THE European Union Artificial Intelligence Lawwhich entered into force on 1 August 2024 in 27 Member States, imposes a comprehensive regulatory framework for AI applications in the EU. The law classifies AI applications into different categories based on their potential to cause harm. AI systems that pose unacceptable risks are banned, while those dealing with high-risk applications are required to comply with strict regulations to ensure transparency, safety and accountability.
We recently spoke with Gavin Stewart, vice president of sales at a telecommunications software company. Oculeuson the impact of the law on communications service providers in the European Union and how it influences their strategies for preventing telecommunications fraud.
What Service Providers and Network Operators Need to Know
According to Stewart, the European AI law impacts all telecom service providers in the region. While the law imposes a 24-month compliance deadline, some requirements will come into effect as early as February 2025, giving operators limited time to implement the necessary changes. “Operators only have a few months to interpret the regulation, boil it down to achievable tasks, and make the necessary changes to ensure they are ready,” he said.
“The EU AI law is essentially about giving citizens additional consumer rights that directly impact what companies can and cannot do with AI, and how they do it. Complying with the law will likely involve significant changes to organizational processes and technology,” Stewart explained.
According to Stewart, like previous GDPR regulations, the AI Act will likely set a global standard for AI regulation, requiring telecom operators around the world to adopt similar frameworks in accordance with the new law.
Given these developments, meeting complex regulatory requirements is becoming a priority for telecom companies. The law has set a deadline of as early as November 2024, requiring participating countries to identify national authorities responsible for protecting rights in each sector. In telecom companies, AI governance functions are still evolving, often lacking a designated focal point. Given current developments, Stewart believes AI governance in telecom companies is likely to evolve as a collaborative effort between IT, technology, policy management, and corporate social responsibility (CSR) teams. Indeed, AI governance extends beyond regulatory compliance to encompass emerging ethics and risk management best practices. “The governance requirement itself is evolving, as the rapid development of AI technologies poses new challenges that existing IT governance professionals must identify and address,” he said.
Implications for the prevention of telecommunications fraud
As in many other cases, AI is a double-edged sword in the telecom industry: fraudsters are increasingly using AI to commit fraud, while operators are using AI to detect and prevent fraudulent activity. The rise of sophisticated AI tools has increased fraudsters’ ability to evade detection. Traditional anti-fraud tools, which rely on pattern detection, struggle to keep up with these advanced tactics. Telecom operators are often the victims of such incidents, which result in heavy penalties and other legal consequences.
For example, a recent incident in the United States involved a fake robocall impersonating President Joe Biden, resulting in a $1 million fine for the telecom operator that unknowingly transmitted the fraudulent calls. This incident highlights the risks associated with AI-powered telecom scams and requires cutting-edge strategies to identify and block these fraudulent activities on operator networks.
In this context, the new European AI law helps citizens stay protected. In the event of a suspicious event, citizens can file a complaint against the AI system and ask for explanations on the decisions made by AI systems. In both cases, organizations will have to provide clear audit trails to prove their compliance, as attributing errors to AI will not be an acceptable defense. In practice, this impacts the software or system that uses AI or any other automated decision-making technique. The appropriate use of automated decision-making by software is a topic already covered by the GDPR, which indicates that significant complexity awaits telecom organizations in terms of compliance.
Oculeus’ AI-powered telecom fraud protection strategy
“For anti-fraud technology providers like Oculeus, AI really excels at recognizing very subtle patterns in very large data sets that are either beyond the reach of humans or would require excessive analysis time,” Stewart said. Oculeus leverages AI to identify subtle patterns from very large data sets. Given that telecom fraud is evolving rapidly, AI is essential to “seeing the invisible,” he added.
“By using AI on telecommunications call metadata, Oculeus is able to identify emerging patterns of new fraudulent behavior that may involve different parties, such as subscribers, B2B customers or business partners, including a community of interconnect and wholesale providers that manage call traffic across multiple networks,” he said.
Stewart discussed Oculeus’ multi-pronged AI approach, which evaluates traffic at three levels: monitoring overall traffic behavior to identify changes, evaluating individual calls for fraud risk based on known patterns, and investigating incidents that don’t meet the fraud threshold but have suspicious elements, flagging them for further investigation. Oculeus customers can block more fraud cases in less time, Stewart said.
Oculeus has integrated AI technology into its anti-fraud products to support the assessment and validation processes of cases in accordance with the European AI law. AI governance principles are also integrated into the company’s technologies, Stewart said. He highlighted the system’s ability to generate transparent audit trails of activities and decisions, and provide crucial human oversight in the decision-making process. “In this way, we are already equipping our customers with the tools they need to meet the compliance requirements of the AI law.”
