« ENISA セキュリティ認証スキームになりうる領域の調査 他 WebTrust, ISMS, Common Criteria... | Main | 佐藤慶浩さんによる「ISO/IEC 27701「プライバシー情報マネジメントのためのISO/IEC 27001及びISO/IEC 27002への拡張」の解説」 »

2020.06.12

ENISA 人工知能サイバーセキュリティに関するワーキンググループが始動

こんにちは、丸山満彦です。

EUは、社会と経済におけるAIの重要性を認識しているが、AIによるメリットを享受するためには、「AI自体が信頼でき、セキュリティ的に保護されているが必要がある」と考えているようですね。そしてENISAが、アドホックワーキンググループを立ち上げたという流れのようです。

このワーキンググループの目的は

  • AIサイバーセキュリティに関連する課題についてENISAに助言する
  • AI脅威ランドスケープの開発についてENISAを支援する
  • AIのリスクに比例するサイバーセキュリティガイドラインを提供する

ENISA

・2020.06.10 ENISA working group on Artificial Intelligence cybersecurity kick-off

Today, the European Union Agency for Cybersecurity, ENISA, is kicking off the Ad-Hoc Working Group on Cybersecurity for Artificial Intelligence, marking another milestone in the Agency’s work on emerging technologies.

 

■ 参考

● Europian Union

・2020.02.19 [PDF] WHITE PAPER - On Artificial Intelligence - A European approach to excellence and trust

EUは、

  • AIの導入を促進する
  • AIの利用によりもたらされるリスクに対処する

ことが重要であり、そのために

  • 投資
  • 規制

を巧く効かせることが重要と考えているようですね。

そして、この白書は、上記の考えを実現するための政策オプションを提示することにあるようです。

 

内容 ↓

1. INTRODUCTION

2. CAPITALISING ON STRENGTHS IN INDUSTRIAL AND PROFESSIONAL MARKETS

3. SEIZING THE OPPORTUNITIES AHEAD: THE NEXT DATA WAVE

4. AN ECOSYSTEM OF EXCELLENCE

A. WORKING WITH MEMBER STATES

Action 1: The Commission, taking into account the results of the public consultation on the White Paper, will propose to the Member States a revision of the Coordinated Plan to be adopted by end 2020.

B. FOCUSING THE EFFORTS OF THE RESEARCH AND INNOVATION COMMUNITY

Action 2: The Commission will facilitate the creation of excellence and testing centres that can combine European, national and private investments, possibly including a new legal instrument. The Commission has proposed an ambitious and dedicated amount to support world reference testing centres in Europe under the Digital Europe Programme and complemented where appropriate by research and innovation actions of Horizon Europe as part of the Multiannual Financial Framework for 2021 to 2027.

C. SKILLS

Action 3: Establish and support through the advanced skills pillar of the Digital Europe Programme networks of leading universities and higher education institutes to attract the best professors and scientists and offer world-leading masters programmes in AI.

D. FOCUS ON SMES

Action 4: the Commission will work with Member States to ensure that at least one digital innovation hub per Member State has a high degree of specialisation on AI. Digital Innovation Hubs can be supported under the Digital Europe Programme.

The Commission and the European Investment Fund will launch a pilot scheme of €100 million in Q1 2020 to provide equity financing for innovative developments in AI. Subject to final agreement on the MFF, the Commission’s intention is to scale it up significantly from 2021 through InvestEU.

E. PARTNERSHIP WITH THE PRIVATE SECTOR

Action 5: In the context of Horizon Europe, the Commission will set up a new public private partnership in AI, data and robotics to combine efforts, ensure coordination of research and innovation in AI, collaborate with other public-private partnerships in Horizon Europe and work together with the testing facilities and the Digital Innovation Hubs mentioned above.

F. PROMOTING THE ADOPTION OF AI BY THE PUBLIC SECTOR

Action 6: The Commission will initiate open and transparent sector dialogues giving priority to healthcare, rural administrations and public service operators in order to present an action plan to facilitate development, experimentation and adoption. The sector dialogues will be used to prepare a specific ‘Adopt AI programme’ that will support public procurement of AI systems, and help to transform public procurement processes themselves.

G. SECURING ACCESS TO DATA AND COMPUTING INFRASTRUCTURES

H. INTERNATIONAL ASPECTS

5. AN ECOSYSTEM OF TRUST: REGULATORY FRAMEWORK FOR AI

A. PROBLEM DEFINITION

Risks for fundamental rights, including personal data and privacy protection and nondiscrimination

Certain AI algorithms, when exploited for predicting criminal recidivism, can display gender and racial bias, demonstrating different recidivism prediction probability for women vs men or for nationals vs foreigners. Source: Tolan S., Miron M., Gomez E. and Castillo C. "Why Machine Learning May Lead to Unfairness: Evidence from Risk Assessment for Juvenile Justice in Catalonia", Best Paper Award, International Conference on AI and Law, 2019

Certain AI programmes for facial analysis display gender and racial bias, demonstrating low errors for determining the gender of lighter-skinned men but high errors in determining gender for darker-skinned women. Source: Joy Buolamwini, Timnit Gebru; Proceedings of the 1st Conference on Fairness, Accountability and Transparency, PMLR 81:77-91, 2018.

Risks for safety and the effective functioning of the liability regime

Under the Product Liability Directive, a manufacturer is liable for damage caused by a defective product. However, in the case of an AI based system such as autonomous cars, it may be difficult to prove that there is a defect in the product, the damage that has occurred and the causal link between the two. In addition, there is some uncertainty about how and to what extent the Product Liability Directive applies in the case of certain types of defects, for example if these result from weaknesses in the cybersecurity of the product.

B. POSSIBLE ADJUSTMENTS TO EXISTING EU LEGISLATIVE FRAMEWORK RELATING TO AI

C. SCOPE OF A FUTURE EU REGULATORY FRAMEWORK

D. TYPES OF REQUIREMENTS

 a) Training data
 b) Keeping of records and data
 c) Information provision
 d) Robustness and accuracy
 e) Human oversight
 f) Specific requirements for remote biometric identification

E. ADDRESSEES

F. COMPLIANCE AND ENFORCEMENT

G. VOLUNTARY LABELLING FOR NO-HIGH RISK AI APPLICATIONS

H. GOVERNANCE

6. CONCLUSION

AI is a strategic technology that offers many benefits for citizens, companies and society as a whole, provided it is human-centric, ethical, sustainable and respects fundamental rights and values. AI offers important efficiency and productivity gains that can strengthen the competitiveness of European industry and improve the wellbeing of citizens. It can also contribute to finding solutions to some of the most pressing societal challenges, including the fight against climate change and environmental degradation, the challenges linked to sustainability and demographic changes, and the protection of our democracies and, where necessary and proportionate, the fight against crime.

For Europe to seize fully the opportunities that AI offers, it must develop and reinforce the necessary industrial and technological capacities. As set out in the accompanying European strategy for data, this also requires measures that will enable the EU to become a global hub for data.

The European approach for AI aims to promote Europe’s innovation capacity in the area of AI while supporting the development and uptake of ethical and trustworthy AI across the EU economy. AI should work for people and be a force for good in society.

With this White Paper and the accompanying Report on the safety and liability framework, the Commission launches a broad consultation of Member States civil society, industry and academics, of concrete proposals for a European approach to AI. These include both policy means to boost investments in research and innovation, enhance the development of skills and support the uptake of AI by SMEs, and proposals for key elements of a future regulatory framework. This consultation will 26 allow a comprehensive dialogue with all concerned parties that will inform the next steps of the Commission.

 

 

|

« ENISA セキュリティ認証スキームになりうる領域の調査 他 WebTrust, ISMS, Common Criteria... | Main | 佐藤慶浩さんによる「ISO/IEC 27701「プライバシー情報マネジメントのためのISO/IEC 27001及びISO/IEC 27002への拡張」の解説」 »

Comments

Post a comment



(Not displayed with comment.)


Comments are moderated, and will not appear on this weblog until the author has approved them.



« ENISA セキュリティ認証スキームになりうる領域の調査 他 WebTrust, ISMS, Common Criteria... | Main | 佐藤慶浩さんによる「ISO/IEC 27701「プライバシー情報マネジメントのためのISO/IEC 27001及びISO/IEC 27002への拡張」の解説」 »