Euralarm recently released a Position Paper on the EC proposal for a Regulation on Artificial Intelligence. The Position Paper follows some informal discussions with DG Connect and contains proposals on several articles in the Regulation on Artificial Intelligence. Following the release of the Position Paper Euralarm spoke to Gabriele Mazzini, lawyer of DG Connect and in the lead for the proposal.
First-ever legal framework on AI
When asked to briefly explain the Regulation on Artificial Intelligence, also called the Artificial Intelligence Act, Gabriele Mazzini replied that the Artificial Intelligence Act is the result of a process a preparatory work that started in 2018, when a high-level expert group on artificial intelligence was appointed to provide advice to the Commission. The overall aim of the proposal is to make the rules for the development and use of AI consistent across the EU and thereby ensure legal certainty, encourage investment and innovation in AI, and build public trust that AI systems are used in ways that respect fundamental rights and European values. In 2020 the Commission adopted a White Paper that was sent out for consultation and got more than 1200 comments. That input helped inform the proposal for the harmonised regulatory framework on AI, which based on the NLF approach. The AI Act is currently the first-ever proposed legal framework on artificial intelligence.
The history of Artificial Intelligence goes away back. The term was first used in the 1950s. Gabriele Mazzini explained that, on the basis of a recent report by the Commission Joint Research Center there are more than 50 definitions of AI, making it very complex and difficult to find common grounds. Considering that the greatest majority of EU countries are members of OECD as well as others non-European countries, it was decided to take inspiration from the definition of AI adopted by the OECD in its principles on Artificial Intelligence. In the Artificial Intelligence Act AI is defined in Article 3 and this is supplemented by Annex I, containing a suite of software development frameworks that encompass machine learning, expert and logic systems, and Bayesian or statistical approaches. A software product featuring these approaches and meeting the requirements of the definition stated in Article 3 will be considered AI for the purposes of the Act. The Act distinguishes three categories of AI uses: prohibited AI uses, high-risk AI uses, and systems with transparency risks. The proposal does not regulate the technology as such, but specific uses. In general, the approach is that the higher the risk, the stricter the rules (risk-based approach).
Prohibited uses of AI
When asked which uses of AI are prohibited, Gabriele Mazzini replied that there are four main categories. The first two relate to the manipulation of a person’s behavior or exploitation of a person’s vulnerabilities due to their age, physical, or mental disability. Also prohibited are the uses consisting in forms of social credit scoring by governments. The fourth category relates to real-time remote biometric identification in publicly accessible spaces by law enforcement. An exception is made for certain time-limited public safety scenarios such as serious criminal activities. It is up to the member states if they want to make use of the exception. The AI Act is intended to apply as lex specialis with respect to the rules on the processing of biometric data contained in Article 10 of the Law Enforcement Directive. Also, the uses of remote biometric identification are already regulated by existing law, namely the GDPR.”
The AI Act also defines high-risk AI uses. Gabriele Mazzini explained that the AI Act considers an AI system high-risk if it is used as a safety component of a product that is covered by existing single market harmonisation legislation and the product is required to undergo a third-party conformity assessment. These mandatory third-party conformity checks will incorporate the AI Act’s requirements after the legislation is passed. In addition, other specifically listed AI systems deployed in number of sectors are also deemed to be high-risk to safety or fundamental rights. The Commission can expand this list through a simplified process without new legislation. The Act relies on member state regulators for enforcement and sanctions, but consistency will be ensured by a European level board.