Legislation

Navigating the EU AI Act and Cyber Resilience Act

IDIS AI Solutions blog

Navigating the EU AI Act and Cyber Resilience Act: What the new laws will mean for AI-powered Video Analytics in Surveillance

30 septembre 2024

The EU AI Act, enshrined into EU law in August 2024, represents a global first in setting comprehensive regulations for artificial intelligence. Just as GDPR reshaped global data privacy standards, this new legislation is set to influence markets beyond the EU, raising the bar for developing and deploying AI technologies, including video surveillance systems. The goal is clear: fostering “trustworthy AI” that upholds fundamental rights, safety, and ethical principles while mitigating risks.

Users of AI-powered video surveillance, as well as system integrators and suppliers, should consider how the Act will shape compliance requirements and prepare for the upcoming Cyber Resilience Act (CRA). The CRA, which focuses on improving the cybersecurity of connected devices, including video surveillance systems, will be another critical step in ensuring that security technologies meet regulatory and ethical standards.

 

Understanding risk categorization in AI video surveillance

The EU AI Act classifies AI systems into four risk categories: unacceptable, high, limited, and minimal risk. Each category imposes different obligations regarding transparency, accountability, and compliance. Many of the most popular video analytics functions – such as motion detection, people counting, and occupancy monitoring – do not rely on biometrics. However, they remain within the minimal or limited-risk categories. These systems, widely used across retail, hospitality, and industrial sectors, ensure safety and operational efficiency without needing biometric identification.

At IDIS, our AI-powered video analytics systems, driven by deep learning algorithms, have become increasingly sophisticated and accurate, but they are designed to operate within these minimal-risk categories. For instance, our edge AI cameras, AI box devices, and enterprise-level video management systems (VMS) deliver advanced analytics without infringing on privacy or triggering the compliance burdens associated with high-risk systems.

However, the landscape changes when AI is used for more intrusive purposes, such as identifying individuals based on biometric data or categorizing them by race, political opinion, or inferred emotional states. These applications will be classified as high or unacceptable risk, requiring stricter oversight and potentially being prohibited under the EU AI Act.

Facial recognition technology, often used by law enforcement, is a notable example. Although some exemptions exist for national security and anti-terrorism purposes, stringent regulations will likely limit facial recognition in most public and private settings. Such technologies must be deployed cautiously to ensure compliance with AI regulations and data privacy laws.

 

Preparing for the Cyber ​​Resilience Act: cybersecurity as a pillar of compliance

In parallel to the EU AI Act, the upcoming Cyber Resilience Act will introduce further measures to improve the cybersecurity of connected devices, including video surveillance systems. At IDIS, we have already taken significant steps to prepare for this legislation, integrating strong cybersecurity measures across our product portfolio. We are committed to ensuring that our systems meet the functional requirements of modern surveillance and provide a secure and resilient defense against evolving cyber threats.

Our cybersecurity framework includes encryption standards, secure boot processes, and end-to-end data protection to mitigate unauthorized access, data breaches, and system manipulation risks. This proactive approach aligns with the Cyber Resilience Act and existing regulatory requirements, such as the Network and Information Security Directive (NIS2), ensuring our customers can confidently deploy our solutions.

Additionally, as part of our efforts to remain compliant and future-proof, we continue to work closely with regulatory bodies, maintaining updated technical documentation and ensuring our systems are built with the highest security standards in mind. Our goal is to support our customers and integration partners in navigating these new legal landscapes while deploying AI-driven video analytics systems that are secure, reliable, and ethically sound.

 

Impact on critical infrastructure and high-risk environments

The AI Act will also significantly impact video analytics in high-risk environments, such as critical infrastructure, law enforcement, and public safety. In settings where surveillance failure could have severe consequences—such as airports, power generation plants, and significant public events—AI may be categorized as high-risk. This means users and system integrators operating in these sectors must ensure that their systems meet the stringent compliance requirements outlined by the act.

In critical infrastructure environments, the potential for AI system failure carries higher stakes regarding security and public safety. IDIS has a track record of delivering robust surveillance solutions tailored to these sensitive environments, and we will continue to prioritize security and compliance as we enhance our AI-powered video analytics.

Future-proofing through ethical and compliant technology

As the AI Act coincides with the enforcement of GDPR and cybersecurity laws such as the Cyber Resilience Act, the future of AI-powered video surveillance is one where compliance and ethics go hand in hand. At IDIS, we are committed to providing surveillance solutions that deliver robust, dependable analytics and adhere to the highest privacy and cybersecurity standards.

As a responsible supplier, we are ready to help our customers navigate these new legal frameworks. We encourage users and their integration partners to ask the right questions when selecting surveillance technologies. It’s essential to work with manufacturers who understand the evolving regulatory landscape, act ethically, and offer technology with built-in compliance and privacy tools.

While some manufacturers still struggle with compliance—evident in their marketing of biometric analytics and facial recognition—users and system integrators are responsible for choosing products that meet present and future requirements. At IDIS, we continue to future-proof our solutions to ensure our partners remain ahead of these developments, helping them deploy video analytics according to ethical and legal standards.

The EU AI Act and the upcoming Cyber Resilience Act represent pivotal moments for AI-driven video analytics and camera surveillance. While these regulations may appear challenging initially, they offer an opportunity to create a more secure and ethical future for surveillance technology. By aligning with these frameworks, IDIS is prepared to continue delivering innovative, safe, and compliant solutions to our customers across Europe and beyond.

As always, we remain committed to working closely with our partners and customers, providing the support and expertise needed to thrive in this rapidly evolving regulatory environment.

Carlo Kuijer, CEO IDIS Nederland BV