> Transparency in Model Training: Companies must disclose information about the data used to train AI models, ensuring that the process is transparent and accountable.
Big win for open source right there. Knock knock, it's the dataset inspector, open up!
> Compliance with EU Copyright Rules: Ensuring that AI models respect intellectual property rights.
This one's gonna be a rather tall order. Probably means removing all copyrighted material from the training set?
I interpret the text in the Act and the Directive that "opt-in" is still the default.
The "opt-out" clause applies only to research and preservation. Researchers and archivists don't have to ask the rightsholder unless the content is flagged. Commercial users always have to.
If I am not mistaken, Article 4 of „the copyright directive in the Eu single market“, indicates an opt out model for text and data mining on copyrighted material in the case for commercial use.
You're right. The paragraph in the act (105) isn't very well written.
You could interpret it as "opt-in required" until you read the referred document or the last sentence.
> The EU Commission is vested with the authority to impose fines of up to €35 million ($38 million) or 7% of a company’s annual global revenue, whichever is higher.
That seems significantly more severe than other similar legislation. I'm glad to see that the commission is taking the issue seriously.
GDPR was created to legitimise trade of personal data. It was done in a two step approach. First there was a cookie law, to train people to give consent to anything that pops up without reading, then GDPR where people give consent to data processing without even thinking about it.
Then big corporations have a legal basis for trade of such data where before GDPR it was a grey area. Now they can say - users have consented for us to slice, dice and sell all the data related to them.
GDPR was never about protection or to benefit citizens. One of the greatest deceptions.
The point is, users are accustomed to clicking whatever without reading for it to go away as quickly as they can.
They were trained on benign cookie banners and GDPR consent popups look very much the same but are more consequential. Most people don't even understand the difference.
It's not a conspiracy. States never work for benefit of the general public, but for big corporations that "lobby" for the policies that suit them.
I understood your point. I’m saying it’s silly and you’re a conspiracist. Clicking things away without reading is an innate behavior of every normie and people who don’t read well, even when they first start using computers.
> First there was a cookie law, to train people to give consent to anything that pops up without reading
People sitting in front of computers have been blindly clicking Yes to get work done for decades. I remember decades ago watching dumbfounded as people would click through Windows' orgasmic install dialogs (Yes, Yes, Yes, Finish) without ever reading or understanding what they were doing.
That's not the same. Most GDPR consent pop ups are exactly the same as "benign" cookie banners people are trained to mindlessly click to go away, actual giving consent for their data to be repackaged and sold.
This is not my experience with GDPR. The short-term response of the ad tech industry has been to not change their ways, but to address this issue with disclaimers. This is where the cookie pop-ups and thoughtless consent interaction patterns come from.
GDPR was never about these pop-ups. It is about getting actual consent.
"By clicking on the button below, you consent with us and our 381 partners to do whatever the hell they want" may be legally acceptable in the US, but in the EU it isn't.
I know for a fact that lawyers and activists are currently challenging these patterns.
Using disclaimers to address GDPR is the short-term solution that was shaped by a US-led ad tech industry to address an EU law. I'd be surprised if 5 years from now these pop-ups are still the norm.
Also, the popups are designed to be annoying in a way that you click through blindly. Companies can easily comply with these laws without being as obtrusive, e.g. using gradual permissions, using less jarring ui elements, or simply reducing the scope of their cookies in the first place.
Since that fine was imposed, they used that private data to improve their algorithms with, amongst other things, AI technology designed to addict your children to Facebook Reels, which is like TikTok, but with a bigger budget for training and inference.
In that year, their market cap doubled from 600 billion to 1.2 trillion.
I'm sure that fine of 0.1% of their market cap -- that they haven't paid -- is discouraging them from earning the next trillion dollars using the same kind of data.
The Biggest GDPR Fines of 2023
Meta - €1.2 billion (Ireland)
Meta - €390 million (Ireland)
TikTok - €345 million (Ireland)
Criteo - €40 million (France)
TikTok - €14.5 million (UK)
Axpo Italia Spa - €10 million (Italy)
Tim S.p.A. - €7.6 million (Italy)
WhatsApp - €5.5 million (Ireland)
Regulation is welcomed, have a read on the reports and the view of top ML scientists at the AI Summit in Seoul, South Korea.
To me it seems like « not enough » somehow. €35 million is peanuts to a trillion dollar company. They are just going to end up doing a risk-cost analysis and decide to take their chance not obeying the framework.
GDPR fines scale up way more in my understanding.
EDIT: Strike that! I’m just bad at reading comprehension.
This is standard EC serious-regs-for-big-companies fare. Don’t get too excited; the largest fine of this type ever was for Facebook, a bit over a billion, and about eight years after the relevant law (the GDPR) came into force.
So much of our global computing infrastructure is outside the US that when people complain about lack of tech industry outside US, I find it laughable. I hate that tech has been reduced to only the software side, mostly because it makes a lot of money. But all the physical technology and it's innovation happens outside US, it's just not seen because they don't slap their logo on everything.
I like mistral very much, and this is the kind of company that is still giving me hope. However from a market size POV it is completely inexistant compared to giants like openAI, or even google with gemini.
It’s still a very very tiny and fragile company. I will be proven wrong once it reaches the hundred of millions customers, and become one the first EU tech giant since the past 25 years.
Unity re-homed to the US. SAP is a company that inflicts itself upon the industry: it is truly garbage-tier software. Nokia is a pale shadow of what it once was. Larian, OK? They're a game studio. Spotify just annihilated its workforce.
Companies with any flex in Europe are shambolic things that prey (see SAP) on customers working in a highly-regulated industry.
Companies is not somehow the highest form of tech. Academic contributions are equally as valid. I understand we are on HN but let's not overtly glorify companies this much.
Or rather preventing moving goalpost. You’re citing nokia, founded in the 19th century, and SAP, founded 54 years ago, as a counter-argument to my assertion that EU isn’t good at creating tech companies. Should I have added that i was talking about the current century ?
You also talk about university and technologies created in their research labs. Which is totally irrelevant to my point.
I’m talking about the fact that EU definitely has a problem in its ability to create strong technology business and brands, and that it’s starting to become a huge problem for our economy. It was an economical statement, and you completely missed the point.
Nope, I thought you would be clever enough to fill the remaining ...
Those university research labs power many computing stacks nowadays, without which the American companies that depend on them for their existence would have had a complete different outcome going to market.
Rest assured, thanks to the way US is behaving with globalisation, if we don't get ourselves busies fighting yet another war, we might as well create The Great Wall of Europe, with Linux Desktop running on RISC-V.
There you have it, Finn technology, with a Swiss hardware consortium.
Economy as in “making profit and creating jobs”. Which those american tech companies do, and our university don’t. i’m not even sure if you’re trolling now..
We're mostly good at selling out here. We had one of the biggest and most innovative electronics industries on the planet. Then Philips bought them all and sold them.
They are good at keeping them small. Interestingly the EU throws around massive amounts of research money, without showing any interest in monetizing the results. Who else remembers the 400 million Euro (which was a lot of money at that time) being thrown at the search engine project Quaero?
In tech markets if your product/service is good, it very easily becomes a monopoly, because adoption is easy and there is no reason for users to stick with an inferior product.
Of course monopolies are still harmful. But that is beyond the point I am making. US tech companies aren't monopolies because of lack of regulation, but rather because they just have better products.
No doubt in the quality and time to market, however every single of these monopolistic companies have done monopolistic actions like bundling products, abusing their platforms, etc. After the initial success, their behavior matters.
It's not always easy to tell artificial bundling from genuine synergies. E.g. due to yet another EU regulation we don't have a proper integration between Google search and Google maps any more, and it definitely feels like a worse product from user's perspective
I would contend that is not the only reason. Plenty of times the bigger companies are just buying up their competitors. The most famous example being Instagram. Instagram could have been it's own big company, but now it's part of a monopoly. And that's just a big example which happened semi amicably. There are plenty of documented cases of VC funded companies throwing their weight around.
As a EU citizen, if I had to chose between those two, I'd go for regulating.
Sure, I don't get perks like SV level salaries (and the costs of living to go with it), but I do believe regulation like this takes a large amount of vision and courage, and I'm proud the EU is going for it.
If you think about it, without regulation, whatever is technically possible will be done because somebody profits in some way from it, or merely enjoys it. A lot of really horrible things are technically possible.
I agree; also an EU citizen, working with AI. I think regulation can be a great forcing function for creating more effective, thoughtful, and overall better products.
But one thing that I think is better across multiple products is my ability to request that my identifying information be removed from a service within a reasonable time frame. Or the ability to minimize storing/sharing of my personal information when using a service. Or being able to obtain a copy of the data a company has on me.
EU regulates tech companies because they are foreign. Go see the EU regulation on ICE cars to see the stark difference.
Europeans like you need to realize that you have been fed a whole lot of moral superiority propaganda by pro-EU entities; none of which has any merit. Go look at how much they regulate Bayer to give but one example.
I actually was thinking about saying "maybe you can only do the one, not the other". I think it's naive to assume that any one country or association will regulate without regarding the effects on their economy and political position. Sad, but logical.
Doesn't make this piece of regulation bad. FWIW, I did applaud the US for going hard after VWs Diesel shenanigans.
As somebody from Europe I can't agree more about the moral superiority thing. Feels like Europe has cultivated its own version of "saving face" during the last decades.
The problem with that approach is it can leave you powerless to foreign governments in the long run.
Without airbus for example, the US would be able to impose all kinds of rules on Europe. The US could’ve said that any airline purchasing American commercial aircraft must adhere to the US travel ban list.
If you talk about the EU as an entity, the only power it has is to regulate. It’s the only thing it can do.
If you talk about the EU countries, the reason they’re not good at tech is because they’re too small to provide a market big enough to sustain a large tech company
IMHO more power ahould be given to the EU so that we can create EU wide companies, and protect those companies from foreign powers
I wish this meme would die whenever this topic is brought up. The EU is doing just fine in the tech industry, as sibling comments point out. What you might call excessive red tape and regulations, I see as much needed controls over an industry drunk on its own Kool-Aid, with little regard about the impact on its customers and society at large, often even maliciously so, fueled only by the promise of ever-increasing profits they made to their investors.
This opinion might be controversial on a forum run by a VC titan, but people in this industry need to realize that they're part of the problem.
There is no market in the EU, or at least not one you can figure out or communicate with. Imagine trying to sell widgets in the US but you don't know the laws, cant speak English and you cant pronounce widget. Then when you learn all that you get one state and your mind resets back to not knowing laws, English or what your product is called. This happens with each new state you conquer.
For better or worse, that’s exactly what’s going to happen mostly.
And as a non EU European citizen, thank you for saying « Europeans » and not « EU Citizens »! We get most of the downsides, but none of the upsides..
I unfortunately live in a small and « complicated » (3 languages for less than 9 million inhabitants) country landlocked in the EU. So in theory I shouldn’t be affected, but in reality either companies don’t care enough to make the distinction, or the EU ends up strong arming my government into adopting their regulation.
Yes for those of us who live in Switzerland it is quite annoying to be conflated with the EU and then be blocked from stuff for no reason.
For anyone reading this who gets assigned to work on compliance blocking, please remember at all times that there are quite a few countries in Europe that are not EU members - and often it's because of the EU's heavy handed approach to things, as visible here!
To avoid the recent fashion of using people as guinea pigs for alpha and beta versions of immature products if they endanger lives, for example.
To avoid deploy subliminal techniques beyond a person’s consciousness or purposefully manipulative or deceptive techniques, with the objective, or the effect of materially distorting the behavior of a person.
Do you want to expand on how you think that will happen? So far GDPR was quite successful in limiting some bad behaviour from the US companies with next to no access issues. Why would the AI act be different?
Bard launched nearly everywhere except the EU. Staged rollout are intended to catch bugs, you don't do a staged rollout and and then wait for a year with half the servers upgraded.
GDPR led directly to many US local news sites blocking access to Europe, but that was at the start of the EU Commission's anti-tech turn. Back then the GDPR's percentage-of-global-revenue based fine was novel and shocking, now they're doing it for nearly everything.
In the mean time the costs of excluding the EU have been going down as RoW grows economically, whilst the fines generated by being in the market keep going up. And the perception has become in the US that GDPR wasn't a one-off motivated by genuinely different beliefs about privacy in Europe, it was just a politically and financially motivated grab at US firms from a government that has proven itself uninterested in enabling a competitive tech landscape, meaning engaging in compliance activities just invites yet more onerous regulation.
This is then doubled up by a second problem. The EU is an ideology and HN is full of "EU citizens" who deny this basic problem, but a lot of people have direct experience now of working on regulatory compliance for the EU and have come away baffled by rules that appear literally impossible to follow no matter what you do. Even the most obvious good faith attempts will be mysteriously revealed years later to have been illegal from the start, amongst a chorus of cheers from those who claimed that everyone should have always known that. Facebook being told "advertising is bad, don't do it" so they added an option to pay and get rid of ads, then being told "no that's illegal too" even as many German news companies do the exact same thing is a prototypical example of this. The search engine right to be forgotten that was unexpectedly discovered by judges in law that made no mention of it is another example, that one killed off any ability to compete with Google/Bing in the EU by creating huge compliance costs on day 1 of running any new search engine.
In highly competitive and fast moving markets executives in the US face a choice: allocate people to compliance activities to enable launches in the EU and quite possibly face crippling fines anyway, or allocate those same people to core tech R&D that enables you to keep your existing market position and grow faster everywhere else. The EU Commission works on the assumption that it's big enough that companies will tolerate any level of regulatory overhead in order to retain market access, but increasingly what we're seeing now is that this assumption is false, in the same way that it was false for China also in the past.
> controllers should
consider also offering a further alternative, free of charge, without behavioural advertising, e.g. with a
form of advertising involving the processing of less (or no) personal data.
> When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
It's not some hidden gotcha that they didn't know about. It's the basic right to use all services, without loss of functionality, without giving away your data which is not strictly required for the functionality. Ads or no ads doesn't matter.
The quoted section says it's about ads. Data sharing doesn't even get mentioned (sharing with who?).
> It's the basic right to use all services, without loss of functionality, without giving away your data which is not strictly required for the functionality.
No such "basic right" exists in any treaty that I'm aware of and it's clearly not about that anyway, because Facebook and other domestic services started offering that exact possibility, yet the EU still isn't satisfied. The idea there's some specific principle at play here is just propaganda by the Commission.
What they appear to be demanding (today) is that all services are free and funded by ads that are randomly chosen. What moral or legal principle underlies this is quite mysterious, because nobody ever previously claimed it was illegal to show ads for nappies during children's TV programmmes, or ads for video games at the start of action movies. Nor is there any organic demand from voters to be shown worthless random ads for products they have no interest in, especially if the result is that they become commercially unviable to serve (next step by the EU: demand they get services even if companies take a loss on doing so).
European countries have real problems and the people know what they are, just check the EU's own opinion polls. Again and again people say their top concerns are things like the economy, jobs, inflation, immigration. In fact ~nobody in the EU cares about this bizarre jeremiad against tech firms by the Commission, which is why it's impossible to comply with whatever the EU thinks it's asking for. Implement the obvious solution to any new regulation and the interpretation of it immediately changes after it turns out the results wasn't mass behavioral change amongst the population. There's no way to satisfy both the Commission and the actual users or customers because the EU's goals are diametrically opposed to everyone else's. HN posters who have projected all sorts of second-order effects onto this fight to do with long term expectations about EU integration aren't representative of the population, who would much rather the EU get them a job than beat up the companies entertaining them whilst they wait.
The document makes it clear it's about behavioral advertising. It's not the ads that are the problem here, but the targeting which comes from the user data that they have to consent to.
> What they appear to be demanding (today) is that all services are free and funded by ads that are randomly chosen.
That's not even close. You can charge money for services, or you can serve ads at random, or based on the content. You can't base them on the user without consent. I.e. as you mention in the examples, you can advertise games before an action movie, but you can't advertise games to kids and nappies to moms, unless they consent to profiling.
I agree there are weird edge cases, but this isn't it. Just read the actual document. You're there one adding interpretation which isn't there in the act/ruling.
This type of response is what I meant by a chorus of people claiming they should always have known. You don't actually know what they can or can't do, because the EU change their mind constantly and don't interpret anything in obvious ways.
Example: ads based on "content" that are not behaviorally targeted are OK, you say. And what if the content itself is selected based on behavior? Behavior such as, for example, clicking the like button on certain things? Is that behaviorally targeted ads?
It's a rhetorical question, so don't bother answering it. Point is that you have no idea what the correct interpretation is and nor does anyone else, including the EU institutions who are clearly making this up as they go along. What we can be certain of is that whatever tech firms do will be automatically asserted to be the wrong thing, because that way the EU can top up its budget from the pockets of these companies whilst simultaneously claiming to be virtuous.
This path leads to eventual ruin for the EU. The law must be just, it must be clear, and it must be predictable. EU law doesn't come close to meeting this bar and the result will be that the US increasingly just nopes out of there. People in Europe don't want to be excluded so the result will be a wave of petty lawbreaking with VPNs, casual smuggling and so on as people find ways to get access to US tech regardless of local laws.
Because consumers can't decide what's good for them or society at large, if companies sell products designed to be as addicting as possible.
Following your logic, there should be no regulation in the tobacco and pharma industries either. Surely consumers can decide on their own what they want to put in their bodies. Advertisements don't lie, right?
> If consumers who are human can't decide what's good for them. How will regulators who are also human decide what's good for them?
Because it's their job to ensure the well-being of their citizens. This is not about ability; _some_ people certainly have the ability and self-control to make decisions that positively benefit their lives. But when companies rely on psychological manipulation to push their addicting products that harm not only individuals, but society as a whole, we can't rely on everyone to resist the machinations of billion-dollar companies and make the right decision. And individual decisions don't impact the rest of society, as individuals don't have the full picture as governments do.
I'm not saying that governments are benevolent, or should make all decisions for citizens, but when it comes to Big <industry>, it's their responsibility to protect us from corporations. This often doesn't happen as well as it should, as some governments have a symbiotic relationship with corporations (lobbying practices in the US are a clear example of corruption), but I'm still glad that some governments at least try to do the right thing.
> If someone wants to smoke cigarettes they should do it provided it doesn't interfere directly with other people's lives.
Agreed. But would you agree that heavily restricting access to cigarettes with strong regulations and taxation is a good thing for society? Or would you rather go back to the "freedom" consumers had in the 1960s, with the cancer rates that went along with it?
This is not only about consumer products. This is also about limiting or completely preventing governments from doing classification on you with an AI model. Something we know in the Netherlands as the toeslagenschandaal where civilians got their children taken away because an algorithm said so.
After reading the directives, if people see a ML application that blocks the EU, they should be concerned about the intentionality of the application, and its use as a consumer.
On the other hand, if they leave free a market spot as big as the EU, others who comply with the directives will go for it, which may progressively eat the market to the non-EU compliant by the same reasons.
The Banned and High-Risk lists read like a call for startups (outside the EU).
> U.S. tech giants, such as Google, Microsoft, and OpenAI, will need to adapt their operations to meet these requirements. This could involve significant changes to their AI development processes and increased investments in compliance measures.
I look forward to seeing how this plays out in real life. My best guess is some kind of less-capable AI for Europe, but I imagine there will be protectionism and stealth subsidies lurking in the details.
> Compliance with EU Copyright Rules: Ensuring that AI models respect intellectual property rights.
I wonder what this will mean for openly licensed content which do require attribution, will companies still be able to use content from Wikipedia and open source? Or will they be at risk of being sued by the copyright holders? Assuming that they can't properly fix attribution/referencing in output.
Overview of the AI Act: Aims to regulate AI applications to ensure they align with ethical standards and human rights. Emphasizes transparency, accountability, and the protection of fundamental rights.
Penalties for Non-Compliance: Companies face significant fines (up to €35 million or 7% of global revenue) for violating the Act, highlighting the EU's commitment to robust enforcement.
Risk-Based Approach: The Act categorizes AI applications based on their risk level:
Unacceptable Applications: Includes social scoring, predictive policing, and emotional recognition in sensitive areas.
High-Risk Systems: Includes autonomous vehicles, medical devices, and AI in finance and education, which require stringent evaluations.
Impact on U.S. Tech Giants: Companies like Google, Microsoft, and OpenAI must adapt to the EU's regulations, focusing on compliance with copyright rules, transparency in model training, and maintaining high cybersecurity standards.
Implementation Timeline: The Act has a phased implementation with a 12-month delay for initial compliance and a 36-month transition period for existing AI systems.
Effective Implementation: Emphasizes the need for clear guidelines, robust monitoring, and stakeholder collaboration to ensure the regulations are practical and beneficial.
The post is already a summary. This content not that much shorter than the article. Did you just plug the text into chatgpt to post it here? If so... why bother?
Most of this law actually sounds very reasonable. It explicitly bans a bunch of ways companies and states have been looking into using AI to abuse people, and categorizes a bunch more as high-risk to ensure greater scrutiny. I'm not quite sure how to interpret the mention of copyright compliance. Is it imlying the EU has decided that training on protected works constitutes a copyright violation, or is it merely affirming that if copyright law is ruled to apply then it will apply? Besides that it's the "general intelligence existential risk" rules that are concerning to me. They set a hard arbitrary cutoff on how much compute can be used to train a model before it is subject to a bunch of extra requirements, and reserve the right to declare any general AI a risk and demand changes. Note that the definition of a "general AI" is incredibly broad, and by my reading covers all LLMs.
I mean is there even a way to verify this? Even if you monitor someone's GPU usage anyone could just lie about the number of times they had to revert to previous checkpoints. From the raw physical perspective any model you look at could just be a series of randomly initialized weights.
130 comments
[ 4.0 ms ] story [ 192 ms ] threadIt sucks the EU is so regressive though - on everything from genetic engineering to AI. The precautionary principle has destroyed Europe's progress.
I live in Europe.
Big win for open source right there. Knock knock, it's the dataset inspector, open up!
> Compliance with EU Copyright Rules: Ensuring that AI models respect intellectual property rights.
This one's gonna be a rather tall order. Probably means removing all copyrighted material from the training set?
Could e.g. mean that you demonstrate that you have processes that check if the material you liked was flagged as „do not mine“.
https://www.reedsmith.com/en/perspectives/ai-in-entertainmen...
The "opt-out" clause applies only to research and preservation. Researchers and archivists don't have to ask the rightsholder unless the content is flagged. Commercial users always have to.
https://eur-lex.europa.eu/eli/dir/2019/790/oj#d1e961-92-1
Can someone point me to the ai act article that would change that ?
Meta? Google? Microsoft? Anyone?
Then big corporations have a legal basis for trade of such data where before GDPR it was a grey area. Now they can say - users have consented for us to slice, dice and sell all the data related to them.
GDPR was never about protection or to benefit citizens. One of the greatest deceptions.
They were trained on benign cookie banners and GDPR consent popups look very much the same but are more consequential. Most people don't even understand the difference.
It's not a conspiracy. States never work for benefit of the general public, but for big corporations that "lobby" for the policies that suit them.
GDPR was never about these pop-ups. It is about getting actual consent.
"By clicking on the button below, you consent with us and our 381 partners to do whatever the hell they want" may be legally acceptable in the US, but in the EU it isn't.
I know for a fact that lawyers and activists are currently challenging these patterns.
Using disclaimers to address GDPR is the short-term solution that was shaped by a US-led ad tech industry to address an EU law. I'd be surprised if 5 years from now these pop-ups are still the norm.
https://gdpr.eu/cookies/
https://en.wikipedia.org/wiki/GDPR_fines_and_notices
I don't see Microsoft in the list but the other big guys are all there.
You do the rest...
Since that fine was imposed, they used that private data to improve their algorithms with, amongst other things, AI technology designed to addict your children to Facebook Reels, which is like TikTok, but with a bigger budget for training and inference.
In that year, their market cap doubled from 600 billion to 1.2 trillion.
I'm sure that fine of 0.1% of their market cap -- that they haven't paid -- is discouraging them from earning the next trillion dollars using the same kind of data.
Source? I can't find any confirmation.
That's the point.
I did find a recent article saying that Facebook is dragging out the process in the courts, will appeal, etc...
The EU keeps counting chickens that haven't hatched yet.
https://www.enforcementtracker.com/
The latter is a much less impressive list, which is why it isn't publicised.
I'll take back what I said if you can find that list, and there is even one billion dollars in it in total.
The Biggest GDPR Fines of 2023 Meta - €1.2 billion (Ireland) Meta - €390 million (Ireland) TikTok - €345 million (Ireland) Criteo - €40 million (France) TikTok - €14.5 million (UK) Axpo Italia Spa - €10 million (Italy) Tim S.p.A. - €7.6 million (Italy) WhatsApp - €5.5 million (Ireland)
Regulation is welcomed, have a read on the reports and the view of top ML scientists at the AI Summit in Seoul, South Korea.
GDPR fines scale up way more in my understanding.
EDIT: Strike that! I’m just bad at reading comprehension.
"[...] up to €35 million ($38 million) or 7% of a company’s annual global revenue, whichever is higher. "
European universities => SIMULA, Prolog, OCaml, Modula-2, Pascal, Coq, Agda, Miranda, F#, Java Generics, .NET Generics, Scala...
Even Oracle (remember them?) has a higher market cap than all of those companies combined.
https://mistral.ai/
Just go to any European Startup event.
It’s still a very very tiny and fragile company. I will be proven wrong once it reaches the hundred of millions customers, and become one the first EU tech giant since the past 25 years.
Companies with any flex in Europe are shambolic things that prey (see SAP) on customers working in a highly-regulated industry.
The list of tech companies you quoted, if that's the best you could find, is definitely proving my point.
You also talk about university and technologies created in their research labs. Which is totally irrelevant to my point.
I’m talking about the fact that EU definitely has a problem in its ability to create strong technology business and brands, and that it’s starting to become a huge problem for our economy. It was an economical statement, and you completely missed the point.
Those university research labs power many computing stacks nowadays, without which the American companies that depend on them for their existence would have had a complete different outcome going to market.
Rest assured, thanks to the way US is behaving with globalisation, if we don't get ourselves busies fighting yet another war, we might as well create The Great Wall of Europe, with Linux Desktop running on RISC-V.
There you have it, Finn technology, with a Swiss hardware consortium.
Apparently not.
ARM as well of course...
I think a matter of perspective.
Sure, I don't get perks like SV level salaries (and the costs of living to go with it), but I do believe regulation like this takes a large amount of vision and courage, and I'm proud the EU is going for it.
If you think about it, without regulation, whatever is technically possible will be done because somebody profits in some way from it, or merely enjoys it. A lot of really horrible things are technically possible.
But one thing that I think is better across multiple products is my ability to request that my identifying information be removed from a service within a reasonable time frame. Or the ability to minimize storing/sharing of my personal information when using a service. Or being able to obtain a copy of the data a company has on me.
Europeans like you need to realize that you have been fed a whole lot of moral superiority propaganda by pro-EU entities; none of which has any merit. Go look at how much they regulate Bayer to give but one example.
Doesn't make this piece of regulation bad. FWIW, I did applaud the US for going hard after VWs Diesel shenanigans.
Without airbus for example, the US would be able to impose all kinds of rules on Europe. The US could’ve said that any airline purchasing American commercial aircraft must adhere to the US travel ban list.
If you talk about the EU countries, the reason they’re not good at tech is because they’re too small to provide a market big enough to sustain a large tech company
IMHO more power ahould be given to the EU so that we can create EU wide companies, and protect those companies from foreign powers
This opinion might be controversial on a forum run by a VC titan, but people in this industry need to realize that they're part of the problem.
And EU citizens will complain why they don't have access to some AI products.
For anyone reading this who gets assigned to work on compliance blocking, please remember at all times that there are quite a few countries in Europe that are not EU members - and often it's because of the EU's heavy handed approach to things, as visible here!
To avoid deploy subliminal techniques beyond a person’s consciousness or purposefully manipulative or deceptive techniques, with the objective, or the effect of materially distorting the behavior of a person.
And so on.
This is Google a large corporation with lots of resources.
Smaller firms will find it more convenient just block access to European citizens instead of keeping up with the legal gymnastics.
In the mean time the costs of excluding the EU have been going down as RoW grows economically, whilst the fines generated by being in the market keep going up. And the perception has become in the US that GDPR wasn't a one-off motivated by genuinely different beliefs about privacy in Europe, it was just a politically and financially motivated grab at US firms from a government that has proven itself uninterested in enabling a competitive tech landscape, meaning engaging in compliance activities just invites yet more onerous regulation.
This is then doubled up by a second problem. The EU is an ideology and HN is full of "EU citizens" who deny this basic problem, but a lot of people have direct experience now of working on regulatory compliance for the EU and have come away baffled by rules that appear literally impossible to follow no matter what you do. Even the most obvious good faith attempts will be mysteriously revealed years later to have been illegal from the start, amongst a chorus of cheers from those who claimed that everyone should have always known that. Facebook being told "advertising is bad, don't do it" so they added an option to pay and get rid of ads, then being told "no that's illegal too" even as many German news companies do the exact same thing is a prototypical example of this. The search engine right to be forgotten that was unexpectedly discovered by judges in law that made no mention of it is another example, that one killed off any ability to compete with Google/Bing in the EU by creating huge compliance costs on day 1 of running any new search engine.
In highly competitive and fast moving markets executives in the US face a choice: allocate people to compliance activities to enable launches in the EU and quite possibly face crippling fines anyway, or allocate those same people to core tech R&D that enables you to keep your existing market position and grow faster everywhere else. The EU Commission works on the assumption that it's big enough that companies will tolerate any level of regulatory overhead in order to retain market access, but increasingly what we're seeing now is that this assumption is false, in the same way that it was false for China also in the past.
> controllers should consider also offering a further alternative, free of charge, without behavioural advertising, e.g. with a form of advertising involving the processing of less (or no) personal data.
GDPR says: https://gdpr-info.eu/art-7-gdpr/
> When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
It's not some hidden gotcha that they didn't know about. It's the basic right to use all services, without loss of functionality, without giving away your data which is not strictly required for the functionality. Ads or no ads doesn't matter.
> It's the basic right to use all services, without loss of functionality, without giving away your data which is not strictly required for the functionality.
No such "basic right" exists in any treaty that I'm aware of and it's clearly not about that anyway, because Facebook and other domestic services started offering that exact possibility, yet the EU still isn't satisfied. The idea there's some specific principle at play here is just propaganda by the Commission.
What they appear to be demanding (today) is that all services are free and funded by ads that are randomly chosen. What moral or legal principle underlies this is quite mysterious, because nobody ever previously claimed it was illegal to show ads for nappies during children's TV programmmes, or ads for video games at the start of action movies. Nor is there any organic demand from voters to be shown worthless random ads for products they have no interest in, especially if the result is that they become commercially unviable to serve (next step by the EU: demand they get services even if companies take a loss on doing so).
European countries have real problems and the people know what they are, just check the EU's own opinion polls. Again and again people say their top concerns are things like the economy, jobs, inflation, immigration. In fact ~nobody in the EU cares about this bizarre jeremiad against tech firms by the Commission, which is why it's impossible to comply with whatever the EU thinks it's asking for. Implement the obvious solution to any new regulation and the interpretation of it immediately changes after it turns out the results wasn't mass behavioral change amongst the population. There's no way to satisfy both the Commission and the actual users or customers because the EU's goals are diametrically opposed to everyone else's. HN posters who have projected all sorts of second-order effects onto this fight to do with long term expectations about EU integration aren't representative of the population, who would much rather the EU get them a job than beat up the companies entertaining them whilst they wait.
The document makes it clear it's about behavioral advertising. It's not the ads that are the problem here, but the targeting which comes from the user data that they have to consent to.
> What they appear to be demanding (today) is that all services are free and funded by ads that are randomly chosen.
That's not even close. You can charge money for services, or you can serve ads at random, or based on the content. You can't base them on the user without consent. I.e. as you mention in the examples, you can advertise games before an action movie, but you can't advertise games to kids and nappies to moms, unless they consent to profiling.
I agree there are weird edge cases, but this isn't it. Just read the actual document. You're there one adding interpretation which isn't there in the act/ruling.
Example: ads based on "content" that are not behaviorally targeted are OK, you say. And what if the content itself is selected based on behavior? Behavior such as, for example, clicking the like button on certain things? Is that behaviorally targeted ads?
It's a rhetorical question, so don't bother answering it. Point is that you have no idea what the correct interpretation is and nor does anyone else, including the EU institutions who are clearly making this up as they go along. What we can be certain of is that whatever tech firms do will be automatically asserted to be the wrong thing, because that way the EU can top up its budget from the pockets of these companies whilst simultaneously claiming to be virtuous.
This path leads to eventual ruin for the EU. The law must be just, it must be clear, and it must be predictable. EU law doesn't come close to meeting this bar and the result will be that the US increasingly just nopes out of there. People in Europe don't want to be excluded so the result will be a wave of petty lawbreaking with VPNs, casual smuggling and so on as people find ways to get access to US tech regardless of local laws.
Deploying AI with the same "move fast and break things" mentality is fundamentally dangerous, and this industry needs strict regulation like this.
Why does the government need to decide everything?
I’ve got loads of power in choosing my own AI girlfriend but relatively little in choosing what AI credit scoring I’m subject to.
Following your logic, there should be no regulation in the tobacco and pharma industries either. Surely consumers can decide on their own what they want to put in their bodies. Advertisements don't lie, right?
There some linguists and philosophers who even think the Human mind is not capable of grasping absolute "truth".
Yes. I believe customers should be allowed to buy what ever they want if they are adults.
If consumers who are human can't decide what's good for them. How will regulators who are also human decide what's good for them?
If someone wants to smoke cigarettes they should do it provided it doesn't interfere directly with other people's lives.
Because it's their job to ensure the well-being of their citizens. This is not about ability; _some_ people certainly have the ability and self-control to make decisions that positively benefit their lives. But when companies rely on psychological manipulation to push their addicting products that harm not only individuals, but society as a whole, we can't rely on everyone to resist the machinations of billion-dollar companies and make the right decision. And individual decisions don't impact the rest of society, as individuals don't have the full picture as governments do.
I'm not saying that governments are benevolent, or should make all decisions for citizens, but when it comes to Big <industry>, it's their responsibility to protect us from corporations. This often doesn't happen as well as it should, as some governments have a symbiotic relationship with corporations (lobbying practices in the US are a clear example of corruption), but I'm still glad that some governments at least try to do the right thing.
> If someone wants to smoke cigarettes they should do it provided it doesn't interfere directly with other people's lives.
Agreed. But would you agree that heavily restricting access to cigarettes with strong regulations and taxation is a good thing for society? Or would you rather go back to the "freedom" consumers had in the 1960s, with the cancer rates that went along with it?
"lol" said the factory, "lmao".
I'm sure you would've said the same thing when the Commissars banned and controlled computer access in the USSR and Cuba, etc.
On the other hand, if they leave free a market spot as big as the EU, others who comply with the directives will go for it, which may progressively eat the market to the non-EU compliant by the same reasons.
> U.S. tech giants, such as Google, Microsoft, and OpenAI, will need to adapt their operations to meet these requirements. This could involve significant changes to their AI development processes and increased investments in compliance measures.
I look forward to seeing how this plays out in real life. My best guess is some kind of less-capable AI for Europe, but I imagine there will be protectionism and stealth subsidies lurking in the details.
I wonder what this will mean for openly licensed content which do require attribution, will companies still be able to use content from Wikipedia and open source? Or will they be at risk of being sued by the copyright holders? Assuming that they can't properly fix attribution/referencing in output.
Penalties for Non-Compliance: Companies face significant fines (up to €35 million or 7% of global revenue) for violating the Act, highlighting the EU's commitment to robust enforcement.
Risk-Based Approach: The Act categorizes AI applications based on their risk level:
Unacceptable Applications: Includes social scoring, predictive policing, and emotional recognition in sensitive areas.
High-Risk Systems: Includes autonomous vehicles, medical devices, and AI in finance and education, which require stringent evaluations.
Impact on U.S. Tech Giants: Companies like Google, Microsoft, and OpenAI must adapt to the EU's regulations, focusing on compliance with copyright rules, transparency in model training, and maintaining high cybersecurity standards.
Implementation Timeline: The Act has a phased implementation with a 12-month delay for initial compliance and a 36-month transition period for existing AI systems.
Effective Implementation: Emphasizes the need for clear guidelines, robust monitoring, and stakeholder collaboration to ensure the regulations are practical and beneficial.
I mean is there even a way to verify this? Even if you monitor someone's GPU usage anyone could just lie about the number of times they had to revert to previous checkpoints. From the raw physical perspective any model you look at could just be a series of randomly initialized weights.
https://www.coe.int/en/web/portal/-/council-of-europe-adopts...
https://www.consilium.europa.eu/en/press/press-releases/2024...