Research Summary

Link to the paper Link to a blog post at montrealethics

AI applications are steadily enveloping humans and their environment, with organizations aiming to create value through innovative products and services. This technological progress, however, raises concerns about its impact on fundamental rights, particularly discrimination. To address these issues, the European Commission proposed the Artificial Intelligence Act (AIA) to safeguard citizens’ fundamental rights. The lack of proper enforcement mechanisms in regulations, as observed with the roll-out of GDPR, prompted primary research in the Netherlands. This research involved a survey and validation interviews to understand how organizations intend to comply with the AIA.

Key Insights

Learnings from GDPR

The GDPR, preceding the AIA, shares similar ambitions in protecting fundamental rights. ISO 27001:2013 compliance aids organizations in pursuing GDPR compliance, but the AIA presents greater complexity. Smaller providers are disproportionately affected, and the AIA’s open interpretation allows creative compliance. The DIY nature of AI development further contributes to compliance challenges.

Size matters yet again

Surveys in the Netherlands analyzed organizations’ AIA compliance, revealing insights into their priorities. The study, including over 30 organizations, highlighted the impact of variables like size and outsourcing on compliance. Smaller organizations tend to be less compliant, raising questions about re-experiencing heterogeneous effects as seen with GDPR.

Importance of audit in AI governance

Enforcement mechanisms are crucial for legislative success. The AIA adopts a ‘command and control’ strategy, balancing deterrence and audit to prevent creative compliance. Auditing AI technologies alone is insufficient due to their complex and non-transparent behavior. Governance model design, accompanying processes, and the economic cost of implementation pose open questions demanding further research.

The APPRAISE framework

The proposed AI governance framework, APPRAISE, results from primary research insights. Analyzing technology, value-creation, regulatory, and normative pressures, it addresses strategic dilemmas in organizations embracing AI for innovation.

Between the Lines

In the journey from research to model development, some conclusions emerged:

1. Organizations understand too little about AIA compliance, leading to noticeable creative compliance actions with limited scope.
2. The consequences of strategic decisions, such as outsourcing, are often underestimated, driven by value creation and technology pressures.

Looking forward, these findings need replication, and in-depth research is required on topics like normative pressures on AIA compliance and governance options’ economic costs and impact on innovation for the benefit of humanity.