The European Parliament is now only days away from formalising its position on the world’s first Artificial Intelligence (AI) Act, as EU lawmakers reached a provisional political agreement on Thursday.
Members of the European Parliament (MEPs) have been conflicted until last week on the content of the Act and have finally agreed on some of the compromise amendments, with a few last-minute adjustments pertaining to generative AI.
“The compromised amendments were agreed upon yesterday through internal talks between the rapporteurs and shadow rapporteurs and will be voted on in the committee by MEPs on May 11, 2023,” an EP official said. “This will be followed by a voting in plenary in June, after which talks with Council (member states) will start with the view of reaching an interinstitutional agreement before the end of the year.”
The European Commission, which is the executive branch of the European Union, has been working on a regulatory framework for AI since early 2020. In April 2021, the European Commission proposed a set of draft regulations known as the “Artificial Intelligence Act,” which aims to provide a comprehensive legal framework for the development and deployment of AI systems in the EU.
The proposed regulations cover a wide range of AI applications and are intended to promote trust and transparency in the use of AI, protect fundamental rights and freedoms, and ensure safety and ethical principles in AI development and deployment.
ChatGPT and related AIs receive last-minute tweaks
Dealing with AI systems that do not cater to a specific use case has been the most debated issue in the proposal. These general-purpose AI systems handle a wide variety of tasks and were not covered in the original proposal. They only found consideration after the disruption created by ChatGPT, a general-purpose sub-branch, generative AI model that takes text inputs and returns high-quality, context-based responses to users.
MEPs agreed that generative tools such as ChatGPT, DALL-E, and Midjourney must be regulated in terms of designing and deploying in accordance with the EU law and fundamental rights, including freedom of expression. A major change is that these tools will have to disclose any copyrighted material used to develop their systems.
Existing requirements for the generative AI models include testing and mitigating reasonably foreseeable risks to health, safety, fundamental rights, the environment, democracy, and the rule of law with the involvement of independent experts.
It is also mandated to document the non-mitigable risks that still exist and the reasons why they were not addressed.
ChatGPT has been posing serious challenges to cyberspace and has arbitrary use cases including the generation of phishing materials, info stealer payloads, DDoS and ransomware binary scripts, etc. Adding to the challenges is the fact that the large language systems (LLMS), such as ChatGPT and DALL-E, leave next to no room for regulations without affecting their core functionality.
“Quite simply — I have no clue how one regulates something like Chat GPT without diminishing the effectiveness of their solution,” said Chris Steffen, an analyst at Enterprise Management. “Plus, what about the instances that are created specifically for nefarious purposes? Once the technology becomes common and accessible, bad actors should be able to (and will) set up their own ‘bad guy Chat AI’ to do whatever they want it to and optimise for those purposes. So, do you (and can you) also regulate the technology? Not likely.”
The AI Act primarily follows a classification system
Other than the recent focus on general-purpose AI, the Act primarily focuses on classifying the existing AI solutions into risk-based categories — unacceptable, high, limited, and minimal.
AI systems that present only limited and minimal risks, such as spam filters or video games, may be used with few requirements as long as there is transparency. However, AI systems posing an unacceptable risk, such as government social scoring systems and real-time biometric identification systems in public spaces, will generally not be allowed with few exceptions.
Developers and users are allowed to use high-risk AI systems, but they must comply with regulations that mandate thorough testing, proper documentation of data quality, and an accountability framework that outlines human oversight. Examples of AI systems deemed high risk include autonomous vehicles, medical devices, and critical infrastructure machinery.
The deal reached on Thursday finalises the text, still subject to minor adjustments before voting on May 11 where all groups will have to support the compromise without the possibility of tabling alternative amendments.