The European Union’s proposed AI Act will be game-changing when it comes into force, governing the emerging technology across Europe and beyond.
But as details of the law become clearer, so too do the obstacles that could challenge it reaching its full potential.
The legislation classifies AI systems based on risk levels (unacceptable, high, limited and minimal), then establishes protocols for developers, traders and users to keep it transparent, accountable, fair and robust.
While countries like China have already made AI-specific laws, the EU’s proposal might be the most strongly defined and all-encompassing regulation yet. It elevates standards of responsibility, builds in protections for users and emphasises human rights principles.
But the AI Act is intricate, which could present obstacles when trying to enforce it.
Its onerous obligations on developers and users may have safety in mind, but it could also slow technological progress and may not catch all the risks associated with AI.
Whether the law succeeds hinges on whether it can adapt to advancing technology and find a balance between robust regulation and promoting innovation. If managed carefully, this is attainable.
While the AI Act is a game-changing proposition for Europeans, its ability to translate elsewhere is both promising and challenging.
A country like Indonesia has a well-established set of laws on digital technology that policy on AI could fit alongside, but it might possibly require some disruptive reforms to get there.
It might be a necessary disruption.
Indonesian companies that have affiliations or engage in business activities with entities from the EU would be required to adhere to these regulations.
This encompasses data processing that involves individuals who are citizens or residents of the EU, indirectly bringing the regulations into operation within Indonesia.
The challenge would be implementing EU’s AI law with Indonesia’s specific local factors to create something that works in context.
Indonesia is a large country with a diverse population spread widely — it will be essential that these groups are spoken with to ensure the country’s own approach to AI places the proposed EU law in the context of Indonesia’s specific conditions.
Change is often slow moving and complicated. When Indonesia tried to bring in data protection laws in 2022, it had already taken a decade for the idea to go from concept to legal reality. Then, it was followed by a two-year transition period to allow the development of the necessary enforcement infrastructure.
AI regulators can learn valuable lessons from the cybersecurity field which has effectively navigated swift advancements. A globally recognised benchmark for the field was introduced in 2015 and continues to be iterated and improved.
The benchmark has since been integrated widely in industries vulnerable to cyber attacks, such as the financial sector.
Its adoption shows the value of regulations that are tailored and specific to the sectors they govern, something that AI regulations and governance could replicate.
A global benchmark for AI would allow the field to fall back on a bedrock of well-established laws.
Key to this is framing AI regulation in a way that brings under the remit of existing legislation, which encompasses electronic systems and transactions, information access, data privacy and risk management.
As lawmakers try to take the first meaningful steps in governing AI, it’s immensely valuable to already have existing provisions in place to fill the gap in the meantime.
Implementing comprehensive AI laws in Indonesia goes beyond necessity; it presents a tough task that demands a diverse and nuanced strategy.
By leveraging pre-existing legal provisions, Indonesia can guarantee a smoother, more streamlined progression towards strong AI regulation.
Although it presents a daunting challenge, the necessity of establishing a robust regulatory structure for AI validates the substantial endeavour involved.
Ari Perdana is an Associate Professor at Monash University Indonesia, specialising in digital strategy, sustainable digital transformation, data science and analytics, and information systems management.