Europe’s New AI Act & GDPR

The European Union is doing everything possible to create an ‘iron dome’ around its data to protect it from cyberattacks

Geopolitics is driving technology, especially Artificial Intelligence (AI), as the Russian President Vladimir Putin once said that the nation which leads in AI will rule the world. The European Union (EU), which is technology-dependent on the US Big Tech, and energy-dependent on Russia, has taken Putin’s words to heart and doing everything possible to control AI through a slew of hard-hitting regulations, that reach even beyond EU borders, to protect is the territory from hacking, data theft, and cyberattacks, among others.

Europe is, in effect, creating a protective shield around its data, as tensions between the western world and the China-Russia axis intensify, with the cold war turning hot after Russian tanks rolled into Ukraine on February 24, 2022. The is much like the Israeli iron dome defensive shield protecting the country from missile attacks.

The battle against the weaponization of AI

The lurking fear is over the weaponizing of AI models, chatbots, and social media platforms in influencing the democratic process of EU countries by autocratic countries. In the process, technology companies will be caught in the geopolitical crossfire and will come under harsher regulations that will have consequences on their business models.

The recently agreed-upon Digital Services Act (DSA) places new restrictions on some of the largest platforms, a reaction to the way established platforms like Facebook and YouTube have been used to undermine elections, promote genocide, and spread dangerous conspiracy theories. But the new rules are likely to bring about bigger changes on TikTok than on more established platforms. When Europe’s new rules force all large social platforms to open up their data and even algorithms to outside scrutiny, TikTok may change most of all.

The DSA is aimed at reducing online harms, such as harassment, and making major online platforms more accountable for their effects on elections and other aspects of society, with large social networks and search engines the primary targets. The law was agreed upon in April 2022, weeks after the passage of a companion law aimed at tech monopoly power. “With today’s agreement, we ensure that platforms are held accountable for the risks their services can pose to society and citizens,” European Commission executive vice president Margarethe Vestager said of the DSA decision. The law’s legal text is now being finalized, and it could take effect as soon as January 2024. As with Europe’s GDPR data protection law, the DSA may alter how tech companies around the world operate.

The AI Act & GDPR combo

Starting with the GDPR (General Data Protection Regulation) in 2016, and now with the latest Artificial Intelligence Act, the EU is empowering its oversight bodies with legal weapons to crack down on the use of AI that it deems to be harmful. While GDPR defines data privacy, the AI Act gives its teeth by laying down what companies can do with that data when developing AI models. Using these pieces of legislation,

Some of the toughest proposed regulations on AI models developed to extract actionable intelligence from data give enormous powers to EUoversight bodies to order Big Tech and any company, using AI, to retrain their models if deemed high risk. Coupled with the GDPR legislation, on data protection and individual privacy, the EU appears to be becoming the global standard-bearer on laws governing AI.

The firepower of the AI Act

The EU’s planned risk-based framework for regulating artificial intelligence includes powers for oversight bodies to order the withdrawal of a commercial AI system or require that an AI model be retrained if it’s deemed high risk, according to an analysis of the proposal by a legal expert. That suggests there’s significant enforcement firepower lurking in the EU’s (still not yet adopted) Artificial Intelligence Act — assuming the bloc’s patchwork of Member State-level oversight authorities can effectively direct it at harmful algorithms to force product change in the interests of fairness and the public good.

Article 2 of the AI Act, the first feature borrowed from the GDPR is in fact the extensive scope of application, well beyond European “borders.” Indeed, three categories of subjects will be bound by these provisions: not only users of AI systems located within the territory of a member state but also providers that place AI systems on an EU market or put them into service in the EU, irrespective of whether they are established in the EU. Furthermore, third-country providers and users of AI systems would fall within the scope of application if the output generated by such systems is used in the EU.

The global impact of EU’s AI Act

Digital assets today are an outcome of the global value chain. Data generated in one country used by a manufacturer could well be used in another country, as value chains are global. Customer preference data in Germany could be used by a garment supplier in Bangladesh.

The GDPR provides for the data controller to be responsible for—and be able to demonstrate compliance with—the safeguarding principles relating to the processing of personal data. 

The AI Act (AIA), although not specifically mentioning the accountability principle, extends this principle to all operators involved in the supply chain. For instance, Chapter 3 of the AI Act, which deals with enforcement, places horizontal obligations on providers of high-risk AI systems but also establishes proportionate obligations for users and other players within the AI value chain, such as importers, distributors, and authorized representatives. AI developed in the EU but also AI developed anywhere in the world which is used in the EU. Like the EU data protection law, the GDPR, the EU is explicitly positioning the AIA to become the global model for regulating AI.

Know more about the syllabus and placement record of our Top Ranked Data Science Course in Kolkata, Data Science course in Bangalore, Data Science course in Hyderabad, and Data Science course in Chennai. Know more about our Top Ranked PGDM in Management, among the Best Management Diploma in Kolkata and West Bengal, with Digital-Ready PGDM with Super-specialization in Business Analytics, PGDM with Super-specialization in Banking and Finance, and PGDM with Super-specialization in Marketing.