scieee Science in your language
[en] (orig)

Eu regulatory ecosystem for ethical AI

Author: Bolgouras, Vaios; Zarras, Apostolis; Leka, Christian; Stylianou, Ioannis; Farao, Aristeidis; Xenakis, Christos
Publisher: Zenodo
DOI: 10.1007/s43681-025-00749-x
Source: https://zenodo.org/records/17120423/files/AI-and-Ethics2025.pdf
RESEARCH
AI and E hics
h ps://doi.o g/10.1007/s43681-025-00749-x
e iciency and inno a ion [1]. Howe e , his echnological
p oli e a ion also in oduces complex e hical, legal, and
secu i y challenges ha mus no be o e looked [2]. As eli-
ance on AI sys ems g ows, so do conce ns ela ed o da a
p i acy, algo i hmic anspa ency, ai ness, and cybe secu-
i y [3]. These challenges a e compounded by AI’s inhe -
en ly global and c oss-sec o al na u e, which magni ies isks
such as biased decision-making, p i acy in ingemen s, and
socie al manipula ion [4]. Recognizing ha public us in AI
hinges on i s e hically esponsible deploymen , i becomes
impe a i e o es ablish obus , comp ehensi e egula o y
mechanisms ha add ess hese challenges in a holis ic and
o wa d-looking manne [5].
Despi e a p oli e a ion o amewo ks, such as he EU
AI Ac , he Gene al Da a P o ec ion Regula ion (GDPR),
and he Ne wo k and In o ma ion Sys ems Di ec i e (NIS2)
Di ec i e, exis ing go e nance app oaches o en su e
om agmen a ion. P io esea ch ocuses on indi idual
egula ions o na owly scoped sec o al conce ns [6, 7]. Fo
example, while GDPR p ima ily add esses da a p o ec ion,
NIS2 emphasizes cybe secu i y, and he AI Ac p oposes a
isk-based classi ica ion o AI applica ions, less a en ion is
gi en o hei combined e ec on o ganiza ions ha ope a e
ac oss di e en egula o y domains. This siloed pe spec i e
1 In oduc ion
The apid ad ancemen o A i icial In elligence (AI)
echnologies has p o oundly eshaped nume ous sec o s,
including elecommunica ions, heal hca e, inance, and
anspo a ion, deli e ing unp eceden ed oppo uni ies o
Vaios Bolgou as
[email p o ec ed]
Apos olis Za as
[email p o ec ed]
Ch is ian Leka
[email p o ec ed]
Ioannis S ylianou
[email p o ec ed]
A is eidis Fa ao
[email p o ec ed]
Ch is os Xenakis
[email p o ec ed]
1 Uni e si y o Pi aeus, Pi aeus, G eece
2 Founda ion o Resea ch and Technology Hellas, He aklion,
G eece
3 InQbi SRL, Bucha es , Romania
Abs ac
AI applica ions aise complex e hical, legal, and secu i y challenges ha demand comp ehensi e and coo dina ed go e -
nance a mul iple le els. In his pape , we examine how key Eu opean Union (EU) egula o y amewo ks, such as he AI
Ac , GDPR, and NIS2, in e ac o se s anda ds o AI secu i y, unc ionali y, and e hical pe o mance. By compa ing he
objec i es and equi emen s ou lined in hese egula o y ins umen s, we iden i y poin s o con e gence ha encou age
a holis ic app oach o c ea ing anspa en , accoun able, and ai AI sys ems. This alignmen is pi o al o building use
us and mi iga ing isks associa ed wi h da a b eaches, algo i hmic bias, and p i acy iola ions. Mo eo e , we explo e
how ha monizing hese egula ions can main ain he EU’s compe i i e edge in AI inno a ion, as clea go e nance s uc-
u es help businesses emain agile while p o ec ing consume in e es s. Ou analysis u he add esses he ami ica ions
o global AI go e nance, emphasizing he signi icance o a uni ied, o wa d-looking s a egy o ensu e esponsible AI
de elopmen . In doing so, we ecommend u u e ha moniza ion ini ia i es ha p omo e socie al well-being, sa egua d
human igh s, and uphold e hical and echnological s anda ds wo ldwide.
Keywo ds EU AI ac · AI go e nance · Secu i y · P i acy
Recei ed: 14 Janua y 2025 / Accep ed: 2 May 2025
© The Au ho (s) 2025
Eu egula o y ecosys em o e hical AI
VaiosBolgou as1· Apos olisZa as1,2· Ch is ianLeka3· IoannisS ylianou1· A is eidisFa ao1· Ch is osXenakis1,3
1 3
AI and E hics
leads o inconsis encies in compliance equi emen s and
unce ain y o e ensu ing use us , secu i y, and ai ness
in eal-wo ld AI sys ems. In highly egula ed indus ies,
such as inance, heal hca e, and elecommunica ions, hese
disjoin ed amewo ks can exace ba e compliance complex-
i y, as o ganiza ions mus na iga e o e lapping obliga ions
wi hou clea guidance on uni ied bes p ac ices.
Recen in e disciplina y esea ch in legal in o ma ics has
in oduced he concep o legal design pa e ns, which a ic-
ula e ule-o -law p inciples, such as anspa ency, con es -
abili y, and in e p e abili y, as modula , eusable s uc u es
o embedding legali y in o digi al sys ems [8]. This design-
o ien ed app oach o e s a s uc u ed me hodology o ans-
la ing no ma i e equi emen s in o ac ionable sys em-le el
ea u es. In he con ex o AI go e nance, pa icula ly wi hin
high-impac domains such as heal hca e o communica-
ions, legal design pa e ns p o ide a uni ying language o
b idge egula o y manda es and echnical implemen a ion.
Thei in eg a ion unde sco es ha ins umen s such as he
EU AI Ac do no impose a bi a y compliance bu dens, bu
a he ins an ia e ounda ional legal no ms di ec ly wi hin
sys em a chi ec u es [9].
The esea ch p esen ed he e seeks o b idge his c i i-
cal gap by ho oughly examining secu i y, unc ional, and
non- unc ional equi emen s ac oss di e se EU egula o y
ins umen s. I illumina es he c oss-cu ing p inciples and
syne gies ha suppo e hical AI deploymen while mini-
mizing con adic o y o edundan obliga ions. Speci ically,
we compa e and syn hesize he main p o isions o he EU
AI Ac , GDPR, NIS2, Cybe Resilience Ac (CRA), Digi-
al Se ices Ac (DSA), Digi al Ma ke s Ac (DMA), and
ela ed guidelines o o e a uni ied e e ence poin ha
s akeholde s in mul iple indus ies can ely upon o ha mo-
nized compliance. By add essing common challenges such
as algo i hmic bias, da a b eaches, and opaque AI decision-
making, ou s udy p o ides bo h heo e ical insigh s and
ac ionable ecommenda ions o egula o s, companies,
and consume s1. This wo k unde sco es he impo ance o
adop ing an in eg a ed egula o y s a egy ha os e s inno-
a ion while ensu ing anspa ency, accoun abili y, and he
sa egua ding o undamen al igh s ac oss all sec o s whe e
AI is deployed.
1 In his pape , he e m “consume ” is used b oadly o include any
en i y (indi idual o g oup) ha in e ac s wi h, uses, o is a ec ed by
AI sys ems. This includes no only na u al pe sons ac ing in a p i a e
capaci y bu also wo ke s, ci izens, and o he non-comme cial s ake-
holde s impac ed by AI-enabled se ices.
2 Backg ound and ela ed wo k
The inc easing adop ion o AI echnologies ac oss di e se
domains such as elecommunica ions, heal hca e, inance,
and anspo a ion has ushe ed in a new e a o inno a ion
and ope a ional e iciency. AI sys ems enable capabili-
ies anging om ad anced da a analy ics o au onomous
decision-making, undamen ally ans o ming indus-
ies and eshaping socie al no ms [10]. Howe e , hese
ad ancemen s b ing o h signi ican e hical, legal, and
echnical challenges, pa icula ly in ensu ing anspa ency,
ai ness, accoun abili y, and secu i y while deploying AI
sys ems [11]. Despi e he obus ness o he EU’s egula o y
ecosys em, he e ec i e go e nance o AI sys ems emains
a complex challenge. AI’s c oss-sec o al and global na u e
ampli ies isks such as algo i hmic bias, p i acy iola ions,
and cybe secu i y h ea s, necessi a ing coo dina ed e o s
among policymake s, indus y leade s, and esea che s [12,
13]. Mo eo e , aligning hese amewo ks wi h eme ging AI
echnologies, such as gene a i e AI, is essen ial o main-
aining hei ele ance and e ec i eness [14].
To add ess hese challenges, he EU has de eloped a
comp ehensi e egula o y amewo k o os e e hical and
us wo hy AI. Cen al o his amewo k is he p oposed
EU AI Ac [15], which in oduces a isk-based ca ego i-
za ion o AI sys ems and manda es igo ous equi emen s
o high- isk applica ions o ensu e hei sa e y, anspa -
ency, and accoun abili y. This ini ia i e e lec s he EU’s
commi men o aligning inno a ion wi h he p o ec ion o
undamen al igh s. Complemen ing he EU AI Ac , he
GDPR [16] p o ides a obus da a p o ec ion and p i acy
ounda ion, emphasizing p inciples such as da a minimi-
za ion, use consen , and accoun abili y; all c i ical o AI
applica ions. The eP i acy Di ec i e [17] u he s eng h-
ens hese p o ec ions by ocusing on he con iden iali y o
elec onic communica ions, ensu ing ha da a handling
p ac ices emain secu e and anspa en .
Each o he egula o y amewo ks discussed in his pape
con ibu es dis inc legal and no ma i e pe spec i es on AI
go e nance. The EU AI Ac p oposes a ho izon al ame-
wo k in oducing a isk-based classi ica ion o AI sys ems
and legally binding obliga ions o high- isk applica ions.
The GDPR o e s ounda ional p o ec ions o pe sonal
da a, emphasizing use igh s, consen , and accoun abili y.
The eP i acy Di ec i e complemen s his by a ge ing con-
iden iali y and consen in elec onic communica ions. NIS2
s eng hens he cybe secu i y pos u e o essen ial en i ies,
including hose deploying AI sys ems in c i ical in as uc-
u e. The CRA manda es secu i y-by-design equi emen s
o digi al p oduc s, including AI-enabled sys ems, h ough-
ou hei li ecycle. The EECC go e ns elecommunica ions
ne wo ks and se ices, wi h p o isions o use p o ec ion
1 3
AI and E hics
and in e ope abili y ha inc easingly in e sec wi h AI
unc ionali y. The DSA and DMA egula e digi al se ices
and pla o m ma ke s, espec i ely, ocusing on algo i h-
mic anspa ency, ai ness, and ga ekeepe accoun abili y.
Finally, sec o -speci ic amewo ks such as DORA ( inan-
cial esilience), he GPSR (p oduc sa e y), EHDS (heal h
da a in e ope abili y), and he Open Da a Di ec i e (public
sec o da a euse) con ibu e domain-speci ic cons ain s
and enable s ele an o AI deploymen .
The academic discou se has inc easingly u ned owa d
he p oblem o egula o y agmen a ion and no ma i e en-
sions be ween ins umen s. Veale and Zuide een Bo ge-
sius [18] a gue ha he ope a ionaliza ion o he AI Ac ’s
isk-based axonomy emains ambiguous, pa icula ly when
c oss- e e enced wi h exis ing ins umen s such as GDPR.
Smuha [12] cau ions agains egula o y compe i ion and
s esses he need o cohe ence ac oss amewo ks o a oid
compliance unce ain y. Flo idi [19] unde sco es he philo-
sophical unde pinnings o he EU’s app oach, emphasizing
ha e hics and igh s p o ec ion mus emain cen al o any
echnical egula ion. These pe spec i es ame he EU’s
go e nance model as bo h ambi ious and con ingen , equi -
ing in e p e i e alignmen and ins i u ional coope a ion o
e ec i e implemen a ion. Ou analysis builds on his body
o wo k by o e ing a sys ema ic compa ison o how a i-
ous EU egula ions add ess secu i y, unc ional, and non-
unc ional equi emen s. Ra he han ocusing on indi idual
ins umen s, we adop a c oss- amewo k pe spec i e ha
e eals pa e ns o con e gence and di e gence, he eby
add essing he coo dina ion challenge ha has been consis-
en ly iden i ied in he li e a u e.
The EU egula o y landscape also inco po a es measu es
o enhance he cybe secu i y and esilience o AI sys ems.
The NIS2 Di ec i e [20] es ablishes s ingen equi emen s
o isk managemen and inciden epo ing in c i ical sec-
o s whe e AI is in eg a ed in o essen ial se ices. The p o-
posed CRA [21] en o ces secu i y-by-design p inciples o
digi al p oduc s, manda ing con inuous moni o ing and
ulne abili y managemen h oughou hei li ecycle. Fu -
he mo e, he Eu opean Elec onic Communica ions Code
(EECC) [22] ha monizes elecommunica ions egula ions
ac oss he EU, add essing use igh s and secu i y in AI-
enabled communica ion sys ems.
In addi ion o sa egua ding p i acy and secu i y, EU
amewo ks emphasize ai ness and anspa ency in digi al
se ices. The DSA [23] in oduces equi emen s o algo-
i hmic anspa ency, ensu ing ha online pla o ms p o-
ide clea in o ma ion on how AI sys ems in luence con en
mode a ion and ecommenda ions. The DMA [24] comple-
men s his by os e ing ai compe i ion in digi al ma ke s,
pa icula ly among pla o ms u ilizing AI-d i en se ices.
Addi ionally, he EU’s High-Le el Expe G oup on AI has
con ibu ed he E hics Guidelines o T us wo hy AI [25],
which, al hough non-binding, p o ide c i ical guidance o
embedding ai ness, anspa ency, human o e sigh , and
inclusi i y in o AI de elopmen p ocesses. These guidelines
a e an e hical compass, shaping he b oade discou se on
esponsible AI go e nance.
Despi e he obus ness o his egula o y ecosys em, he
e ec i e go e nance o AI sys ems emains a complex chal-
lenge. AI’s c oss-sec o al and global na u e ampli ies isks
such as algo i hmic bias, p i acy iola ions, and cybe secu-
i y h ea s, necessi a ing coo dina ed e o s among policy-
make s, indus y leade s, and esea che s [26]. Mo eo e ,
aligning hese amewo ks wi h eme ging AI echnologies,
such as gene a i e AI, is essen ial o main aining hei el-
e ance and e ec i eness [14].
These amewo ks collec i ely ou line co e AI deploy-
men p inciples, including anspa ency, accoun abili y,
human o e sigh , and ai ness. While hese p inciples a e
mos comp ehensi ely and explici ly codi ied in he EU AI
Ac , pa icula ly o high- isk AI sys ems, complemen a y
p o isions exis in o he amewo ks such as he GDPR
(e.g., da a subjec igh s and anspa ency), NIS2 (e.g.,
cybe secu i y isk managemen ), and he DSA (e.g., algo-
i hmic anspa ency on online pla o ms).The equi emen s
o manda o y con o mi y assessmen s, he es ablishmen
o en o cemen mechanisms in ol ing na ional supe iso y
au ho i ies and he EAIB, and he imposi ion o ines and
penal ies o non-compliance o igina e p ima ily om he
EU AI Ac . By c ea ing a ha monized egula o y en i on-
men ac oss he EU, hese amewo ks ensu e ha AI and
ela ed echnologies a e de eloped and used esponsibly,
wi h a s ong emphasis on p o ec ing he igh s and ee-
doms o EU ci izens. Fu he mo e, hey ha e global impli-
ca ions, se ing a p eceden o in e na ional s anda ds and
encou aging he adop ion o simila egula o y amewo ks
wo ldwide, pa icula ly as AI con inues o e ol e [27].
AI go e nance has become a ocal poin o academic
discou se, pa icula ly conce ning he EU’s pu sui o com-
p ehensi e egula o y amewo ks. Veale and Zuide een
Bo gesius [18] c i ically examine he d a EU AI Ac ,
add essing i s de ini ions, scope, and po en ial impac s on
AI de elopmen and deploymen . Thei discussion high-
ligh s challenges ela ed o he Ac ’s isk-based app oach, i s
epe cussions o inno a ion, and he p ese a ion o unda-
men al igh s. In pa icula , hey a gue ha he ope a ional-
iza ion o he isk axonomy p esen s signi ican ambigui ies
o egula o s and de elope s alike, he eby equi ing s on-
ge in e p e a i e guidance and alignmen wi h exis ing
sec o al no ms. Simila ly, Flo idi [19] in es iga es he phil-
osophical ounda ions o he EU’s AI legisla ion, illus a ing
how i endea o s o econcile echnological p og ess wi h
e hical conside a ions and undamen al igh s p o ec ion.
1 3
AI and E hics
and he po en ial o ha monized egula o y p ac ices ac oss
ju isdic ions.
Despi e abundan esea ch on AI egula ion, a gap
emains in examining he join in eg a ion o mul iple EU
amewo ks and hei combined implica ions o AI sys-
ems’ secu i y, unc ional, and non- unc ional equi emen s.
Many p io in es iga ions hone in on indi idual egula ions
o pa icula conce ns, such as e hical issues o indus y-
speci ic ami ica ions, wi hou a holis ic analysis o how
hese egula o y ins umen s in e sec and ein o ce each
o he . To add ess his gap, he p esen s udy p o ides a uni-
ied examina ion o he EU’s egula o y ecosys em, includ-
ing he AI Ac , GDPR, NIS2 Di ec i e, CRA, and addi ional
amewo ks. By assessing he secu i y, unc ional, and non-
unc ional equi emen s de i ed om hese egula ions, we
deli e ounda ional insigh s in o he esponsible de elop-
men and deploymen o AI wi hin a obus egula o y se -
ing. While he EECC and he DMA a e no AI-speci ic
egula ions, hei inclusion in his analysis is jus i ied by
hei g owing ele ance o AI-enabled se ices. The EECC
go e ns digi al communica ions in as uc u e, whe e AI
unc ionali ies a e inc easingly deployed, o ins ance, in
ne wo k a ic op imiza ion, p edic i e main enance, and
adap i e se ice p o isioning. Simila ly, he DMA a ge s
sys emic isks a ising om he dominance o digi al ga e-
keepe s, many o which ely on AI-d i en mechanisms o
con en anking, ad a ge ing, and use p o iling. By exam-
ining hese amewo ks, we aim o cap u e how sec o -spe-
ci ic egula ions shape he ope a ional con ex wi hin which
AI is de eloped and deployed. This is especially pe inen
o unde s anding c oss- egula o y ensions and comple-
men a i ies, such as he in e play be ween da a po abil-
i y obliga ions unde he DMA and consen managemen
equi emen s unde he GDPR. Including hese ins umen s
hus allows o a mo e comp ehensi e e alua ion o he
EU’s egula o y landscape as i con e ges a ound AI-in en-
si e digi al ma ke s and in as uc u es.
This wo k con ibu es o ongoing discou se by illumi-
na ing he syne gies and complemen a i ies among di e se
egula ions, pinpoin ing a eas whe e u he con e gence
o sc u iny may be wa an ed, and p oposing a ha monized
me hod o p omo ing e hical AI deploymen ac oss mul-
iple sec o s. While ea lie s udies ha e ho oughly in es-
iga ed indi idual aspec s o AI egula ion and e hics in
he EU con ex , he p esen analysis in eg a es hese com-
ponen s in o a comp ehensi e o e iew. I elucida es how
he EU’s mul i ace ed egula o y s a egy p omo es e hical
AI p ac ices, emphasizing anspa ency, accoun abili y, and
use empowe men , and se s a s anda d o eme ging global
ends in AI go e nance.
This wo k unde sco es he impo ance o g ounding AI
egula ions in e hical p inciples o cul i a e us wo hy
AI sys ems. Along he same lines, Sa o and Lagioia [28]
explo e he p oposed AI Ac ’s po en ial e ec s on AI-based
business models, ocusing on compliance demands, sys em
classi ica ion, and economic implica ions o de elope s
and p o ide s.
The no ion o egula o y compe i ion in AI is discussed
by Smuha [12], who analyzes how he EU’s ini ia i es may
es ablish p eceden s o global s anda ds, ul ima ely shap-
ing in e na ional AI go e nance. She also wa ns, howe e ,
ha wi hou meaning ul egula o y con e gence, o e lap-
ping o compe ing ins umen s may in oduce legal unce -
ain y and de e inno a ion. Bu che and Be idze [13] o e
a b oade pe spec i e whe e hey examine AI go e nance
wo ldwide, concen a ing on he EU’s ole in in luencing
in e na ional policy and compa ing di e se go e nance
models. Thei analysis unde sco es he EU’s signi icance in
se ing expec a ions and no ms o AI egula ion on a global
scale. Meanwhile, Leslie [29] assesses he in eg a ion o
e hical p inciples in o AI egula ion by e iewing a ange
o AI e hics guidelines, including hose o mula ed wi hin
he EU. The s udy in es iga es how e ec i ely such guide-
lines p omo e e hical AI p ac ices and embed hese p in-
ciples wi hin policy and egula ion. Complemen ing hese
iewpoin s, Wischmeye and Rademache [30] compile
con ibu ions on AI egula ion ha span legal, e hical, and
echnical dimensions, discussing opics such as he AI Ac ,
da a go e nance, liabili y issues, and he in e play be ween
AI and undamen al igh s. Thei wo k emphasizes ha no -
ma i e ambi ions, such as anspa ency, ai ness, and use
empowe men , mus be e lec ed in he en o ceable a chi-
ec u e o egula ion, calling o a mo e cohe en and ha -
monized amewo k ac oss legal domains.
Rega ding sec o -speci ic conce ns, Aloisi and DeS e-
ano [31] cen e on applying AI in employmen and labo
pla o ms, sc u inizing how EU egula ions add ess algo-
i hmic managemen . Thei analysis emphasizes implica-
ions o wo ke s’ igh s, da a p o ec ion, and he necessi y
o anspa ency and accoun abili y in AI sys ems. The
Eu opean Pa liamen a y Resea ch Se ice p o ides u -
he insigh s [32], which ou lines he EU’s digi al s a egy,
including he AI Ac and ela ed egula ions, emphasiz-
ing hei collec i e e ec on he digi al landscape and he
alue o a cohesi e egula o y amewo k. Compa a i e
s udies shed addi ional ligh on he wo ldwide in luence o
AI egula ion. Fo example, MacCa hy [33] examines he
EU’s AI egula o y amewo k as a empla e o he Uni ed
S a es, de ailing he EU’s isk-based app oach and ocus
on undamen al igh s. This compa a i e lens highligh s
he EU’s g owing impac on shaping global AI go e nance
1 3
AI and E hics
classi ica ion o equi emen s in o h ee ca ego ies (i.e.,
secu i y, unc ional, and non- unc ional) ollows es ablished
app oaches in sys ems enginee ing and AI go e nance li e -
a u e, whe e sys em-le el p ope ies a e o en disagg ega ed
in o hese in e dependen laye s o suppo comp ehensi e
isk assessmen and design alida ion. This analy ical s uc-
u e allows us o iden i y no ma i e con e gence ac oss EU
ins umen s and ace how legal obliga ions mani es in sys-
em a chi ec u e. These equi emen s s em om an analysis
o co e p inciples designed o ensu e echnological eco-
sys ems’ secu i y, anspa ency, and e hical ope a ion. This
subsec ion del es in o hese equi emen s, ou lining hei
signi icance and illus a ing how hey unde pin o e a ching
us , accoun abili y, and use empowe men objec i es.
In he con ex o sa egua ding AI sys ems and digi al
in as uc u es, se e al key equi emen s a e i al o ensu -
ing esilien , us wo hy, and e hically g ounded ope a-
ions. Fo emos is Risk and Vulne abili y Managemen , a
co e equi emen explici ly add essed in A icle 9 o he EU
AI Ac , which manda es he implemen a ion o a isk man-
agemen sys em o high- isk AI sys ems h oughou hei
li ecycle. Simila ly, A icles 21-23 o he NIS2 Di ec i e
impose cybe secu i y obliga ions on essen ial and impo an
en i ies, equi ing hem o assess, documen , and mi iga e
secu i y isks. These measu es a e complemen ed by A icle
10 o he CRA, which obliges manu ac u e s o iden i y and
add ess ulne abili ies du ing de elopmen and a e p od-
uc placemen on he ma ke . This s a egy is pi o al o
p o ec ing c i ical sec o s, main aining se ice con inui y,
and shielding use s om he a - eaching consequences o
echnological ailu es. Closely linked is Da a Secu i y and
P o ec ion, a ounda ional elemen gi en he signi ican ol-
ume o pe sonal and sensi i e da a p ocessed by AI sys ems.
P ese ing da a con iden iali y, in eg i y, and a ailabili y is
essen ial o building us be ween use s and se ice p o-
ide s, as emphasized by egula ions such as he GDPR,
which manda es measu es including enc yp ion, pseudony-
miza ion, and access con ols.
Equally signi ican is he p inciple o T anspa ency,
which calls o openness in he unc ioning o AI sys ems,
enabling use s, egula o s, and o he s akeholde s o unde -
s and how decisions a e made and how da a is handled.
T anspa ency os e s us and suppo s egula o y compli-
ance by acili a ing e ec i e audi s and o e sigh . Comple-
men ing anspa ency is Accoun abili y, which equi es
o ganiza ions o assume esponsibili y o he ou comes and
impac s o hei AI sys ems. This includes main aining com-
p ehensi e documen a ion and unde going egula audi s o
demons a e compliance. Fu he mo e, Human O e sigh
p ese es he ole o human judgmen in AI applica ions,
pa icula ly in high-s akes con ex s, by ensu ing he ea-
sibili y o meaning ul human in e en ion. This sa egua d
3 Regula o y equi emen s
En o cing egula ions such as he AI Ac , he NIS2 Di ec-
i e, he GDPR, he eP i acy Di ec i e, he CRA, he EECC,
he DSA, he DMA, he E hics Guidelines o T us wo hy
AI, he Digi al Ope a ional Resilience Ac (DORA), he
Gene al P oduc Sa e y Regula ion (GPSR), he Eu opean
Heal h Da a Space (EHDS), and he Open Da a Di ec i e
calls o a comp ehensi e and in eg a ed app oach o ensu e
bo h compliance and he e hical deploymen o AI and o he
digi al echnologies. The selec ion o he analysed egula-
o y ins umen s is g ounded in hei b oad legal and ope a-
ional ele ance o AI deploymen in he Eu opean Union.
We ocus p ima ily on binding amewo ks ha ei he
impose explici obliga ions on high- isk AI sys ems o egu-
la e AI-in ensi e sec o s, such as da a go e nance (GDPR),
cybe secu i y (NIS2), ma ke ai ness (DMA), and digi al
p oduc sa e y (CRA), as well as in luen ial so -law ins u-
men s like he E hics Guidelines o T us wo hy AI. This
selec ion cap u es bo h ho izon al (c oss-sec o al) and e i-
cal (sec o -speci ic) egula o y laye s, o e ing a ep esen a-
i e basis o assessing ha moniza ion challenges in EU AI
go e nance.
In addi ion o amewo k selec ion, ou analy ical s uc-
u e is g ounded in a h ee-pa ca ego iza ion o sys em-le el
equi emen s-secu i y, unc ional, and non- unc ional-which
e lec s es ablished dis inc ions in so wa e enginee ing,
sys ems design, and AI go e nance li e a u e. This ipa i e
model enables a laye ed analysis o how no ma i e objec-
i es (e.g., da a p o ec ion, anspa ency, accoun abili y, isk
mi iga ion) a e ope a ionalized ac oss he e ogeneous egu-
la o y sou ces. Ra he han ea ing each ins umen in iso-
la ion, we classi y hei p o isions acco ding o he ype o
equi emen hey ins an ia e, he eby iden i ying bo h con-
e gence pa e ns and egula o y gaps. Collec i ely, hese
amewo ks add ess he mul i ace ed challenges s emming
om he con e gence o AI and digi al se ices. E ec i e
implemen a ion demands es ablishing a de ailed se o unc-
ional, non- unc ional, and secu i y equi emen s o gua an-
ee ha AI sys ems ope a e sa ely, anspa en ly, and ai ly.
Such an app oach sa egua ds undamen al igh s and os-
e s us in hese echnologies. By ha monizing his di e se
a ay o egula o y ins umen s, s akeholde s can c ea e a
cohesi e en i onmen ha p omo es secu i y, p i acy, and
esilience ac oss he en i e AI ecosys em, he eby upholding
he guiding p inciples manda ed by hese egula ions.
3.1 Secu i y equi emen s
Iden i ying and ca ego izing secu i y equi emen s cons i-
u e a c i ical s ep in e alua ing he obus ness o he EU’s
egula o y amewo ks o AI and digi al sys ems. Ou
1 3

AI and E hics
implemen secu i y measu es and inciden epo ing p o-
cedu es o cu ail h ea s e ec i ely. Al hough i imposes
s ingen accoun abili y equi emen s and p esc ibes egu-
la audi s, he NIS2 Di ec i e p io i izes o ganiza ional
esilience a he han use - acing conside a ions, including
anspa ency o use empowe men . Consequen ly, i com-
plemen s o he amewo ks such as GDPR and he CRA by
o i ying he secu i y o i al in as uc u es.
Renowned as a co ne s one o da a p o ec ion, GDPR
comp ehensi ely ackles da a secu i y and use empowe -
men . I en o ces s ingen accoun abili y o da a con ol-
le s and p ocesso s while o e ing indi iduals ex ensi e
igh s o e hei da a, including access, co ec ion, and e a-
su e. T anspa ency emains a salien ea u e: GDPR equi es
clea communica ion ega ding da a p ocessing p ac ices.
I likewise p omo es ai ness and non-disc imina ion in
da a usage, wi h p o isions o human o e sigh o au o-
ma ed decisions ha ma e ially a ec indi iduals. Al hough
GDPR is unpa alleled in he domain o p i acy and use
empowe men , i does no explici ly add ess in e ope abil-
i y, hus lea ing oom o egula ions such as he EECC and
he DMA o ill he gap. In andem, he eP i acy Di ec i e
bols e s p i acy in elec onic communica ions. I en o ces
use consen o da a collec ion and p ocessing, ein o cing
anspa ency and accoun abili y o se ice p o ide s. How-
e e , i s co e age is con ined o communica ions-speci ic
p i acy a he han b oade secu i y conce ns like isk man-
agemen o secu i y by design. Acco dingly, GDPR and he
eP i acy Di ec i e oge he c ea e a comp ehensi e p i acy
amewo k, al hough he CRA is needed o add ess mo e
echnical secu i y aspec s. The CRA p omo es secu i y-by-
design and manda es pos -ma ke su eillance so ha ul-
ne abili ies a e managed h oughou a p oduc ’s li ecycle.
Accoun abili y is cen al, as manu ac u e s mus p ese e
compliance wi h secu i y s anda ds. Howe e , he Ac does
no p io i ize anspa ency o use empowe men , ocusing
on p oduc -o ien ed secu i y a he han use - acing e hical
issues.
The EECC is pi o al in gua an eeing he secu i y and
eliabili y o communica ions in as uc u es. By s ipula ing
in e ope abili y and anspa ency, i os e s use con idence
in elecommunica ions ne wo ks. Use s gain p o ec ion
h ough secu e communica ion se ices and ai access, and
p o ide s mus ale use s o po en ial isks. Al hough na -
owe in scope compa ed o GDPR o he EU AI Ac , he
EECC add esses he i al aspec o eliable communica ion
se ices.
The DSA and he DMA ackle sys emic isks and ai -
ness in online pla o ms and digi al ma ke places. The DSA
unde lines algo i hmic anspa ency, compelling pla o ms
o disclose how con en mode a ion and ecommenda-
ion sys ems ope a e. This p o ision empowe s use s o
add esses e hical issues linked o ully au onomous sys ems
and lessens he isk o e oneous o biased decision-making.
Addi ional equi emen s ein o ce his secu i y ame-
wo k, including (i) Secu i y-by-Design and Compliance,
(ii) Inciden and Pos -Ma ke Repo ing, (iii) Fai ness and
Non-Disc imina ion, (i ) Audi abili y, ( ) In e ope abili y,
( i) Global Applicabili y, and ( ii) Use Empowe men .
Secu i y-by-design embeds secu i y conside a ions in o he
ea ly s ages o sys em and p oduc de elopmen , making
secu i y in eg al h oughou he AI li ecycle a he han an
a e hough . Inciden and pos -ma ke epo ing p io i ize
eal- ime h ea mi iga ion and con inuous moni o ing a e
deploymen , he eby s eng hening accoun abili y. Fai ness
and non-disc imina ion a ge he po en ial o AI sys ems o
eplica e biases, manda ing equi able p ocesses ha uphold
undamen al igh s. Audi abili y enables ex e nal e iew o
ensu e alignmen wi h egula o y equi emen s, ein o cing
con idence in he egula o y en i onmen . In e ope abili y
encou ages seamless in eg a ion and unc ionali y ac oss
pla o ms, educing agmen a ion and enabling inno a ion.
Global applicabili y e lec s he EU’s aspi a ion o in luence
in e na ional s anda ds o AI go e nance, acknowledg-
ing he inhe en ly global cha ac e o digi al echnologies.
Finally, use empowe men g an s indi iduals g ea e
au ho i y o e hei in e ac ions wi h echnology by o e ing
access o pe sonal da a, a means o challenge decisions, and
e ec i e consen managemen ools, os e ing us and e hi-
cal engagemen wi h AI sys ems.
When syn hesized, hese equi emen s e eal how he
EU’s egula o y amewo ks collec i ely add ess he in i-
ca e ask o go e ning AI and digi al sys ems. Each ame-
wo k con ibu es o his ecosys em, wi h some emphasizing
echnical esilience and secu i y while o he s concen a ing
on e hical dimensions and use igh s.
The EU AI Ac se es as a pi o al ins umen in AI go -
e nance, p o iding a igo ous amewo k o egula ing
high- isk AI sys ems. I manda es s uc u ed isk and ul-
ne abili y assessmen s and con inuous pos -ma ke su eil-
lance, he eby embedding secu i y-by-design p inciples o
os e eliable, anspa en sys ems. T anspa ency occupies
a cen al ole, obliging de elope s o con ey sys em limi a-
ions and isks clea ly so ha use s may unde s and and,
whe e necessa y, con es decisions. P o isions aimed a
mi iga ing biases add ess ai ness and non-disc imina ion,
while human o e sigh ensu es ha au onomous decisions
a e subjec o meaning ul human sc u iny. Despi e i s com-
p ehensi e scope, he EU AI Ac does no de o e subs an ial
a en ion o in e ope abili y, which lies beyond i s p ima y
ocus on e hical and unc ional equi emen s.
Meanwhile, he NIS2 Di ec i e emphasizes cybe secu-
i y esilience, especially wi hin c i ical and essen ial en i-
ies. I s isk-based pe spec i e obliges o ganiza ions o
1 3
AI and E hics
comp ehend and go e n hei digi al in e ac ions. The DMA
complemen s his ocus by manda ing in e ope abili y and
da a po abili y o ga ekeepe pla o ms, he eby p omo ing
ai compe i ion and use au onomy. Al hough bo h ame-
wo ks a e obus in anspa ency and accoun abili y, hei
secu i y p o isions emain es ic ed o hei espec i e pla -
o m and ma ke con ex s. While non-binding, he E hics
Guidelines o T us wo hy AI supply a mo al ounda ion by
highligh ing p inciples such as human o e sigh , ai ness,
and use empowe men . These guidelines help shape bes
p ac ices and ein o ce public con idence in AI. Howe e ,
hei absence o en o cemen mechanisms unde sco es he
signi icance o binding ins umen s, such as he EU AI Ac ,
in ensu ing compliance.
Sec o -speci ic amewo ks ex end he egula o y ap-
es y by ocusing on esilience and sa e y in pa icula
domains. Fo ins ance, DORA ele a es digi al esilience in
he inancial sec o , implemen ing isk managemen , esil-
ience es ing, and epo ing obliga ions. GPSR simila ly
imposes sa e y-by-design and pos -ma ke moni o ing o
consume p oduc s. While bo h amewo ks excel in echni-
cal and ope a ional secu i y, hey do no inco po a e ans-
pa ency, ai ness, o use empowe men p o isions, gi en
hei na owe manda es. In con as , he EHDS champions
secu e and equi able access o heal h da a by emphasizing
in e ope abili y and use empowe men , acili a ing seam-
less exchange o heal h in o ma ion h oughou he EU. I s
compa ibili y wi h GDPR unde sco es obus da a p o ec-
ion s anda ds, al hough i s heal hca e-speci ic ocus lim-
i s b oade applicabili y. Las ly, he Open Da a Di ec i e
enhances he euse o public sec o da a by p omo ing ai
access o da ase s. I s ocus on in e ope abili y and global
applicabili y aids AI esea ch and de elopmen while os e -
ing anspa ency in he public sec o . None heless, because
i does no speci ically add ess secu i y-by-design o isk
managemen , i s p o isions emain complemen a y a he
han comp ehensi e.
A no able pa e n in Table 1 is he consis en emphasis
on accoun abili y and anspa ency ac oss mul iple ame-
wo ks—p inciples c i ical o cul i a ing us in AI sys ems
and ensu ing ha o ganiza ions answe o hei p oduc s
and se ices. Fu he mo e, he widesp ead p io i iza ion o
use empowe men con i ms he EU’s dedica ion o gi ing
indi iduals mo e au ho i y o e hei da a and how AI ech-
nologies engage wi h i . S ill, gaps emain in he uni o m
co e age o speci ic secu i y equi emen s. Fo ins ance,
in e ope abili y is explici ly men ioned only in amewo ks
such as he EECC, DMA, and EHDS, despi e he in e con-
nec ed na u e o AI sys ems and digi al pla o ms. A b oade
emphasis on in e ope abili y ac oss all amewo ks could
enhance unc ionali y and secu i y. Likewise, human o e -
sigh , ai ness, and non-disc imina ion a e no uni e sally
Table 1 Compa ison o secu i y equi emen s ac oss amewo ks
AI Ac NIS2 GDPR eP i acy di ec i e CRA EECC DSA DMA E hics guidelines DORA GPSR EHDS Open da a di ec i e
Risk & ulne abili y managemen
•
•
•
•
•
•
•
•
•
•
Da a secu i y & p o ec ion
•
•
•
•
•
•
•
T anspa ency
•
•
•
•
•
•
•
•
•
Inciden & pos -ma ke epo ing
•
•
•
•
•
•
Secu i y-by-design & compliance
•
•
•
•
•
Human o e sigh
•
•
•
•
Fai ness & non-disc imina ion
•
•
•
•
•
•
Accoun abili y
•
•
•
•
•
•
•
•
•
•
•
•
•
Audi abili y
•
•
•
•
•
•
•
•
In e ope abili y
•
•
Global applicabili y
•
•
•
•
Use empowe men
•
•
•
•
•
•
•
•
•
1 3
AI and E hics
Sa e y Regula ion GPSR ein o ces his by obliging sa e y
assessmen s h oughou a p oduc ’s li ecycle (A icles 4 and
9). These assessmen s alida e compliance wi h echnical
and e hical s anda ds, minimizing po en ial ha m o use s
and socie y. Complemen ing his is Secu i y-by-Design and
Resilience, which emphasizes in eg a ing secu i y mecha-
nisms h oughou he AI sys em’s li ecycle. Inspi ed by
he CRA and GDPR, his equi emen p omo es p oac i e
measu es agains cybe h ea s, ensu ing ha AI sys ems
emain obus and capable o wi hs anding e ol ing chal-
lenges. Addi ionally, Con inuous Moni o ing and Adap i e
Sys ems unde sco es he need o AI sys ems o emain sa e,
e ec i e, and complian o e ime by emphasizing eal- ime
moni o ing and adap a ion o eme ging isks o changes in
he ope a ional en i onmen .
Ano he c ucial aspec is Business Con inui y and C isis
Managemen , which highligh s he impo ance o ope a-
ional esilience o AI sys ems, especially in c i ical sec o s
such as inance, heal hca e, and elecommunica ions. This
equi emen calls o designing a chi ec u es capable o
apid eco e y om dis up ions o a acks, he eby p ese -
ing us in he eliabili y o AI solu ions. Equally impo -
an is Use Consen Managemen , ensu ing ha use s ha e
meaning ul con ol o e how hei da a is collec ed, used,
and sha ed, in line wi h p inciples om GDPR and he eP i-
acy Di ec i e. Closely ela ed o his is Da a Minimiza-
ion and In eg i y, which equi es AI sys ems o collec only
essen ial da a while ensu ing i s accu acy and in eg i y, hus
p e en ing misuse and mi iga ing isks o bias o une hical
p ac ices.
Algo i hmic T anspa ency is likewise essen ial o e hi-
cal AI deploymen , manda ing clea and comp ehensible
explana ions o decision-making p ocesses o os e us ,
mi iga e biases, and ensu e accoun abili y, pa icula ly in
high-impac applica ions. In e ope abili y is also c i ical,
enabling AI sys ems o seamlessly in eg a e wi h o he
pla o ms, os e ing collabo a ion and educing ba ie s o
adop ion. This ensu es ha AI unc ionali y is no con ined
by echnical silos and p omo es compa ibili y ac oss di e se
en i onmen s. Addi ionally, Usabili y and Human-Cen ic
Design ocuses on making AI sys ems in ui i e o all
use s, including hose wi h limi ed echnical expe ise, hus
p omo ing equi able access and empowe ing indi iduals.
Finally, C oss-Bo de Da a Flow Go e nance add esses he
secu e and law ul ans e o da a in global AI ope a ions.
While GDPR go e ns in a-EU da a lows, his equi e-
men ex ends o main aining compliance when da a c osses
in e na ional bo de s, a c i ical conside a ion o applica-
ions elying on di e se da a sou ces. Collec i ely, hese
unc ional equi emen s es ablish a comp ehensi e ame-
wo k o he esponsible de elopmen and deploymen o
AI sys ems ha align wi h e hical s anda ds, egula o y
in eg a ed in o each amewo k, indica ing possible a eas
o u he s eng hening. Al hough he EU AI Ac and
GDPR ha e global applicabili y, o he amewo ks ha e a
mo e egion-speci ic scope. Gi en he c oss-bo de a i-
bu es o AI and cybe secu i y h ea s, b oade ha moniza-
ion o hese egula ions could ampli y hei global e icacy.
Examining secu i y equi emen s ac oss EU egula-
o y amewo ks unde sco es a laye ed, comp ehensi e
app oach o AI go e nance. Indi idual amewo ks excel
in pa icula domains, ye hei collec i e applica ion c e-
a es a secu i y ne encompassing echnical, e hical, and
use -cen ic conce ns. Add essing iden i ied gaps, such as
boos ing in e ope abili y and sys ema ically inco po a ing
human o e sigh and ai ness, could u he ein o ce he
EU’s leade ship in e hical and secu e AI deploymen . This
in eg a ed s a egy no only de ends use s and os e s us
bu also se es as a global benchma k o AI go e nance.
Taken oge he , he examined amewo ks illus a e a lay-
e ed secu i y a chi ec u e in which egula o y p o isions a e
in e dependen a he han isola ed. Fo ins ance, while he
EU AI Ac manda es s uc u ed isk assessmen s o high-
isk sys ems, hese a e ein o ced by NIS2’s obliga ions on
inciden esponse and by he CRA’s con inuous pos -ma -
ke ulne abili y managemen . GDPR complemen s hese
echnical obliga ions by en o cing pe sonal da a secu i y
h ough enc yp ion and access con ol measu es. In e ope -
abili y equi emen s in he EECC and DMA, al hough no
ocused on secu i y pe se, ha e downs eam implica ions
o secu e da a sha ing and sys em in eg a ion. The in e ac-
ion o hese p o isions ac oss legal ex s unde pins a holis-
ic go e nance model whe e o ganiza ional, in as uc u al,
and use -le el secu i y a e mu ually ein o cing.
3.2 Func ional equi emen s
A se o c i ical unc ional equi emen s has been es ab-
lished o ensu e ha AI sys ems a e de eloped and deployed
in alignmen wi h e hical p inciples, ope a ional obus ness,
and socie al alues. De i ed om an analysis o egula-
o y amewo ks and guidelines p io i izing anspa ency,
usabili y, and da a go e nance, hese equi emen s aim o
ensu e ha AI sys ems a e no only unc ionally e ec i e
bu also sa e, secu e, and use -cen ic.
A undamen al equi emen is Con o mi y Assessmen s,
which a e manda ed by Chap e 4 (A icles 43-51) o he
EU AI Ac . These p o isions equi e high- isk AI sys ems
o unde go p e-deploymen con o mi y checks agains ech-
nical documen a ion, quali y managemen p ocedu es, and
pos -ma ke moni o ing s a egies. In pa allel, A icle 9 o
he CRA equi es manu ac u e s o digi al p oduc s, includ-
ing hose embedded wi h AI, o conduc con o mi y assess-
men s add essing cybe secu i y isks. The Gene al P oduc
1 3
AI and E hics
obliga ions, and socie al expec a ions. By inco po a ing
hese equi emen s in o egula o y amewo ks, s akehold-
e s can os e he esponsible g ow h o AI ac oss a ious
domains.
The e alua ion o unc ional equi emen s ac oss he
EU’s egula o y amewo ks, as p esen ed in Table 2,
e eals a mul i ace ed app oach o go e ning he de elop-
men and deploymen o AI sys ems. Each amewo k con-
ibu es uniquely o he collec i e goal o ensu ing ha AI
echnologies a e unc ional, sa e, secu e, and use -cen ic.
The analysis o hese amewo ks unco e s pa e ns o
emphasis, a eas o b oad co e age, and no able gaps ha
ca y signi ican implica ions o he e hical and e ec i e
implemen a ion o AI wi hin he EU.
The EU AI Ac is a ounda ional amewo k o high- isk
AI sys ems, manda ing igo ous con o mi y assessmen s
o e i y compliance wi h e hical and echnical s anda ds.
This equi emen ensu es ha AI sys ems unde go ho ough
e alua ion be o e deploymen , he eby mi iga ing isks o
use s and socie y. The Ac ’s emphasis on da a in eg i y u -
he aligns wi h AI-speci ic needs by equi ing high-quali y,
e o - ee da a. In addi ion, i s ocus on algo i hmic ans-
pa ency add esses one o he mos p essing challenges in
AI—making decision-making p ocesses explainable o
s akeholde s. The Ac complemen s hese measu es wi h a
s ong pos -ma ke moni o ing mechanism, allowing sys-
ems o adap o eme ging isks h oughou hei li ecycle.
Ne e heless, while he Ac unde sco es echnical obus -
ness and e hical sa egua ds, i does no explici ly add ess
in e ope abili y o usabili y, a eas ha o he amewo ks
add ess.
The NIS2 Di ec i e complemen s he EU AI Ac by
emphasizing ope a ional esilience, pa icula ly in c i ical
sec o s whe e AI sys ems a e in eg a ed in o essen ial se -
ices. By ocusing on business con inui y and c isis man-
agemen , he di ec i e ensu es ha AI-powe ed ope a ions
can wi hs and dis up ions and eco e quickly, hus uphold-
ing public us . Mo eo e , i s equi emen o con inu-
ous isk moni o ing p omo es p oac i e iden i ica ion and
mi iga ion o ulne abili ies. Howe e , he NIS2 Di ec i e
does no co e da a go e nance o algo i hmic anspa ency,
highligh ing he alue o a uni ied app oach ac oss mul iple
amewo ks.
GDPR s ands as a co ne s one o da a p o ec ion and
p i acy in AI sys ems. I s obus ocus on use consen
managemen g an s indi iduals con ol o e hei da a, os-
e ing anspa ency and accoun abili y in da a-d i en AI
p ocesses. Addi ionally, i s da a minimiza ion and in eg i y
p inciples align well wi h AI needs by limi ing unnecessa y
da a collec ion and p omo ing accu a e inpu s, bo h c ucial
o educing bias. GDPR also add esses c oss-bo de da a
lows, ensu ing ha pe sonal da a ans e ed in e na ionally
Table 2 E alua ion o amewo ks agains unc ional equi emen s
AI Ac NIS2 GDPR eP i acy di ec i e CRA EECC DSA DMA E hics guidelines DORA GPSR EHDS Open da a di ec i e
Con o mi y assessmen s
•
•
•
Business con inui y & c isis managemen
•
•
•
Use consen managemen
•
•
•
•
•
Da a minimiza ion & in eg i y
•
•
•
•
•
Secu i y-by-design & esilience
•
•
•
•
•
•
•
In e ope abili y
•
•
•
Algo i hmic anspa ency
•
•
•
•
•
•
C oss-bo de da a low go e nance
•
Usabili y & human-cen ic design
•
•
•
•
•
•
•
Con inuous moni o ing & adap i e sys ems
•
•
•
•
•
•
•
1 3
AI and E hics
add ess inhe en ly c oss-bo de issues like da a lows and
algo i hmic isks.
Despi e hese egional di e ences, he e is g owing con-
sensus on he need o in e na ional coope a ion o add ess
c oss-bo de challenges inhe en in AI go e nance. Build-
ing on he p eceding analysis o EU egula o y amewo ks,
wo a eas eme ge as pa icula ly p omising o in e na-
ional coo dina ion: (1) algo i hmic anspa ency and (2)
c oss-bo de da a low go e nance. These a eas co espond
di ec ly o some o he mos s uc u ally pe asi e and ope -
a ionally sensi i e equi emen s obse ed ac oss EU ins u-
men s. T anspa ency obliga ions a e embedded in he AI
Ac , GDPR, and DSA, while da a low go e nance is essen-
ial o he c oss-bo de applicabili y o GDPR, he Open
Da a Di ec i e, and AI deploymen in dis ibu ed compu -
ing en i onmen s. Thei p ominence and complexi y make
hem ideal candida es o ha moniza ion, as hey equen ly
gene a e compliance ic ion in global se ings.
1. Algo i hmic T anspa ency. Building on exis ing EU
ini ia i es, in e na ional s anda ds bodies could de elop
consis en guidelines o anspa ency epo ing and
impac assessmen s. A sha ed axonomy o iden i ying
and documen ing algo i hmic bias would acili a e com-
pa abili y and accoun abili y ac oss ju isdic ions.
2. C oss-Bo de Da a Flow Go e nance. Gi en he
dependency o AI sys ems on global da ase s, a mul i-
la e al amewo k o secu e and law ul da a ans e s,
po en ially unde OECD o G20 coo dina ion, could
align enc yp ion, consen , and b each no i ica ion s an-
da ds, mi iga ing egula o y agmen a ion.
Achie ing such in e na ional coope a ion equi es balanc-
ing di e gen policy p io i ies and legal no ms. Mechanisms
such as egula o y sandboxes, join esea ch endea o s, and
c oss-bo de compliance ce i ica ions can os e inc e-
men al alignmen and mu ual lea ning. Fu he mo e, e hi-
cal conside a ions, including he mi iga ion o algo i hmic
bias, p e en ion o disc imina o y ou comes, and p o ec ion
o jobs impac ed by au oma ion, unde sco e he b oade
socie al alues a s ake. Add essing hese issues calls o a
blend o obus egula o y ins umen s and p oac i e e hical
amewo ks, oge he wi h b oad s akeholde engagemen .
In summa y, he EU’s egula o y a chi ec u e p o ides a
compelling exempla o comp ehensi e AI go e nance ha
in eg a es p i acy, secu i y, and accoun abili y. Whe he his
model can be ully eplica ed elsewhe e hinges on econcil-
ing egion-speci ic policy agendas and ma ke condi ions.
S ill, he guiding p inciples o anspa ency, use sa e y, and
esponsible inno a ion esona e globally. By collabo a ing
on sha ed challenges such as algo i hmic anspa ency and
c oss-bo de da a lows, he in e na ional communi y can
on anspa ency and use empowe men os e s us and
suppo s mo e in o med decisions abou how pe sonal da a
is collec ed and p ocessed. A he same ime, he echnical
complexi y o AI sys ems and hei egula o y amewo ks
may limi how eadily consume s unde s and and exe cise
hese p o ec ions. Consequen ly, ongoing e o s o enhance
public awa eness and digi al li e acy emain c ucial o
ensu ing ha indi iduals can use hei igh s meaning ully,
ansla ing o mal p o ec ions in o angible bene i s.
On a global scale, he EU’s app oach has a subs an ial
impac , o en called he “B ussels E ec ”, whe eby mul-
ina ional i ms adop EU s anda ds globally o s eamline
ope a ions. This dynamic can s imula e b oade con e -
gence in AI go e nance bu may also aise ques ions abou
econciling di e gen egional equi emen s and a oid-
ing egula o y agmen a ion. As AI echnologies e ol e
apidly, policymake s mus c a lexible amewo ks ha
accommoda e eme ging echniques like gene a i e AI while
p ese ing space o expe imen a ion and ma ke compe i-
i eness. O e ly es ic i e egula ions isk s i ling inno a-
ion, whe eas lax o e sigh could unde mine public us
and os e ha m ul uses o AI. While he EU’s egula o y
model has been widely ecognized as a global s anda d-
se e —a phenomenon o en desc ibed as he “B ussels
E ec ” [27]—i s con inued in luence is inc easingly subjec
o geopoli ical and economic cons ain s. Recen schola -
ship and policy discou se sugges ha o he ju isdic ions a e
selec i ely adop ing, adap ing, o e en esis ing EU no ms
based on local s a egic p io i ies, indus ial policy, and
so e eign y conce ns. Fo example, he Uni ed S a es has
shown an in e es in aligning wi h Eu opean AI alues in
ce ain con ex s (e.g., algo i hmic ai ness), while main ain-
ing a decen alized, sec o -speci ic app oach o egula ion.
Meanwhile, majo AI ac o s in Asia o en p io i ize na ional
inno a ion ecosys ems and da a so e eign y, complica ing
he ex a e i o ial e ec o EU ules. These dynamics sug-
ges ha he B ussels E ec should now be unde s ood as a
mo e con ingen and nego ia ed phenomenon, a he han an
au oma ic consequence o EU egula o y design.
Ne e heless, eplica ing o adap ing he EU’s model
beyond Eu ope p esen s oppo uni ies and obs acles. The
Uni ed S a es, o ins ance, main ains a agmen ed legal
landscape whe e sec o -speci ic legisla ion (e.g., inance,
heal hca e) migh selec i ely in eg a e EU-aligned AI s an-
da ds wi hou adop ing a comp ehensi e ede al amewo k.
In Asia, leading AI hubs such as China and Singapo e o en
p io i ize economic g ow h, na ional secu i y, and inno a-
ion—objec i es ha may di e ge om he EU’s p ima y
emphasis on pe sonal p i acy and e hical o e sigh . Despi e
hese di e ences, he e is g owing ecogni ion wo ldwide
ha AI egula ion equi es mo e global coo dina ion o
1 3

AI and E hics
Re e ences
1. Deloi e: AI Adop ion in he En e p ise (2018)
2. Ca h, C., e al.: A i icial in elligence and he ‘good socie y’:
he US, EU, and UK app oach. Sci. Eng. E hics 24(2), 505–528
(2018)
3. Goodman, B., Flaxman, S.: EU egula ions on algo i hmic deci-
sion-making and a ‘ igh o explana ion’. AI Mag. 38(3), 50–57
(2017)
4. O’neil, C.: Weapons o Ma h Des uc ion: How Big Da a Inc eases
Inequali y and Th ea ens Democ acy. C own, New Yo k (2017)
5. Commission, E.: Whi e pape on a i icial in elligence: a Eu o-
pean app oach o excellence and us (2020)
6. Jobin, A., Ienca, M., Vayena, E.: The global landscape o AI e h-
ics guidelines. Na u e Mach. In ell. 1(9), 389–399 (2019)
7. Win ield, A.F.T., Ji o ka, M.: E hical go e nance is essen ial o
building us in obo ics and AI sys ems. Philos. T ans. Royal
Soc. A 376(2133), 20180085 (2019)
8. Koulu, R., Pohle, J.: Legal Design Pa e ns: New Tools o Analy-
sis and T ansla ions Be ween Law and Technology. Digi al Soci-
e y, NJ (2024)
9. Di e , L.: Using design pa e ns o build and main ain he ule
o law. Digi al Socie y (2024). Special Issue on Legal Design
Pa e ns
10. B ynjol sson, E., Mca ee, A.: The business o a i icial in elli-
gence. Ha a d Bus. Re . 7(1), 10245 (2017)
11. Commission, E.: Repo on he sa e y and liabili y implica ions o
A i icial In elligence, he In e ne o Things and obo ics (2020)
12. Smuha, N.A.: F om a ‘ ace o AI’ o a ‘ ace o AI egula ion’:
egula o y compe i ion o a i icial in elligence. Law, Inno .
Technol. 13(1), 57–84 (2021)
13. Bu che , J., Be idze, I.: Wha is he s a e o a i icial in elligence
go e nance globally? RUSI J. 166(5–6), 88–99 (2021)
14. Bommasani, R., e al.: On he oppo uni ies and isks o ounda-
ion models. a Xi p ep in a Xi :2108.07258 (2021)
15. Commission, E.: P oposal o a Regula ion laying down ha mon-
ised ules on A i icial In elligence (A i icial In elligence Ac )
(2021)
16. EU: Regula ion (EU) 2016/679 (Gene al Da a P o ec ion Regula-
ion) (2016)
17. EU: Di ec i e 2002/58/EC conce ning he p ocessing o pe sonal
da a and he p o ec ion o p i acy in he elec onic communica-
ions sec o (eP i acy Di ec i e) (2002)
18. Veale, M., Zuide een Bo gesius, F.J.: Demys i ying he d a EU
a i icial in elligence ac . Compu . Law Re . In . 22(4), 97–112
(2021)
19. Flo idi, L.: The Eu opean legisla ion on AI: a b ie analysis o i s
philosophical app oach. Philos. Technol. 35(4), 843–848 (2022)
20. Commission, E.: P oposal o a Di ec i e on measu es o a high
common le el o cybe secu i y ac oss he Union (NIS2 Di ec i e)
(2020)
21. Commission, E.: P oposal o a Regula ion on ho izon al cybe -
secu i y equi emen s o p oduc s wi h digi al elemen s (Cybe
Resilience Ac ) (2022)
22. EU: Di ec i e (EU) 2018/1972 es ablishing he Eu opean Elec-
onic Communica ions Code (2018)
23. Commission, E.: P oposal o a Regula ion on a Single Ma ke o
Digi al Se ices (Digi al Se ices Ac ) (2020)
24. Commission, E.: P oposal o a Regula ion on con es able and
ai ma ke s in he digi al sec o (Digi al Ma ke s Ac ) (2020)
25. A i icial In elligence, H.-L.E.G.: E hics guidelines o us wo -
hy AI. Eu opean commission (2019)
26. Anagnos ou, D., e al.: A i icial In elligence o Eu ope: he EU
commission’s p oposal o a legal amewo k. Compu . Law Re .
In . 21(6), 153–159 (2020)
mo e owa d a mo e ha monized and o wa d-looking AI
go e nance pa adigm ha p ese es public us and sa e-
gua ds undamen al igh s.
6 Conclusions
The analysis p esen ed in his pape illus a es how align-
ing mul iple EU egula o y amewo ks, anging om he
AI Ac and GDPR o NIS2, CRA, and DSA, can ad ance
AI go e nance by educing agmen a ion and ha monizing
equi emen s ac oss di e se sec o s. By examining secu i y,
unc ional, and non- unc ional equi emen s, we pinpoin ed
complemen a y p o isions ha s eng hen anspa ency,
accoun abili y, and esilience in high- isk AI applica ions.
This syn hesis add esses p e ailing compliance gaps and
cla i ies how o ganiza ions can in eg a e essen ial p inciples
like da a minimiza ion, use o e sigh , and ai ness in o AI
li ecycle managemen .
On a b oade scale, ou p oposed in eg a ed app oach
unde sco es he g owing signi icance o e hical alignmen
in AI de elopmen . By consolida ing echnical and e hical
p io i ies ac oss egula ions, he EU can os e an en i on-
men conduci e o esponsible inno a ion while bols e ing
use us . These insigh s guide policymake s and indus y
p ac i ione s, highligh ing whe e c oss- amewo k syne -
gies can mi iga e compliance bu dens, suppo secu e da a
go e nance, and ensu e equi able access o AI solu ions.
Ou indings ein o ce he EU’s ole as a global ailblaze in
e hical and us wo hy AI, o e ing a cohesi e go e nance
model adap able o apid echnological changes.
Acknowledgemen s This esea ch has ecei ed unding om Eu o-
pean Commission’s Ho izon Eu ope esea ch and inno a ion p og ams
unde g an ag eemen s No. 101139031 (SAFE-6 G), No. 101095634
(ENTRUST), and No. 101120962 (RESCALE).
Funding Open access unding p o ided by HEAL-Link G eece.
Open Access This a icle is licensed unde a C ea i e Commons
A ibu ion 4.0 In e na ional License, which pe mi s use, sha ing,
adap a ion, dis ibu ion and ep oduc ion in any medium o o ma ,
as long as you gi e app op ia e c edi o he o iginal au ho (s) and he
sou ce, p o ide a link o he C ea i e Commons licence, and indica e
i changes we e made. The images o o he hi d pa y ma e ial in his
a icle a e included in he a icle’s C ea i e Commons licence, unless
indica ed o he wise in a c edi line o he ma e ial. I ma e ial is no
included in he a icle’s C ea i e Commons licence and you in ended
use is no pe mi ed by s a u o y egula ion o exceeds he pe mi ed
use, you will need o ob ain pe mission di ec ly om he copy igh
holde . To iew a copy o his licence, isi h p : / / c e a i e c o m m o n s . o
g / l i c e n s e s / b y / 4 . 0 / .
1 3
AI and E hics
32. Se ice, E.P.R.: A i icial in elligence ac : The EU’s app oach o
AI egula ion. B ie ing PE 698.792, Eu opean Pa liamen (2022)
33. MacCa hy, M.: AI egula ion: How he US can lea n om
Eu ope. B ookings Ins i u ion Repo (2022)
34. Söde lund, J., La sson, S.: En o cemen design pa e ns in eu law:
An analysis o he ai ac . Digi al Socie y (2024)
35. Hakka ainen, L., San ube , J.: Come in and See: T ansla ing a
Design Pa e n om he Cou oom in o an Online En i onmen .
Digi al Socie y, NJ (2024)
Publishe 's No e Sp inge Na u e emains neu al wi h ega d o ju is-
dic ional claims in published maps and ins i u ional a ilia ions.
27. B ad o d, A.: The B ussels E ec : How he EU Rules he Wo ld.
Ox o d Uni e si y P ess, Ox o d (2020)
28. Sa o , G., Lagioia, F.: The impac o he EU AI egula ion on
business models in he AI ecosys em. In . J. Law In . Technol.
30(1), 1–28 (2022)
29. Leslie, D.: Unde s anding a i icial in elligence e hics and sa e y:
A guide o he esponsible design and implemen a ion o AI sys-
ems in he public sec o . The Alan Tu ing Ins i u e (2019)
30. Wischmeye , T., Rademache , T. (eds.): Regula ing A i icial
In elligence. Sp inge , Cham (2020)
31. Aloisi, A., DeS e ano, V.: Regula ing algo i hmic managemen in
digi al pla o ms: he use o AI in employmen . In . Labou Re .
161(1), 47–69 (2022)
1 3