AI Companies Are Not Meeting EU AI Act Standards

Leading artificial intelligence (AI) models are failing to meet key European regulatory standards in areas such as cybersecurity resilience and prevention of discriminatory outputs, according to data obtained by Reuters.

The EU AI Act is being implemented in phases over the next two years and was introduced to address the growing concerns around the ethical, societal, and safety implications of these technologies, which are becoming increasingly integrated into various aspects of daily life.

It is the first comprehensive AI legislation introduced by a major regulatory body. It categorizes AI applications into three risk levels. First, applications deemed to pose an unacceptable risk, like government-operated social scoring systems similar to those used in China, are prohibited. Second, high-risk applications, such as CV-scanning tools that rank job applicants, must adhere to specific legal requirements. Finally, applications not explicitly prohibited or classified as high-risk are largely left unregulated.

Non-compliance with the AI Act could lead to fines of 35 million euros ($38 million) or 7% of global annual turnover.

Evaluating GenAI Models

A new tool, supported by EU officials and developed by Swiss startup LatticeFlow AI with ETH Zurich and Bulgaria’s INSAIT, has evaluated generative AI models from companies like Meta and OpenAI under the EU’s AI Act.

The framework scores models from 0 to 1 across categories such as technical robustness and safety. LatticeFlow’s leaderboard, published Wednesday, showed average scores of 0.75 or higher for models from Alibaba, Anthropic, OpenAI, Meta, and Mistral, though the “Large Language Model (LLM) Checker” highlighted areas needing improvement for compliance.

As the EU finalizes enforcement mechanisms for the AI Act, experts are developing a code of practice expected by spring 2025.

Discriminatory Output and Cybersecurity Challenges

Initial tests by the LLM Checker revealed challenges in categories like discriminatory output and cybersecurity.

For instance, OpenAI’s GPT-4 Turbo scored 0.46 on discriminatory output, and Alibaba’s Cloud scored 0.37. LatticeFlow said it will make the LLM Checker available online for developers to test compliance as more regulatory measures are introduced.

Petar Tsankov, the firm’s CEO and co-founder, told Reuters the test results were positive overall and offered companies a roadmap for them to fine-tune their models in line with the AI Act.

“The EU is still working out all the compliance benchmarks, but we can already see some gaps in the models,” he said. “With a greater focus on optimizing for compliance, we believe model providers can be well-prepared to meet regulatory requirements.”

“GenAI’s Future Looks Grim”

“The report elegantly summarizes the plethora of privacy, safety, and reliability issues with the largest GenAI models, which have been increasingly reported since late 2022,” commented Dr Ilia Kolochenko, CEO at ImmuniWeb, Partner & Cybersecurity Practice Lead at Platt Law LLP, and Adjunct Professor of Cybersecurity at Capitol Technology University.

He says the report is just the tip of the iceberg: “A comprehensive cards-on-the-table audit of LLM models, having full access to LLM’s training data, algorithms and guardrails, would probably expose numerous violations of dozens of other laws and regulations, not just EU AI Act or GDPR, which are most frequently used in modern-day GenAI-related litigation.”

Kolochenko says if we add to this the massive financial costs and irreparable damage to the environmental sustainability needed to train or fine-tune modern-day LLMs, growing antitrust regulatory scrutiny, and snowballing AI legislation around the world, “GenAI’s future looks grim, to put it mildly.”

A Blindfolded Race Towards Profit

He says the blindfolded race towards profitably by GenAI vendors amid the aggressive competition among the largest tech giants across the globe is partly to blame for the lack of transparency, dubious training data collection processes, and inadequate security controls.

“While GenAI is proclaimed to be the next big thing akin to electricity, most GenAI investors risk losing their money, as many promises by vendors are oftentimes exaggerated or even technically impossible, at least today. Having said this, GenAI will certainly become an integral part of our daily lives and society. However, it will unlikely cause tectonic changes proclaimed by some vendors and investors who back them.”