The AI Act and Implications for IoT/IIoT Initiatives

The Artificial Intelligence (AI) Act, approved by European Union member states, lawmakers, and the European Commission, went into effect on August 1, 2024. This undoubtedly will have a significant and enduring effect on how data is classified and labelled for acceptance or rejection by AI based machine learning (ML) and deep-learning (DL) applications and services. Today these implementations implicitly trust the accuracy and authenticity of massive training datasets (e.g., metrics, text, image, audio, video) to fine-tune billions of model parameters. Programmatically differentiating deep-fake from authentic data and verifying the accuracy of data labels and risk classification from non-repudiable sources is necessary for data validation, cleaning, privacy, and usage.

In data we trust

Today, the onus of data integrity is delegated to secure transport protocols (as if it were a data-in-transit problem), and data collection at the source (the genesis of trust in data) is predominantly unattested. The velocity, volume, and veracity of data flows pose challenges to mid-stream and upstream risk assessments on structured, semi-structured, and unstructured data. Data for digital transformation and Enterprise digitalization is generated by information technology (IT) systems (e.g., user workstations, handheld devices, servers, network elements) and operational technology (OT) devices (e.g., embedded systems, Internet of Things (IoT) and industrial IoT (IIoT) devices). Trust in devices does not equate to explicit trust in data generated by applications executing on the trusted devices.

Data tagging for transitive trust

Trust in data is a prerequisite for truth in AI/ML/DL. The probability of input bias and variance in the datasets that train the AI models are higher than the likelihood of output bias and variance caused by billions of mathematically fine-tuned model parameters. The graphics, vision, and tensor processing units (GPU, VPU, TPU) rely on implicit trustworthiness of the data ingested by the processor. In the future, expert systems and policy decision logic (i.e., the data consumers at the edge or in the cloud) will be compelled to adopt a “chip-to-cloud” or “end-to-end” digital trust paradigm. Such an approach will warrant using quantum safe cryptographic keys for data attestation with digital signing at the source, and non-repudiable identity with multi-factor authentication of the data providers (i.e., devices, applications, and users). Implicit trust is the Achilles heel of data driven automation. The secure elements such as trusted platform modules (TPMs) provide device identity and authentication, and secure enclaves provide in-memory data protection. However, explicit trust in data driven insights requires establishing verifiable trust and provenance in the data (with metadata-based tagging), platforms, and supply chains that constitute the plurality of distributed and disparate data sources and brokers.

Conclusion

The convergence of IT and OT in Enterprise networks is fundamentally about ensuring trusted data flows to upstream and backend data analytics platforms. Currently, the vast majority of OT equipment in manufacturing plants and outdoor operations are not equipped with the necessary functionality for autonomous, expedient, and trusted data collection, which is critical for implementing timely and effective actions using AI/ML/DL driven models.