noun_Email_707352 noun_917542_cc Map point Play Untitled Retweet Group 3 Fill 1

Strategic Foresight: How will EU regulatory impact Responsible AI, Data and Cloud strategies?

Analyzing upcoming EU regulations on data, cloud, and responsible AI, our strategic foresight assesses their impact on sovereignty, security, and sustainability efforts.

Wenche Karlstad / June 20, 2023
Read the full Strategic Foresight on the EU’s digital policies.

To stay ahead of the game, you need to be able to proactively analyze the impact of upcoming EU legislation, regulatory, and policy on your Data, Cloud, and AI strategies.

Our Strategic Foresight paper provides unparalleled insights from EU institutions, Nordic decision-makers, and security specialists on upcoming EU initiatives for sovereignty, security, and sustainability.

The value of data is well understood in the Nordic countries. Companies and public bodies are looking to increasingly put their data in good use with the help of innovative technologies. In the meanwhile, the growing legal maze governing the use of data, cloud and artificial intelligence (AI) is often cited as a key obstacle for organisations looking to deploy innovative technologies. With new major EU regulatory initiatives under preparation, it is now more important than ever for organisations to proactively analyse and consider the impact of upcoming legislation in their data, cloud and AI strategies. One of the major regulations is the EU Artificial Intelligence Act (AI Act) setting a global standard through a risk-based classification and regulation of AI systems.

Organisations should proactively assess their use of AI from ethical and sustainability perspectives. By doing so, they can prepare themselves for upcoming regulations, such as AI Act, and develop policies and user guidance for the responsible AI use."

,

Strategic Foresight EU digital policies.png
Click to enlarge

The Commission of Ursula von der Leyen aims to strengthen European digital sovereignty by enhancing Europe's control over its data and digital capabilities. Simultaneously, the Commission promotes innovation within the continent. The focus on data, cloud services, and the regulation of artificial intelligence (AI) reflects these sovereignty objectives. With the end of the von der Leyen Commission approaching in 2024, no new initiatives are expected. However, navigating the evolving policy landscape has been challenging for users of data and cloud services, leading to uncertainty around transatlantic data flows and cloud transformation under European Union privacy rules. Understanding the policy landscape is crucial for those working in these areas.

Impacts of digital regulations on sovereignty

After the landmark Schrems II ruling in 2020 and the looming risk of foreign authorities’ access to critical data, Nordic organisations have experienced a degree of uncertainty. Specifically, this uncertainty revolves around transfers of personal data. The EU Commission is currently looking to relieve these uncertainties with a new data pact between the EU and the US (Data Privacy Framework). At the same time, the EU is preparing initiatives to enhance Europe’s digital sovereignty, most notably, through security labelling of cloud services and new risk-based rules on AI products and services. Organisations can adapt to the changes proactively by exploring multi-cloud solutions for different types of data and assessing the ethical and security risks associated with the use of AI.

With new major EU level regulatory initiatives under preparation, it is now more important than ever for organisations to proactively analyse and consider the impact of upcoming legislation on their data, cloud, and AI strategies."

,

Digital sovereignty regulatory.jpegEstimated timeline for key digital sovereignty related EU regulatory initiatives. (Click to enlarge)

 

Recommendations and action points for Data, Cloud, and responsible AI strategies:

  • Organisations should prepare for data transfer uncertainty and conduct regular risk assessments. The upcoming EU-US Privacy Framework can be reliably trusted upon only for a 2 – 3 years’ time, pending an EU level court decision.
  • Organisations should consider sovereign cloud for processing and storage of the most sensitive data to ensure security and compliance with upcoming regulations (such as the EUCS sovereignty requirements).
  • Organisations should prepare for an increasingly complicated regulatory framework (e.g., the AI Act and the Data Act to co-exist with the GDPR). With increasingly diverse national implementations of data and cloud policies, organisations are recommended to conduct country level compliance strategies.
  • Organisations planning to utilise AI applications should implement responsible AI to ensure legality and ethical standards in the AI development and AI use cases. They should conduct regular impact assessments, as large uncertainties loom with the scope of the upcoming EU AI regulations.

Organisations should consider adopting sovereign cloud solutions for processing and storage of their most sensitive data. This approach ensures enhanced security and compliance with upcoming regulations, such as the EUCS sovereignty requirements."

,

Impacts of digital regulations on security

Security landscape in Europe has changed dramatically after the Russian invasion of Ukraine in February 2022, accelerating the development of new regulation on cybersecurity and critical infrastructures. While security needs are urgent, new legislation takes years to prepare and finalise. It is therefore no longer sufficient for organisations to merely react to new legislation; they should proactively consider their role and responsibilities in the security landscape, preparing for new laws in the making, such as the Cyber Solidarity Act (CSA) and the Critical Entities Resilience Directive (CER).

Organisations should proactively consider their roles and responsibilities in the security landscape, preparing for upcoming legislation, such as the Cyber Solidarity Act (CSA) and the Critical Entities Resilience Directive (CER) currently under development."

,

Data security regulatory.jpeg
Estimated timeline for key security related regulatory initiatives. (Click to enlarge)


Recommendations and action points for security:

  • Organisations should assess whether they are likely to be included in the scope of the growing body of regulation aimed at critical infrastructure (e.g., the upcoming CER directive). With the rapid pace of change, those who fail pro-actively plan compliance will risk facing sanctions.
  • To comprehensively understand the rapidly changing trends of global politics, companies should deploy specialists in hybrid threats and experts in societal changes.
  • Organisations in critical sector should pro-actively engage in dialogue with both the EU level and national decision makers to clarify their role in the changing security landscape and ensure security in collaboration with the public sector.
  • The private sector is more agile that EU regulations to respond to rapid changes in the geopolitical environment, and therefore companies should be confident of participating pro-actively in the security field and take the leading role there.

Impacts of digital regulations on sustainability

Sustainability considerations are increasingly impacting the use of data and AI in Nordic organisations. Furthermore, sustainability considerations are influencing their choice of cloud service providers. Currently, the industry and self-regulation are in the driver’s seat when it comes to sustainability standards applied to digitalisation and data centres. However, the EU is ramping up its efforts to increase sustainability of these sectors through regulation. The most notable development – the EU Sustainable Finance Taxonomy – divides economic activities into green and non-green categories based on technical criteria laid down in legislation, requiring companies to disclose the percentage of their business that meets these criteria. The Taxonomy framework will be implemented in segments, with parts of it already applicable and reporting requirements gradually growing. Organisations should proactively invest in the collection and analysis of their non-financial data, thereby preparing for the tightening regulation seizing the opportunity to utilise sustainability data for business growth.

As sustainability reporting requirements, such as ESG reporting, are increasing, companies should invest in real-time sustainability data collection and data governance. Companies can act as pioneers in the change toward a more sustainable processes and supply chain."

,

Sustainability regulatory.jpeg

Estimated timeline for key sustainability related regulatory initiatives. (Click to enlarge)



Recommendations and action points for responsible AI:

  • As sustainability regulations continue to evolve, companies should plan changes by implementing scalable and flexible AI applications to adapt to new regulations.
  • Organisations should strive for early compliance with the voluntary EU Sustainability Finance Taxonomy standards as preparation for the tightening sustainability regulation.
  • Organisations should take pro-active steps to assess their use of responsible AI from ethics and sustainability perspective. Thereby preparing themselves for the tightening regulation in the field and develop policies and user guidance for responsible AI use cases.
  • As sustainability reporting requirements, such as ESG reporting, are increasing, companies should invest in real-time sustainability data collection and data governance. Companies can act as pioneers in the change toward a more sustainable processes and supply chain.


With new EU regulations on the horizon, organisations are expected to proactively analyze and incorporate the upcoming legislation into their strategies for data, cloud native, and responsible AI. Our Strategic Foresight Report provides invaluable insights from EU institutions, Nordic decision-makers, and security specialists on sovereignty, security, and sustainability.

Read the full Strategic Foresight on the EU’s digital policies.


At Tietoevry Tech Services, we are dedicated to driving enterprise-wide digital transformation. We help organisations and companies with their cloud, data, and AI strategies, enabling them to capitalize on new opportunities in today's dynamic business environment. Our expertise lies in modernizing the digital landscape of our customers, empowering them to stay ahead in an ever-evolving market.

READ WHITEPAPER NOW

Wenche Karlstad
Head of Digital Sovereignty Initiatives

Wenche is passionate about creating value for our customers and enabling growth with attractive service offerings. She has near twenty years of experience in the IT business with different roles within management and advisory, bringing new services to the market.

In her current role as Head of Strategic Differentiation Programs at Tietoevry Tech Services, she is leading a global team of experts and managers.

Share on Facebook Tweet Share on LinkedIn