At PrivSec Global today, a panel of experts explored the proposed AI regulation and what it will mean for business. 


This session, led by Robert Bateman, Analyst and Research Director, GRC World Forums, emphasised the need for AI regulation especially in this present moment of time, with Cristiana Deca, Data protection specialist and founder, Decalex Digital, saying: ”We’ve used it in our lives for such a long time…if we as a EU society still believe the heart of Europe is protecting the rights of our people, this is an essential step.”

Deca highlighted that it is necessary to have an ecosystem of trust where everyone can contribute to what will be the setting stone of regulating AI globally. 

When asked what the draft AI regulation does right, Cristiana Deca responded that whilst it is a risk-based approach, it is balanced with fundamental rights, which is “something the AI regulation got right.” Sandy Tsakiridi, Group Senior Legal Counsel, HSBC, answered: “They are measures in place to support innovation like regulatory sandboxes, flexibility, in particular the definition of AI which can be criticised for being too broad. They have also included a necessity to update the annex regarding high risk organisations.”

With the proposed regulation, the question arises will it stifle innovation? Tsakiridi explained that “an important factor to consider is the requirements set out will trigger significant costs to guarantee a system is compliant. There is a risk that resources may shift from innovation to compliance, and makes it less attractive place to invest in.”

Robert Bateman went on ask the panellists if there were any mistakes, to which Cristiana Deca said that there are a lot of things still to be defined, “even though it seemed they are trying to make it as extensive as possible, the definition is somehow narrow and this is something that can go against innovation.”

Deca also listed:

  • That the proposed regulation fails to mention commercial manipulation and emotional recognition.
  • From a consumer perspective, it talks about physical and psychological harm, but doesn’t include financial or economic.
  • There is a significant reliance on self-assessing, although AI is an international cooperation problem.
  • Even though the AI regulation is created to work in harmony with GDPR, it provides very little clarity on processing consumer data.
  • It doesn’t include a one stop mechanism.

Tsakiridi concluded that the proposed draft in an ambitious project, and although the task of the European Commission is not an easy one, this is a starting point between policy makers and the industry.  

To learn more about artificial intelligence, PrivSec Global will be hosting “Artificial Intelligence/Machine Learning: How Can AI lead to a New Revolution in Cybersecurity (Sponsored by Egress)” at 8:00pm tonight.