Italy Moves to Legislate Artificial Intelligence with a Focus on Privacy and Cybersecurity
Italy is entering a new era of technological law with the Council of Ministers’ approval of a draft bill on artificial intelligence (AI) last April 23. Though it is still a preliminary draft, it outlines regulatory frameworks to balance the benefits and risks of new technologies.
The draft bill covers key areas within its 26 articles, particularly concerning privacy and cybersecurity, hinting at the profound changes and advancements in technology governance. The finalized text is eagerly awaited for more in-depth analysis but key points announced by the government give an insight into its structure and implications.
Principles for Privacy in AI Usage
Article 4 of the draft law builds upon the “purpose and application scope,” “definitions,” and “general principles” set by the first three articles, integrating privacy considerations. Specifically, the use of AI in information processing is expected to respect media freedom and pluralism, freedom of expression, and uphold the objectivity and fairness of information.
AI systems are mandated to ensure lawful, fair, and transparent personal data handling. Moreover, communication about data processing connected to AI uses is to be clear and simple, enabling users to fully understand and, if necessary, contest the handling of their personal data.
For minors under 14, access to AI technologies requires parental consent, whereas those between 14 and 18 can consent to their personal data’s processing provided they have access to easily understandable information.
These provisions align with European data protection laws (GDPR), emphasizing transparency and mirroring regulations relative to social media access for minors.
Cybersecurity Measures in the Draft Bill
The draft bill details principles under Article 6 for securing national security’ cyber aspects. It underscores that AI research, development, and usage for national security purposes must ensure accuracy, reliability, security, appropriateness, and transparency. Emphasizing proportional application of these principles depending on the sector is a critical aspect of the bill.
Article 16 further regards AI as a resource to bolster national cybersecurity.
A Dual Governance System for AI Regulation
A “dual” governance setup is evident from the broader legislative framework, as outlined in the articles and government press releases. The draft establishes five main domains: national strategy, national authorities, promotional actions, copyright protection, and criminal sanctions. Additionally, a government mandate is set to align national laws with the forthcoming AI Act and calls for AI literacy programs for citizens.
The national strategy detailed in Article 17 is to be drafted and updated by the governmental office in charge of technological innovation and digital transition, in consensus with the national AI authorities, namely ACN (National Cybersecurity Agency) and AgID (Agency for Digital Italy).
While the Italian Data Protection Authority remains a consultative entity, governance is placed mainly in the hands of the dual agencies. ACN will oversee AI application compliance with inspection and sanction powers, whereas AgID is tasked with executing the national strategy, promoting AI innovation, and defining processes for evaluation, accreditation, and monitoring AI systems.
These two authorities are charged with the critical role of ensuring that AI technologies adhere to both national and European Union legislation. They will jointly manage experimental spaces to develop compliant AI systems, subject to favorable opinions from the Ministries of Made in Italy and Defense.
The strategy aims to foster national collaboration, innovation, and an ethical framework guiding the use of artificial intelligence, securing a balanced approach to the opportunities and challenges presented by this burgeoning technology.
Key Questions and Answers:
Q: What are the key principles regarding privacy outlined in the draft law?
A: The draft law mandates that AI systems respect media freedom, freedom of expression, and ensure objectivity and fairness of information. It also requires lawful, fair, and transparent handling of personal data, with clear communication about data processing connected to AI.
Q: What is Italy’s approach to cybersecurity in the context of AI?
A: The draft bill includes principles to ensure accuracy, reliability, security, appropriateness, and transparency in AI research, development, and usage, especially for national security purposes. It also regards AI as a resource to enhance national cybersecurity.
Q: How will AI be governed according to the draft bill?
A: AI will be governed by a dual system involving the National Cybersecurity Agency (ACN) and the Agency for Digital Italy (AgID), with ACN overseeing compliance and AgID executing the national strategy and promoting AI innovation.
Key Challenges or Controversies:
One of the principal challenges is balancing innovation with privacy and security, requiring a framework that does not stifle technological advancements while protecting citizens’ rights. Another controversy is safeguarding against biases and ensuring objectivity in AI applications to prevent the infringement of human rights.
Advantages:
– Enhances trust in AI applications by enforcing strict privacy and data protection rules.
– Supports national security through the strategic use of AI.
– Promotes transparency in AI decision-making, reducing the risk of unfair or unethical outcomes.
Disadvantages:
– Strict regulations may hamper innovation and competitiveness in a rapidly evolving technology sector.
– Implementation challenges due to the complexity of AI and required continuous updating of laws and regulations.
– Risk of over-regulation which could lead to increased operational costs for AI developers and businesses.
The government of Italy has taken proactive steps towards creating a regulatory environment for AI that aligns with EU policies, including the General Data Protection Regulation (GDPR). If you are interested in learning more about the EU’s approach to AI regulation, consider visiting the official European Union website by following this link.