Investigator: Elif Kiesow Cortez

Abstract:
In light of ongoing efforts on both sides of the Atlantic to set up governance frameworks around AI, this project aims to explore, adopting a comparative methodology, in what ways each side’s governance efforts address privacy-related risks. The EU AI Act with its risk-based approach and the US NIST AI Risk Management Framework will be the focus of the research project, especially since these two frameworks are rapidly becoming more concrete and being readied for implementation. Further, on the part of the EU AI Act, a milestone was reached with the conclusion of a deal between the relevant institutional actors in December 2023 marking the finalization of the trilogue phase of the legislative process. Importantly, besides establishing a risk-based framework, the EU AI Act also ascertains extraterritorial reach which becomes interesting in terms of its privacy-related aspects. Meanwhile across the Atlantic the NIST AI Risk Management Framework might be seen as among the key specific efforts to set up rules and guardrails. Considering the previous (regulatory) successes and failures concerning setting up meaningful regimes for data governance and privacy, this project will seek to map the similarities and differences of the legal frameworks and approaches towards AI technologies and privacy being adopted in the US versus the EU.