Commentary: New AI Law to Regulate Use in the EU

Commentary: New AI Law to Regulate Use in the EU

Tanium’s Chris Vaughan on the EU’s AI law, which aims to create protections against malicious use of AI technology.

The EU’s new AI law aims to ensure controlled use of the general-purpose tool Artificial Intelligence. While there are of course great uses for the technology, there have already been numerous examples of unethical use – including the misuse of Deepfake technology. There have also been dangerous AI-related incidents involving privacy, fraud, and information manipulation. These cases have shown that AI is not a technology that can be legislated retroactively. The passage of this bill establishes a solid foundation for the future development of AI and related laws. It shows that the risks of these developments have been recognized and the potential threats are being taken seriously.

Bill offers leeway for companies

This is a risk-based law, which means it provides some leeway for companies. It is difficult to legislate a technology that has not yet been deployed, as the impact is hard to predict. That’s why the EU has created a framework for legal development. This is intended to provide protection against malicious use of AI technology, for example in the form of deepfakes. Deceptive-looking fake images can have disastrous consequences.

AI must be deployable against cyberattacks

The legislation focuses on aspects of AI technology that can harm individuals. If AI is developed to be used defensively, there will be no legal restrictions on innovation. For example, as malware, phishing, and cyberattacks evolve, defensive counterparts must be allowed to grow with them. AI-generated phone calls that mimic an acquaintance in distress can cause both emotional as well as financial harm to victims. To curb the impact of these scams, voice recognition software needs to be downloaded to cell phones that can detect minute details to unmask the fake based on sound.

Technology development must not overtake legislation

The EU began drafting the new legislation long before the hype around applications like ChatGPT emerged. For this reason, a solid draft of the law has now already been adopted. It is well suited to clarify initial issues and prevent teething problems, as can be seen from the clear support in the European Parliament. It will be important that the legislation does not turn out to be a lengthy process while the technology develops rapidly. If development overtakes legislation, it may become difficult for companies to manage their processes in a sustainable way.

EU is a trendsetter

With the AI law, the EU is once again moving forward as a trendsetter when it comes to regulating technology. Even though this forces companies to operate within the framework, cybercriminals, by their very nature, will not be restricted. However, this also means that there is an opportunity for the development of AI havens outside the EU, where the unethical use of this technology is not prohibited. Hopefully, other governments will follow the precedent set by the EU.


Chris Vaughan

Chris Vaughan

is VP technical account manager at Tanium.