British Standards Institution: EU AI Act Readiness Assessment and Algorithmic Auditing

Case study from the British Standards Institution.

From:
Centre for Data Ethics and Innovation and Department for Science, Innovation and Technology
Published
6 June 2023
Use case:
Machine learning, Deep learning
Sector:
Healthcare & Social Work (SIC Code Section Q)
Principle:
Safety, security and robustness
Key function:
R&D, Product and service development, Risk management, Strategy and corporate finance
AI Assurance Technique:
Certification, Risk Assessment, Impact Assessment, Conformity Assessment, Bias Audit

Background & Description

The EU AI Act aims to regulate the development and the deployment of AI across the EU. The AI Act is expected to become a regulation in early 2024 and to come into application in 2027, with a transition period of two or three years. Among the different sectors covered, the EU AI Act will also be applicable to already regulated sectors such as Medical Devices (MD) and In vitro Diagnostics Devices (IVDs). BSI is currently accredited as a Notified Body for both MD and IVDs sectors (amongst other areas). Within MD/IVD conformity assessments, BSI is conducting reviews of the AI parts/components of Medical Devices under the scope of the MDR/IVDR ensuring alignment of such components with the current state of the art. By approximately 2027, High Risk AI providers need to assure full compliance of their AI products with the EU AI Act. To do that, they will need to comply with the afore-mentioned principles in all the different parts of their AI systems.

In April 2023 it was announced BSI is partnering with Citadel AI, a provider of automated AI testing and monitoring tools. Through Citadel AI’s tools, as part of their assessment process, BSI can measure AI compliance against technical standards, supported by in-depth technical analysis including fairness testing, bias detection and robustness testing. Comprehensive analysis and reporting can also be automatically generated to support the assessment process, assuring the safety and reliability of AI systems.

Crossover with Relevant Cross-Sectoral Regulatory Principles

Safety, Security & Robustness

BSI has specific competences across all of the regulatory principles. The BSI assessment has the specific purpose of assuring that these principles are reflected into the development and deployment of High-risk AI systems. Furthermore, BSI will provide training on relevant standards focused on relevant AI topics.

Why we took this approach

AI providers need to ensure that their effort is correctly oriented to the full compliance with the EU AI Act. BSI is therefore meeting the needs of customers who will be regulated against the EU AI Act by offering readiness assessments and algorithm testing before the application of the regulation.

Benefits to the organisation

  • Ensure AI-powered devices align with anticipated legislation and state-of-the-art standards.

  • Increase confidence in AI systems by addressing concerns about potential biases, safety and performance.

  • Gain peace of mind knowing that the AI solutions are designed to be compliant and ethically sound when future legislation is enacted and build trust and credibility among customers, partners, and other stakeholders.

  • Develop expertise within the organisation, upgrade internal systems for future legal compliance, and improve resource allocation for a more effective transition toward legal compliance in the future.

  • Enhance brand reputation by demonstrating a commitment to ethical AI development and deployment.

  • Minimise the company’s legal and regulatory risks when developing and deploying AI solutions in the future.

Limitations of the approach

Not all the relevant standards will be available during the transition period meaning that the assessment will evolve across the transition period.

Further AI Assurance Information

Published 6 June 2023
Contents