Brussels greenlights AI Act, chews over Cyber Resilience legislation

Brussels greenlights AI Act, chews over Cyber Resilience legislation

The European Parliament has given the go-ahead to its proposed AI Act, after provisions covering how generative AI tools use copyrighted materials in developing their models were squeezed in at the last moment.

The agreement means the bill can now move to the next stage, with lawmakers and member countries picking over the fine details, with a committee vote in May, and a plenary vote scheduled for June.

The AI act was first proposed two years ago, well before the launch of ChatGPT transformed perceptions of how generative AI in particular and technology in general could disrupt society.

Reuters reports that the bill approved this week will require companies using generative AI to disclose their use of copyrighted material used in development. AI tools will be classified by their risk level, with high-risk tools having to be particularly transparent. How transparent the companies behind such platforms will want to be is quite another matter.

The progress of the AI bill is just the latest tech-related movement in the bowels of Brussels this month. The European Commission is also working on bills covering Cyber Resilience, and Cyber Solidarity, both of which have broad implications for developers, vendors, and users.

The Cyber Resilience Act in particular has sparked fears that open source developers and project managers could be landed with liability and risk for how their code is used by third parties. 

Euractiv this week reported that the Swedish Council presidency had presented the first full “rewrite” of the proposed act. This seems to concentrate on the classification of devices and products and assessments of security risks but also on regimes around patching and updates.

Gabriele Columbro, the head of the Linux Foundation Europe, told us last week that open source organizations were perhaps slow off the mark in getting involved when the CRA was in its embryonic stage.

However, he said, the latest drafts from the Swedish presidency, “seem to be moving in the right direction” regarding individual contributors.

“The silver lining of this process has been we have seen foundations coming together and realizing their broad responsibility and the need to have a unified front,” he said.

The proposed legislation has even irked the UK Parliament, with a report published this week suggesting it, and the AI bill, could cause divergence with existing UK standards, and potentially upset the Northern Ireland protocol. 

Further complicating things, the EU earlier this month launched a Cyber Solidarity Act, laying out plans to “make Europe more resilient and reactive in front of cyber threats, while strengthening existing cooperation mechanisms”. This coincided with an amendment to the Cyber Security Act to put in place certification for “managed security services.”