Written by Richard Wee, Fatin Ismail and Tai Sher Lynn
On the 9th of December 2023, the Parliament and Council of the European Union (‘the EU’) reached a provisional agreement on the Artificial Intelligence Act (‘the Act’). In short, the regulation aims to sustain fundamental rights, democracy, the rule of law and environmental sustainability are protected from high risk Artificial Intelligence (‘AI’).
Amongst the banned applications enforced by the Act are applications that are potential threats to citizens’ rights and democracy. The legislators have agreed to prohibit the following:
- biometric categorisation systems that use sensitive characteristics (e.g. political, religious, philosophical beliefs, sexual orientation, race);
- untargeted scraping of facial images from the internet or CCTV footage to create facial recognition databases;
- emotion recognition in the workplace and educational institutions;
- social scoring based on social behaviour or personal characteristics;
- AI systems that manipulate human behaviour to circumvent their free will;
- AI used to exploit the vulnerabilities of people (due to their age, disability, social or economic situation).
Furthermore, there has been an understanding to provide a series of safeguards and narrow exceptions for the use of biometric identification systems (‘RBI’) in publicly accessible spaces for law enforcement purposes.
For AI systems that classify as high-risk, a mandatory fundamental rights impact assessment are among other requirements in order to prohibit the potential harms on the impact of people’s rights. Citizens will have a right to launch complaints about AI systems and receive explanations on such.
The EU Parliament is also on route to ensuring that general-purpose AI (‘GPAI’) systems must adhere to transparency requirements as initially proposed. These include drawing up technical documentation, complying with EU copyright law and disseminating detailed summaries about the content used for training.
From recent years, we have seen many European Legislations find their way into the Malaysian legal landscape. Amongst these are such the Personal Data Protection Act 2010 of Malaysia, which is almost a mirror of the General Data Protection Regulations (‘GDPR’) of Europe. As such, it is possible to predict the likelihood of the new AI Act to be replicated in our Malaysian landscape.
Published on 7 February 2024