Artificial Intelligence & Machine Learning,
Next-Generation Technologies & Secure Development,
Standards, Regulations & Compliance
Expert Insights from Jonathan Armstrong on AI Security and Legal Challenges Surrounding the EU AI Act
The landscape of artificial intelligence regulation is changing rapidly, leaving many organizations unaware that they may be in breach of key provisions. In particular, under the stringent compliance demands of the EU AI Act, certain AI-driven security solutions could expose businesses to significant legal vulnerabilities. Jonathan Armstrong, a partner at Punter Southall Law, cautions that some entities may already be employing high-risk AI applications without their cybersecurity teams being aware.
“In many cases, organizations might not even realize they’re using these AI tools,” Armstrong stated. “For instance, we initiated an AI project for a client aiming to identify the AI applications active within their operations. Initially, they anticipated a handful—three or four. However, after conducting an internal survey, they discovered 54 such applications by the time I returned from a brief holiday.”
The escalation in compliance obligations may inadvertently transfer an increased level of personal accountability to Chief Information Security Officers (CISOs). Armstrong argues that it is unlikely that boards and executives will fully grasp or respond adequately to the security risks posed by AI tools. “Regulatory bodies are more inclined to hold the CISO personally liable, under the assumption that they should have addressed any shortcomings at the board level,” he remarked, emphasizing that this expectation should not fall solely upon the CISO.
In a recent video interview with Information Security Media Group, Armstrong elaborated on several critical topics, including the hidden compliance challenges linked to AI-enhanced security and HR systems, the distinctions between AI risk assessments and traditional cybersecurity evaluations, and the necessity for global firms to brace for enforcement actions stemming from the Brussels Effect.
Armstrong, a lawyer with a specialization in compliance and technology, is recognized as a leading authority in the field of cybersecurity. He actively advises clients on navigating GDPR requirements and the associated risks and opportunities presented by AI technologies.
