The law provides for various measures to protect society, from labelling images created by neural networks without direct human involvement to a complete ban on certain content. In particular, the use of individual, ethnic or religious characteristics to identify people or recognise their emotions is strictly limited.
There will be restrictions on the use of biometric identification systems and fines for violators, ranging from 7.5 million euros or 1.5 per cent of global turnover to 35 million euros, respectively 7 per cent of turnover.
The law is expected to be formally approved at the political and technical level in May. In November, its prohibitions will come into force, and by 2027, the AI Law will be fully in force.
The EU’s AI Act is expected to have a mixed impact on cybersecurity:
Positive effects:
- Reduced Attack Surface: By banning certain high-risk AI applications and strictly limiting biometric identification systems, the Act could make it harder for attackers to exploit these vulnerabilities. For example, social engineering tactics using AI-generated fake content might become less common.
- More Secure Development: The emphasis on transparency and accountability in AI systems could lead to developers prioritizing cybersecurity during the development process. This could mean features that are less susceptible to hacking or manipulation.
Challenges:
- Compliance Burden: Companies that develop or use AI systems will need to ensure compliance with the Act’s cybersecurity requirements. This could add complexity and cost.
- Uncertainties: The Act’s new regulations, particularly regarding data security for AI systems, might overlap with existing regulations like GDPR. This overlap could create confusion and make it difficult to implement both effectively.
Overall, the AI Act has the potential to improve cybersecurity in the EU by promoting secure development practices and reducing the attack surface of certain AI applications. However, navigating the new regulations and ensuring compliance might pose challenges for companies.
