High risk-systems will need to be registered in a centralized EU database, and also, include post-market monitoring systems. This is a lot of work. So a likely outcome is for large companies to hire specialized firms, or develop in-house teams, to produce such documentation. /15


This reminds me of one of the negative outcomes of GDPR, where institutions migrate to Microsoft services because they provide GDPR certification, instead of overwhelmingly superior Free and Open Source alternatives (w.r.t data protection and everything else).

Microsoft does not really implement any sort of meaningful data protection; they just have the lawyer power to claim compliance. Choosing a Free alternative means that the institution needs to cover the liability itself... The end result is negative for data protection.

Governing through blame shifting.

Public interest regulation on this matter ought to start with "all high risk systems, together with the monitoring system/plan, must be free and open source". Then it can start having the intended effects, most importantly effective risk management, but also market competition.
Sign in to participate in the conversation
Mastodon @

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!