Bastiaan Bruyndonckx
Information Communication Technology
Information Governance & Data Protection
Telecommunications, Media & Technology
Commercial law
Dispute Resolution
Intellectual Property (IP)
bastiaan.bruyndonckx@lydian.be
In recent years, artificial intelligence (AI) has been a popular buzzword and a hot topic that has caught the attention of lawmakers. For several years, the European Commission (EC) has been researching the topic further and on 21 April 2021 it has published the long awaited Proposal for a Regulation of Artificial Intelligence (hereinafter the Proposed Regulation) on the basis of the White Paper on Artificial Intelligence that was published in 2020. At the same time, the EC proposed a new Machinery Regulation, designed to ensure the safe integration of AI systems into machinery.
The Proposed Regulation applies to a wide range of actors, including:
The broad scope of application is extended even more by the extraterritorial effect of the Proposed Regulation, meaning that actors (providers and users) established in a third country are also subject to the Proposed Regulation to the extent the AI systems affect persons located in the EU. Hence, the Proposed Regulation is likely to have a similar effect on worldwide AI regulation as the GDPR has had on the worldwide development of data protection regulation.
The Proposed Regulation prohibits certain AI practices that are considered a clear threat to the safety, livelihoods, and rights of people, including:
The above prohibition does not apply when such practices are authorised by law and are carried out by public authorities or on behalf of public authorities to safeguard public security and subject to appropriate safeguards.
Furthermore, the Proposed Regulation includes several high-risk AI systems which are not prohibited but which use is subject to strict conditions. High-risk AI systems are listed in Annex II of the Proposed Regulation and include:
The EC is empowered to adopt delegated acts to update the list in Annex II by adding new high-risk AI systems, where it has identified that other AI systems generate a high level of risk of harm in the same way as the high-risk AI systems already listed in Annex II.
Providers of high-risk AI systems must comply with many strict and detailed conditions, such as:
Users of high-risk systems will be subject to more limited obligations. They must use that technology in accordance with the instructions for use and take appropriate technical and organisational measures to address risks created by the system. Users must also monitor the operation of the system and keep records of the description of the data used.
The Proposed Regulation further imposes specific obligations upon (i) authorised representatives of providers, (ii) importers, (iii) distributors of high-risk AI systems and (iv) other third parties involved in the AI value chain.
Interestingly and in line with the EC’s ambition to make the EU a worldwide leader in AI, while the Proposed Regulation aims at laying down a regulatory framework for AI, it also contains measures in support of innovation. Such measures include (i) AI regulatory sandboxing schemes, (ii) measures to reduce the regulatory burden for SMEs and start-ups and (iii) the establishment of digital hubs and testing experimentation facilities. These measures may also be a source of inspiration for a possible review of the GDPR.
Non-compliance with the rules laid down in the Proposed Regulation can give rise to GDPR-inspired administrative fines up to EUR 20,000,000 or, in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher. Also, like the GDPR, national supervisory authorities shall be competent for monitoring en enforcing compliance with the Proposed Regulation. A European Artificial Intelligence Board (EAIB), composed of representatives of the national supervisory authorities, a representative of the European Data Protection Supervisor (EDPS) and a representative from the EC, shall be established. The EAIB’s main task will be to supervise the consistent application of the Proposed Regulation.
The Proposed Regulation is not yet applicable and is only the start of a lengthy legislative process where adaptations are still likely. Afterwards, it will be applicable one or two years after its adoption. Therefore, the applicability of this Proposed Regulation is not foreseen before 2024. Stakeholders are however advised to closely monitor the legislative process and take position on those issues that are of interest to them.
Information Communication Technology
Information Governance & Data Protection
Telecommunications, Media & Technology
Commercial law
Dispute Resolution
Intellectual Property (IP)
bastiaan.bruyndonckx@lydian.be
Commercial law
Dispute Resolution
Information Communication Technology
Information Governance & Data Protection
Intellectual Property (IP)
Telecommunications, Media & Technology
liese.kuyken@lydian.be