Posts by bridgebuilder 15 publicly visible posts • joined 31 Jul 2021
Nice initative! It highlights that companies have let themselves be buzzworded and FOMOed into forgetting everything they normally do when procuring something: boring things like writing down what the thingy-to-be-procured is supposed to do, and how well it is supposed to do it.
Admittedly it is not easy since we have been lacking standardised ways of describing aspects of quality of AI at the systems (or solutions) level, not the model level.
Trying to fix this with one of my hats this year, recently made available to the open source community, too: https://www.resaro.ai/asqi
Another link: For a less dramatic but more comprehensive overview of what has been going wrong with AI check out the OECD's AI incident monitor: https://oecd.ai/en/incidents (disclaimer: I have had my hand in designing this one, too).
Horse identification skills confirmed.
On the other point: There is indeed a bit more to it. For AI products/systems and their applications, there is also a lower risk category for which only some (not particularly onerous) transparency requirements apply. But the logic is the same as for high-risk systems.
Article 53 deals specifically with *models* and thus follows a different logic. The Swiss LLM would fall under Article 53 (and the Code of Practice); any system built around the Swiss LLM would fall under whatever the risk category is for that specific system. Could be high-risk, could be transparency requirements, could be forbidden, could be low risk.
Of course, although I am waist-deep in AI governance, IANAL ;)
Chair of CEN-CENELEC JTC21 here, the (admittedly arcanely named) standardisation committee that has the mandate from the European Commission to create the so-called "harmonised standards" for the AI Act.
Adding to the article:
- The AI Act was originally designed in the pre-chatgpt era and mostly sets the rules for AI *products*. The most interesting category here are AI products (or systems) for high-risk applications. These incur the more onerous requirements laid down in articles 8 to 15.
- Having said that, these articles are fairly high level, e.g. they might require human oversight without specifying what that exactly means and how to go about it. An officially acceptable (but not compulsory!) implementation path is described in a set of "harmonised" standards. Whoever follows these standards is automatically deemed to be compliant with the AI Act requirements, hence it will be the preferred method for most organisations. This is what we are developing in JTC21.
- Requirements specifically for foundation models (NOT products!) were bolted onto the draft AI Act only during the final rounds of negotiations in 2023. They work differently, and given that there was no time to develop standards for these requirements, the Code of Practice was created in a more tightly managed dialogue, with the EU in the driving seat rather than a standardisation body. It is possible (but not yet decided) that the Code of Practice will be replaced by an additional set of harmonised standards a few years down the line.
Take this as the opening salvo for an AMA around European AI standardisation ;)
>Why would people suddenly flock to them now?
Because the non-cloudy products are getting worse.
Teams regularly hogging 100% CPU on a decently specced machine? Ah well, lots of people have been complaining for a year but apparently this is not really a priority for MS to fix. Or MS is not capable of fixing it.
>why didn't the guy claim to have invented them himself?
This.
The whole discussion is moot since the operator of the AI can easily submit all those auto-generated "inventions" under their own name.
Prohibiting AI-submitted patents might be a good idea for various reasons but it certainly does not solve the issue of the patent system being flooded with auto-generated applications.
As the saying goes, a cyber attacker only has to be successful once whereas people trying to defend against attacks have to be successful every time. As more and more countries become dependent on their IT infrastructure just to function as countries, more and more countries become vulnerable to Keystone-like events (and worse). Consequently, the appetite for mutual non-cyberaggression pacts will increase (with pacts covering both active attacks and passive attacks in the sense of letting ransomware gangs use the own territory as an operating base).
The hard part is to figure out who to negotiate with ... it won't be enough to assemble the big powers round the table in a recap of 80s nuclear disarmament talks
Icon because the overall geostrategic situation is surprisingly similar.
Not quite.
As has been pointed out, most of the standardisation work is done by experts who are paid by their organisation (often from a standards lobbying budget) but are not paid by ISO. The same applies, incidentally, for the sister organisations IEC and ITU as well as the ISO/IEC JTC1 where a lot of the IT-related standards have their home (AI is subcommittee 42 ... someone read their Hitchhiker's Guide, apparently, but I digress.)
The budgets of ISO, IEC and ITU are used for administration purposes. A lot of admin work is involved in managing approval processes among the national bodies, creating new committees, managing workspaces etc. I am sure there is waste, just like in any bureaucratic organisation, but the comparison with Nominet is rather unfair.
The argument for making standards freely available is solid. This means that ISO, IEC and ITU budgets will need to be funded solely by national body contributions, which in turn means that national bodies need to raise additional income (often this is a government grant). Maybe it is indeed time to do just that.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
