Experts are ringing the alarm bells over the risk unfettered development of artificial intelligence (AI) technology could pose to humanity. Enter the European Union (EU), already a leader in data protection and privacy rights, where a law governing AI technology has been agreed upon by the EU Parliament.
Jonathan Dambrot, CEO of Cranium, says it’s not surprising that the EU, once again, has taken the lead on tech regulation.
“We saw this with GDPR and data privacy and now we’re seeing the same with AI,” he says.
While the agreed-upon text of the so-called AI Act will likely undergo further refinements and modifications, steady progress on the law indicates governments are stepping up to the challenge of harnessing — or attempting to harness — a technology that has come to dominate headlines in a few short months.
“As businesses navigate this landscape, it is crucial to understand the context of existing regulations, such as the GDPR, and the key elements of the upcoming AI Act,” says Kyle Kappel, US leader for cyber at KPMG.
From his perspective, compliance with these regulations means putting into practice more robust data management, including careful handling of user information.
“Businesses should also be prepared to ensure explainability of AI decisions, document AI behavior, and potentially undergo external testing to address concerns like bias,” he adds.
Compliance with evolving AI regulations will likely drive businesses to establish cohesive data and AI/ML operational practices (MLOps), treating regulations as interconnected components.
A Double-Edged Sword
Craig Jones, vice president of security operations at Ontinue, says the new regulatory environment could function as a double-edged sword.
“While it might stimulate more robust, ethical, and secure AI applications in cybersecurity, it has the potential to curb experimental approaches and slow down the speed of innovation,” he says.
From Jones’ perspective, it’s a tightrope walk between ensuring responsible AI use and maintaining a vibrant, dynamic research and development ecosystem.
“On the upside, the Act provides a regulatory safety net that seeks to ensure ethical and safe AI applications, which can instill more public trust in these technologies,” he says. “It also raises the bar for AI transparency and accountability.”
The downside might be that it could temper the pace of AI innovation, making the EU less attractive for AI startups and entrepreneurs.
“The balance between transparency and protection of proprietary algorithms also poses a complex challenge,” he notes.
Global Impact on AI Regulation
Chris Vaughan, vice president of technical account management at Tanium, says the AI Act will force many commercial organizations to work within the EU framework.
“It is a powerful and well-established marketplace that many companies wish to conduct businesses within,” he says. “To do so they must be complaint with EU law. This instantly creates a global impact.”
Cranium’s Dambrot agrees the EU’s decision will “absolutely” have a global impact like the way GDPR did.
“People are more afraid of AI than their privacy historically. The need for the EU, US, China, and every major power to regulate will be important for the adoption of AI universally,” he says. “With the EU AI Act, Europe is leaning in and taking a first mover advantage in these regulations.”
He adds if there’s no comprehensive framework or guidance, then US companies are going to have competing compliance pressures at the state and federal level.
“Although the precedent for privacy is for states to take the lead, my hope is that there be a comprehensive AI regulation like the EU AI Act to help regulate the responsible and safe use of AI,” Dambrot says. This will help make it easier for both US and foreign AI developers to better serve and navigate clients securely.
“It’s really interesting when you see major tech players like OpenAI say to Congress, ‘please regulate us,'” he adds.
US Faces Challenging Regulatory Hurdles
Not everyone is so sure the US will act with speed, however, including Mike Britton, CISO of Abnormal Security, who says the Feds will face several roadblocks in following suit. For starters, the US lags when it comes to privacy and regulation in general.
“It’s complicated for a variety of reasons, including the fact that privacy is not a fundamental right in the US like it is in Europe,” he says.
Another big challenge for US lawmakers: Privacy regulations are implemented around specific types of information — HIPAA for healthcare, GLBA for financial services, COPPA for protection of children’s privacy.
“There is currently very little desire to harmonize these various privacy laws since agencies and organizations have already laid claim to the regulations that govern these areas,” he says.
Finally, Britton points out “Big Tech” has been extremely successful in lobbying for self-regulation and taking a laissez-faire approach to regulating technology.
“I imagine they will push hard to do the same here,” he says. “On the bright side, the White House recently released an AI Bill of Rights, which shows that there is some consideration being given to the issue.”
Impact of AI on Cybersecurity
Dambrot predicts AI will worm its way into almost every cyber function, from incident response and SOC to third-party risk and other applications, warning that CISOs who have not yet prioritized AI until this year now must play catch-up.
“Technology such as ChatGPT is now at a point where it can rewrite malware — meaning traditional detections programs are unable to identify it,” Tanium’s Vaughan explains.
Vaughan predicts cybersecurity and AI innovation will compete in a game of cat and mouse to see who can develop quicker.
“For example, as malware, phishing, and cyberattacks evolve, the defensive counterparts must develop alongside,” he says. “We also need protection against the malicious use of AI technology such as deepfakes. We have enough problems with online harassment with real images — permitting fake images into the mix could have catastrophic results.”
How Privacy Requirements Affect AI
The EU legislation focuses on aspects of AI that can harm individuals, which could affect how the technology progresses.
“AI innovations may become more difficult,” Vaughan says. “AI algorithms are based on data, which must be sourced from somewhere.”
So far there have been few — if any — requirements for AI developers to reveal where they got their data or how they used it to teach their AI systems.
However, with the new EU legislation, innovators will have to openly state the origin of their data and provide details on how they used it to train their AI algorithms. This is to ensure transparency and accountability in the development of AI technology.
“There are some unintended consequences — consider the right to be forgotten,” Dambrot says. “If individuals can demand that their PII which may have been included in training a model be removed, then what’s the security impact to that model?”
“This created additional red tape to businesses, but ultimately protects people,” Vaughan points out. “A slight delay in innovation is a worthy sacrifice for safety.”
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Automotive / EVs, Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- BlockOffsets. Modernizing Environmental Offset Ownership. Access Here.
- Source: https://www.darkreading.com/edge/how-the-eu-ai-act-will-affect-businesses-cybersecurity
- :has
- :is
- :not
- :where
- $UP
- a
- absolutely
- Account
- account management
- accountability
- Act
- Additional
- address
- Adds
- Adoption
- ADvantage
- affect
- afraid
- again
- against
- agencies
- AI
- AI Act
- AI regulation
- AI systems
- AI/ML
- alarm
- algorithms
- alongside
- already
- also
- Although
- an
- and
- any
- applications
- approach
- approaches
- ARE
- areas
- around
- artificial
- artificial intelligence
- Artificial intelligence (AI)
- AS
- aspects
- At
- attempting
- attractive
- Balance
- bar
- based
- BE
- become
- been
- being
- bells
- Better
- between
- bias
- Big
- big tech
- Bill
- both
- Bright
- businesses
- but
- by
- CAN
- careful
- CAT
- catastrophic
- ceo
- challenge
- challenging
- Children
- China
- CISO
- claim
- clients
- cohesive
- come
- comes
- commercial
- Companies
- compete
- complaint
- complex
- compliance
- complicated
- components
- comprehensive
- Concerns
- Conduct
- Congress
- Consequences
- Consider
- consideration
- context
- could
- created
- creates
- crucial
- Currently
- cyber
- cyberattacks
- Cybersecurity
- data
- data management
- data privacy
- data protection
- decision
- decisions
- deepfakes
- defensive
- delay
- Demand
- desire
- details
- develop
- developers
- Development
- DID
- difficult
- do
- document
- document ai
- dominate
- down
- downside
- drive
- dynamic
- easier
- ecosystem
- elements
- enough
- ensure
- ensuring
- Enter
- entrepreneurs
- Environment
- establish
- Ether (ETH)
- ethical
- EU
- Europe
- European
- european union
- European Union (EU)
- Every
- everyone
- evolve
- evolving
- example
- existing
- Explainability
- Explains
- external
- extremely
- Face
- faces
- fact
- fake
- far
- Federal
- Feds
- few
- financial
- First
- focuses
- following
- For
- Force
- foreign
- forgotten
- Framework
- from
- function
- fundamental
- further
- game
- GDPR
- General
- given
- Global
- going
- governing
- Governments
- guidance
- Handling
- harassment
- Hard
- harm
- harness
- Harnessing
- Have
- he
- Headlines
- help
- here
- his
- historically
- hope
- House
- How
- However
- HTTPS
- Humanity
- i
- identify
- if
- images
- imagine
- Impact
- implemented
- important
- in
- incident
- incident response
- included
- Including
- indicates
- individuals
- information
- Innovation
- innovations
- innovators
- instantly
- Intelligence
- interconnected
- interesting
- into
- issue
- IT
- ITS
- jones
- jpg
- Key
- KPMG
- landscape
- Law
- lawmakers
- Laws
- lead
- leader
- Legislation
- less
- like
- likely
- little
- lobbying
- maintaining
- major
- make
- Making
- malware
- management
- many
- marketplace
- May..
- meaning
- means
- might
- mike
- mix
- MLOps
- model
- Modifications
- months
- more
- must
- my
- Navigate
- Need
- net
- New
- no
- Notes
- now
- of
- on
- once
- online
- online harassment
- OpenAI
- openly
- operational
- Operations
- or
- organizations
- Origin
- Other
- out
- over
- Pace
- parliament
- People
- perspective
- phishing
- pii
- plato
- Plato Data Intelligence
- PlatoData
- Play
- players
- please
- Point
- points
- poses
- potential
- potentially
- power
- powerful
- practice
- practices
- Precedent
- Predicts
- prepared
- president
- prioritized
- privacy
- privacy laws
- problems
- Programs
- Progress
- proprietary
- protection
- provide
- provides
- public
- public trust
- Push
- Putting
- quicker
- raises
- RE
- real
- really
- reasons
- recently
- Red
- Regulate
- regulating
- Regulation
- regulations
- regulatory
- released
- Removed
- Requirements
- research
- research and development
- response
- responsible
- Results
- reveal
- right
- rights
- Risk
- roadblocks
- robust
- s
- sacrifice
- safe
- Safety
- same
- saw
- say
- says
- secure
- securely
- security
- Security Operations
- see
- seeing
- Seeks
- serve
- several
- Short
- should
- Shows
- side
- since
- slow
- So
- some
- somewhere
- sourced
- specific
- speed
- starters
- Startups
- State
- States
- steady
- stepping
- successful
- such
- Suit
- sure
- surprising
- Systems
- Take
- taken
- taking
- tech
- Technical
- Technologies
- Technology
- Testing
- than
- that
- The
- the Law
- The State
- their
- then
- There.
- These
- they
- third-party
- this
- this year
- to
- traditional
- Train
- Training
- Transparency
- treating
- Trust
- types
- Ultimately
- unable
- undergo
- understand
- union
- until
- upcoming
- upon
- Upside
- us
- US Lawmakers
- use
- used
- User
- variety
- various
- very
- vibrant
- vice
- Vice President
- warning
- Way..
- we
- What
- when
- which
- while
- white
- White House
- WHO
- will
- with
- within
- Work
- worm
- year
- yet
- you
- zephyrnet