Taxonomy to Regulation: A (Geo)Political Taxonomy for AI Risks and Regulatory Measures in the EU AI Act

TL;DR

This paper develops a (geo)political taxonomy of AI risks, categorizing 12 risks and assessing the EU AI Act's regulatory measures and gaps for managing these risks effectively.

Contribution

It introduces a novel taxonomy of AI risks focused on (geo)political aspects and evaluates the EU AI Act's effectiveness and areas needing regulatory improvements.

Findings

Identifies 12 AI risks across four categories.

Highlights regulatory gaps in the EU AI Act.

Suggests adjustments for comprehensive risk mitigation.

Abstract

Technological innovations have shown remarkable capabilities to benefit and harm society alike. AI constitutes a democratized sophisticated technology accessible to large parts of society, including malicious actors. This work proposes a taxonomy focusing on on (geo)political risks associated with AI. It identifies 12 risks in total divided into four categories: (1) Geopolitical Pressures, (2) Malicious Usage, (3) Environmental, Social, and Ethical Risks, and (4) Privacy and Trust Violations. Incorporating a regulatory side, this paper conducts a policy assessment of the EU AI Act. Adopted in March 2023, the landmark regulation has the potential to have a positive top-down impact concerning AI risk reduction but needs regulatory adjustments to mitigate risks more comprehensively. Regulatory exceptions for open-source models, excessively high parameters for the classification of GPAI models as a systemic risk, and the exclusion of systems designed exclusively for military purposes from the regulation's obligations leave room for future action.