Swiss companies are holding information from the public on the principles and the use of artificial intelligence (AI) in decision-making and business processes.
According to a study conducted by the Ethos Foundation published today, only three companies stated publicly that they are using AI.
A minority (five) unveiled how they use AI systems in their decision-making processes, for example when recruiting employees, or in their products and services, for instance when interacting with a conversational computer programme (’chatbot’) on a website.
Eight companies replied positively to the question on whether they had established ethical principles for the use of AI, three said analysis of the principles was a prerequisite for the development of new technology, and six guaranteed that AI was developed to have a positive social impact, according to the study.
On the other hand, companies in Switzerland are increasingly concerned about cyber security attacks and are stepping up efforts to design appropriate strategies to counteract such threats.
The study showed that 34 out of 48 of the survey participant firms in Switzerland set up strategies to fight cybercrime last year, compared with only 16 the year before.
The number of companies publishing information about their cyber security strategies has doubled, from 14 to 28 in one year, it added.
But only a minority of the companies analysed in the study publishes the procedures to inform the parties involved in cyberattacks. Nine out of 10 indicated that they have designed a digital responsibility code last year, up from one in 2021, but companies are not making such codes public.
Companies tend to disclose the locations of personal data storage, adopting ethical frameworks for data processing, and informing customers when collecting personal data, according to the study.
The principle of ’Privacy by Design’, meaning that companies take into account data protection from the design of a product or service, and part of European Union’s General Data Protection Regulation (GDPR), is followed by 22 companies, the study said, an increase of 18 firms from 2021.
Digital Operational Resilience Act
At EU level, the European Supervisory Authorities (ESAs) – the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA) – plan to develop technical standards for the implementation of the Digital Operational Resilience Act (DORA), which entered into force in January.
DORA creates a uniform framework for financial actors, including occupational pension funds, trading venues, banks and insurance companies in the EU to withstand disruptions of IT architectures, for example from cyber attacks, reinforcing their operational resilience.
The main aspects of the DORA relate to principles and requirements on Information and Communication Technology (ICT) risk management, rules for monitoring third-party risks, exchange information and intelligence of cyber attacks, streamline reporting on incidents and advanced test of financial entities.
According to the DORA, financial entities have to develop a strategy with regard to ICT third-party risks, with a policy to use services of providers that support critical or important functions.
François-Louis Michaud, executive director at the EBA, said at an event on the DORA held on Monday that “an open public consultation is envisaged for every policy mandate where all interested stakeholders will have time to provide their written input on each draft mandate”.
EIOPA’s chair Petra Hielkema believes that it is necessary to further improve the operational resilience of the financial industry through the support of the supervisory authorities and the industry, mitigating the risks but at the same time catching the opportunities of the digital transformation, including through the implementation of the DORA.
No comments yet