy, agriculture, tourism or cyber security. It also presents a number of risks,” the commissioner for internal market, Thierry Breton, said.

Breton said the proposals were aimed at strengthening Europe’s position as “global hub of experience in AI from the lab to the market,” as well as ensuring the AI in Europe “respects our values and rules.”

The commission now has to flesh out the details with EU member states and the European Parliament before the rules can come into force. That process could take years.

In its proposal, the EU outlines what it terms a ‘human-centric’ approach that both utilizes the technology’s promise, but also keeps it from infringing on strict privacy laws and keeping it “trustworthy.” Technologies are ranked according to the potential for harmful impact – from outright bans down to limited and minimal risks. 

Under the new proposals, AI applications that allow governments to do ‘social scoring’ or exploit children are deemed to pose ‘unacceptable risk’. Applications used in recruitment, critical infrastructure, credit scoring, migration, and law enforcement fall into the ‘high-risk’ category and would be subject to strict safeguards.

All remote biometric identification systems are also deemed high-risk, with exceptions for “strictly necessary” instances like searching for missing children and preventing “specific and imminent terrorist” threats.

The use of these mass surveillance applications would have to be authorized by a court or an independent oversight body and limited to specific times and spaces.

The ‘limited risk’ category calls for specific transparency obligations. Users interacting with ‘chatbots’, for instance, must be informed – but the vast majority of AI systems, such as spam filters and video game AIs, will fall into the ‘minimal risk’ category not governed by the new rules.

The proposal also calls for the creation of a European Artificial Intelligence Board to facilitate the implementation of the rules and the development of AI standards.

Activist group European Digital Rights (EDRI) welcomed the proposal, but warned that it does not go far enough. While it is "positive" that the Commission acknowledges some uses of AI are unacceptable, the draft law "does not prohibit the full extent" of unacceptable uses "in particular all forms of biometric mass surveillance," Sarah Chander, an AI policy expert with EDRI, said.

“The regulation allows too wide a scope for self-regulation by companies profiting from AI. People, not companies need to be the centre of this regulation,” Chander added.

Think your friends would be interested? Share this story!