Commentary On Developments With EU AI Legislation
The German-speaking SAP User Group (DSAG) has taken the latest developments as an opportunity to assess the importance of a potential EU AI Act. Sebastian Westphal, DSAG Chief Technology Officer, comments:
"The EU's planned AI regulation should serve to reduce the potential risks of AI and prevent dangers that may be associated with its use. At the same time, however, it should not lead to over-regulation that stifles innovation in Europe and burdens businesses. The final legislation therefore has the potential to starkly influence the speed at which AI applications are developed and deployed.
All those involved in AI should thus consider the potential impact on the economy and society at an early stage. Based on the current discussion, an expected legal framework for trustworthy AI and key elements of regulation is already discernable. This will affect not only AI systems providers, but also the companies that use an AI system at their own risk, as well as all stakeholders along the AI value chain.
Definition, regulation, risk
From the DSAG's perspective, there is an urgent need to strike a balance between regulation and promotion of AI innovations. The classification of AI applications, as provided for in the AI Act, is already highly problematic: it focuses on so-called high-risk applications, which are prohibited, while a clearly definable definition of these applications is not yet possible. The various definitions of the current negotiating partners are sometimes quite broad and, if interpreted strictly, could even include statistical software or AI-assisted evaluation processes. If this broad definition is accepted, it will result in requirements that will prevent the use of AI in many areas, except where it could provide relief and efficiency—for example, in the digitalization of public administration.
The current focus of the discussion, namely deepfakes and large-scale copyright, is problematic from DSAG's point of view. Regarding deepfakes, current regulatory instruments and prohibitions hardly tackle any of the major problems associated with them. And with the introduction of the General Data Protection Regulation (GDPR), the EU has already behaved poorly when it comes to large-scale copyright. While deepfakes and copyright issues are relevant, they are merely two scenarios among many when it comes to regulating AI.
“The EU's AI regulation is intended to reduce the potential risks of AI and
to prevent dangers.“
Sebastian Westphal,
Chief Technology Officer,
DSAG
A sticking point will be the risk classification of use cases. In addition to assessing the systems themselves, there is also the question of who should certify all AI-based high-risk systems. It is important that the EU not impose an unnecessary and costly administrative process on itself, which while many large companies may be able to afford, small and medium-sized enterprises cannot. The risk of the EU being completely left behind technologically by China and America in the rapidly developing field of AI technologies is more than real.
Large European AI Models
It seems that the EU wants to have the most regulated AI in the world; however, it must not forget to carefully weigh its economic interests so as to avoid possible over-regulation. Against this background, the DSAG's demands of policy makers can be summarized as follows:
- A national AI strategy is needed to create an institutional framework for technological development.
- The use of AI should be economically attractive for small and medium-sized enterprises (SMEs), and financial support for AI should be established—such as the Large European AI Models (LEAM:AI) initiative for the development of large, data-rich AI models.
- Strict data protection rules must not hinder the successful implementation of AI.
- A central coordinating body for the use of AI in the public sector is required to ensure knowledge transfer, legal frameworks, technical support, and training.
- Better education on all aspects of digitalization is needed to promote a social consensus on how to deal with AI because the technology already exists, and all businesses will need to learn how to handle and work with it.
Artificial intelligence (AI) is a powerful tool, but it is often overlooked that it needs data to be truly useful. The idea that technical experts and consultants can easily implement AI systems in businesses is a fallacy. In fact, business professionals are critical to reaping the benefits of AI systems, such as increased productivity—even if AI is not the sole panacea that the current hype makes it out to be.
One challenge remains unaddressed when it comes to the sustainable use of AI technologies: training artificial neural networks requires enormous amounts of computing power, energy, and resources. Developing companies do not provide detailed information on exactly how much energy is required.
What applies to the EU as a whole also applies to SAP as a provider of software products for business processes: like many other software providers, SAP has recognized that AI is an important topic for the future and is expanding its existing portfolio accordingly. AI should not only automate and accelerate processes in companies, but also promote more efficient data use. Companies with a high degree of digitalization in particular can benefit when it comes to business model development.
Announcements such as SAP's in July, which stated that AI innovations will only be available to customers with certain cloud contracts and a corresponding price premium, are counterproductive. It is essential for successful digitalization that SAP make all AI innovations available to all customers. SAP must also ensure a consistent framework and comprehensive monitoring for the integration of large language models into SAP processes. At the same time, transparent licensing and usage terms are needed, especially in the context of SAP's AI partnerships with other companies. Further clarification and definition is needed regarding indirect data use from SAP systems for AI applications, in the context of license agreements. Companies should also receive support and best practice guidelines for integrating AI applications so as to ensure data protection and implement specific use cases.”
