The Cyber Legislations Governing AI – India & EU

THE CYBER LEGISLATIONS GOVERNING AI: – India and EU

By Chintan Manoj Kumbharikar, Intern, Seth Associates

Keywords- Artificial intelligence, cyberlaw, Generative AI, Data Protection

INTRODUCTION TO CYBER LAW:

Cyber Law is the law governing cyber space. Cyber space is a wide term and includes computers, networks, software, data storage devices (such as hard disks, USB disks etc), the Internet, websites, emails and even electronic devices such as cell phones, ATM machines etc. CyberLaw encompasses the regulations governing cyberspace, rules of conduct that have been approved by the government, and which are in force over a certain territory, and which must be complied with by all persons in that territory. Violation of these rules would lead to government action such as imprisonment or fine or an order to pay compensation. Cyber law includes laws relating to – cyber-crimes, electronic and digital signatures, intellectual property and data protection and privacy.

CYBER LAWS IN INDIA: – Every innovation has its own demerits and challenges that come forth. The Artificial Intelligence being one of the emerging technologies in Cyberspace is ever evolving and dynamic perse, therefore, it needs a greater attention so that it can be regulated appropriately.

Dr. Karnika Seth in her book “Computers, Internet & new technology laws” discusses AI and notes that the internet users across the world have crossed 3.3 billion, according to reliable reports. As on Nov. 30 2015, there were around 1,622,084,293 internet users in Asia. India has enacted IT Act,2000 to regulate the computer tech. AI is the emerging technology that involves various legal issues suchas IP protection, rising cybercrimes due to morphing , deepafakes all involving tech misuse and legal issues yet to be answered. India’s approach to regulating AI is still evolving and is primarily covered under broader legal frameworks rather than AI specific laws.

DIGITAL INDIA BILL: The Digital India Dialogues was held on 09.03.2023 in Bengaluru, Karnataka. The Ministry of Electronics and Information Technology presented the goals, objectives and etc of the DI Act,2023. This Act is yet to be brought into force in the form of a statute as the Act is in its drafting stage, the Act aims to ensure that Indian Internet is Open, Safe, Trusted and Accountable to Accelerate the growth of innovation and technology ecosystem. The aim or goal is basically to manage the complexities of internet and rapid expansion of the types of intermediaries, create a framework for accelerating digitalization of Government and to strengthen democracy and governance (G2C).

DPDP ACT: This Act contains 44 sections and is recently enacted in India. The Act regulates the governance of personal data collected by organisations, and aims at protecting the individual’s privacy by empowering them with rights over the manner in which their data is collected ,processed and stored. Following are the key features of the Act:

a). Lawful basis of processing concerning explicit notice and consent and certain legitimate uses

b). Data localisation rules relaxed allowing transfers across jurisdictions unless specifically notified

c). Data processing agreements mandatory before outsourcing activities to third parties

d). Financial penalties up to INR250 crore per instance of non-compliance with the law

e). Periodic Data Protection Impact Assessments made mandatory for Significant Data Fiduciary

f). Personal data in public domain excluded from scope.

In K.S. Puttaswamy V/s. UOI, 2017 (10)SCC 1, it was held that the right to privacy is a fundamental right in Article 21 as enshrined in the Constitution of India.

THE IT ACT, 2000: The Information technology Acts is a very important statute that helps in curbing cybercrime and regulating the cyber space in many ways. Some of the main features are mentioned below:

1). The Act provides a legal framework for the enforcement of electronic and digital signatures and records.

2). The Act also serves as a catalyst in dealing with the multi-dimensional challenges which are posed due to the technology and internet. It mainly deals with offences related to; computers, computer systems & network, with provisions to address the cybersecurity risks with emerging technologies.

3). There are a lot of challenges in the cybercrimes and E-Commerce. In today’s times the E-Commerce is evolving on a rapid rate which includes online transactions, in order to ensure safe and secure use of internet for e-commerce and otherwise.

EUROPEAN LAWS ON A.I.: The EU AI Act, a Regulation laying down harmonised rules on artificial intelligence (Artificial Intelligence Act), is a comprehensive legislative proposal by the European Commission aimed at regulating artificial intelligence (AI) systems across the European Union. The EU AI Act is extensive and covers various aspects of AI governance. The EU AI Act aims to balance innovation in AI technologies with ensuring fundamental rights, safety, and consumer protection. It is part of the EU’s broader digital strategy to create a trustworthy AI environment in Europe. An important section of the EU AI Act deals with the pre-market conformity requirements under the Artificial Intelligence Act. It has developed a concept of AI risks as stated below:

High-Risk AI and Data-Driven Systems: The AI Act identifies certain AI systems that pose high risks to health, safety, or fundamental rights of individuals. These systems must adhere to stringent requirements before they can be placed on the European market.

EU Benchmarks: These benchmarks encompass various criteria such as safety, compliance with legal requirements, and ethical standards. They are designed to ensure that AI systems are developed and used in a manner that aligns with fundamental rights and values.

CE (Conformite Europeene) Marking: Similar to other products governed by EU regulations, high-risk AI systems need to undergo a conformity assessment. If they meet all the criteria, they receive a CE marking. This marking indicates that the product complies with EU standards and is safe for consumers within the European Economic Area (EEA).

Article 43 paragraph 6: Article 43 paragraph 6 aims to prevent or avoid risks with regard to health, safety and fundamental rights. This structure organizes the EU AI Act into distinct parts that address various facets of AI regulation, ranging from general provisions and specific requirements for high-risk AI systems to enforcement mechanisms, governance, and provisions for biometric identification technologies. Each of the above section delineates the corresponding rules and obligations that stakeholders must adhere to under the proposed regulation. For the most detailed and up-to-date information, consulting the official documents and updates from the European Commission is recommended.

High-Risk AI Systems: Classification of High-Risk AI Systems (Article 6)- High-risk AI systems are those that pose significant risks to health, safety, or fundamental rights, including in areas like healthcare, law enforcement, and critical infrastructure. for Risk Management the Providers must implement risk management systems throughout the AI system’s lifecycle, non-compliance may lead to fines up to 6% of the annual worldwide turnover for the most serious breaches.

CONCLUSION: –

India currently lacks a comprehensive AI law .The government proposes to enact few provisions to regulate high risk systems in DIA Act. The government is actively working on policies and guidelines to address the legal, ethical, and regulatory challenges posed by AI. As AI technology continues to evolve, more specific regulations and frameworks are likely to be developed to ensure safe and responsible use of AI. One such standard has been proposed by NITI Ayog. Technology can be a catalyst for betterment of society but it can also be a bane. Therefore, any emerging technology needs to be adequately regulated so that its aim is not lost due to its misuse.

BIBLIOGRAPHY: –

Royal Society Publishers – https://doi.org/10.1098/rsta.2018.0080
https://www.geeksforgeeks.org/information-technology-act-2000-elements-applicability-and-amendments/#it-act-2000-electronic-commerce-and-internet
Computers, Internet & new technology laws By- Dr. Karnika Seth
IPR & Cyberspace by Rohas Nagpal – https://www.osou.ac.in/eresources/introduction-to-indian- cyber-law.pdf
Bengaluru India Dialogue GOI proposed bill-

https://www.meity.gov.in/writereaddata/files/DIA_Presentation%2009.03.2023%20Final.pdf

AZB and Partners: – Digital Personal Data Protection Act, 2023 – Key highlights.

https://r.search.yahoo.com/_ylt=AwrPqgmoDnlmgbo7Vh67HAx.;_ylu=Y29sbwNzZzMEcG9zAzEEdnRpZAMEc2VjA3Ny/RV=2/RE=1719238441/RO=10/RU=https%3a%2f%2fwww.azbpartners.com%2fbank%2fdigital-personal-data-protection-act-2023-key-highlights%2f/RK=2/RS=Yi2VetFvHP1l2fkocglwGDKABmU-

The EU AI Act: A pioneering effort to regulate frontier AI?- Paper by –Guillem Bas, Claudette Salinas, Roberto Tinoco, Jaime Sevilla; Journal- journal.iberamia.org

Citation – Bas, Guillem & Salinas Leyva, Claudette & Tinoco, Roberto & Sevilla, Jaime. (2024). The EU AI Act: A pioneering effort to regulate frontier AI?. Inteligencia Artificial. 27. 55-64. 10.4114/intartif.vol27iss73pp55-64

European draft legislation on artificial intelligence: Key questions answered, Article by: – Darko Stefanoski – Partner, law leader in financial services (EY AI)

Stanford – Vienna Transatlantic Technology Law Forum, Transatlantic Antitrust and IPR Developments, Stanford University, Issue No. 2/2021

https://artificialintelligenceact.eu/ai-act-explorer

Act: Comparing India’s approach with principles embedded in first of its kind EU legislation” Article by: Shweta Bharati & Pranshu Singh – https://www.barandbench.com/law-firms/view-point/eu-artificial-intelligence-act-comparing-india-approach

https://www.geeksforgeeks.org/information-technology-act-2000-elements-applicability-and-amendments/#it-act-2000-electronic-commerce-and-internet

Converted to HTML with WordToHTML.net