A smart robot and a robotic arm are pictured on display at the 2023 Mobile World Congress (MWC) in Barcelona, Spain, on Feb. 28, 2023. | Xinhua Photo
The European Union's Artificial Intelligence Act (EU AI Act) officially came into force last week, marking the launch of the first comprehensive AI legislative framework worldwide.
The groundbreaking legislation has not only garnered international attention on AI regulation, but also sparked reflections on the EU's legislative capabilities.
GDToday had an exclusive with Dr. Patrick Glauner, Professor of Artificial Intelligence at Deggendorf Institute of Technology in Germany and the Founder & CEO of skyrocket.ai GmbH, a Regensburg-based AI consulting firm.
Prof. Glauner shared his views on challenges of AI legislation covering the EU AI Act, the General Data Protection Regulation (GDPR), the legal regulation of cutting-edge generative AI, as well as global internet security.
A visitor tries the new version of the Nubia 3D pad, a 5G+AI eyewear-free 3D Pad displayed at Chinese telecom company ZTE's booth during the Mobile World Congress (MWC) 2024 in Barcelona, Spain, on Feb. 28, 2024. | Xinhua Photo
The biggest challenge in drafting AI Act was the lack of understanding of AI
According to Prof. Glauner, the biggest challenge in drafting the AI Act was the lack of in-depth understanding of AI technology among EU legislators.
"European politicians are often driven by fear and misunderstanding of AI, which leads to numerous issues," he noted. In contrast, the US tends to favor innovation more.
Prof. Glauner underscored that lawmakers need to find a balance between promoting AI innovation and meeting regulatory needs.
He argued that while the EU claims AI was previously in an "unregulated" state, in reality, once AI technology is applied in fields such as automotive, aviation, or financial products, these fields themselves are already strictly regulated.
Therefore, from a product or process perspective, the addition of AI does not significantly increase regulatory difficulty.
The building where the Norwegian Data Protection Authority is located in Oslo, Norway on Sept. 28, 2023. | Xinhua Photo
GDPR poses issues when being implemented despite its good intention
As for the EU's GDPR, hailed as the most stringent data protection regulation worldwide, Prof. Glauner stated that its complexity poses lots of implementation challenges.
He noted that despite the good intention, extensive provisions (hundreds of pages) of GDPR make understanding and enforcement exceptionally difficult, increasing enforcement uncertainty.
Prof. Glauner detailed that GDPR enforcement varies among EU member states. For instance, countries like Germany enforce GDPR strictly, while Luxembourg or the Baltic states are more lenient. The status quo leads enterprises to consider relocating their headquarters to regions with laxer enforcement, which negatively impacts market competition.
"Now in the new term, in the European parliament, they should try to harmonize and revise and simplify all of these acts," he added.
Although GDPR is seen as a global milestone in data protection, Prof. Glauner believes that other countries are more likely to adopt its principles and tenets rather than accepting it wholesale.
A visitor interacts with an intelligent robot at Hannover Messe 2023 in Hannover, Germany, on April 19, 2023. | Xinhua Photo
Generative AI raises issues of privacy, security and ownership of content
Given the rise of generative AI applications such as ChatGPT, issues of privacy, data security and the ownership of intellectual property (IP) have stand out.
Prof. Glauner notedthatadditional regulatory measures introduced inthe newly-enacted EU AI Act specifically target generative AI.
Generative AI, due to its potential systemic risks, is subject to strict regulation, but this also poses significant compliance challenges. Current regulatory framework might be too stringent, enabling large enterprises to comply easily while the small ones struggle, underscored Prof. Glauner.
In this regard, he called for consideration of AI's positive contributions during regulation, avoiding overly stringent blanket rules. "When using AI, we should rely on human intelligence for judgment first, supplemented by AI support," he added.
In the realm of IP, there are significant differences between the US and EU's attitudes towards generative AI.
Prof. Glauner noted that the New York Times' lawsuit against OpenAI in the US does not directly target the generated content itself, but focuses on the data used for model training. In contrast, the EU provides more freedom regarding data training in copyright law, but has not yet clearly defined the copyright ownership of generated content.
He believes that as technology develops and laws evolve, it may become necessary to clearly define the copyright ownership of AI-generated content in the future.
Long queues of passengers are seen in front of check-in counters in Singapore's Changi Airport due to global Microsoft outage, on July 19, 2024. | Xinhua Photo
IT outage warns the potential security risks & management challenges
The recent Microsoft cloud service outage has once again exposed the vulnerability of internet infrastructure and global internet security.
Prof. Glauner pointed out that while Microsoft was not directly responsible for the incident, it serves as a reminder of the potential security risks and management challenges associated with cloud services.
He recommended that internet companies enhance the diversity of their technical architecture, adopting multi-cloud strategies to mitigate the risks associated with the interruption of a single cloud service provider.
Reporter: Clonde Zhang, Sophia Chen (intern)
Editor: Steven Yuan, Nina Huang, James