EU Nears Agreement on Groundbreaking AI Regulations: Financial Sector Set for Major Impact
EU lawmakers are approaching a historic agreement on the first-ever legal framework for Artificial Intelligence (AI), with a focus on the financial sector. Negotiations on the draft Regulation proposed by the EU Commission in 2021 are now in the final stages, and an agreement on the final text could be reached as early as December.
The forthcoming regulations take a risk-based approach, meaning that the requirements for AI systems will be proportionate to the level of risk they pose for end users. Systems deemed to be of unacceptable risk, such as those employing subliminal techniques, will be outright banned. Meanwhile, high-risk AI systems, like credit scoring models that the financial sector extensively uses, will be subject to stringent obligations.
The financial industry is expected to be significantly impacted by the new regulations, given its heavy reliance on data-driven systems and AI-powered models. To classify AI systems, the draft regulation employs a three-tier model based on the level of risk they present. These tiers include unacceptable risk, high-risk, and limited-risk.
The proposed regulation precisely defines the types of AI systems that fall into the high-risk category. These include facial recognition systems, employee hiring and evaluation, student grading, eligibility determination for social benefits, creditworthiness assessment, and predictive policing. These high-risk AI systems will face strict requirements primarily directed at the AI system providers, who develop or have the system developed for market placement or service under their own name.
The regulations dictate that providers of high-risk AI systems must conduct a conformity assessment before releasing the system to the market. They are also required to ensure post-market monitoring of the system’s performance and ongoing compliance. Users of these high-risk systems, who are not considered providers, have limited obligations such as using the system as instructed, monitoring its operation, reporting incidents to the provider, and maintaining log files.
Furthermore, the regulations outline transparency obligations for limited-risk AI systems. These systems, including chatbots, are required to disclose to individuals that they are interacting with an AI system. Additionally, individuals must be made aware of AI-generated deep fakes, such as manipulated pictures, audio, or video content.
Throughout the negotiation process, the European Parliament proposed expanding the list of prohibited systems, including banning real-time remote biometric identification in public spaces, social scoring, and biometric categorization using sensitive data. The Parliament also suggested considering AI systems as high-risk if they pose a significant risk to the health, safety, or fundamental rights of individuals.
While the final text of the regulations is yet to be agreed upon, it appears that the lawmakers have found common ground on most issues, with only a few points of contention remaining. If an agreement is reached in December, it will still take a few months before the official text of the Regulation is published. Furthermore, a differentiated transitional period is expected to be included to facilitate smooth implementation for national authorities and affected entities, likely spanning 24 months.
Entities, including financial sector firms, that may be impacted by the regulations should start assessing their data-driven systems and processes to determine whether they fall under the definition of an AI system and, if so, which risk category they belong to. The high-risk category is expected to include systems used for creditworthiness assessments and credit scoring, as well as insurance premium calculations for certain products.
As high-risk AI systems face stringent requirements and potential heavy penalties for non-compliance, entities should proactively prepare to transition to the new regulatory regime. However, until the final text is agreed upon, the exact outcome of the negotiations remains uncertain.
In conclusion, the European Union is swiftly moving towards groundbreaking AI regulations that will have a significant impact on the financial sector. These regulations aim to mitigate the risks posed by AI systems and establish clear obligations for AI system providers and users. While the exact details are yet to be finalized, businesses in the financial industry should prepare for the changes ahead and ensure compliance with the forthcoming regulations.
