The European Parliament has been the first to enact a regulatory framework for AI. A risk-based approach to the classification of AI assigns obligations proportionate to the level of risk posed by each AI system.
Under the risk classification system universities inside the EU should note that universities would be considered high-risk AI system providers. This means that universities are required to fulfil a range of obligations, including:
• Establish a risk management system throughout the high-risk AI system’s lifecycle
• Conduct data governance, ensuring that training, validation and testing datasets are relevant, sufficiently representative and, to the best extent possible, free of errors and complete according to the intended purpose
• Draw up technical documentation to demonstrate compliance and provide authorities with the information to assess that compliance
• Design their high-risk AI system for record-keeping to enable it to automatically record events relevant to identifying national level risks and substantial modifications throughout the system’s lifecycle
• Provide instructions for use to downstream deployers to enable the latter’s complianceDesign their high-risk AI system to allow deployers to implement human oversight
• Design their high-risk AI system to achieve appropriate levels of accuracy, robustness, and cybersecurity• Establish a quality management system to ensure compliance
In DEC Executive Briefing #001, “Getting Real with AI”, we looked at approaches to regulation from around the world with a focus on the European Union.
We argue that the EU’s system is complex and likely to be resource-intensive. Universities inside the EU need to have good governance processes to deal with these regulations and emerging impacts on their operations and registration.
We also recommend universities outside the European Union be aware of potential trends emerging around regulation and any forthcoming impact.
Based on the analysis of the Act, we made 3 predictions:
1. Innovation and abilities of smaller companies to compete on a global stage are likely to be reduced due to the complicated requirements
2. EdTech solutions dependent on customisation might be limited in their potential due to the restrictions on data collection and usage
3. Companies are more likely to be risk-averse due to the complexity of regulations
While the Act unanimously passed on 2 February 2024, it may take some time to be enacted and for the effects to emerge.DEC members will continue to receive updates and our ongoing analysis as the impacts of this and other similar regulatory frameworks emerge around the world.
By The Digital Education
