Headed up by Meta, a collection of the biggest names in tech and AI research has sent a letter to the European Union warning that EU decisions on regulating AI training threaten to hold the region back.
The CEOs of the two companies cited the EU's "inconsistent" and "fragmented" AI regulations as the central reason for the delays in rollout of products to European customers and developers. Meta paused the release of new AI models in the EU in June.
With broad extraterritorial reach, significant penalties of up to seven percent of worldwide annual turnover, and an emphasis on risk-based governance, the EU AI Act will have a profound impact on U.S. businesses that develop, use, and distribute AI systems.
Final adoption of the EU AI law is expected to be a formality at this point, but is not slated to take place until April 2024. From there, individual components of the regulation go into effect anywhere from 6 to 36 months from that date.
Proposed EU Cyber Resilience Act includes a vulnerability disclosure requirement that would have all manufacturers report to the government within 24 hours of first discovered exploitation. In most cases, this would mean disclosing before the vulnerability has been mitigated.
Already under investigation by the data protection authorities (DPAs) of several EU nations, OpenAI is now facing scrutiny in Poland in response to an August GDPR complaint.
Fine imposed by the Norwegian data protection authority in August could be expanded to the entirety of the EU, subjecting Meta to extensive daily penalties until it makes big changes to tracking ads. Decision could potentially spark an EU ban.
A children's privacy complaint that dates back to 2021 has resulted in a major GDPR fine for TikTok. The issue largely centers on the "Family Pairing" feature introduced in 2020 which had no real verification process ensuring that the linked parent account actually belonged to a parent.
A complaint in Poland alleges GDPR violations by ChatGPT in the areas of lawful basis for data processing, data access, fairness, transparency and personal privacy.
Since the GDPR went into effect in 2018, Meta has done nearly everything possible to claim legitimate interest to avoid user consent for collecting personal information for targeted ads. The company appears to have finally reached the end of its rope in this area, though a recently announced changeover to a consent basis.