惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Simon Willison's Weblog
Simon Willison's Weblog
P
Privacy International News Feed
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Troy Hunt's Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
Attack and Defense Labs
Attack and Defense Labs
S
Secure Thoughts
V2EX - 技术
V2EX - 技术
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
O
OpenAI News
Cloudbric
Cloudbric
Google Online Security Blog
Google Online Security Blog
Schneier on Security
Schneier on Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Help Net Security
Help Net Security
Cyberwarzone
Cyberwarzone
G
GRAHAM CLULEY
L
Lohrmann on Cybersecurity
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Spread Privacy
Spread Privacy
NISL@THU
NISL@THU
N
News and Events Feed by Topic
T
Tenable Blog
S
Security @ Cisco Blogs
N
News and Events Feed by Topic
The Hacker News
The Hacker News
C
CXSECURITY Database RSS Feed - CXSecurity.com
宝玉的分享
宝玉的分享
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
美团技术团队
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google DeepMind News
Google DeepMind News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tailwind CSS Blog
V
Visual Studio Blog
P
Proofpoint News Feed
Webroot Blog
Webroot Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 三生石上(FineUI控件)
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Jina AI
Jina AI
雷峰网
雷峰网
T
The Blog of Author Tim Ferriss
Hugging Face - Blog
Hugging Face - Blog
腾讯CDC
L
LangChain Blog
The Register - Security
The Register - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 聂微东

Zhach's News & Views

The Real Gap Between What We See and What We Know Rise of Liquid News: Formats for the User How I Left YouTube The AI Editor: Can We Trust the AI Fact-Checker? (Part 2) Short-Form Content and the Social Cost of a Quick Scroll How to Save Money with Big Data: Finding Matches (Part 3) The Independent Reporter's Playbook: How to Thrive in the New News Ecosystem The AI Editor: How to Automate Fact-Checking? (Part 1) How to Save Money with Big Data: Counting Things (Part 2) When Does Someone’s Confidence Need a Check-In? How to Save Money with Big Data: Understanding Hashes (Part 1) The Math of Truth: How Data is Reshaping Journalism The Plateau is Here: This is What's Next For AI I Used to Work at Google. This Is How Your News Is Created.
Protecting the Human: Why the EU AI Act is a Good Move
https://www.facebook.com/zhachory.volker · 2025-10-22 · via Zhach's News & Views

💡

WARNING: Kinda long. There was a lot to cover, but I hope you enjoy it!

The other day, I was talking to a colleague about an AI-powered hiring tool and how I felt like it was everywhere in my job hunt. My colleague, a veteran software engineer, was concerned. Not about the usage itself, but about the lack of transparency in the system's decision-making. "How do we know it isn't automatically filtering out candidates based on their zip code, or simply reinforcing historical biases in the data?" she asked (I’m paraphrasing, but that’s basically what she said; Lol)

That simple question, a blend of technical skepticism and ethical concern, perfectly captures why I'm strongly in favor of the European Union's new Artificial Intelligence Act (AI Act). It's the first comprehensive law of its kind, and while it's met some resistance, I see it as a necessary step to safeguard the public as AI moves from a cool tool to a critical part of our society.


Understanding the Risk-Based Framework

The EU AI Act is designed around this risk-based approach, which means the level of regulation an AI system faces directly relates to the harm it could potentially cause. I find this to be a very pragmatic way to regulate something as diverse as artificial intelligence. Not every AI application needs the same level of scrutiny.

The Four Risk Categories

The Act clearly defines four levels of risk, which dictates the compliance requirements for developers (or "providers" and "deployers" in the Act's language):

  • Unacceptable Risk (Prohibited): These are AI systems that threaten fundamental rights and are outright banned. Examples include social scoring (classifying people based on social behavior), systems that manipulate behavior to cause harm, and real-time biometric identification in public spaces by law enforcement.
  • High Risk (Strict Requirements): These systems pose a significant risk to health, safety, or fundamental rights. They are permitted but must comply with a full and rigorous set of requirements. High-risk areas include AI used in critical infrastructure (like transport), education (for assessing exams), employment (like CV-sorting software), and law enforcement.
  • Limited Risk (Transparency Required): The main requirement here is transparency. People must be informed when they are interacting with an AI system, such as a chatbot. Providers of generative AI (like large language models) must also ensure their output is clearly labeled as AI-generated ("deepfakes" must be identifiable).
  • Minimal/Low Risk (Free Use): Most AI systems, such as basic inventory management or automated invoice sorting, fall into this category and are permitted without significant additional regulation.
From here

For the High-Risk systems, the obligations are extensive: establishing risk management systems, ensuring high-quality data to minimize bias, logging activity for traceability, maintaining detailed documentation, and implementing human oversight mechanisms.


Addressing Bias and Security Head-On

For me, the most important sections of the AI Act are those that directly tackle algorithmic bias and cybersecurity, which can be all too ubiquitous in news and computational journalism.

Mitigation of AI Bias

The Act is explicit about the need to control discrimination. For high-risk AI systems, the requirements center on data governance:

  1. Data Quality: Providers must use high-quality training, validation, and testing datasets that are relevant, sufficiently representative, and free of errors to the best extent possible. This is the bedrock of fairness; if your data is biased, your AI will be too.
  2. Bias Examination: Businesses must actively examine their datasets for possible biases that could negatively affect fundamental rights or lead to discrimination. They ALSO must take appropriate measures to prevent and mitigate any biases they identify. This transforms "fairness" from an abstract idea into a measurable requirement.

Mandates for Security and Robustness

The Act also treats security as a core function, not an afterthought. High-risk AI systems must be designed for accuracy, robustness, and cybersecurity. This means they must:

  • Be Resilient: The systems must be as resilient as possible against errors, faults, or inconsistencies in the environment. This includes having technical redundancy solutions, like fail-safe plans.
  • Counter Manipulation: High-risk AI must be resilient against attempts by unauthorized third parties to alter their use or performance by exploiting vulnerabilities. This covers AI-specific threats like data poisoning (where a bad actor manipulates the training data) or model poisoning.

To be honest, a large corporation that claims these basic measures (auditing their data for bias, ensuring their systems are secure against obvious attacks, and documenting their design) is too much of a burden is basically admitting that their existing practices are ethically questionable or technically negligent. If the system is making life-altering decisions (like denying a loan or a job), that level of governance shouldn't be optional.


Innovation vs. Regulation

A common argument I see online, particularly from business people/publishers, is that the AI Act will stifle innovation, especially for Small and Medium-sized Enterprises (SMEs). I agree, but that’s the point.

Yes, compliance is a financial and technical hurdle. SMEs, the EU defined as having fewer than 250 employees, have fewer resources than any global tech giant. The argument is that high compliance costs will delay product launches and make it harder for small companies to compete globally.

However, the act has built in mechanisms to try and mitigate this:

  • AI Regulatory Sandboxes: These are controlled environments where companies, with priority access for SMEs, can test innovative AI systems for a limited time under regulatory supervision. This allows them to demonstrate compliance and work out the kinks without facing immediate fines, fostering innovation while ensuring safety.
  • Proportionality in Fees: National authorities are required to ensure that conformity assessment fees for high-risk systems are proportional to the SME's size.

The regulation sets a baseline of user protection (user’s first!). If a small business's growth model relies on collecting and using sensitive user data without proper security, auditing, and human oversight, I would argue that the business model should be challenged. By getting compliant early, a company builds a reputation for trustworthiness, a massive competitive advantage in an era where trust is often compromised.


What Comes Next

The enforcement of the AI Act has multiple milestones, which gives companies time to prepare. The law formally entered into force in August 2024, but the obligations are rolling out over the next few years:

These deadlines require every company operating in the EU, or selling to EU consumers, to start their AI model inventory and governance planning now. The fines for non-compliance are crazy, reaching up to €35 million or 7% of a company's total worldwide annual turnover. 💰


I believe this approach is a smart and balanced way to introduce a major regulatory change. It gives developers and deployers time to create these governance structures (that really should have been there all along).

How do you view this new global standard? As a developer or business owner, what specific compliance challenge feels most daunting, or alternatively, which user protection measure do you find most reassuring? I'm genuinely interested in hearing your perspective on balancing innovation with ethical responsibility.