‍

‍

‍

This past November 2021, I was invited by Hub France IA to an event organized by BPI with Martin Ulbricht from DG CONNECT, European Commission. It was an excellent opportunity to discuss with him and other companies the harmonized rules on AI. In the coming months, this proposal will hugely impact the industry. In this post, I’ll be sharing with you my views on the following questions:

• Who is impacted?
• Do we need to add controls on technology usage?
• Will it apply to technologies created outside of Europe?
• What will be the cost for companies to comply with this new regulation?

‍

Who is impacted?

The idea of this proposal is based on a risk-based approach described here.  
‍

‍

‍

The unacceptable risk class includes: 

“AI systems considered a clear threat to the safety, livelihoods, and rights of people will be banned, from social scoring by governments to toys using voice assistance that encourages dangerous behavior.”

‍

The high-risk systems are considered to be “essential private and public services (e.g., credit scoring denying citizens opportunity to obtain a loan).” This means that it has a massive impact on the financial industry, including banks, software vendors and service providers like Bleckwen. Furthermore, this means that a lot of actors will be impacted. Thus we all need to understand the impact of such a regulation. In the meantime, the EU must discuss and consult with us (vendors) to design an applicable regulation.

‍

Do we need to add controls on technology usage?

The question here concerns the use of the technology or service provided. So,who must ensurethat thetechnology follows the regulation? In my opinion,it should be the responsibility of the technology consumerto ensure compliance with the respective rules. Of course, the technology consumer may require tech providers to deliver features to aid and monitor the system for compliance. So, the answer is yes. We need to find theproportionate level of controland set up theend-user withthecorrect tooling to demonstratehe or she is respecting the regulation.

‍

Would it apply for technology created outside of EU?

Suppose the technology provider is outside of the EU. And the responsibility has been deferred by the technology consumer to the provider. 

How can we ensure the provider will comply with the harmonized rules? It's a no-brainer - yes, it must! Ultimately, this is another reason why it must be the responsibility of the technology consumer to check for compliance with the regulations on AI. Otherwise, it may mean that a vendor based in other geographies could sell a service using AI without EU control. The end-user would argue this is the provider's responsibility.

‍

What would be the cost for companies to comply with the EU regulation?

To be honest, it’s hard to say. It will considerably impact companies, especially young startups that use a lot of AI technologies in their systems, and it may be an inhibitor to EU innovation and the EU startup ecosystem. Different organizations, including the European Commission’s Directorate-General for Communications Networks, Content and Technology (DG Connect), made some estimations. The range of estimates goes from €5k to €250k.

‍

Takeaway

This regulation will undoubtedly significantly impact the financial industry due to the prevalence of AI already in production. It is essential to prepare now for this regulation. Elements that need to be addressed while deploying your AI project include:
‍

• Data governance
• Traceability
• Auditability
• Documentation
• Transparency
• Human control
• Cybersecurity robustness

‍

At Bleckwen, we haven’t waited for this EU regulation project to address these topics as they were already important to us. 

‍