Reframing AI Identity for Europe's New Regulations
The EU's AI Act is crafting a stringent lifecycle governance for high-risk AI, yet leaves gaps in defining AI identity. A new framework could fill these voids.
The EU Artificial Intelligence Act (AIA) aims to tighten the reins on high-risk AI systems by enforcing a lifecycle governance model. This involves ex-ante conformity assessments, post-market monitoring, and re-evaluations upon any 'substantial modification.' But there's a hitch. How do regulators decide when an updated AI remains the same system? That's the conundrum.
AI Identity Crisis
AI identity judgments are key for the AIA's framework. When regulators and providers need to determine if an AI system has changed, they rely on something called 'AI trustworthiness.' This concept builds on the function+ framework, which defines AI systems by their intended function and context-sensitive criteria. But here's the kicker: the AIA doesn't clearly define how two AI systems should be considered identical at any given time. Instead, it defers these judgments to sectoral or harmonization instruments. Talk about sidestepping responsibility.
Function+ to the Rescue
Enter function+. This framework provides a synchronic identity test based on intended functions and trustworthiness profiles. It makes identity decisions inspectable in governance spaces like procurement, liability, and market surveillance. In short, it's about making sure that an AI system's identity can be verified and audited, which is important for compliance.
Function+ offers a correspondence map that aligns the AIA's lifecycle obligations with identity components. It also lays out a minimal decision flow for audits and disputes, making the synchronic case operationally clear. Will this solve all the AIA's identity woes? Probably not. But it's a step in the right direction.
Recommendations for Implementation
So, what's the road forward? Two key recommendations stand out. First, precise and testable reporting of intended AI purposes needs to become standard practice. Second, trustworthiness reporting should be standardized and auditable to ensure comparability across time and different deployments. These changes could go a long way in bridging the current gaps in AI identity management.
Ultimately, the AIA's challenge is clear: how can it ensure that AI identity is both consistent and verifiable? Slapping a model on a GPU rental isn't a convergence thesis. The EU's stride toward regulating AI is commendable, but these identity ambiguities need resolution. If the AI can hold a wallet, who writes the risk model?
Get AI news in your inbox
Daily digest of what matters in AI.