Published Date: 2023-08-09
Publication:2022.12
Principal Investigator:李淳 Lee, Roy Chun
Researchers:王煜翔Wang, Yu-Shung
l In an effort to address the emerging
security risks posed by the use of Artificial Intelligence (AI), the European
Union has been developing the “Artificial Intelligence Act” since 2021. The
proposed act aims to regulate AI applications through a risk-based approach,
featuring pre-market requirements and post-market surveillance for high-risk AI
systems. Phase I of the present study presents an overview of the draft AI Act,
followed by an impact assessment for the relevant domestic sector.
l The results of the impact assessment
indicate that the EU’s AI Act has a greater impact on businesses involved in
high-risk AI applications. Accordingly, ensuring compliance with EU’s
transparency requirements is necessary during the early stage of development. Additionally,
the regulatory compliance requirements in the proposed regulation might hamper
innovation and interrupt development and implementation efforts by AI system
providers. However, the draft Act is also likely to generate a demand for AI
regulation specialists. While details on implementation of the EU AI Act are
still under discussion, it is important to monitor key regulatory development
such as scope of application, transparency obligations, and their impact on
SMEs.
l The EU’s proposed new Machinery Regulation
will classify software that provides a safety function and AI-integrated
machinery as “potentially high-risk products,” which will require a third-party
certification of conformity before entering the EU market. The new regulation
also requires manufacturers to identify safety risks arising from the product’s
learning and autonomous behavior. The new law adds new EHSR on cybersecurity,
designed to enhance the cybersecurity features of control systems and prevent
machinery safety being compromised by malicious third-party alterations or
network attacks.
l The impact assessment further suggests that
the stricter third-party verification requirements, risk assessment and
post-market safety data collection obligations imposed for AI and software products
with a safety function under the new EU Machinery Regulation will increase the
cost of robot products, management expenses, and delay the time of product
launch. As a result, the EU should publish the texts early before the
implementation and give businesses sufficient time to respond. Additionally,
the new legislation promotes using electronic records of conformity declaration
and validation information, with some businesses concerned that producing
paperless validation information requires equipment and operational process
adjustment by their upstream and downstream suppliers. They may also need to
maintain both paper-based and digital workflows at the same time.
l In phase II of this study, industry reports
and expert interviews were analyzed, leading to the following conclusions: AI
application providers’ primary concern is whether their AI systems under
development and in use are classified as high-risk under the AI Act. Regarding
the EU’s draft Machinery Regulation, key areas of industry concern include
official determination of AI use in a product’s safety function, classification
of high-risk machinery and pre-market third-party validation requirements,
allocation of responsibilities between system providers and system integrators
under the new legislation, and the capacity of EU notified bodies.
l As Taiwan and EU gear up for an Industrial
Policy Dialogue on robotics, phase II of the present study proposed the
following recommendations for the Dialogue:
² Include “ways the EU could assist
businesses in clarifying the scope of regulatory applicability” as a discussion
topic;
² Conduct case studies to explore how the EU
determines use of AI in a product’s safety function; inquire about the progress
of discussions in the European Parliament (or internally) regarding the
definition of safety functions.
² Inquire about whether there have been
discussions on actual cases of substantial modifications during the
regulatory development process. If so, request the EU to provide relevant
information to help clarify the regulatory responsibilities of system providers
and system integrators.
² Inquire whether the EU has initiated an evaluation of the progress and capacity of qualified notified bodies, and if there will be measures in place to ensure adequate capacity.
Chinese:https://web.wtocenter.org.tw/Page/91/388803