Electronic Signature

The future of AI: regulation in Europe

On 21 April 2021, the European Commission unveiled its long-awaited proposal for a regulation setting out harmonized rules on artificial intelligence and amending some of the union legislation. The proposal is the result of several years of preparatory work by the commission and its advisers, including the publication of the "White Paper on Artificial Intelligence." This proposal is a key element of the commission's European Strategy for data.

This provision applies to (1) providers that place on the market or put into service AI systems, irrespective of whether these providers are established in the European Union or in a third country; (2) users of AI systems in the EU; and (3) providers and users of AI systems that are located in a third country where the products produced by the system are used in the EU.

The term “AI system" is broadly defined as “software that is developed with one or more of the techniques and approaches listed in Annex I and can, for a given set of human-defined objectives, generate outputs such as content, predictions, recommendations, or decisions influencing environments they interact with.”

The commission takes a risk-based but generally cautious approach to AI and recognizes the potential of AI and the many benefits it presents, but at the same time is acutely aware of the dangers these new technologies present to European values and fundamental rights and principles.

This explains why the sentence begins by listing the four types of artificial intelligence techniques that are prohibited:
  1. Placing on the market, putting into service or using an AI system that deploys subliminal techniques beyond a person’s consciousness to materially distort a person’s behavior in a manner that causes that person or another person physical or psychological harm.
  2. Placing on the market, putting into service or using an AI system that exploits vulnerabilities of a specific group of persons due to their age, physical or mental disability to materially distort the behavior of a person pertaining to the group in a manner that causes that person or another person physical or psychological harm.
  3. Placing on the market, putting into service or using an AI system by public authorities or on their behalf for the evaluation or classification of the trustworthiness of natural persons with the social score leading to detrimental or unfavorable treatment that is either unrelated to the contexts in which the data was originally generated or unjustified or disproportionate.
  4. Use of “real-time” remote biometric identification (read: facial recognition) systems in publicly accessible spaces for law enforcement purposes, subject however to broad exemptions that, in turn, are subject to additional requirements, including prior authorization for each individual use to be granted by a judicial authority or an independent administrative body in the member state where the system is used.

The bulk of the offer focuses on high-risk AI systems. High-risk AI systems should be thoroughly tested before they are placed on the market or put into service and throughout their life cycle, including through a mandatory risk management system, strict data and data governance requirements, technical documentation and record-keeping requirements, and post-market monitoring and reporting incident requirements.

 A conformity assessment by a third party or the provider itself and, for stand-alone AI systems, registration in a central database set up and maintained by the commission. Different procedures apply depending on the type of system and whether the system is already covered by existing product safety legislation.

The obligations under the proposal affect all parties involved: the provider, importer, distributor, and user. There are special provisions relating to transparency to ensure people know that they are dealing with an artificial intelligence system but also allow users to interpret the results of the system and use it appropriately.

Article 14 of the proposal emphasizes that AI systems shall be designed and developed in such a way that human oversight is guaranteed while in use.

In an effort to demonstrate that the commission is aware of the opportunities presented by AI technology, the proposal also contains several provisions in Title V that outline measures in support of innovation. They include regulatory sandboxing schemes and an obligation on member states to provide certain services and facilities for small-scale providers and users.

In line with positions taken in other data-related legislative initiatives, it is up to the member states to ensure compliance with the AI rules. The regulation foresees steep administrative fines for various types of violations ranging for companies from 2% to 6% of total annual global turnover. The proposal foresees the creation of a European AI Board with various tasks, including assisting the national supervisory authorities and commission to ensure the consistent application of the regulation, issue opinions and recommendations, or collect and share best practices among member states.

The regulation, once adopted, will come into force 20 days after its publication in the Official Journal. It will apply 24 months after that date, but some provisions will apply sooner. This long "grace period" increases the risk that, despite the commission's efforts to make the regulation future-proof, some of its provisions will be overtaken by technological developments before they are even apply.

The proposal now goes to the European Parliament and Council for further consideration and debate. Given the controversial nature of AI, large number of stakeholders and interests involved, it seems fair to assume the road to adoption will be bumpy and long. There will likely be many amendments in the European Parliament and discussions with member states.
 The source is here.