Comment by 9dev
10 days ago
It’s a bit in general, because if you actually read the EU AI legislation, most of it follows the right ideas and provides more safety, in the sense that OpenAI and Anthropic used to pretend to care about, but never really did.
The ideas are debatable but generally correct. The EU's problem is that regulation stops at the ideas, and it is intentionally designed so to be impossible to ensure compliance in advance. So the regulation is really after the fact and a subjective judgment by regulators. So there's tons of risk even if you genuinely believe you're complying with the prescribed intents.
My opinion on EU regulation would flip 180 degrees if they offered any kind of pre-clearance where you could propose a product, feature, or policy and be told in advance if it meets their subjective requirements.
IMO you can have clear, specific requirements in advance, or you can have a body that provides interpretations of spirit-of-the-rules regulations in advance. Having neither is a problem.
(yes, I'm aware of the argument that if you tell companies what's legal in advance they will just do the bare minimum or find loopholes... I don't find that to be a legit rule of law system)
I understand that desire entirely, but I’m not sure if it would work that way. Take an ISO 27001 certification (or SOC, if you like): There is no one clear set of things to do, but both guidance and requirements that you need to address and be able to defend your concrete implementation.
And I generally like that a lot better than having a set of hard this-way-or-no-way checklists that invariably consist of 80% bullshit ceremony for giant corporations. ISO nudges you toward that too, but if you’re able to deliver the same security guarantees with less, auditors will usually be happy.
The same, in general, works for GDPR regulations as well: The law is mostly about doing the right things, but not spelling out the billions of cases and permutations and strategic decisions involving privacy in one way or another.
It's deliberately not prescriptive as the implementers are the ones best placed to solve for requirements - you don't want policy makers providing technical checklists. And it's not unstructured - ISO 42001 essentially encodes it.
With the way things are, having to disclose training data will basically make it impossible for an EU AI to compete.
Im not happy with the AI act in entirety either, but my point was that it’s hard to read it and say "this isn’t generally the right thing to do", where right means responsible and beneficial to society as a whole.
Is it responsible and beneficial if the end result is that we will be forever stuck using foreign made AI? And on top of that we will get brain drain for the people that want to work on AI?
2 replies →
In the end the only winner that emerges out of this is China. Tge EU is over regulating everything, the current US administration is randomly banning things left and right.
Maybe, but as I wrote in a sibling comment, I prefer to not go down the slippery slope of lowering our standards to compete with nations like the US or China - that isn't a battle the EU can win.
Don't forget that the EU is still a market so big noone can ignore us - especially for the US, we're the only opportunity for the growth required to keep their economy (and 401k pensions!) afloat. So there really is no immediate need to cave to their every whim all the time.
Of course this is nothing to rest on, and the EU has to improve on many fronts and also get better on the amount of regulation, but we're by no means in a bad position (yet.)