Taxonomy to Regulation: A (Geo)Political Taxonomy for AI Risks and Regulatory Measures in the EU AI Act
Sinan Arda
TL;DR
This paper develops a geo-political AI risk taxonomy identifying 12 political risks across four domains and analyzes the EU AI Act as a regulatory instrument. It uses a qualitative policy-analysis framework to map existing AI risk taxonomies, construct a political-risk lens, and compare the Commission's Proposal with the Final Draft, including GPAI-specific provisions. It highlights regulatory gaps—open-source GPAI exemptions, a high FLOPS threshold for systemic risk, and the exclusion of military-only systems—and discusses the potential of the Brussels Effect to shape global AI governance. The work emphasizes the need for continuous monitoring and refinement as AI capabilities evolve and deployment broadens, with implications for policymakers and global regulators alike.
Abstract
Technological innovations have shown remarkable capabilities to benefit and harm society alike. AI constitutes a democratized sophisticated technology accessible to large parts of society, including malicious actors. This work proposes a taxonomy focusing on on (geo)political risks associated with AI. It identifies 12 risks in total divided into four categories: (1) Geopolitical Pressures, (2) Malicious Usage, (3) Environmental, Social, and Ethical Risks, and (4) Privacy and Trust Violations. Incorporating a regulatory side, this paper conducts a policy assessment of the EU AI Act. Adopted in March 2023, the landmark regulation has the potential to have a positive top-down impact concerning AI risk reduction but needs regulatory adjustments to mitigate risks more comprehensively. Regulatory exceptions for open-source models, excessively high parameters for the classification of GPAI models as a systemic risk, and the exclusion of systems designed exclusively for military purposes from the regulation's obligations leave room for future action.