New Zealand crafts AI regulation and digital ID strategy with an eye on Europe

As governments globally come to terms with the need for AI regulation and a strategy on digital identity, many are looking to the EU as a model. For New Zealand, the EU’s AI Act provides a comprehensive regulatory framework against which to gauge its own limits and laws, and the EUDI wallet program provides a demonstrable road map for implementing digital ID as part of a larger digital transformation of the economy and social services.

EU AI Act offers “firm foundation for people-centered regulation of AI”

In a piece for Newsroom, Dr. Nessa Lynch, a researcher who specializes in the regulation of emerging technologies, argues that since AI’s rapid development to date has been driven by commercial interests rather than public ones, it is time to impose some legal and policy safeguards on AI to ensure public data privacy does not go off the rails.

“The EU is the largest single world market and a global standard setter,” Lynch writes. “And given the closer links being forged through the New Zealand-EU Free Trade Agreement, New Zealand should monitor regulatory developments closely.”

She says the EU AI Act is best framed as “product safety legislation, which aims to protect people from harm and promote trustworthy and safe use of AI.” Its risk-based framework with tiered requirements imposes thresholds for uses designated as high-risk.

It will also guide global ideas about what uses of AI present unacceptable risk and should be prohibited outright. “Systems the act will prohibit include social scoring, scraping of images, and most types of emotion recognition, biometric categorisation, and predictive policing applications.”

That said, Lynch notes controversial exceptions for law enforcement, specifically the use of facial recognition for real-time biometric surveillance, plus exceptions for national security, defence, and military purposes.

As always, the balancing act is in equalizing regulation and innovation. Innovation too often means pushing at the boundaries of law, but regulations that let nothing through can be smothering. Lynch says that, overall, the stabilizing element is trust. “The EU approach is premised on the idea that where consumers have trust in systems, and confidence in quality, they are more likely to be willing to use AI in the commercial sense and in engaging with public services,” she writes.

For New Zealand, that means there is some work to be done. Lynch says significant gaps in its regulatory regime may dampen innovation and public trust in AI. She notes New Zealand’s comparatively weak privacy and data protection laws, and a haze of ambiguity around when AI is used and how misuse is being prevented.

“Without a people-centred, trustworthy, and robust regulatory framework, uptake and trust in AI is likely to be affected,” Lynch says.

Digital identity “only one aspect of a wider digital economy”

Much as in the EU, AI regulation in New Zealand has been developing in tandem with a national strategy for digital identity. This week, the government launched its New Zealand Trust Framework Authority to determine which organizations are verified to provide digital identity services.

In a piece for The Conversation, Lynch’s colleague at Te Herenga Waka – Victoria University of Wellington, Professor of Informatics Markus Luczak-Roesch, says the transformational potential of digital ID and digital credentials is real – but so are “the principles on which our digital economy runs,” which shape the much wider context into which digital ID will be introduced.

“While digital ID is key to access and trust in digital services, it needs to be protected and managed in accordance with our values, including personal, community and national perspectives,” writes Luczak-Roesch. “Digital ID is only one aspect of a wider digital economy. We have to consider more systemically how we develop new digital services and who develops them.”

Large tech corporations, he notes, are not perhaps the best entities with whom to trust all of our personal data. Noting a recent report on how digital ID is entwined with data management, national data infrastructure and national values, he points to models provided by Estonia – long a global leader in digitization of public services, and home to a robust national data infrastructure – and Norway, where the national research center for AI innovation (NorwAI) “develops and maintains a suite of Norwegian Large Language Models built on Norwegian data and values.”

In the end, says Luczak-Roesch, whether in AI or digital identity, it is important to try and minimize “the risk of building technology that unknowingly imports components that may have been developed unethically, or which embed values that are incompatible with the local context.”

Article Topics

AI  |  biometrics  |  digital economy  |  digital identity  |  facial recognition  |  New Zealand  |  regulation