As more and more businesses rely on AI applications, cybersecurity is becoming a top priority to ensure the safety and reliability of their daily operations. Knowledge of both risks and solutions associated with cybersecurity is still rare in many SMEs. The European institutions must take a more active role in this regard, supporting SMEs in acquiring the knowledge and tools mentioned above.
As the Cyber Resilience Act (CRA) starts to emerge, it is wise to take stock of previous EU regulatory acts. In its current form, the proposed AI Act risks imposing a disproportionate burden on small and micro enterprises, making it extremely difficult for them to comply with it. Accessibility for SMEs also means including SME envoys in standard-setting discussions, thus avoiding a one-size-fits-all approach.
An updated law on AI, taking into account the above conditions, can contribute to:
- Promoting AI innovation
- Ensuring healthy competition
- Bring investment to innovative SMEs in AI
- Strengthening Europe’s AI ecosystem in general
- Strengthening the Union’s digital sovereignty
- Supporting SMEs to participate in regulatory sandboxes
- Including SMEs as key stakeholders in all relevant discussions
- Adapting fines and sanctions to the capacities of small enterprises
- Ensuring that the European AI Board takes into account and supports SMEs
- Ensuring the accountability of large developers of AI technologies
In its attempt to ensure a thriving AI ecosystem, the EU needs to take into account the multitude of cybersecurity issues emerging on the horizon. As AI solutions built by SMEs, such as Business Process Automation (BPA), consumer behaviour forecasting technologies and advanced analytical solutions, AI-enhanced cybersecurity services and products will play a greater role in the economy.
The European Cyber Resilience Act stresses the need to:
- Digital skills and education
- Establishing cybersecurity rules for digital products and services across the EU
- A unified approach to benchmarks for cybersecurity products and services
- Increased support for the security of digital products and ancillary services
- Including additional cybersecurity requirements
- Focus on addressing vulnerabilities of software products
- Defence against hybrid forms of cyber-attacks and against cyber-attacks in general
- Strengthening the Union’s goal of becoming a leader in cybersecurity
For AI and other digital tools to disseminate SMEs, the whole ecosystem needs to be secure, from the whole supply chain to the daily operations of the end user. The cybersecurity sector should be a top legislative priority if the Union aims to ensure the continuous growth of the digital economy.