As the global race for developing artificial intelligence (AI) and harnessing its advantages surges on, countries generally agree that regulation is necessary and are actively exploring options to establish a more uniform legal framework for the development, marketing and use of AI to ensure high levels of protection of public interest, whilst ensuring the free movement of AI based goods and services.
At the forefront of AI legislation across the globe is the EU, who are taking a prescriptive legislative framework-based approach in the form of the AI Act, which will impose legislative obligations at all stages of the lifecycle of an AI system. In stark contrast, the UK is adopting, what is referred to as, a ‘pro-innovation’ approach to AI, with flexible regulation and governance that supports scientific research and entrepreneurs, whilst ensuring that the risks of AI are addressed, and consumer confidence and trust remains intact.
In the below table we summarise the similarities and differences across the main aspects of the approaches to regulating AI.
|Definition of AI
|A rigid definition which classifies technology based on the level of risk it poses to the health and safety or fundamental rights of a person; unacceptable, high, limited, and minimal.
|Flexible definition of AI based on features such as adaptivity and autonomy, rather than the techniques and methods that AI. The intended purpose is to ‘future-proof’ against new and emergent technologies that have unanticipated outcomes.
|Prescriptive legislative framework-based approach, imposing legislative obligations at all stages of the lifecycle of an AI system.
|Principles based approach that UK regulators should consider to best facilitate the safe and innovative use of AI in the industries they monitor.
|Horizontal, industry agnostic, application of a single set of rules to govern AIs use.
|No intention of assigning rules or risk levels to entire sectors and technologies, rather adopt a ‘context-specific’ approach. Sector specific regulators expected to issue guidance on application of principles in next 6-12 months.
|Reliance on a coordinated network of new and established regulators, including a central European AI Board and national competent authorities for AI in each Member State.
|Adherence to the principles will be on a non-statutory basis and implemented by existing regulators with the key outcome being to drive responsible ‘AI innovation and continue to respond quickly to technological advances’
|Cost of non-compliance
|Penalties of up to EUR 40 million or up to 7% of global annual turnover.
|No prescriptive sanctions or monetary fines at this stage.
What should organisations be doing now?
The regulatory position of the EU and the UK represents two ends of a spectrum. Based on current developments, the EU is set to be the first jurisdiction to enact a comprehensive regulatory framework with countries such as Canada and Brazil following suit with equivalent legislation. Other countries, including the US, will instead follow a broad sectoral approach in line with the UK. As regulations across the globe continue to evolve, a practical first step for companies should be to evaluate their existing compliance frameworks in the realms of data, privacy, security and resilience to determine those areas within existing mandates that cover similar territory.
Regulatory frameworks within the EU and UK are yet to be finalised, however organisations should take early action now to ease the compliance burden further down the line. No regrets activities to consider include:
Launch AI task force and perform horizon scanning
Establish AI compliance capability, or augment existing compliance capability
Review AI technologies in-line with relevant third-party and employee expectations
Define a technology classification catalogue
What the PRA’s 2024 mandate for international banks means for your organisation
The Prudential Regulation Authority (PRA)’s recent ‘Dear CEO’ letter is a lifeline for investment firms navigating the UK’s challenging financial landscape. We’ve highlighted the need-to-know insights to help you lead your firm with renewed focus on resilience and innovation.Read more
2023 CASS insight survey
Now in its sixth year, Baringa’s 2023 CASS insight survey shares the views of 42 firms on CASS audit, the growing roles of software and automation in CASS management, and other key areas.Read more
Why organisational culture could be your biggest risk management blind spot
To survive and thrive in a constantly shifting risk landscape, financial institutions need to build a risk culture that is comprehensive, integrated and agile.Read more
Add a little "Red Bull" to your risk management
What parallels can be drawn between financial services and Formula 1? We look at how firms can apply Formula 1 thinking to their risk management strategy.Read more