Some quick notes on the EU's AI Act. These were written the morning after so I might update them as more details emerge.
- The whole thing is premised on a risk-based approach(1)
- This is a departure from GDPR, which is rights-based with actionable rights
- Therefore it's a huge victory for industry(2)
- It's basically a product safety regulation that regulates putting AI on the market
- The intention is to promote the uptake of AI without restraining 'innovation'(3)
- Any actual red lines were dumped a long time ago
- The 'negotiation theatre' was based on how to regulate gen AI ('foundation models') and on national security carve-outs
- People focusing on foundation models were the usual AI suspects
- People pushing back on biometrics etc were civil society & rights groups
- The weird references in the reports to numbers like '10~23' refer to the classification of large models based on flops(4)
- Most of the contents of the Act amount to some form of self-regulation, with added EU bureaucracy on top(5)
-
Ironically, an epistemology of 'risk' is one of the key things that makes predictive AI so harmful ↩
-
h/t to Daniel Leufer for clarity on this ↩
-
Innovation as in 'shock doctrine' ↩
-
No doubt swapping these numbers makes eurocrats feel cool & nerdy ↩
-
IMO the EU itself, as an institution that constructs the conditions for mass deaths at its borders, is itself a 'high risk model' ↩