TALKING POINT on IBI
Attention: new laws are on the horizonSooner or later, we can expect two more pieces of legislation in the European Union. One is the Artificial Intelligence Act (AI Act) and the other is the Cyber Resilience Act (CRA).
The Artificial Intelligence Act, proposed by the European Commission on 21 April 2021 and adopted by the European Parliament on 13 March 2024, is the world’s first comprehensive attempt to regulate Artificial intelligence (AI). The EU AI Act is set to enter into force in Q2-Q3, 2024, with transition periods for complying with various requirements ranging from 6-24 months.
The AI Regulation takes a largely risk-based approach. Accordingly, AI technologies are classified into four different risk categories, ranging from “AI systems with unacceptable risk” to “AI systems with high risk”, “AI systems with transparency requirements” and “AI systems with no/ low risk”. These are linked to various prohibitions and compliance and information obligations. Technologies with unacceptable risk, such as social scoring or parts of biometric video surveillance and subtle behavioural influencing, will be banned altogether.
Therefore, the act will be applicable to all components of a watercraft that operate with the help of AI. Here I can think not only of self-steering systems, but also of other applications. Notified Bodies will be involved.
If you would like to know whether your product will soon fall within the scope of the directive, go to https://artificialintelligenceact.eu/ assessment/eu-ai-act-compliance-checker .
The Cyber Resilience Act is an EU regulation proposed by the European Commission on 15 September 2022 to improve cybersecurity and cyber resilience in the EU through common cybersecurity standards for products with digital elements in the EU, such as mandatory incident reporting and security updates. Products with digital elements are mainly hardware and software whose “intended and foreseeable use involves a direct or indirect data connection to a device or network”. No exact date has yet been set for the CRA’s entry into force.
Digital hardware and software products are one of the main targets for successful cyber-attacks. In a networked environment, a cyber security incident on one product can affect an entire company or supply chain and often spread across the borders of the single market within minutes.
Products that are subject to the CRA are CE marked by Notified Bodies on successful completion of an assessment.