Quo Vadis, EU (Law)? Navigating the Future of AI Regulation 2/4
AI and the Future of Cybersecurity: Between Innovation and Risks
The relationship between artificial intelligence and cybersecurity from the perspective of a private company
Miss Solange Bronzini discussed the topics of artificial intelligence and cybersecurity form the perspective of the private company she works for, Fater.
After an introductory explanation of the term “cybersecurity”, Miss Bronzini highlighted the various connections between artificial intelligence and cybersecurity. Among such connections, the most noteworthy is the use of artificial intelligence as a tool for cybersecurity: the prevention and protection of the company’s data from cyber-attacks.
However, Miss Bronzini clarified that artificial intelligence is a very powerful tool that can bring significant benefits to a company, but it can also cause considerable damages. The key factor lies in the human element: how artificial intelligence is utilized by individuals. To illustrate the potential damage that artificial intelligence can cause to a company, she mentioned the phenomenon of “deepfakes”.
Finally, Miss Bronzini identified the four pillars that define the role of artificial intelligence within her company: i) AI System; ii) AI Governance; iii) AI Culture; iv) AI Strategy.
The concept of artificial intelligence and cybersecurity within the EU legal framework
Lawyer Massimo Maggiore shed light on European legislation regarding artificial intelligence and cybersecurity.
Lawyer Maggiore, referring to EU Regulation No. 881/2019, defined cybersecurity as a long and costly process, with the ultimate goal of protecting the European Union’s infrastructures form cyber-attacks.
The protection of the European Union’s infrastructures form cyber-attacks is also one of the key points of EU Directive No. 2555/2022, which builds upon the objectives set by the previous legislation on cybersecurity, extending the scope of cybersecurity to additional infrastructures within the European Union.
Additionally, Lawyer Maggiore briefly mentioned the very recent “AI ACT” (EU Regulation No. 1968/2024), stating that artificial intelligence is one of the new frontiers of cybersecurity.
Finally, he clarified that artificial intelligence is a very powerful tool that, despite being in use for years, is still not fully understood. For such a reason, until now, European Union legislation has given the highest priority to the transparency of those who produce and use artificial intelligence.
A geopolitical reflection on the position of the European Union in relation to the major producers of artificial intelligence
Lawyer Alexandre Verheyden offered a reflection on the position of the European Union with regard to artificial intelligence and, in particular, its major producers.
Lawyer Verheyden noted that, since 2019, when the political debate on artificial intelligence intensified, the European Commission has not welcomed any artificial intelligence producers based on so-called “non-technical” criteria.
According to Lawyer Verheyden, such a position of the European Commission is not justified by any legal grounds, but rather by marked political preferences. Indeed, the major producers of artificial intelligence come from China, a country that is notably outside the sphere of interest of the European Union.
Lawyer Verheyden added that not accepting any artificial intelligence producers on the ground of non-technical criteria raises some questions about the relationship between promoting technological growth and protecting against external threats.
In conclusion, Lawyer Verheyden stated that there is no coherence in the regulatory framework that the European Union built in recent years regarding artificial intelligence and its major producers. To support such an opinion, he referenced two ECJ rulings concerning the criteria for defining an external threat – i) genuine; ii) current; iii) sufficiently serious – raising questions such as: is it possible to consider artificial intelligence producers as an external threat?
