CHALLENGES OF CURRENT REGULATION OF AI-BASED HEALTHCARE TECHNOLOGY (AIHT) AND POTENTIAL CONSEQUENCES OF THE EUROPEAN AI ACT PROPOSAL

The utilization of artificial intelligence (AI) in healthcare has been steadily increasing, but the regula-tion of AI is challenging. Inspired by the recently proposed European AI regulation, we conducted a case study among Finnish healthcare stakeholders to identify challenges that current regulation of AI-based healthcare technology (AIHT) poses to development of AIHT, and what the potential conse-quences of the recently proposed European AI regulation would be for AIHT development. One of the main challenges we identified is the already existing ambiguity arising from several regulations that AIHT are subject to. More importantly, we found that this ambiguity would even increase through a European AI regulation. Another important finding is that the European AI Act might hamper innovation in AIHT and decelerate the development of AIHT. Our main contribution is to the recent information systems research opening on regulation of technology

How Data Protection Regulation Affects Startup Innovation

While many data-driven businesses have seen rapid growth in recent years, their business development might be highly contingent upon data protection regulation. While it is often claimed that stricter regulation penalizes firms, there is only scarce empirical evidence for this. We therefore study how data protection regulation affects startup innovation, exploring this question during the ongoing introduction of the EU General Data Protection Regulation (GDPR). Our results show that the effects of data protection regulation on startup innovation are complex: it simultaneously stimulates and constrains innovation. We identify six distinct firm responses to the effects of the GDPR; three where it stimulates innovation, and three where it constrains it. We furthermore identify two key stipulations in the GDPR that account for the most important innovation constraints. Implications and potential policy responses are discussed

The Role of Environmental Factors for the Success of Digital Start-ups

Digital start-ups are perceived as an engine for innovation and job promotor. While success factors for non-IT start-ups have already been extensively researched, this study sheds light on digital entrepreneurs, whose business model relies primarily on services based on digital technologies. Applying the Grounded Theory method, we identify relevant environmental success factors for digital entrepreneurs. The study’s research contribution is threefold. First, we provide 16 relevant and less relevant environmental success factors, which enables a comparison with prior identified factors. We found out that several prior environmental success factors, such as accessibility to transportation or the availability of land and facilities are less relevant for a digital entrepreneur. Second, we derive and discuss hypotheses for the influence of these factors on digital start-up success. Third, we present a theoretical model that lays the foundation for explaining the environmental influence on digital entrepreneurship success

Building data management capabilities to address data protection regulations: Learnings from EU-GDPR

The European Union’s General Data Protection Regulation (EU-GDPR) has initiated a paradigm shift in data protection toward greater choice and sovereignty for individuals and more accountability for organizations. Its strict rules have inspired data protection regulations in other parts of the world. However, many organizations are facing difficulty complying with the EU-GDPR: these new types of data protection regulations cannot be addressed by an adaptation of contractual frameworks, but require a fundamental reconceptualization of how companies store and process personal data on an enterprise-wide level. In this paper, we introduce the resource-based view as a theoretical lens to explain the lengthy trajectories towards compliance and argue that these regulations require companies to build dedicated, enterprise-wide data management capabilities. Following a design science research approach, we propose a theoretically and empirically grounded capability model for the EU-GDPR that integrates the interpretation of legal texts, findings from EU-GDPR-related publications, and practical insights from focus groups with experts from 22 companies and four EU-GDPR projects. Our study advances interdisciplinary research at the intersection between IS and law: First, the proposed capability model adds to the regulatory compliance management literature by connecting abstract compliance requirements to three groups of capabilities and the resources required for their implementation, and second, it provides an enterprise-wide perspective that integrates and extends the fragmented body of research on EU-GDPR. Practitioners may use the capability model to assess their current status and set up systematic approaches toward compliance with an increasing number of data protection regulations

cii Student Papers - 2022

In this collection of papers, we, the Research Group Critical Information Infrastructures (cii) from the Karlsruhe Institute of Technology, present eight selected student research articles contributing to the design, development, and evaluation of critical information infrastructures. During our courses, students mostly work in groups and deal with problems and issues related to sociotechnical challenges in the realm of (critical) information systems. Student papers came from five different cii courses, namely Emerging Trends in Internet Technologies, Emerging Trends in Digital Health, Digital Health, Critical Information Infrastructures, and Selected Issues on Critical Information Infrastructures: Collaborative Development of Innovative Teaching Concepts in summer term of 2021 and the winter term of 2021/2022

The Concept of a Smart Action – Results from Analyzing Information Systems Literature

In recent years, the term \u27smartness\u27 has entered widespread use in research and daily life. It has emerged with various applications of the Internet of Things, such as smart homes and smart factories. However, rapid technological development and careless use of the term mean that, in information systems (IS) research, a common understanding of smartness has not yet been established. And while it is recognized that smartness encompasses more than the use of impressive information technology applications, a unified conceptualization of how smartness is manifested in IS research is lacking. To this end, we conducted a structured literature review applying techniques from Grounded Theory. We found that smartness occurs through actions, in which smart things and individuals interact, process information, and make data-based decisions that are perceived as smart. Building on these findings, we propose the concept of a \u27smart action\u27 and derive a general definition of smartness. Our findings augment knowledge about how smartness is formed, offering a new perspective on smartness. The concept of a smart action unifies and increases understanding of \u27smartness\u27 in IS research. It supports further research by providing a concept for describing, analyzing, and designing smart actions, smart devices, and smart services

Unblackboxing the Effects of Privacy Regulation on Startup Innovation

Data-centric businesses have seen rapid growth in recent years, but their development is partly shaped by data protection and privacy regulation (DPPR). While it is often claimed that stricter regulation penalizes firms, there is scarce empirical evidenc

Unblackboxing the effects of privacy regulation on startup innovation

Data-centric businesses have seen rapid growth in recent years, but their development is partly shaped by data protection and privacy regulation (DPPR). While it is often claimed that stricter regulation penalizes firms, there is scarce empirical evidence for this. Drawing on models from innovation economics and taking the example of startup innovation, we use a set of expert interviews to obtain first empirical evidence as a basis for our research. Our emerging results indicate that while DPPR has some negative effects on innovation, these are modest overall, partly because of lax enforcement. Moreover, there is evidence for systematic sectoral variation, with DPPR mildly hindering innovation in certain B2C and B2B markets, but spurring innovation in others. After completion, our work will provide a framework for firms and policy makers to assess the effects of DPPR on innovation