November 23, 2021 - 143 views|
The EU’s AI Act will require deeper education and evangelization to ensure more transparent and ethical use of AI.
With new regulations proposed, AI ethics — like data privacy — has become a top priority for companies. As heads of state from European Union member nations begin to discuss the EU’s proposed Artificial Intelligence (AI) Act, companies are exploring what it will take to adhere to one of the first major policy initiatives focused on harmful AI.
The answer is clear: Compliance will require businesses to educate and evangelize across their organizations. While it will likely take two years for these new rules to come into effect, it’s not too soon to prepare.
Ethics by design is a different way of thinking for companies. In addition to considering profit-driven outcomes, companies will now need to assess the harm and impact of their practices and provide oversight to manage AI risks.
Proposed in April, the AI Act aims at mitigating the harmful use of AI. It facilitates the transparent, ethical use of AI — and keeps machine intelligence under human control. The regulations would outlaw four AI technologies that cause physical and psychological harm: social scoring, dark-pattern AI, manipulation and real-time biometric identification systems.
Equally important to companies are the act’s proposed penalties. Fines for noncompliance are significantly higher than are those for the EU’s General Data Protection Regulation (GDPR), ranging up to €30 million, or 6% of annual revenue. In contrast, the GDPR imposes fines of up to €20 million, or 4% of revenue.
Beyond the penalties, we see strong parallels between the proposed AI Act and GDPR. When enacted in 2018, GDPR elevated privacy to priority status for organizations, and the AI Act will trigger a similar lift for AI ethics. The good news is that many of the processes that companies implemented as part of GDPR compliance can serve as the foundation for adopting responsible AI, such as the privacy impact assessments used when sensitive data is being processed.
But there are key differences between data privacy and AI ethics, and they make navigating this new territory more uncertain. For one thing, data privacy is about minimizing the data needed for an intended purpose; AI thrives on mining as much of it as possible.
Further, while there is general agreement on the level of personal details that need to be protected, AI ethics involves more nuanced and subjective issues such as bias and fairness. While most chatbots won’t meet requirements for the high-risk category because they are narrowly defined and task-oriented — think help desks — evaluating exceptions reveals the complexities inherent in AI ethics.
For example, a consumer-facing chatbot that helps consumers find social services could be classified as high risk because of its potential for impacting access and outcomes, especially for historically oppressed populations. It comes down to the likely harm to the individual.
Often overlooked in discussion of the AI Act is that the proposed regulations apply not just to personal details but also to the datasets, modeling and algorithms used in business decisions. The coverage of nonpersonal data has huge ramifications for businesses.
For example, the AI Act’s restrictions, if enacted, would apply to the data banks used to assess the level of risk for commercial loans. Data in these cases typically relates to the type of business, location and other details such as local crime rates. No personal data is involved, yet as an AI-driven business decision, the risk assessment falls under the act’s efforts to avoid the unintended AI bias and real-world harm seen in home mortgages.
Similarly, the AI Act would also cover the use of AI in functional chatbots related to business operation flows, such as directing employees to HR forms. While unlikely to fall into the high-risk category, functional chatbots will require additional justification to demonstrate that the processes aren’t intrusive.
By making the required changes to comply with the proposed regulations, businesses will see significant opportunities. They’ll understand how to safely implement AI and identify areas of opportunity and ROI, especially in regulated industries such as healthcare, banking and brokerage.
Protecting corporate AI investments will entail changes in culture, hierarchy and governance to ensure the precise risk management the AI Act requires. It’s a balancing act of protecting people and profits. We recommend organizations take the following steps to get started: