AI algorithms under scrutiny: GDPR, DSA, AI Act and CRA as pillars for algorithmic security and privacy in the European Union

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-08-19 DOI:10.1016/j.cose.2025.104628

Marta Beltrán

{"title":"AI algorithms under scrutiny: GDPR, DSA, AI Act and CRA as pillars for algorithmic security and privacy in the European Union","authors":"Marta Beltrán","doi":"10.1016/j.cose.2025.104628","DOIUrl":null,"url":null,"abstract":"<div><div>The General Data Protection Regulation (GDPR), Digital Services Act (DSA), Artificial Intelligence Act (AI Act) and Cyber Resilience Act (CRA) are essential pillars for algorithmic security and privacy in the European Union. Each of these regulations addresses specific aspects of technology, such as personal data protection, trustworthy online services, safe AI systems, and secure digital products while fostering trust in algorithm-based systems. Together, they can establish a robust framework for ensuring the security and privacy of AI algorithms in the EU by addressing critical concerns through a risk-based approach. This paper proposes a multi-layered approach to algorithmic security and privacy, based on these four instruments, considering organisational risk, risks to rights and freedoms, systemic risks and risks to national security. An illustrative example demonstrates how the EU can establish a global standard for trustworthy innovation and the protection of fundamental rights by leveraging the direct and indirect synergies of these laws.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"158 ","pages":"Article 104628"},"PeriodicalIF":5.4000,"publicationDate":"2025-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825003177","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The General Data Protection Regulation (GDPR), Digital Services Act (DSA), Artificial Intelligence Act (AI Act) and Cyber Resilience Act (CRA) are essential pillars for algorithmic security and privacy in the European Union. Each of these regulations addresses specific aspects of technology, such as personal data protection, trustworthy online services, safe AI systems, and secure digital products while fostering trust in algorithm-based systems. Together, they can establish a robust framework for ensuring the security and privacy of AI algorithms in the EU by addressing critical concerns through a risk-based approach. This paper proposes a multi-layered approach to algorithmic security and privacy, based on these four instruments, considering organisational risk, risks to rights and freedoms, systemic risks and risks to national security. An illustrative example demonstrates how the EU can establish a global standard for trustworthy innovation and the protection of fundamental rights by leveraging the direct and indirect synergies of these laws.

查看原文本刊更多论文

人工智能算法受到严格审查：GDPR、DSA、AI法案和CRA是欧盟算法安全和隐私的支柱

《通用数据保护条例》（GDPR）、《数字服务法案》（DSA）、《人工智能法案》（AI法案）和《网络弹性法案》（CRA）是欧盟算法安全和隐私的重要支柱。这些法规中的每一项都涉及技术的特定方面，例如个人数据保护、可信赖的在线服务、安全的人工智能系统和安全的数字产品，同时促进对基于算法的系统的信任。它们可以共同建立一个强大的框架，通过基于风险的方法解决关键问题，确保欧盟人工智能算法的安全性和隐私性。本文提出了一种基于这四种工具的算法安全和隐私的多层方法，考虑到组织风险、权利和自由风险、系统风险和国家安全风险。一个说明性的例子表明，欧盟如何通过利用这些法律的直接和间接协同作用，为值得信赖的创新和保护基本权利建立一个全球标准。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.