| Nota di contenuto |
Intro -- Table of Contents -- Foreword -- 1 What is AI and How Do Data Science and Data Analytics Differ? -- Gabriele Bolek-Fugl -- 1.1 The Cornerstones of AI -- 1.1.1 Data -- 1.1.2 Algorithms -- 1.1.3 Computing Power -- 1.1.4 Storage -- 1.1.5 Measurement and Model Optimization -- 1.1.6 Interfaces for Interaction -- 1.1.7 Security and Data Protection -- 1.2 Data Science and Data Analytics -- 1.3 Development of AI in SMEs -- 2 Geopolitics of Artificial Intelligence -- Veronica Cretu -- 2.1 Emerging Landscape of AI Regulations -- 2.2 The Race for AI Regulation - the Big Three -- 3 AI Act: Rights and Obligations -- Gabriele Bolek-Fugl, Veronica Cretu, Julia Fuith, Merve Taner, Natascha Windholz, Carina Zehetmaier -- 3.1 Introduction to the AI Act -- 3.1.1 Definition of AI systems -- 3.1.2 Roles of Natural or Legal Persons -- 3.1.3 Market Launch Phases -- 3.1.4 Terms for the Use of AI Systems -- 3.1.5 Data-related Designations -- 3.1.6 AI Literacy -- 3.2 AI Literacy for Providers -- 3.2.1 Introduction -- 3.2.2 Definition of AI Literacy -- 3.2.3 AI Literacy and the Provisions of the AI Act -- 3.2.4 Proposal for a Maturity Framework for AI providers -- 3.3 Risk-based Approach -- 3.3.1 Prohibited AI Systems -- 3.3.2 High-risk AI Systems -- 3.3.2.1 Classification of AI as a High-risk AI System -- 3.3.2.2 Annex III -- 3.3.2.3 Requirements for High-risk AI Systems -- 3.4 Fundamental Rights Impact Assessment -- 3.4.1 AI Act and Fundamental Rights -- 3.4.1.1 Implementation of the Fundamental Rights Impact Assessment -- 3.4.1.2 Impact Assessment as Part of AI Governance -- 3.4.1.3 Existing Tools for Fundamental Rights Impact Assessments -- 3.5 Harmonized Standards, Conformity Assessment, Certificates and Registration -- 3.5.1 Harmonized Standards and CE Marking -- 3.5.2 Conformity Assessment Procedure -- 3.5.3 Exemptions from the Conformity Assessment Procedure -- 3.5.4 EU Declaration of Conformity -- 3.5.5 Registration -- 3.6 Transparency Obligations in the AI Act -- 3.6.1 Guidelines for the Implementation of Transparency Obligations for Data and Data Management -- 3.6.2 Guidelines for the Implementation of the Transparency Provisions Provided for in Art. 13 AI Act -- 3.6.3 Guidelines on the Implementation of Transparency Obligations for Providers and Suppliers of Certain AI Systems and GPAI Models -- 3.7 General-purpose Artificial Intelligence (GPAI) -- 3.7.1 ChatGPT: the Start of an "AI revolution"? - Implications for the Legislative Process -- 3.7.2 Inclusion of GPAI in the AI Act -- 3.7.3 AI Models and AI Systems for General Use -- 3.7.3.1 Classification Rules for GPAI Models -- 3.7.3.2 Commitments -- 3.7.4 GPAI Models with Systemic Risk -- 3.7.4.1 Classification Rules for General-Purpose AI Models with Systemic Risk according to Art. 51 AI Act -- 3.7.4.2 Obligations for GPAI Models with Systemic Risk under Article 55 -- 3.7.5 GPAI Models and High-risk Systems -- 3.7.6 Implementation Period and Penalties -- 3.8 AI Sandboxes -- 3.8.1 Setup and Functionality -- 3.8.2 Further Processing of Personal Data -- 3.8.3 Tests Outside of AI Sandboxes -- 3.8.4 Consent for Tests Outside Sandboxes -- 3.8.5 Facilitation for SMEs -- 3.9 Authorities -- 3.9.1 Notifying Authority -- 3.9.2 Conformity Assessment Bodies and Notified Bodies -- 3.10 Governance in the AI Act -- 3.10.1 AI Office -- 3.10.2 AI Board -- 3.10.2.1 Composition -- 3.10.2.2 Tasks of the AI Board -- 3.10.3 Advisory Forum -- 3.10.4 Scientific Panel -- 3.10.5 National Authorities -- 3.10.6 EU Database for High-risk AI Systems -- 3.10.7 Post-market Monitoring -- 3.10.8 Sharing Information on Serious Incidents -- 3.10.9 Law Enforcement -- 3.10.10 Confidentiality of Procedures -- 3.10.11 Procedures at National Level for dealing with AI Systems presenting a Risk -- 3.10.12 Procedures for AI Systems Classified as Non-high-risk AI by the Provider -- 3.10.13 Compliant AI Systems which present a Risk -- 3.10.14 Formal Non-conformity -- 3.10.15 Legal Remedy -- 3.10.15.1 Right to a Explanation of Decision-making -- 3.10.15.2 Legal Remedies for GPAI -- 3.11 Penalties and Sanctions -- 3.12 SMEs and Start-ups in the AI Act -- 3.12.1 Facilitations and Exemptions for SMEs and Start-ups -- 3.12.2 Checklist: Launching a New AI System in Accordance with the AI Act -- 4 Data Protection -- Gabriele Bolek-Fugl -- 4.1 General Requirements of the GDPR -- 4.1.1 The Principles for Processing Personal Data -- 4.1.2 Lawfulness of Processing -- 4.1.3 Obligation to Provide Information where Personal Data is Collected -- 4.1.4 Rights of the data subjects -- 4.2 Privacy by Design -- 4.2.1 Implementation -- 4.2.2 Responsibility for Processing in Compliance with the Law -- 4.3 Requirements for Testing Data -- 4.4 Automated Decision Making -- 4.5 Guidance and Recommendations on GDPR and AI from Data Protection Authorities -- 4.5.1 Publications of the European Data Protection Board (Excerpt) -- 4.5.2 DSK Recommendations -- 4.5.3 The State Commissioner for Data Protection and Freedom of Information Baden-Wurttemberg -- 4.5.4 Hamburg Commissioner for Data Protection on LLMs -- 4.5.5 FAQ of the Austrian Data Protection Authority -- 4.6 ChatGPT and the Data Protection Complaint from noyb -- 5 Intellectual Property -- Alexandra Ciarnau -- 5.1 Protection of AI and its Components -- 5.1.1 Copyrights and Ancillary Copyrights -- 5.1.1.1 General Information -- 5.1.1.2 Individually Developed AI Systems -- 5.1.1.3 Individually Developed AI Models -- 5.1.1.4 Input and Training Data Pool -- 5.1.1.5 User Documentation and User Manual -- 5.1.1.6 Rights and Claims of the Author -- 5.1.1.7 Granting of Rights -- 5.1.1.8 Open Source Software -- 5.1.1.9 Patent and Utility Model Protection -- 5.1.2 Trade Secret Protection -- 5.2 Legal IP Compliance when Using AI -- 5.2.1 AI Input -- 5.2.1.1 IP-protected Input Data -- 5.2.1.2 AI Act Requirements for AI Systems -- 5.2.2 AI Output -- 5.3 Checklist -- 5.4 Reference Table Legislation -- 6 AI and IT Contract Law -- Alexandra Ciarnau, Merve Taner -- 6.1 Licensing of Standard Software -- 6.2 Software Development -- 6.3 Software Maintenance -- 6.4 Open Source Software -- 6.4.1 Open Source AI - Paving the Way for the Future? -- 6.4.2 Definition of Open Source and Legal Basis -- 6.4.3 Legal Problem Areas in Connection with Open Source According to Existing Legal Bases -- 6.4.4 Open Source Software Strategy of the European Commission -- 6.4.5 Exceptions for Open Source in the AI Act -- 6.5 Hardware Purchase and Maintenance -- 6.6 General Information on Liability -- 6.7 Reference Table Legislation -- 7 Private Sector -- Kristina Altrichter, Gabriele Bolek-Fugl, Karin Bruckmuller, Alexandra Ciarnau, Julia Eisner, Isabella Hinterleitner, Manuela Machner, Renate Rechinger, Carina Zehetmaier, Klaudia Zotzmann-Koch -- 7.1 AI - from Prejudice to Discrimination -- 7.1.1 Right to Equality and Non-discrimination -- 7.1.2 How Prejudices Find their Way into AI -- 7.1.2.1 How the AI Act Addresses Discrimination -- 7.1.2.2 Can We Fix Bias in AI? -- 7.2 AI in the Financial Sector -- 7.2.1 Exceptions to the Scope of Application -- 7.2.2 Prohibited AI Systems -- 7.2.3 High-risk AI Systems -- 7.2.3.1 Classification -- 7.2.3.2 Refutation of the High-risk Property -- 7.2.3.3 Interactions between Financial Regulations and the AI Act -- 7.2.4 General Purpose AI Systems/Models -- 7.2.5 Certain AI Systems -- 7.2.6 Authority Competencies -- 7.3 AI in the Insurance Industry -- 7.3.1 Dynamic Underwriting and Risk Assessment in Health Insurance -- 7.4 AI and Whistleblowing -- 7.4.1 Whistleblower for the AI Category -- 7.4.2 Areas of Application of AI in the Implementation of the Whistleblowing Directive -- 7.4.2.1 Challenges in the Whistleblowing Process -- 7.4.2.2 Procedure of the Whistleblowing Use Case -- 7.5 Use of AI in Future and Existing Employment Relationships -- 7.5.1 Writing Job Ads with AI -- 7.5.2 AI Support for Applicant Selection by Means of Video Analysis [4] -- 7.6 AI in Education -- 7.6.1 Roles in the AI Act -- 7.6.2 AI Literacy (Art. 4 AI Act) -- 7.6.3 AI Systems with "Limited" Risk (Art.. 505 0 50 AI Act) in Education -- 7.6.4 High-risk AI Systems in Education -- 7.6.5 Prohibited AI Systems in Education -- 7.7 AI in Healthcare.
7.7.1 Example: AI Diagnosis of Skin Diseases -- 7.7.1.1 High-risk AI Classification within the Meaning of the AI Act -- 7.7.1.2 Requirements and Obligations of the Hospital Deployer According to the AI Act -- 7.8 AI in Advertising -- 7.8.1 Legal Requirements for AI in Advertising -- 7.8.1.1 Prohibited AI Systems -- 7.8.1.2 Overlaps with Other Laws -- 7.8.1.3 Data Trading -- 7.8.1.4 Personalization -- 7.8.2 Energy Consumption and Sustainability -- 7.8.3 Best Practice: Generative AI in Creation -- 7.9 Tourism -- 7.9.1 Use case: Operational efficiency -- 7.9.2 Use Case: Guest Experience -- 7.9.3 Use Case: Smart Companies -- 7.10 AI in Autonomous Driving -- 7.10.1 Austrian & International Legislation -- 7.10.2 Development of Autonomous Driving Functions -- 7.10.3 The AI Act and Autonomous Driving -- 8 Public Sector -- Kristina Altrichter, Karin Bruckmuller, Veronica Cretu, Theresa Tisch, Natascha Windholz -- 8.1 "Public Decision Making" and AI -- 8.1.1 Use Cases in Annex III AI Act -- 8.1.2 Example: Allocation of Social Benefits -- 8.1.3 Example: Allocation of Kindergarten Spots -- 8.2 AI in Criminal Prosecution -- 8.2.1 Use of Biometric Real-time Remote Identification Systems -- 8.2.2 Implementation Obligations of the Member States -- 8.3 AI in Elections and Democratic Processes -- 8.3.1 Emerging Discussions about the Impact of AI on Democracy and Electoral Processes -- 8.3.2 How Should AI be Defined in the Context of Elections? -- 8.3.3 Exploiting Opportunities and Minimizing Risks through the Use of AI -- 8.3.4 AI and Election Integrity: a Hypothetical Analysis of the Cambridge Analytica Scandal in the Context of the AI Act -- 8.4 AI in the NIS Sector -- 8.4.1 Introduction NIS and NIS 2 -- 8.4.1.1 NIS2 -- 8.4.2 Importance of NIS2 for the Supply Chain -- 8.4.3 Use of AI in NIS Companies -- 8.4.3.1 Annex I AI Act -- 8.4.3.2 Annex III AI Act -- 9 Ethics -- Gabriele Bolek-Fugl, Valerie Hafez, Sabine Singer -- 9.1 Ethical Guidelines for Trustworthy AI -- 9.1.1 What is it About? -- 9.1.2 Ethical Principles of the Guidelines -- 9.1.3 Core Requirements -- 9.1.4 Methods for Implementing the Core Requirements -- 9.1.5 Tools for Implementation -- 9.2 Relevant AI Guidelines & Policies -- 9.2.1 OECD Council Recommendation on Artificial Intelligence -- 9.2.2 The Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence -- 9.2.3 Compliance Tools for Many Occasions -- 9.2.4 Artificial Intelligence Risk Management Framework -- 9.2.5 Further Formative Ethical Guidelines -- 9.3 EU and Global Bodies, Boards and Committees -- 9.4 From Digital Humanism to a Value-based AI System -- 9.4.1 Value-based Engineering -- 9.4.2 Advantages and Strategic Importance of Value-based Engineering -- 9.4.3 Conclusion -- 10 Governance in the Company -- Gabriele Bolek-Fugl, Karin Bruckmuller, Veronica Cretu, Valerie Hafez, Klaudia Zotzmann-Koch -- 10.1 Practical Example: Assessment of a Use Case in Accordance with the AI Act -- 10.1.1 Description of the Use Case: AI-supported Fire Detection and Alarm System -- 10.1.2 How do You Start? -- 10.1.3 Conclusion -- 10.2 Risk Management, Human Supervision and Useful Tools -- 10.2.1 Embedding Governance in the Life Cycle of an AI System -- 10.2.2 Recognizing and Addressing Risks -- 10.2.2.1 Approaches to Risks, Incidents, Accidents and Affected Parties -- 10.2.2.2 Measuring Risks -- 10.2.2.3 Responsibility in the Event of Incidents and Accidents -- 10.2.2.4 Perceiving and controlling the unknown -- 10.2.3 Human Supervision -- 10.2.3.1 Break Down Supervision -- 10.2.3.2 Develop and Maintain Supervisory Skills -- 10.2.3.3 Making Supervision Context-sensitive -- 10.2.3.4 Involving External Parties in Supervision -- 10.2.3.5 Human Supervision: Pros and Cons -- 10.2.4 Conclusion -- 10.3 Data and Knowledge Management -- 10.3.1 Pilars of the Data Governance Framework -- 10.4 Audit of Artificial Intelligence -- 10.4.1 Fundamentals of the Audit -- 10.4.2 Audit Team -- 10.4.3 Difference Between Risk Management and Audit -- 10.4.4 Helpful Audit Checklists -- 10.4.5 Example of a Simple AI Audit Checklist -- 10.5 Code of Conduct -- 10.5.1 Example of a Code of Conduct for the Use of Artificial Intelligence in the Organization -- 10.5.2 Further Considerations on the AI Code of Conduct -- 10.6 AI and Sustainability -- 10.6.1 ESG - Environmental, Social and Corporate Governance -- 10.6.2 Diversity, Inclusion, Justice -- 10.6.3 Benefits for the Environment -- 10.6.4 High-risk AI Systems -- 10.6.5 Supply Chains -- 10.6.6 Conclusion -- 11 The Authors -- Index.
|
Info
The AI Act Handbook
