EU Proposed AI Legislation Is A Threat To Open Source Software

Uploaded on 2023-08-10 in FREE TO VIEW

Governments around the world are wrestling with the best way to tackle AI safety and regulation. The EU AI Act is set to become the first comprehensive AI regulation and to offer a model for policymakers around the world.

But with this promise comes some risk. The Act may regulate upstream open source projects as if they are commercial products or deployed AI systems. Companies are now forming alliances to drive safety research for future models and the UK is pushing for a global approach.

The EU has one of the most prescriptive approaches to AI regulation and will have the first comprehensive law. And now the open source electronic community has serious concerns about a number of recent EU regulatory changes that pose a threat to the open source industry.

Firms including GitHub, Creative Commons, and Hugging Face have published a paper aimed at EU regulators requesting greater support for open source AI development in the upcoming AI Act.

Their list of suggestions to the European Parliament ahead of the final rules includes clearer definitions of AI components, clarifying that hobbyists and researchers working on open-source models are not commercially benefiting from AI, allowing limited real-world testing for AI projects, and setting proportional requirements for different foundation models.

The coalition outlined a series of suggestions for EU lawmakers in the paper, making a number of requests. These included more concise definitions of AI components and greater support and leeway for open source research into the development of AI models.

The main focus of the report is whether research and testing of AI models will be interpreted as “commercial activity” and thus subject to stringent rules under the act.

Under the EU guidelines, real-world testing of AI systems will not be granted exemption from the regulations, which the companies argued could be inhibitive to innovation and prove costly for enterprises. Instead, the coalition suggested a change in language to accommodate for testing which is done “on a limited scale with sufficient documentation and transparency to users”.

The EU Report’s Executive Summary states:

Open source, non-profit, and academic research and development play an essential role in the Artificial Intelligence (AI) ecosystem.

Continuing to support and foster this open ecosystem will be paramount to ensuring that the technology serves all EU citizens on two main accounts:

  • First, the values of sound research, reproducibility, and transparency fostered by open science are instrumental to the development of safe and accountable AI systems.
  • Second, open source development can enable competition and innovation by new entrants and smaller players, including in the EU.

The AI Act holds promise to set a global precedent in regulating AI to address its risks while encouraging innovation. A key focus here centers around whether research and testing of AI models will be interpreted as “commercial activity” and thus subject to stringent rules under the act.

These EU guidelines say that the real-world testing of AI systems will not be granted exemption from the regulations, which the companies argued could be inhibitive to innovation and prove costly for enterprises.

Instead, the coalition suggested a change in language to accommodate for testing which is done “on a limited scale with sufficient documentation and transparency to users... Research and development (R&D) is crucial to the development of beneficial, trustworthy AI systems" the paper says.

“The act should recognise that some real-world testing, including preliminary exploration of a model’s appropriateness to specific deployment conditions and allowing scrutiny and evaluation by relevant civil society organisations outside of the development chain, can be necessary and appropriate for R&D.”

ITPro:     Github:     Computing:     Tech Monitor:     Github:     Digwatch:     The Verge

You Might Also Read:

The Impact of Artificial Intelligence On Knowledge Workers:
___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

« Google Join With Microsoft, OpenAI & Anthropic To Regulate AI Development
Fighting Fake News Using Machine Learning & Blockchains »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Owl Cyber Defense

Owl Cyber Defense

Owl patented DualDiode Technology enables hardware-enforced network segmentation and deterministic, one-way transfer of all data types and file sizes.

Avansic

Avansic

Avansic is a leading provider of e-discovery and digital forensics services to attorneys, litigation support teams, and business communities.

Security & Intelligence Agency (SOA) - Croatia

Security & Intelligence Agency (SOA) - Croatia

SOA is the Croatian security and intelligence service. Areas of activity include Cyber Security and Information Security.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

CERT Tonga

CERT Tonga

CERT Tonga is the national Computer Emergency Response Team for Tonga.

CTM360

CTM360

CTM360® is a Cyber Security subscription service offering 24 x 7 x 365 Cyber Threat Management for detecting and responding to cyber threats.

National Accreditation Authority Hungary (NAH)

National Accreditation Authority Hungary (NAH)

NAH is the national accreditation body for Hungary. The directory of members provides details of organisations offering certification services for ISO 27001.

Eco Recycling (Ecoreco)

Eco Recycling (Ecoreco)

Eco Recycling is India's first and leading professional E-waste Management Company that has set industry benchmarks with its innovative & environment friendly disposal practices.

Lexsynergy

Lexsynergy

Lexsynergy is a global domain name management and online brand protection company.

Kinnami Software

Kinnami Software

Kinnami is a data security company that equips organizations with the tools they need to secure and protect highly confidential documents and data.

Trail of Bits

Trail of Bits

Trail of Bits combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

SLVA Cybersecurity

SLVA Cybersecurity

SLVA Cybersecurity excel at delivering security-as-a-service, fit-for-purpose, within the constraints of realistic budgets and business expectations.

Digital Security Authority (DSA)

Digital Security Authority (DSA)

The establishment of the Digital Security Authority, which incorporates the National CSIRT, is crucial to significantly raising the cybersecurity posture and capabilities of Cyprus.

Acumenis

Acumenis

At Acumenis, we help organisations of all sizes to manage information security effectively. Our key services are penetration testing, ISO 27001 implementations, and security

Tenchi Security

Tenchi Security

Tenchi Security are specialized in Third-Party Cyber Risk Management (TPCRM) and aim to reduce information asymmetry when it comes to third and Nth-Party security and compliance risk management.

DNS Research Federation (DNSRF)

DNS Research Federation (DNSRF)

DNSRF's mission is to advance the understanding of the Domain Name System's impact on cybersecurity, policy and technical standards.