Key Points:

• Public anxiety exists about AI: Concerns include job displacement, ethical implications of AI decisions, and overall security risks. CISOs (security officers) share these worries.
• EU AI Act regulates commercial AI use: This first-of-its-kind legislation aims for safe, transparent, and accountable AI used in Europe. It categorises AI by risk and prohibits some uses entirely (e.g., real-time facial recognition in public).
• Businesses need to prepare: Before the August 1st deadline, businesses operating in the EU should take steps like identifying their AI systems, developing compliance plans, and training employees.

The conversation around artificial intelligence has been ubiquitous, and it’s sparked a lot of excitement across industries.

At Metomic, we’ve highlighted how AI has been transforming industries like healthcare, and the impact its having on security measures, making security teams more productive, as well as giving tools like the humble firewall a new lease of life.

Public Anxiety and AI

However, not all of the conversations being had around AI are optimistic.

There’s a lot of public anxiety around AI and the impacts that it's already having, or will have in the future.

We’ve written about this before. People are worried about job displacement, the ethical implications of AI decisions, and the overall security of AI systems.

These concerns are not unfounded. As AI becomes more sophisticated, its potential to influence various aspects of life—from employment to privacy—becomes more pronounced.

CISOs, responsible for safeguarding organisational data and systems, share these worries. But they’re particularly concerned about the security risks associated with its deployment.

“72% of US based CISO’s are worried that Generative AI will lead to breaches in their digital ecosystem.” - 2024 CISO Survey , Metomic

With AI systems often perceived as black boxes, the need for clear governance and regulation has never been more critical.

Enter the EU AI Act: Pioneering AI Regulation

The introduction of the EU Artificial Intelligence Act (EU AI Act), the first legislation of its kind to regulate commercial AI usage globally, couldn’t be more timely.

Scheduled to come into force on 1st August 2024, this landmark regulation aims to ensure AI systems used in Europe are safe, transparent, and accountable.

The EU AI Act’s primary objective is to foster trustworthy and responsible AI deployment. By establishing stringent guidelines, the Act seeks to mitigate the risks associated with AI, ensuring that AI systems are transparent, traceable, non-discriminatory, and environmentally friendly. Importantly, it mandates human oversight to prevent harmful outcomes.

What the EU AI Act Covers

The EU AI Act categorises AI systems based on the level of risk they pose to fundamental human rights.

It distinguishes between:

• Unacceptable Risk AI: Prohibited entirely due to their potential for harm.
• High-Risk AI: Subject to strict regulations, including risk assessments and human oversight.
• Low Risk AI: Required to meet transparency standards about AI usage.
• Minimal Risk AI: Subject to fewer restrictions but still mandated to adhere to transparency standards.

The Act specifically prohibits the use of AI for:

• Categorising individuals based on behaviour, socio-economic status, or personal characteristics.
• Real-time and remote biometric identification in publicly accessible spaces.

For more detailed information about what the EU AI act specifically covers, read more here.

Five Steps to Prepare for the EU AI Act

All of that sounds great for consumers, and anyone who’s going to be on the receiving end of goods and services that may be produced using AI tools.

But if you’re a business, especially one operating within the EU, you’ve got some preparation to do.

Here’s five actionable steps you need to implement before the August 1st deadline:

1. Conduct a Preventive AI Inventory

Begin by identifying all AI systems you use in your operations. Assess their risk levels to understand which aspects of your AI use will be impacted by the new legislation. This foundational step will enable you to develop targeted mitigation strategies and ensure compliance.

2. Develop Compliance Plans and Mitigation Strategies

Create comprehensive plans to meet the Act’s requirements. Depending on the type of AI and its application, you may need to conduct risk assessments, perform bias audits, and implement technical measures to comply with transparency and explainability mandates.

3. Update or Draft AI Policies and Procedures

Revise your internal and customer-facing policies to align with the Act’s principles. Ensure these policies encompass transparency, fairness, explainability, and non-discrimination in AI decision-making. This preparation will help you respond effectively to any challenges or queries from regulators.

4. Roll Out Employee Training and Embed AI Awareness

Educate your staff about the EU AI Act and its implications for their roles. This training is crucial to meet human oversight requirements and demonstrate your organisation’s commitment to addressing AI-related risks. An informed workforce is essential for effective and responsible AI governance.

5. Monitor Updates and Interpretations of the Act

Stay informed about evolving requirements, guidelines, and recommendations. The AI regulatory landscape is dynamic, and being proactive will help you adapt to changes. Also, keep an eye on potential UK AI regulations, which may offer additional insights and requirements.

Conclusion

The introduction of the EU AI Act represents a significant step towards addressing public anxiety and ensuring the responsible use of AI.

By understanding and preparing for this legislation, companies can not only achieve compliance but also build trust with their customers and stakeholders.

The time to act is now—embrace these steps to navigate the new regulatory landscape confidently and responsibly.