EU Passes AI Act: What Does It Mean for the Security Industry?

In the early morning hours on Dec. 9, 2023, European Union (EU) lawmakers announced that an agreement was reached to finalize its Artificial Intelligence (AI) Act, legislation under development for more than two years and now expected to be formally adopted in early 2024. This legislation will make the EU the first to enact sweeping regulation of AI systems, with implementation of some provisions six months after adoption, and full implementation expected in two years.  

The Security Industry Association (SIA) looks forward to seeing the outcome of the work at the technical level in the coming weeks, which will clarify in further detail the political level agreement announced.

Earlier this fall, SIA, ASIS International and the International Biometrics+Identity Association sent a joint letter to the E.U. Commission, member state representatives and key negotiators in Parliament, expressing concerns about the considerable expansion of blanket prohibitions in the Parliament’s proposal for the act and the potential for unintended consequences to beneficial technology applications. The organizations urged that the final agreement maintain a technology-neutral approach to regulation and that the most stringent requirements should apply to use-case specific and truly high-risk applications, more consistent with the European Council’s mandate.

It is clear that the EU institutions made progress on this file in several key areas of importance to the security industry outlined in the letter and to many other business sectors and technology stakeholders providing input during the process. Importantly, we believe that avoiding a sweeping, categorical ban on biometric identification systems, particularly facial recognition technology, is a step in the right direction. In the same vein, SIA welcomes the refinement of the restrictions on AI systems used for categorization and other analytics to more specific use cases of concern, and that inherently low-risk applications of biometric technologies for user verification and similar functions are not subjected to high-risk requirements.

SIA and our members support development and use of AI technologies in ways that are human-centric, ethical and trustworthy and that mitigate potential risks. For example, SIA published its Principles for the Responsible and Effective Use of Facial Recognition Technology. In part to help communicate and guide effective technology implementations that harness innovations, SIA has formed its AI Advisory Board and Identity and Biometric Technology Advisory Board (IBTAB). The most significant recent innovations in security products stem from AI-driven technologies, enabling groundbreaking improvements in capabilities to better protect businesses and consumers and bolster public safety. Though these applications of AI are often underrepresented in policy discussions, the security industry and end users of these technologies are critical stakeholders.

More thorough analysis of the final language of the AI Act is necessary to fully determine its impact. In the meantime, SIA will continue to provide updates as more details emerge, and important discussions continue in the U.S. regarding polices potentially impacting use of advanced technologies important to the industry.