Navigating Challenges in AI Regulation: Insights from the European AI Act

By Dr. Sampath LonkaReviewed by Susha Cheriyedath, M.Sc.Nov 23 2023

In April 2021, the European Commission introduced the European AI Act (AIA), aiming to establish a unified regulatory framework for AI technology development and deployment. In a recent publication in AISeL, researchers made two significant contributions. The first contribution centers on elucidating challenges in AI regulation. The findings, primarily based on the April 2021 draft of the AIA, are deemed applicable to subsequent versions. The second contribution identifies and discusses novel areas for IS research on legal regulation, particularly focusing on the agenda-setting, policy formulation, and decision-making stages. This extends the current IS research emphasis on implementation.

Background

AI has swiftly reshaped facets of daily life, from communication to work, prompting concerns about accountability and transparency in its independent decision-making capabilities. Recent years have seen robust engagement by the IS research community in AI themes.

Notable examples include special issues in managing AI and AI in organizations. Given the complexity and potential risks of AI, regulatory frameworks are imperative to ensure responsible development aligned with societal values. The AIA imposes varying requirements on providers and users, progressing through the policy cycle with an expected adoption decision in late 2023 or early 2024. The AIA underscores the community's shift towards regulation and compliance concerns. The AIA, a complex subject, not only captivates the IS community but also draws interest from diverse disciplines.

IS research on regulations

Previous IS research has extensively examined legal regulations across diverse industries and practical contexts. The focus here is on the European AIA, which is currently advancing through the policy process to become law. The summary of earlier IS literature on legal regulation employs the policy cycle, a model encompassing agenda setting, policy formulation, decision-making, implementation, and evaluation in public policymaking. The current study is related to IS research on regulation, focusing on the implementation stage and exploring enforcement, compliance, and impacts on organizations.

Studies delve into various contexts, such as online copyright law enforcement, cybercrime deterrence, and the socio-technical compliance environment within financial organizations. A sub-stream also scrutinizes the impact of regulations on industries, organizations, and individuals, with examinations of high-frequency trading, telemedicine innovation, and the effects of deregulation on the airline industry.

Challenges and critiques of AIA

In conducting an extensive examination of the discussions surrounding the AIA, a discipline-agnostic systematic literature review was undertaken. Utilizing five scientific databases, the authors followed Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines to meticulously select relevant articles. The search yielded 143 papers initially, with an additional six articles identified in a subsequent search. The data analysis focused on identifying critiques and challenges related to the AIA in each article.

One author primarily conducted this phase, highlighting issues such as premise and approach, scope, and formulation. The identified challenges were then categorized into three overarching themes: regulation, compliance-related issues for system providers and users, and the anticipated impact of the AIA.

The regulation theme encompassed criticisms of the AIA's approach, scope, and ambiguous wording. The AIA's broad scope, especially its focus on software over hardware and its exclusion of certain sectors, drew significant criticism. The lack of clear definitions and ambiguities in terminology, such as the definition of AI itself, were highlighted as points of concern.

The requirement for transparency and explanations in high-risk AI systems raised questions about the clarity and depth of these explanations, especially in emotionally sensitive contexts like healthcare. Compliance-related challenges were examined for both AI system providers and users. The AIA's requirements for providers were deemed unrealistic, especially in terms of ensuring data completeness and freedom from errors.

The lack of clear standards for compliance assessment and enforcement and the potential exploitation of legal ambiguities by system providers were identified as challenges. For users, challenges included assigning responsibility in various contexts and uncertainty in liability definitions, especially in clinical research.

The enforcement of the AIA was considered challenging, with concerns about the lack of safeguards for upholding voluntary codes of conduct and potential weaknesses in transparency self-assessment. Questions were raised about decision-making authority regarding AI system outputs, risk levels, and responsibilities for autonomously operating AI systems.

The anticipated impact of the AIA was scrutinized, with critiques focusing on its inadequacy in addressing technological challenges and potential negative effects on innovation, investment, and legal certainty. Concerns were expressed about the impact on industry, particularly small-scale providers, and the potential barriers created by compliance requirements. The perceived lack of impact on citizens and the inability of the AIA to empower end-users or affected individuals were highlighted.

Conclusion

In summary, the current study provides a comprehensive analysis of challenges and critiques related to the AIA, contributing valuable insights for further discussion and refinement of AI regulations. Acknowledging limitations, including the potential negativity bias, the study aims to guide future research on AIA concerns, urging researchers to explore similar initiatives in diverse geographical contexts.