A Brief Overview of the EU AI Act Requirements for Data Security and How Fortanix Can Help You

EU AI Act Requirements for Data Security

EU AI Act Requirements for Data Security

European companies are increasingly integrating Artificial Intelligence (AI) into their operations to stay competitive. AI technologies are used to improving customer service through chatbots and virtual assistants to optimizing supply chains and logistics with predictive analytics.

In the financial sector, AI is employed for advanced data analysis, fraud detection, and personalized banking experiences. European manufacturers are utilizing AI-powered robotics and automation to increase production efficiency and ensure quality control.

However, AI systems require substantial amounts of data to learn and make accurate predictions. The larger and more diverse the data set, the more nuanced and robust the AI’s understanding, and output can be.

It is not merely the volume of data that matters; the quality and integrity of the data are equally important. High-quality data that is clean, well-organized, and representative ensures that AI outputs are reliable and credible.

Poor-quality data can lead to flawed models and erroneous conclusions, undermining the effectiveness and trustworthiness of the AI systems.

For example, consider a machine learning model designed to predict housing prices. If the training data set for this model includes a diverse range of data points, such as different types of properties, varied locations, and an array of economic conditions, the model will be able to generate more accurate and reliable predictions.

However, if the data set is limited or skewed — perhaps only including high-end properties in urban areas — the model may struggle to make accurate predictions for lower-cost housing or properties in rural regions.

This demonstrates the importance of having both a sizable data set and one that is well-balanced and representative of the real-world scenarios the AI will encounter.

Launching The EU’s AI Act

The EU AI Act is the first-ever legal framework on AI, which addresses the risks of AI.

This time with the EU Artificial Intelligence (AI) Act passed by the European Parliament on March 13, 2024. It was then approved by the EU Council on May 21, 2024. The next step is for it to be published in the Official Journal of the European Union, and then it will be in effect 20 days after that. Most provisions of the Act won’t be directly enforceable until 24 months after their entry into force. This means full application is expected around late April or early May of 2026.

As AI gets regulated by the EU AI Act, it’s important for practitioners and organizations to grasp how closely it’s tied to EU data protection law.

• The GDPR is a technology-neutral regulation that applies to AI systems when personal data is involved. While the GDPR doesn’t explicitly mention AI, its automated decision-making rules indirectly regulate AI use. There’s a tension between GDPR requirements and AI’s need for vast data collection, but there is overlap with the principles of the EU AI Act. Data protection authorities have already taken action against AI systems for issues like lack of legal basis for data processing and transparency. Notable enforcement examples include actions against OpenAI’s ChatGPT and Clearview AI. Public interest in AI is driving increased scrutiny from these authorities.
• The GDPR regulates the processing of personal data, including automated and manual means, with extraterritorial scope covering EU and non-EU entities if they target or monitor individuals in the EU. The EU AI Act focuses on AI systems, applying to providers, deployers, and other operators, with obligations primarily for high-risk AI systems. Both regulations delineate specific roles, such as controllers and processors under the GDPR, and providers and deployers under the AI Act. Organizations must consider their roles under both laws, especially when handling personal data and using AI systems, to ensure compliance.

How Fortanix Helps

1) Securing Data Across Industries

Fortanix is uniquely qualified to help organizations resolve this challenge. We assist the world’s largest financial institutions, technology leaders, healthcare organizations, and government agencies in securing their sensitive data while putting it to use.

2) Data Protection Solutions

We provide robust solutions to secure data in three critical states:

• Data At-Rest: We secure data wherever it may reside.
• Data In-Transit: We ensure data is encrypted while in transit.
• Data In-Use: Our Confidential Computing solution protects data while in use.

The Fortanix approach guarantees data encryption throughout its full lifecycle.

3) Data Tokenization Solution

Our data tokenization solution leverages Format Preserving Encryption to maintain the format of the datasets. This enables organizations to safely work with their sensitive data as it is used in applications, cloud analytics platforms like Snowflake and Databricks, and AI models.

4) Efficient Key Management Services

Encryption is only as effective as the way encryption keys are managed. The Fortanix unified data security platform delivers unified key management services that grant users absolute control over their data.

5) Centralized Security Management

Security teams can now take advantage of a centralized, secure solution for managing hybrid multicloud data access policies. From one central console, teams can:

• Manage key lifecycles.
• Implement Zero Trust initiatives.
• Prepare for the advancements in post-quantum computing.

By organizing our services into these clearly defined areas, Fortanix offers comprehensive, user-friendly solutions that can help organizations comply with the EU AI Act requirements.