Someone minted an NFT of the low-key photoshop we made to try to get people to vote for Equity in the Webbys

Our venture capital-focused podcast Equity made it to the finals of its category in the Webbys, a digital awards show for digital things. We were pretty stoked about it.

Natasha, in fact, was both excited and ready to go to battle with editing tools so that we could share an image of sorts in an attempt to garner more votes. We’d like to win, frankly.

Then Patrick Sutton who works at Avalanche, a finance-focused blockchain, minted an NFT of Natasha’s work, which she described as “too ugly to share.” 2021 is full of all sorts of surprises, it appears. So now, you can vote for Equity — please do, we will love you for eternity — or you can buy an NFT of our excellent photoshop work.

How it started:

How it’s going:

Equity drops every Monday at 7:00 a.m. PST, Wednesday, and Friday at 6:00 AM PST, so subscribe to us on Apple PodcastsOvercastSpotify and all the casts!

OneSoil raises $5 million for its farm monitoring tech

OneSoil, a company selling technology to help farmers monitor fields and increase yields, has raised $5 million from international investors Almaz Capital and PortfoLion.

The company’s tech integrates satellite imagery with mobile and desktop applications for farming analytics. These offerings include both remote crop monitoring, variable-rate seed and fertilizer applications that can reduce the time spent on field scouting and improve efficiency as it relates to inputs.

OneSoil already has more than 200,000 farmers and consultants using its service across over 180 countries just two and a half years after its launch.

The company claims that roughly 5% of the world’s total arable land (197 mln acres) is covered by OneSoil users, which include major ag companies like BASF and Krone.

The financing from Almaz and PortfoLion will be used to expand on its market position in the Americas and Europe, the company said.

“We aim to help farmers make informed decisions for their agricultural operations, reduce input waste, and increase their profits. To do that, we provide digital tools that combine real-time, global-scale satellite imagery processing for the best analytics and insights for our users,” says Slava Mazai, CEO at OneSoil, in a statement. “We aim to build the biggest digital platform for informed solutions and precision agriculture. To move faster down this path, we will hire tech and marketing professionals in Europe and the CIS, and we’re looking for consultants and business partners in the field of agronomy in North and South America”

 For Almaz investor, Pavel Bogdanov, it was the company’s impressive adoption rates among farmers that convinced the firm to invest in the OneSoil round. “[Farmers’] adoption of new tools has been slow due to the complexity of the products, cost, and a degree of risk aversion among farmers. At least, we thought adoption was slow before we met OneSoil. OneSoil is very popular with farmers; the growth in global usage was so impressive that we decided to invest in OneSoil to help them add even more valuable solutions for farmers”, said Bogdanov, in a statement.

'Fathom,' the Apple TV+ documentary film, will show at the Tribeca Film Festival in June

Director Drew Xanthopoulos’ film about whales, headed to Apple TV+ June 25, is in the competition at the Tribeca Film Festival earlier that month.

Apple announced on April 15 that it had acquired “Fathom,” the latest film for Apple TV+’s growing library of nature films. The film, directed by Drew Xanthopoulos, follows Dr. Ellen Garland and Dr. Michelle Fournet, a pair of scientists who research whales’ communications.

The company had said that “Fathom” was “premiering globally” on the service on June 25. But on April 20, it was announced that “Fathom” will be showing at this year’s Tribeca Film Festival, which is running from June 9 through 20. “Fathom” is part of the festival’s Documentary Competition.

This year’s Tribeca festival will use a hybrid format, which will include both in-person outdoor showings throughout New York City and a virtual component. The festival did not announce what day “Fathom” will screen, or whether or not it will show in person. It’s far from rare, especially in the era of virtual festivals, for a film to premiere at a film festival, and then arrive on a streaming service a matter of days later.

“Fathom” is the only Apple film listed among the Tribeca lineup, at least as of now. The very first Apple TV+ show or movie to screen publicly was the series premiere of Dickinson, which debuted at the Tribeca TV Festival in September of 2019.

Production companies associated with “Fathom” include Sandbox Films, Impact Partners, Walking upstream Pictures, Back Allie Entertainment and Hidden Candy. Executive producers are Andrea Meditch and Greg Boustead.

Attackers Heavily Targeting VPN Vulnerabilities

Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.

Attacks on virtual private networks, like those this week targeting a trio of known vulnerabilities in Pulse Secure appliances, have intensified in recent months along with the increase in remote and hybrid work environments since the outbreak of COVID-19.

The trend requires organizations to patch VPN and other externally facing devices with the highest priority, says a new report from Digital Shadows.

The report, based on an analysis of vulnerability activity in first quarter of 2021, highlights other threats as well, including increased targeting of remote code execution (RCE) vulnerabilities such as one affecting Oracle WebLogic (CVE-2020-14882) and widespread attacks targeting the ProxyLogon flaws in Microsoft Exchange Server.

“[VPNs] continue to be targeted by a plethora of threat groups, which will almost certainly continue for the remainder of 2021,” says Chris Morgan, senior cyber-threat intelligence analyst at Digital Shadows. “VPN devices, in addition to other remote access software, are often prioritized as a useful entry point that can provide threat groups with a stable foothold onto target networks.”

The threat intelligence firm’s analysis of vulnerability activity in the first quarter of this year shows cyber adversaries are actively targeting VPN vulnerabilities, more so than most other attack avenues, to break into enterprise networks. VPN accesses were among the top three access types listed for sale on cybercriminal forums last quarter, Digital Shadows says.

According to the firm, attackers targeted vulnerabilities in a range of VPN appliances, including one in the Fortinet FortiGate VPN (CVE-2018-13379) and an older, previously patched flaw in Pulse Connect Secure VPN (CVE-2019-11510). Both the Fortinet and Pulse VPN appliances were the subject of a joint advisory last week from the National Security Agency (NSA), FBI, and the Cyber Security & Infrastructure Security Agency (CISA). The advisory warned US organizations of Russia’s Foreign Intelligence Services (SVR) — the actor behind the SolarWinds attack — actively targeting the VPN flaws and flaws in three other products.

“Easily identifiable public-facing infrastructure will always garner significant attention from advanced actors,” Morgan says, pointing to the attacks that targeted Pulse Secure VPNs this week. The attacks — by multiple threat groups, including one believed to have links to the Chinese government — have affected several organizations within the US defense industrial base and other sectors. Researchers are currently tracking as many as 12 separate malware families targeting vulnerabilities in Pulse Secure VPNs. Patches have been available for some time for all three of the vulnerabilities in Pulse Secure VPNs that are being attacked.

Thousands of Attacks
Meanwhile, other significant threat activity that Digital Shadows observed last quarter included heavy targeting of RCE flaws and a barrage of attacks aimed at ProxyLogon, a set of four critical vulnerabilities in Exchange Server, which Microsoft disclosed in March.

“Tens of thousands of companies worldwide were impacted by exploiting and chaining of the four zero-day vulnerabilities,” Morgan says. “Our observation of this particular set of bugs includes a diverse set of threat groups, including both nation-state and cybercriminal actors.”

The sheer scope of the attack activity highlighted both the ease with which the now-patched vulnerabilities could be exploited and the multiple potential courses of action available to an attacker after successful exploitation, he says.

A major concern related to the attacks was the strategy by one hacking group to deploy malicious Web shells on compromised Exchange Server systems so they could maintain a persistent presence on them. Concerns over the Web shells on US systems were so high that a court authorized the FBI to remove the shells from systems on which they have been deployed, including those belonging to private companies.

“While active exploitation of the bugs will likely subside in the aftermath of companies updating their servers, there is a distinct possibility that advanced groups could have created other avenues of approach and entry points onto targeted networks,” Morgan warns. Last week, CISA updated its original guidance around the flaws, which suggests that Exchange Servers are still being compromised via these bugs even though a vast majority of vulnerable systems have been patched, he says.

Digital Shadows’ first-quarter threat analysis shows that RCE flaws were the most commonly exploited flaws, just as they were in the fourth quarter of 2020. Twenty-three percent of attacks involved RCE exploits in the first quarter. The most likely reason for attackers targeting this class of vulnerabilities, according to Digital Shadows, is that they enable a wide range of malicious activities.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Recommended Reading:

More Insights

Save up to $200 when purchasing a 5G iPad Pro with rare carrier subsidy

Customers can receive a rare carrier subsidy worth up to $200 when purchasing a 5G iPad Pro directly from Apple.

Apple introduced the 5G iPad Pros during its “Spring Loaded” event on Tuesday. Customers can view pricing configurations on the Apple Store app or website with pre-orders going live on April 30.

The 5G model upgrade costs $200 regardless of iPad Pro configuration but now customers can get some or all of that upgrade cost back depending on their carrier of choice. When selecting the cellular option during device configuration a message appears stating that T-mobile, Verizon, and AT&T all have special deals available.

Verizon offers a $200 Verizon gift card upon cellular activation. Customers must activate their iPad Pro within 30 days of purchase and navigate to the promotional application on the My Verizon website.

T-mobile/Sprint will give customers a $200 virtual gift card that can be used anywhere. Like with Verizon, customers must activate their iPad Pro within 30 days of purchase and fill out a promotional application on T-mobile’s website.

AT&T offers $150 in bill credits that will be applied to the cellular account. Customers must activate their iPad Pro within 14 days then act upon an email sent to their account address. Then, $5 credits will be applied to the AT&T account over 30 months.

Bloomberg first shared the promotion and commented on the unusual nature of the offer. Subsidies are normally given on cellular plans attached to phones, not tablets.

The 5G iPad Pro will begin shipping in mid-May after pre-orders go live on April 30. The new models have an M1 processor, and the 12.9-inch iPad Pro has a Liquid Retina XDR display for professional productivity on the go.

Stay on top of all Apple news right from your HomePod. Say, “Hey, Siri, play AppleInsider,” and you’ll get latest AppleInsider Podcast. Or ask your HomePod mini for “AppleInsider Daily” instead and you’ll hear a fast update direct from our news team. And, if you’re interested in Apple-centric home automation, say “Hey, Siri, play HomeKit Insider,” and you’ll be listening to our newest specialized podcast in moments.

Join ECL on Wednesday to pitch your startup to Fifth Wall’s Brendan Wallace and Hippo’s Assaf Wand

Have you ever dreamed about the opportunity to find yourself in, say, an elevator with an investor who is open to hearing your pitch? Well, then the next episode of Extra Crunch Live is for you.

If you’ve hung out with us on an ECL before, you know we start with a bit of top news, chat with our speakers about how to successfully fundraise and finish with the Pitch Deck Teardown, where we take a look at decks submitted by you, the audience members, and give live feedback.

On Wednesday, with the help of Fifth Wall’s Brendan Wallace and Hippo’s Assaf Wand, we’re going to shake things up a bit.

Folks who attend the live event will be able to virtually “raise their hand,” come on screen, and give a 60-second pitch of their startup. No demoes. No videos. No visual aids of any kind. It’s the ultimate elevator pitch, and it’ll be done before a live audience.

Wallace and Wand (that’s catchy, eh?) will give their feedback and ask questions at the end of every pitch.

The only way you can participate in the ECL Pitch-off is to show up. Luckily, the events are free to anyone. However, accessing any of this content on demand is reserved strictly for Extra Crunch members.

We’re super excited to introduce the pitch-off as a feature of ECL and hope you are too! See you on Wednesday!

Register here.

AppOmni raises $40M for tools to secure enterprise SaaS apps

Enterprises are adopting an ever-wider range of SaaS applications to work and interface with customers, and that is proving to be a major security concern: it’s not just the prospect of phishing, credential stuffing and other malicious tricks to get into systems that are a worry, but the fact that more applications mean more attack surfaces, and more integrations between apps mean more inadvertent holes that get exposed in the process.

And that is leading to surge of interest in security applications that can help. Today, a startup called AppOmni — which has built a platform to help monitor SaaS apps and their activity, provide guidance to warn or block when things might go wrong, and fix problems when they do occur — is announcing some funding to fuel its growth.

The startup has raised $40 million in a Series B round led by Scale Venture Partners, with Salesforce Ventures and ServiceNow Ventures, as well as previous backers ClearSky, Costanoa Ventures, Inner Loop Capital and Silicon Valley Data Capital also participating.

The funding is coming on the back of a huge year for AppOmni. The company grew 900%, co-founder and CEO Brendan O’Connor told TechCrunch, and it has managed to stay at 100% customer retention — that is, AppOmni has yet to lose a single customer since it was founded.

The company today integrates with over 100 connectors, platforms used by developers and IT teams at companies to manage the apps that their businesses use, tools Splunk and Sumo Logic. Through this, AppOmni is able to aggregate and normalize event data around those apps, in addition to deeper monitoring in cases where it can integrate with apps themselves (those integrations to date include some of the most popular apps that enterprises use today, including Salesforce and Slack, Zoom, Microsoft 365, Box and Github).

As O’Connor describes it, the sheer number of apps that enterprise teams use and adopt has made managing security around them very complex. Partly because of how SaaS is set up for usage by as many people in and outside the organization as possible (to make the apps more useful), AppOmni estimates that some 95% of enterprises “overprovision” permissions for external users.

On top of that, some of the biggest problems occur indirectly, specifically when applications are linked up together, creating a flow of sensitive data. AppOmni says that some 55% of companies have sensitive data living in SaaS systems that has been inadvertently exposed to the anonymous internet, sitting there completely unguarded, in this way. (See Zack’s story here for a recent example of how this can play out.)

This is an issue, he said, that is unique to SaaS, which he describes different architecturally to any software that companies might have used in the past. “There is no operating system, no network that is exposed to customers,” he said.

The idea is that AppOmni provides a dashboard to make that monitoring much less murky. “One of our customers described using AppOmni as being akin to turning a light on in a dark room,” O’Connor said.

O’Connor and his co-founder, Brian Soby (the CTO), have first-hand knowledge of the challenges of securing SaaS applications: both spent years at Salesforce — with O’Connor the company’s SVP and “chief trust officer”, a role he left to join ServiceNow as its security CTO, before leaving there to co-found AppOmni with Soby.

It’s partly that track record, along with AppOmni’s own track record, that has given the startup the attention that it has from investors. Interestingly, Scale came to know AppOmni not over a coffee or a pitch deck, but as one of those satisfied customers, which eventually led the VC to offer to invest.

“Scale Venture Partners became an AppOmni customer in 2020. We know firsthand how powerful and differentiated the AppOmni product when it comes to protecting our sensitive SaaS data, and we’re excited to now be both a customer and an investor,” said Ariel Tseitlin, a partner at Scale Venture Partners, in a statement. “AppOmni’s 9x growth last year, driven by the acquisition of customers across a wide range of industries, proves that AppOmni is the market leader in the increasingly important SaaS Security Management market. We expect the momentum to continue in 2021 and beyond as companies accelerate their shift to cloud applications to support their larger remote workforces.”

The company has raised $53 million to date, and it is not disclosing valuation.

Authzed scores $3.9M seed to build permissions API service

Authzed, an early stage startup that wants to make it easier for developers to build permissions in their applications, announced a $3.9 million seed round today. The investment was led by Work-Bench with participation from Y Combinator and Amplify Partners.

CEO and co-founder Jake Moshenko says the service is an API that is designed to help developers quickly add permissions to an application. “Authzed is a platform to store, compute and validate application permissions. So based on our experience at Google and Red Hat and Amazon, we think that this is the proper way that companies should be doing application permissions,” Moshenko told me.

The way the service works is by helping to define groups of users, and based on the membership of a given group, defining what data they can see and what functions they have permissions to access. While it may rely on Active Directory or LDAP as the basis of permissions groups, he says that it simplifies the actual permissions implementation.

“So, by itself Active Directory doesn’t actually fully solve the problem. You still have to bind to that group membership to a set of permissions that it implies. With our system, you can actually unify the way that you talk about both the permissions and group members,” Moshenko said.

The company has built out the framework for the service, But Moshenko says the links to Active Directory and other directory services are on the road map. For now, they have been working with design partners to get the basics of the product down, and today the company is opening the service for any developer who wants to use it.

For starters, it will be free, but over time he expects they will have pricing tiers. He likens his service to other API companies like Twilio for communications or Stripe for payments and expects the cost will be low when an application is just starting out and then go up over time as it gets more popular and needs to check the permissions more regularly.

It’s early days for the company and other than the three co-founders, they have just one employee. The plan is to hire additional engineers using the money from this round, while trying to build traction in the developer community for the product. He says that the number of new employees they add this year will really depend on how well the product is doing in the market.

The founders previously founded Quay, a private registry for Docker containers, which they sold to CoreOS in 2014. Red Hat bought CoreOs in January 2018 for $250 million. IBM then bought Red Hat for $34 billion later in the year.

Cadillac’s all-electric Lyriq flagship to start just below $60,000

The Cadillac Lyriq, the all-electric crossover and flagship of GM’s luxury brand, will start at a skosh under $60,000 when it comes to the U.S. market in early 2022.

The price, which doesn’t include destination charges, is one of the last remaining details to be shared about the production version of the Lyriq. GM first revealed a showcar version of the Lyriq back in August. On Wednesday, the automaker announced the pricing along with the final specifications of the production vehicle.

The Lyriq is just one in a roster of 30 electric vehicles that GM plans to bring to market by 2025. It will be a critical one for Cadillac and aims to set the benchmark for the brand that has seen lagging sales. The big message from GM: this car is coming soon, messaging that includes an invitation to customers to place order reservations beginning in September 2021.

The Cadillac Lyriq was supposed to go into production in the U.S. in late 2022, but executives said that virtual development tools and along with the underlying flexible Ultium platform used in the vehicle allowed the brand to speed up development.

The Ultium electric architecture and Ultium batteries will be used in a broad range of products across GM’s Cadillac, Buick, Chevrolet and GMC brands, as well as the Cruise Origin autonomous shuttle. This modular architecture will be capable of 19 different battery and drive unit configurations, 400-volt and 800-volt packs with storage ranging from 50 kWh to 200 kWh, and front, rear and all-wheel drive configurations.

2023 Cadillac Lyric

The 2023 Cadillac Lyric charge port.

The rear-wheel drive Lyriq will be equipped with a 100 kilowatt-hour battery pack that can travel more than 300 miles based on Cadillac’s internal estimates. The EPA estimates have yet to be shared. The Lyriq will be able to handle fast charging at 190 kW, which translates to an estimated 76 miles of range in about 10 minutes of charging time. For home charging, there’s a 19.2 kW charging module, which can add up to 52 miles of range per hour of charge, the company said.

The vehicle aims to ooze luxury, a look that GM tries to achieve with exterior and interior touches like the “black crystal” grille, 33-inch vertical LED touchscreen display and AKG sound system. The vehicle has fast roofline and wide stance that is meant to give it a modern and even aggressive-looking look. That “black crystal” grille is a dynamic feature with “choreographed” LED lighting that greets the owner as they approach the vehicle. The LED lighting continues in the rear with a split taillamp design.

The vehicle will be offered in two exterior and interior colors. On the outside, the vehicle can come in satin steel metallic or stellar black metallic paint and sky cool gray or noir for the interior. Cadillac adds in laser etched patterns through wood over metal décor to complete the interior look.

2023 Cadillac Lyric

Image Credits: Cadillac

The Lyriq will also offer Super Cruise, GM’s hands-free driver assistance system, which combines lidar map data, high-precision GPS, cameras and radar sensors, as well as a driver attention system, which monitors the person behind the wheel to ensure they’re paying attention. Unlike Tesla’s Autopilot driver assistance system, users of Super Cruise do not need to have their hands on the wheel. However, their eyes must remain directed straight ahead.

Like the GM’s Chevy Bolt, the Lyriq will offer what it describes as one pedal driving. Electric vehicles typically have a regenerative braking feature. In the Lyriq, drivers are able to control how quickly the vehicle slows down or comes to a complete stop using a pressure-sensitive paddle located on the steering wheel.

The vehicle will be produced at GM’s Spring Hill, Tennessee assembly facility. GM has said it is investing $2 billion into the plant to support electric vehicle production. The automaker and its joint venture partner LG energy Solution also announced in April plans to invest $2.3 billion to build a battery cell manufacturing plant at next to the Spring Hill assembly plant.

Europe lays out plan for risk-based AI rules to boost trust and uptake

European Union lawmakers have presented their risk-based proposal for regulating high risk applications of artificial intelligence within the bloc’s single market.

The plan includes prohibitions on a small number of use-cases that are considered too dangerous to people’s safety or EU citizens’ fundamental rights, such as a China-style social credit scoring system or certain types of AI-enabled mass surveillance.

Most uses of AI won’t face any regulation (let alone a ban) under the proposal but a subset of so-called “high risk” uses will be subject to specific regulatory requirements, both ex ante and ex post.

There are also transparency requirements for certain use-cases — such as chatbots and deepfakes — where EU lawmakers believe that potential risk can be mitigated by informing users that they are interacting with something artificial.

The overarching goal for EU lawmakers is to foster public trust in how AI is implemented to help boost uptake of the technology. Senior Commission officials talk about wanting to develop an excellence ecosystem that’s aligned with European values.

“Today, we aim to make Europe world-class in the development of a secure, trustworthy and human-centered Artificial Intelligence, and the use of it,” said EVP Margrethe Vestager, announcing adoption of the proposal at a press conference.

“On the one hand, our regulation addresses the human and societal risks associated with specific uses of AI. This is to create trust. On the other hand, our coordinated plan outlines the necessary steps that Member States should take to boost investments and innovation. To guarantee excellence. All this, to ensure that we strengthen the uptake of AI across Europe.”

Under the proposal, mandatory requirements are attached to a “high risk” category of applications of AI — meaning those that present a clear safety risk or threaten to impinge on EU fundamental rights (such as the right to non-discrimination).

Examples of high risk AI use-cases that will be subject to the highest level of regulation on use are set out in annex 3 of the regulation — which the Commission said it will have the power to expand by delegate acts, as use-cases of AI continue to develop and risks evolve.

For now cited high risk examples fall into the following categories: Biometric identification and categorisation of natural persons; Management and operation of critical infrastructure; Education and vocational training; Employment, workers management and access to self-employment; Access to and enjoyment of essential private services and public services and benefits; Law enforcement; Migration, asylum and border control management; Administration of justice and democratic processes.

Military uses of AI are specifically excluded from scope as the regulation is focused on the bloc’s internal market.

The makers of high risk applications will have a set of ex ante obligations to comply with before bringing their product to market, including around the quality of the data-sets used to train their AIs and a level of human oversight over not just design but use of the system — as well as ongoing, ex post requirements, in the form of post-market surveillance.

Commission officials suggested the vast majority of applications of AI will fall outside this highly regulated category. Makers of those ‘low risk’ AI systems will merely be encouraged to adopt (non-legally binding) codes of conduct on use.

Penalties for infringing the rules on specific AI use-case bans have been set at up to 6% of global annual turnover or €30M (whichever is greater). While violations of the rules related to high risk applications can scale up to 4% (or €20M).

Enforcement will involve multiple agencies in each EU Member State — with the proposal intending oversight be carried out by existing (relevant) agencies, such as product safety bodies and data protection agencies.

That raises immediate questions over adequate resourcing of national bodies, given the additional work and technical complexity they will face in policing the AI rules; and also how enforcement bottlenecks will be avoided in certain Member States. (Notably, the EU’s General Data Protection Regulation is also overseen at the Member State level and has suffered from lack of uniformly vigorous enforcement.)

There will also be an EU-wide database set up to create a register of high risk systems implemented in the bloc (which will be managed by the Commission).

A new body, called the European Artificial Intelligence Board (EAIB), will also be set up to support a consistent application of the regulation — in a mirror to the European Data Protection Board which offers guidance for applying the GDPR.

In step with rules on certain uses of AI, the plan includes measures to co-ordinate EU Member State support for AI development — such as by establishing regulatory sandboxes to help startups and SMEs develop and test AI-fuelled innovations — and via the prospect of targeted EU funding to support AI developers.

Internal market commissioner Thierry Breton said investment is a crucial piece of the plan.

“Under our Digital Europe and Horizon Europe program we are going to free up a billion euros per year. And on top of that we want to generate private investment and a collective EU-wide investment of €20BN per year over the coming decade — the ‘digital decade’ as we have called it,” he said. “We also want to have €140BN which will finance digital investments under Next Generation EU [COVID-19 recovery fund] — and going into AI in part.”

Shaping rules for AI has been a key priority for EU president Ursula von der Leyen who took up her post at the end of 2019. A white paper was published last year, following a 2018 AI for EU strategy — and Vestager said that today’s proposal is the culmination of three years’ work.

Breton added that providing guidance for businesses to apply AI will give them legal certainty and Europe an edge. “Trust… we think is vitally important to allow the development we want of artificial intelligence,” he said. [Applications of AI] need to be trustworthy, safe, non-discriminatory — that is absolutely crucial — but of course we also need to be able to understand how exactly these applications will work.”

A version of today’s proposal leaked last week — leading to calls by MEPs to beef up the plan, such as by banning remote biometric surveillance in public places.

In the event the final proposal does treat remote biometric surveillance as a particularly high risk application of AI — and there is a prohibition in principal on the use of the technology in public by law enforcement.

However use is not completely proscribed, with a number of exceptions where law enforcement would still be able to make use of it, subject to a valid legal basis and appropriate oversight.

Today’s proposal kicks off the start of the EU’s co-legislative process, with the European Parliament and Member States via the EU Council set to have their say on the draft — meaning a lot could change ahead of agreement on a final pan-EU regulation.

Commissioners declined to give a timeframe for when legislation might be adopted, saying only that they hoped the other EU institutions would engage immediately and that the process could be done asap. It could, nonetheless, be several years before the AI regulation is ratified and in force.

This story is developing, refresh for updates…