人工智慧風險管理合規歐盟AI法初探

An Introduction to The Compliance of AI Risk Management with the EU AI Act

江柔萱；魏銪志

資訊安全 ； 人工智慧 ； 標準化 ； 可信任AI系統 ； 合規 ； Information security ； Artificial intelligence ； Standardization ； Trustworthy AI systems

電腦稽核

50期（2024 / 08 / 30）

67 - 76

繁體中文;英文

近年來，人工智慧的快速發展及COVID-19疫情的爆發，使企業對自動化的需求激增，推動了生成式AI系統的廣泛應用。隨著AI技術應用到各行各業，組織面臨的資訊安全風險也日益增加，許多的風險都源於系統漏洞、駭客攻擊，以及管理與人為疏失。為應對這些挑戰，國際機構及政府提出了可信任AI的原則，強調包容性增長、法治與人權的尊重、透明度、安全性與問責制等五大原則。這些原則與歐盟AI法、ISO/IEC 23894及NIST AI 100-1的標準有高度重疊。本研究旨在總結這些標準的共通原則，幫助組織更有效地導入及遵循AI系統標準，以實現可信任AI的目標，並達成合規性。

In recent years, the rapid development of artificial intelligence and the outbreak of the COVID-19 pandemic have significantly increased the demand for automation in businesses, driving the widespread adoption of generative AI systems. As AI technology permeates various industries, organizations face the increasing of information security risks, stemming from system vulnerabilities, cyber-attacks, and management and human errors. To address these challenges, international organizations and governments have proposed principles for Trustworthy AI, emphasizing inclusive growth, respect for the rule of law and human rights, transparency, security, and accountability. These principles overlap significantly with standards such as the EU AI Act, ISO/IEC 23894, and NIST AI 100-1. This study aims to aggregate these common principles to help organizations more effectively implement and adhere to AI system standards, achieving the goal of Trustworthy AI and ensuring the compliance of regulations.