EU draft legislation on artificial intelligence requires awareness

Companies who are in control, can get more out of AI

Once it was only in people’s imagination, projected on movie screens as science fiction. Now artificial intelligence (AI) is a rapidly growing part of our daily life. As exciting and groundbreaking its possibilities are, AI can also come with great risks. To protect citizens against misuse, the EU proposed this spring — being first in the world — a draft legislation. Basically affecting everyone, company or government, who makes AI-applications.

Our daily life is becoming more and more intertwined with AI, a catch-all term for a machine or system that makes decisions, based on large amounts of data, and improves itself while learning. The algorithms that recommend new information based on your search behaviour on social media, the face recognition on photos on your smartphone, or computers that select job applicants. It’s all AI. “It’s cheaper, faster and more accurate than people, so there’s almost no industry that does not experiment or work with AI,” say Tjakko de Boer and Owen Strijland from consultancy firm Protiviti. They follow the developments closely and advise companies how to prepare their organisations’ risk and governance structure for the EU AI legislation.

Huge responsibility

AI is already much bigger than most people can imagine, and we are only at the beginning. Owen: “Do you know what information is used about who you are, what you’re doing and what you’re looking for? And which information will be used in the future?” Companies and governments that are making and using those intelligent machines or systems have a huge responsibility as it comes to the data they use. “How can you apply AI for your own interest and prevent conflicts with the interests of individuals at the same time?” “If AI applications affect our fundamental rights like personal freedom, privacy and health or the functioning of democracy, you enter a sensitive area,” explains Tjakko. “The biggest danger is that both people with good and bad intentions can use AI.” Deepfakes (images, sounds and texts created by artificially intelligent software) for instance, are already a serious problem.

Worldwide standard

This is exactly why Brussels thinks it’s about time to limit the dangers of AI and protect European citizens with legislation. Goal is to make AI in all industries legally, ethically and technically robust by using a so-called pyramid of criticality. The higher the risk of misuse, the more requirements apply to AI systems. The law is expected to come into effect in about two or three years. “Like with the GDPR, it wouldn’t surprise us if the EU regulation on Artificial Intelligence becomes a de facto worldwide standard.” Tjakko and Owen are convinced this is a positive development. “A legal framework like this, stimulates the use of (more) AI applications, and increases confidence and benefits.” With the new EU legislation in mind, Protiviti wants to alert directors and board members to be properly prepared. Although the law is still a draft proposal, the core of it will not change. “It’s already pretty clear what the requirements will be. Every AI system you develop today, must comply with this law in three years. And it’s very hard and expensive, if not impossible, to correct these complex systems afterwards,” explains Owen.

Be prepared

Therefore it’s important to know where AI is being developed and governed within your organisation.” Either way you need to build-in checks and balances to make sure new and existing AI systems comply continuously with the law, and that you are able to prove it,” says Tjakko. “More so than with the introduction of the GDPR, you’d better prepare for the new regulation immediately, because tomorrow’s systems are being developed today. So, be sure to put this high on the company’s agenda, and identify your current and desired governance and risk management.” Owen and Tjakko think this new EU regulation requires broad awareness in companies that work with AI. “Search within your organisation for applications making use of such models that are already there, but also for new possibilities. Companies who are in control with a solid governance and risk structure, will be more confident in reaping the benefits of AI while preventing any nasty surprises.”

Want to know more or need advice in how to create a safe AI environment and how to face the upcoming EU regulation with confidence? Please contact us for more information.


Owen Strijland
Owen started his career in 1999 as a general ICT consultant in the healthcare and finance domain, through his roles as a change advisor to the executive board for a large insurance/ banking company and his role as manager risk management he encountered a variety of ...
Tjakko de Boers
Tjakko is managing director in the technology consulting practice at Protiviti’s Amsterdam office. For over 20 years he assisted clients to leverage digital solutions, improve performance, and manage operational risk and control. Key focus areas include information ...