Lund University Publications

Software engineering and the AI Act : towards regulatory-compliant AI

• Mark

Wagner, Matthias ^LU

Abstract

Background: The European Union (EU) AI Act (AIA) aims to facilitate trustworthy Artificial Intelligence (AI) systems, especially for safety-critical use cases. Compliance with this new regulation entails a multitude of legal, technical, and organizational challenges for the providers of affected systems.

Objective: This regulatory compliance engineering research aims for an empirical exploration and scoping of the AIA requirements that matter from a technical software engineering perspective. We identify affected systems as well as parts that are especially challenging to comply with, and we explore the act's potential industry impact. Moreover, this research aims to study how technological compliance for selected AIA aspects... (More)

Background: The European Union (EU) AI Act (AIA) aims to facilitate trustworthy Artificial Intelligence (AI) systems, especially for safety-critical use cases. Compliance with this new regulation entails a multitude of legal, technical, and organizational challenges for the providers of affected systems.

Objective: This regulatory compliance engineering research aims for an empirical exploration and scoping of the AIA requirements that matter from a technical software engineering perspective. We identify affected systems as well as parts that are especially challenging to comply with, and we explore the act's potential industry impact. Moreover, this research aims to study how technological compliance for selected AIA aspects could be facilitated by developing artifacts.

Methodology: The design science paradigm marks the frame of this software engineering research. The selection of research methods used in this thesis is threefold and grounded in proven best practices. First, we utilized case studies with semi-structured interviews for the data collection. Moreover, integrative literature reviews were used in most of our studies. To analyze the content of the AIA and related legal material, we used the legal doctrinal method, allowing us to span the domains of both legal studies and engineering.

Results: Our contributions are structured along two phases, following a two-stage approach: (1) empirical exploration and scoping, and (2) applied compliance engineering. Phase 1 lays out which AIA requirements matter from a software engineering perspective and what they set out; what types of systems are affected by which requirements; a ranking for what AIA high-risk AI system requirements are perceived as most challenging to operationalize by industry; and the expected industry impact of this regulation. Phase 2 is part of future work and will focus on certain AIA aspects to work towards technological compliance through artifacts for concrete use cases.

Conclusion: Considering the related literature, this thesis is a valuable primary research contribution to software engineering, where the state-of-the-art remains short of compliance-oriented studies related to the AIA. We hope this work will inspire others to follow along, shedding light on this important topic. (Less)