ServizioContenuto basato su fatti, osservati e verificati dal reporter in modo diretto o riportati da fonti verificate e attendibili.Scopri di più
Digital Economy

How will artificial intelligence standards and certifications be decided in Europe?

The definition of shared technical standards for algorithm security and other essential aspects of AI development will be the main challenge related to the implementation of the AI Act.

by Andrea Bertolini* and Roberto Marseglia*

3' min read

3' min read

On 21 May 2024, the Council of Europe approved the Artificial Intelligence Regulation (AI Act), a regulation that will gradually come into force with the first provisions to be published within six months of its approval and publication in the Official Journal.

This regulation, whose main objective is to make the evolution and adoption of artificial intelligence safe, can be interpreted as a product safety discipline. It is, that is, similar to those disciplines that require anyone wishing to sell a product on the European market to test it and certify it by affixing the CE mark, which sanctions the 'technical safety' of goods on the market, including the mobile phones from which we are probably reading right now.

Loading...

These safety disciplines are almost always complemented by technical standards, which are developed at international level by private bodies; the most famous of these are the International Standardisation Organisation (ISO) and the Institute of Electrical and Electronics Engineers (IEEE), but there are also bodies at European level, such as CEN, CENELEC and ETSI.

The standards that these bodies produce detail the technical aspects and determine what characteristics a machine or component must have in order to conform to the state of the art and, consequently, be safe. These standards, on the other hand, are not legally binding: the individual developer may decide whether or not to comply with them, proving the safety of his or her product in a different (albeit - in all likelihood - more onerous) manner.

Although they are not legally binding, these standards are typically adopted through a drafting process that is not exactly democratic and representative of public interests. In the vast majority of cases, this is not a problem per se, but it can certainly bring a great advantage to that company that succeeds in imposing its solution (or even its patent) as representative of a state of the art, then consolidated into an international standard.

Loading...

The definition of shared technical standards for the security of algorithms and other essential aspects related to the development of AI will be the main challenge related to the implementation of the AI Act, ultimately defining its true scope and ability to exert the much-desired control. These standards, however, take years to develop and approve (the average time to approve a standard is between three and five years). Much of the AI Act's prescriptive capacity is thus de facto postponed and subject to no small amount of uncertainty.

At the same time, these products will have to be certified and undergo an impact assessment with respect to the fundamental rights of these technologies. This will create a huge market related to the AI Act. In the absence of a detailed regulatory framework and, in the first instance at least, of these standards, a fundamental role will be played by those who are ready to intervene by offering a certification and assessment product that offers sufficient guarantees, including - if not only - with respect to possible liability profiles. An erroneous qualification of an AI system - for example, one that is wrongly not considered high-risk under Article 6 AIA or not identified as prohibited under Article 5 AIA - could expose the company to even significant penalties (7% of global turnover).

In the absence of a regulatory framework that has yet to be defined in its most operational (but essential) aspects, those who will be able to offer the market a convincing certification product and best practices will soon be able to establish themselves as leaders in this market. They will ultimately make a decisive contribution to defining the operational content of the AI Act and the criteria that companies wishing to innovate will have to adhere to.

It is likely that large global players that have been active for many years in the technological frontier and have developed internal best practices from data regulation will be able to offer these services sooner and better than others, and will soon dominate the market. Most likely, these will be non-European or, in any case, mainly non-European players that, with their solutions, will be able to significantly influence the real scope of application of what, in the intentions of the European Commission, should represent 'the European approach' to AI.

At the end of this process, however, we could perhaps ask ourselves how much of Europe will have been left and, similarly, we could assess whether the 'Brussels effect', on which the Commission clearly bet on, i.e. whether the AI Act model will have been able to influence the regulation of technology globally and beyond the borders of the member states, will have occurred.

*Andrea Bertolini, Associate Professor of Law, Sant'Anna of Pisa and Roberto Marseglia, CEO, DAAT

Copyright reserved ©
Loading...

Brand connect

Loading...

I prossimi eventi

Tutti gli eventi

Newsletter

Notizie e approfondimenti sugli avvenimenti politici, economici e finanziari.

Iscriviti