Tendencias globales en la regulación de la IA y estándares tecnológicos asociados
1. Global trends in AI
regulation and associated
technology standards
Dr. Ansgar Koene
Global AI Ethics and Regulatory Leader, EY
4 September 2023
2. Development of policy debate on AI (deliberative approach)
Fact finding and expert consultation
AI Principles
National AI Strategies
Legislative gap analysis
New or amended legislation to regulate AI
Overview of National AI-Strategies (2020)
53 Nations
Source: OECD (Organization for Economic Cooperation and Development)
https://www.aisoma.de/useful-resources-on-artificial-intelligence/
Page 2
3. Reactive policy development
• (Perceived) abuse of power through the use of AI
triggers reactive policy responses
• E.g. Due to protest over bias in accuracy and
deployment various US cities and states have
moved to ban the use of Face Recognition AI by
police or public sector
• IBM, Microsoft and Amazon prompted to back away
from selling facial recognition tech to law
enforcement
Page 3
4. Multi-national initiatives (illustrative examples)
OECD: Actively developing regulatory guidelines,
thought leadership and tracking tools through multi-
lateral dialogue to support coordinated approaches to
responsible use of AI.
OECD also acts as secretariate for other multi-national
initiatives like the Global Partnership on AI (GPAI).
G7: Under Japan’s chairmanship the G7 has
established the “Hiroshima Process” for international
discussion and harmonization of rules for the use
and development of AI.
Council of Europe: Developing a Framework
Convention on AI, Human Rights, Democracy
and the Rule of Law.
UN: UNESCO developed the Recommendation
on the Ethics of AI which was adopted by all
193 member states. This will be a contributing
part to the UN Global Digital Compact that is
being drafted for ratification 2024.
ASEAN: Is currently in the process of assessing
a set of AI Principles and Guideline for the
region.
5. Possible AI Governance Initiatives
Page 5
Organisation and application
Prepare the workforce and increase
awareness
Create AI Governance framework
Funding of Innovation/research
Set up AI Principles and
Governance programs
Create a Trusted AI Framework
Manage AI Risks and Implement
Appropriate Controls
Monitor and Keep Humans in-the-Loop
Promote R&D programs
Society
6. Proportionality and Do
No Harm
Safety and Security
Right to Privacy and
Data Protection
Multi-stakeholder and
Adaptive Governance &
Collaboration
Responsibility and
Accountability
Transparency and
Explainability
Human Oversight and
Determination
Sustainability
Awareness & Literacy Fairness and Non-
Discrimination
G20/OECD UNESCO
Inter-Governmental Principles for the Use and Development of AI
Page 6
7. Principles of AI Governance reflected in proposed regulation & guidance
Page 7
Transparency
Responsible disclosure
regarding AI systems and
stakeholders should be informed
if AI systems are used
Fairness
Avoidance of unfair bias,
accessibility and universal
design, and stakeholder
participation
Security and Safety
AI systems should be secure
and function appropriately, such
that they do not pose
unreasonable safety risk
Accountability
Owners, developers, providers
and users of AI systems should
be responsible for the proper
functioning of the systems
Privacy and Data Governance
Respect for privacy, quality and
integrity of data, and access to
data
8. Regulatory approaches to AI
United States: Emphasis on applying pre-existing laws
(e.g. Anti-Discrimination laws) and sector specific
regulations (e.g. Medical Devices), paired with voluntary
guidelines (e.g. NIST AI Risk Management framework) and
public commitments from industry.
China: Combines general guidelines with focused
regulation to address specific areas of concern. Passed new
legislation specifically requiring AI generated media content
(text, video and audio) to be labelled as synthetic, and
requiring providers to ensure that training data and content is
“true and accurate”.
EU: Focus on harmonizing regulator approaches to AI
across the 27 member states by proposing overarching
legislation to ensure that ‘high-risk’ AI applications don’t
violate the safety, security and fundamental rights of
persons (the EU AI Act).
Canada: Seeking to establish comprehensive
legislation for AI through the AI and Data Act, which
builds on existing legislation mandating Algorithmic
Impact Assessment on federal AI tools expanding the
scope to include private sector and risk mitigation
and management obligations for high-impact uses
of AI (C-27 AIDA).
UK: Proposing a framework of responsible AI
principles for existing domain-specific regulators
to apply when assessing uses of AI in the context of
their domain of competence.
Japan, South Korea, Singapore and many other
technologically developed states: Currently focused on
voluntary guidelines.
Page 8
10. Five regulatory trends for AI
Page 10
1. Regulation and guidance is consistent with the G20/OECD AI Principles
2. Proportionality of regulatory obligations based on risk/impact of the AI
application
3. Combination of sector-specific and sector agnostic requirements to meet the
broad application domains of AI
4. AI-related policy are developed in the context of other digital policy priorities
5. Use of regulatory sandboxes and similar tools for agile learning and refining
of policy implementation
11. The EU Digital Strategy: 4 Pillars, and potentially global implications
Page 11
12. AI is a core piece of the EU’s digital strategy and regulatory tapestry
AI
Act
(draft)
GDPR
DMA
Updated
product liability
DSA
Data
Act
AI Liability
Directive
(draft)
…
…
…
Page 12
13. AI - EU Policy drivers
• Balancing between:
Ecosystem of Trust &
Ecosystem of Excellence
• AI Risk Assessment
• Access to Data without sacrificing Rights
• Coherent regulation across EU27.
Challenges
And..
• Correct previous Digital Economy ‘failures’
• Continue to champion Fundamental Rights (e.g.
GDPR)
• Where possible, increase regulatory convergence
with ‘partner countries’ (US and TTC process
• Develop global alliances (e.g. Canada, Japan).
To establish a legal framework for AI across Europe’s
which will set some requirements for high-risk
applications of AI: from making sure that they use high-
quality data, to ensuring human oversight.
EU’s Aim EU desired ‘Geopolitical Positioning’
China
US
EU
Focus on
‘Human-
Centred,
Trustworthy AI’
Page 13
14. EU: A risk-based approach to regulation
Risk assessment on the basis of risk to safety, security and fundamental rights of
natural person posed by intended use of AI
No risk or minimal risk
PERMITTED with no restrictions
Non high risk
PERMITTED but subject to
information/transparency obligations (i.e.
impersonation –bots-)
High risk
PERMITTED SUBJECT TO COMPLIANCE with
AI requirements and ex ante conformity
assessment (i.e. recruitment, medical devices)
Unacceptable risk
PROHIBITED (i.e. social scoring)
Page 14
15. Page 15
ASEAN Digital Masterplan – the need for an ecosystem of trust for AI
• “As ASEAN moves towards developing its digital economy, a trusted ecosystem is key - one
where businesses can benefit from digital innovations while consumers are confident to use AI.”
- ASEAN Digital Masterplan 2025
16. Key commonalities in current AI initiatives within ASEAN
Page 16
Strategic Initiatives
AI talent and manpower
Developing and building a pool of
skilled workers to support AI
development
Innovation and Research
Encouraging investments in AI-
related research and innovation
Governance
Implementing legal and regulatory
frameworks for the development and
application of AI systems
Infrastructure
Setting up ICT infrastructure and
systems to support data sharing and the
development of AI systems
Priority Areas
Healthcare
Many of the AI Governance guidelines identify
priority areas for the development and
deployment of AI solutions.
Some common priority areas are:
Education Smart Cities
Finance Manufacturing/Logistics Public Service
17. 5 major areas of concern for AI system
Page 17
From the landscape study conducted, it was noted that many of the existing frameworks based on international AI ethics
principles seek to address 5 major areas of concern for AI system.
1 2
3 4 5
KNOW WHEN ONE
IS USING AI AND AI
SYSTEMS
UNDERSTAND HOW
AN AI MODEL
MAKES A DECISION
ENSURE AI
SYSTEMS ARE
RELIABLE AND
SAFE
LEAD TO FAIR
DECISION / NO
UNINTENDED BIAS
DEFINE OVERSIGHT
FOR AI SYSTEMS
Areas of Concern
18. Draft ASEAN AI Principles
Transparency and Explainability
Fairness and Equity
Security and Safety
Human-centric
Privacy and Data Governance
Accountability and Integrity
Robustness and Reliability
Page 18
19. Further considerations for policymakers
Page 19
Other factors to consider in AI policy development include:
1. Ensuring regulators have access to sufficient subject matter expertise to successfully
implement, monitor and enforce these policies.
2. Ensuring clarity, if the intent is to regulate risks arising from the technology itself or
from the way it is used or both;
3. The extent to which risk management policies and procedures, as well as the
responsibility for compliance, should apply to third-party vendors supplying AI-related
products and services.
4. The importance of multi-lateral processes to make AI rules interoperable and
comparable.
20. Standards and Regulation
• Standards establish technical detail, allowing legislation to
concentrate on policy objectives
• Standards can be one way to establish regulatory compliance
Page 20
21. P70xx “Ethics AI Standards”
IEEE P2863 - Recommended Practice for
Organizational Governance of AI
…
[national standards body]
Page 21
23. IEEE 7000-2021: Model Process for Addressing Ethical Concerns During System Design
IEEE P7001: Transparency of Autonomous Systems
IEEE P7002: Data Privacy Process
IEEE P7003: Algorithmic Bias Considerations
IEEE P7004: Child and Student Data Governance
IEEE P7005: Employer Data Governance
IEEE P7006: Personal Data AI Agent Working Group
IEEE P7007: Ontological Standard for Ethically Driven Robotics and Automation Systems
IEEE P7008: Ethically Driven Nudging for Robotic, Intelligent and Autonomous Systems
IEEE P7009: Fail-Safe Design of Autonomous and Semi-Autonomous Systems
IEEE 7010-2020: Recommended Practice for Assessing the Impact of Autonomous and Intelligent
Systems on Human Well-being
IEEE P7011: Process of Identifying and Rating the Trustworthiness of News Sources
IEEE P7013: Benchmarking of Automated Facial Analysis Technology
Page 23
Legislation that is already in place
GDPR Article 22 on right to recourse in case of automated decision making with significant impact on individuals
DSA obligations on recommender systems and (automated) content moderation
DMA obligations on automated systems for product recommendations
Machinery Directive
Medical Devices
New legislation that will touch on AI (other than the AI Act)
Data Act
AI Liability directive
Cyber Resilience Act