AI CYBERSECURITY STANDARDISATION AND ITS OVERLAP WITH DSA AND CRA

Authors

  • Michal Rampášek Univerzita Komenského v Bratislave

DOI:

https://doi.org/10.62874/afi.2023.2.08

Keywords:

cybersecurity, standardisation, ai, foundation models, ai act, dsa, cra

Abstract

The provision of digital products and digital services has in common that it integrates more and more artificial intelligence (AI) systems and, above all, the so-called foundation models. Using these elements of artificial intelligence brings several cybersecurity challenges. The key element in achieving the cyber security of digital products and digital services is, firstly, the achievement of a high level of standardization of artificial intelligence and subsequent technical standardization. AI cybersecurity is key to achieving trustworthiness of AI and vice versa. The mentioned facts are also reflected in the latest version of the draft Act on artificial intelligence (AI Act). As part of this paper, the focus is on standardization in the field of cyber security of artificial intelligence and the importance of the foundation models. At the same time the relations of the draft AI Act with the Digital Services Act (DSA) and the draft Cyber Resilience Act (CRA) are highlighted.

References

1. BOMMASANI, R. et al.: On the opportunities and risks of foundation models (2021). 5 September 2023. [online], URL: https://crfm.stanford.edu/report.html

2. BOMMASANI, R. et al.: Do Foundation Model Providers Comply with the Draft EU AI Act? 5 September 2023. [online], URL: https://crfm.stanford.edu/2023/06/15/eu-ai-act.html

3. CAMERON, S., SCANLON, L.: MEPs’ EU AI Act proposals focus on ‘foundation models’. 4 September 2023. [online], URL: https://www.pinsentmasons.com/out-law/news/meps-eu-ai-act-foundation-models

4. DILMEGANI, C.: Foundation Models: Definition, Applications & Challenges in 2023, last updated 22 December 2022. 4 September 2023. [online], URL: https://research.aimultiple.com/foundation-models/

5. European Union Agency for Cybersecurity (ENISA). Cybersecurity of AI and Standardisation (Report). March 2023, 4 September 2023. [online], URL: https://www.enisa.europa.eu/publications/cybersecurity-of-ai-and-standardisation/@@download/fullReport

6. European Union Agency for Cybersecurity (ENISA). Securing Machine Learning Algorithms (Report). December 2021, 4 September 2023. [online], URL: https://www.enisa.europa.eu/publications/securing-machine-learning-algorithms

7. European Union Agency for Cybersecurity (ENISA). Standardisation in support of the Cybersecurity Certification. February 2020, 4 September 2023. [online], URL: https://www.enisa.europa.eu/publications/recommendations-for-european-standardisation-in-relation-to-csa-i

8. LU. S,: Proprietary vs. Open Source Foundation Models, 15 May 2023. 5 September 2023. [online], URL: https://tolacapital.com/2023/05/15/foundationmodels/

9. Proposal for the Regulation of the European Parliament and of the Council on laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) in wording of amendments adopted by the European Parliament on 14 June 2023, 4 September 2023. [online], URL: https://www.europarl.europa.eu/doceo/document/TA-9-2023-0236_EN.html

10. Proposal for a Regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020 (12429/22, COM(2022)454 final) (Cyber Resilience Act) 4 September 2023. [online], URL: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52022PC0454

11. Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act)

12. Commission implementing decision of 22 May 2023 on a standardisation request to the European Committee for Standardisation and the European Committee for Electrotechnical Standardisation in support of Union policy on artificial intelligence, 4 September 2023. [online], URL: https://ec.europa.eu/transparency/documents-register/detail?ref=C(2023)3215&lang=en

13. Draft Commission Delegated Regulation (EU) supplementing Regulation (EU) 2022/2065 of the European Parliament and of the Council, by laying down rules on the performance of audits for very large online platforms and very large online search engines (2023), 4 September 2023. [online], URL: https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13626-Digital-Services-Act-conducting-independent-audits_en

14. US National Institute of Standards and Technology (NIST). AI Risk Management Framework (AI RMF 1.0). 31 August 2023. [online], URL: https://nvlpubs.nist.gov/nistpubs/ai/nist.ai.100-1.pdf

Downloads

Published

2023-12-11

Issue

Vol. 42 No. 2 (2023): ACTA FACULTATIS IURIDICAE UNIVERSITATIS COMENIANAE

Section

scientific articles

License

Copyright (c) 2023 Acta Facultatis Iuridicae Universitatis Comenianae

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.