Legislation & Ethics

The rapid evolution of Artificial Intelligence necessitates the creation of a regulatory framework that ensures the protection of fundamental rights while simultaneously promoting innovation.

Greek Legislation

In Greece, the use of Artificial Intelligence systems falls under existing legal rules that protect citizens in various aspects of their lives. Although specialized AI legislation is under development, primarily through the transposition of European directives, key areas are already covered:

Data Protection

The application of the General Data Protection Regulation (GDPR) and implementing Law 4624/2019 forms the basis for any AI system that processes the personal data of citizens in Greece.

Consumer Protection

Consumer protection provisions also apply to products or services incorporating AI, ensuring they do not mislead and that they meet safety standards.

Intellectual Property

The current intellectual property framework regulates issues arising from the use of data for training AI systems, as well as the status of the generated outputs.

National Strategy

Concurrently, the “Blueprint for Greece’s AI Transformation” lays the groundwork for specialized regulations where deemed necessary, with an emphasis on ethical use and skills development.

European Legislation

The European Union is pioneering globally with the enactment of the AI Act (Regulation (EU) 2024/1689), the first comprehensive legal framework for AI. The core philosophy of the Act is a tiered, risk-based approach:

Unacceptable risk

Systems considered a clear threat to fundamental rights are prohibited. Examples include systems for the social scoring of citizens or the behavioral manipulation of vulnerable groups.

High risk

Systems used in critical sectors, such as health (e.g., medical devices), infrastructure (e.g., transport), or employment (e.g., resume screening software), are subject to strict obligations. These include risk assessment, high-quality data, detailed documentation, and human oversight.

Limited risk

This concerns other systems (excluding the above) with which humans interact directly, such as AI-powered digital support assistants (chatbots). Here, transparency obligations are imposed: users must be clearly informed that they are interacting with a machine.

Minimal risk

The majority of AI applications (e.g., spam filters, video games) are permitted freely, without additional specific legal requirements beyond existing legislation.

For LLMs, specific transparency rules are stipulated, while for the most powerful among them, additional requirements for managing systemic risks are imposed.

Note

It should be noted that, although the AI Act has entered into force, its application is phased. A transitional period is underway during which technical details are specified, standards and implementing acts are issued, and the competent supervisory authorities are established at national and European levels, to ensure the smooth and full application of the regulation in the coming years.

Protection against generated or manipulated content

The ability of Artificial Intelligence to generate realistically deceptive text, images, audio, and video (also known as deepfakes) creates new challenges regarding disinformation and the authenticity of content on the Internet. Addressing this phenomenon requires a combination of technological solutions and the cultivation of critical thinking.

Legislative acts

Both Greek and European legislation recognize the risk of disinformation through fake content:

  • AI Act: Obliges providers of AI systems that generate synthetic content to ensure that this content is marked in a machine-readable format, making it evident that it was artificially generated.
  • Code of Practice on Disinformation: The European Union has issued guidelines and codes of conduct for Internet platforms to restrict the spread of disinformation and fake news.
  • Digital Services Act (DSA): Imposes obligations on online platforms regarding the management of illegal content and disinformation.

Technological solutions

To address the problem of certifying the provenance of digital content, technological standards and tools are being developed that allow the verification of the provenance and integrity of files.

Coalition for Content Provenance and Authenticity (C2PA)

One of the most promising technological solutions is the Coalition for Content Provenance and Authenticity (C2PA) standard. It is an international initiative for building trust in content, developed by major technology organizations, media outlets, and academic institutions. The standard allows the embedding of cryptographically secure metadata into digital files (images, video, audio, documents). This metadata records:

  • Provenance: Who created the content and with which device or tool.
  • Modification history: Every change made to the file (e.g., editing, use of AI).
  • Digital signature: Cryptographic verification of the content’s provenance.

This approach is similar to how digital signatures operate on the Internet. The adoption of C2PA by camera manufacturers, image editing software, and social media platforms has already begun, allowing users to verify whether an image or video was created naturally.

Finally, other technological solutions include watermarking and the embedding of invisible digital signals into AI-generated content (which can be detected with specialized tools), as well as blockchain and distributed systems for the immutable recording of digital content provenance.

Recommended practices

Protection against fake content requires a combination of technological solutions, legal mechanisms, and responsible behavior. The following practices are recommended:

For users

  • The critical evaluation of the provenance certification of audiovisual material is a basic prerequisite, especially when the content appears unusual, provocative, or originates from an unspecified source.
  • Verifying the origin of content through reliable sources is recommended.
  • Using platforms and applications that support standards like C2PA facilitates the verification of digital material provenance certification.
  • Reporting deceptive or fake content to platforms and competent authorities contributes to limiting disinformation.

For content creators

  • The clear labeling of content that has been generated or manipulated using AI ensures transparency.
  • Selecting tools and platforms that support digital signatures and authentication standards is recommended.
  • Avoiding the creation of content that could mislead, harm, or violate the rights of third parties constitutes an ethical obligation.

For organizations and media outlets

  • Establishing internal policies for verifying the provenance of material prior to publication enhances credibility.
  • Providing training to employees on recognizing fake content and using verification tools is recommended.
  • Collaboration with national and European bodies supports the fight against disinformation.
  • Integrating technologies like C2PA into workflows ensures content integrity.

Collective Responsibility

Protection against fake content is everyone’s responsibility: technology providers, creators, distribution platforms, organizations, and citizens themselves. Only through collective effort and the combined use of technological, legal, and educational means is it possible to maintain the credibility of digital content in the era of AI.