Overview of the Proposal for the EU Regulation on Artificial Intelligence 2021
By Luka Pejic
To better guarantee basic human rights in the future, more regulations will certainly be adopted at the international, regional, and national levels that will strive to ensure the safe and controlled use of artificial intelligence systems across the EU. The first steps in this direction in Europe were made with the adoption of several documents, recommendations, and declarations by EU institutions and the Council of Europe: Declaration of the Committee of Ministers of the Council of Europe on manipulative capabilities of algorithmic processes in 2019[1], White Paper on Artificial Intelligence - A European Approach to Excellence and Trust in 2020[2], Recommendation of the Committee of Ministers of the Council of Europe on the Impact of Algorithmic Systems on Human Rights in 2020[3], Promoting the European Road to Artificial Intelligence in 2021[4], the Declaration of the Committee of Ministers of the Council of Europe on the risks of decision-making with the help of computers and artificial intelligence in the field of social protection in 2021[5]. The European Commission adopted the Impact Assessment of the Proposal for a Regulation on Artificial Intelligence in April 2020 and finally, in April 2021 the European Parliament and the European Council adopted the Communication on a European Approach to Artificial Intelligence[6], the Coordinated Plan for the Member States[7] and the Proposal for an EU Regulation of artificial intelligence. [8]
The Communication on the European Approach to Artificial Intelligence, which is a political document, states that artificial intelligence has shown its potential by contributing to the fight against coronavirus pandemic, helping to predict the geographical spread of diseases, diagnosing infections, and developing vaccines and drugs against viruses. What has been emphasized in the Communication is the connection between the creation of a regulatory framework for artificial intelligence and the following acts, in order to bring them under the same scope: European Strategy for Data Management [9], Machinery Directive dealing with security risks (arising from human-robot collaboration and the use of autonomous machines), the Cyber Security Strategy, the Digital Education Action Plan 2021-2027, the draft Digital Services Act, the Digital Market Act, the European Democracy Action Plan, and amendments to the Product Liability Directive.
Despite the many advantages of artificial intelligence, some dangers were also emphasized, such as the unjustified disadvantage of individuals linked to the use of artificial intelligence, endangering personal privacy through facial recognition in public places, and more. For that reason, the Proposal for the Regulation on Artificial Intelligence was prepared as a new legal regulatory framework, as was the CPMSA in 2021. The Coordinated Plan for the Member States for Artificial Intelligence for 2018 laid the foundation for the harmonization of artificial intelligence policy and encouraged countries to work together to develop national strategies and maximize the European Union's competitive potential in this area. It also gave way for cooperation, defined areas for further investments, and was the first step in defining the common direction of European policy for artificial intelligence.
The result of this joint plan was national strategies for artificial intelligence and investments in the development of artificial intelligence. The Coordinated Plan for the Member States for Artificial Intelligence adopted in 2021 is the next step, which includes a set of joint actions of the European Commission, EU member states, and private actors, which include: accelerated investment in artificial intelligence technologies (through Digital Europe - DEP, Horizon-HE, and Recovery and Resilience Instrument (RRF); acting under strategies and programs of artificial intelligence (digital innovation hubs - DIH, robotics, "Internet of Things", etc.) and harmonizing artificial intelligence policies to avoid fragmentation.
The Coordinated Plan for the Member States for Artificial Intelligence for 2021 envisages taking measures in four areas. The first area is setting the conditions for the development of artificial intelligence in the EU. It includes consolidating and sharing policies in the field of artificial intelligence, exploiting the potential of data, and creating critical computing capacity. This set of measures enables the creation of the infrastructure necessary for the development and application of artificial intelligence with appropriate investments. Then, the second area defines measures that will make the EU a leader in the development of artificial intelligence from laboratory to market: cooperation of stakeholders through the European Partnership for Artificial Intelligence, cooperation in data, robotics, and expert groups, building and mobility of research capacity, providing environments for developers to test and experiment, and for small and medium enterprises and public administration to take over technological solutions, and funding innovative ideas and solutions. The third area is the application of artificial intelligence for the benefit of people and the development of society. In this context, the following set of measures is envisaged: nurturing talent and improving the skills needed to create a successful artificial intelligence ecosystem, developing policy measures to ensure confidence in artificial intelligence systems, and promoting the EU's vision of sustainable and reliable artificial intelligence. This ensures that the artificial intelligence placed on the EU market is sustainable, safe, accessible, and reliable. The fourth area includes a group of measures related to building strategic leadership and progress in high-impact sectors: climate and environment, health, robotics, public administration, law enforcement, migration and asylum, and agriculture.
The key step in achieving the political goals in the field of artificial intelligence in Europe is the Draft Regulation on Artificial Intelligence from 2021. The essence of this legal act is focused on issues of security and respect for fundamental rights when using artificial intelligence technology. It defines risk-based artificial intelligence and sets mandatory requirements for high-risk artificial intelligence systems. It also provides for a management mechanism covering ex-ante conformity assessment and an ex-post conformity control system. Artificial intelligence systems that do not fall into the category of high-risk, are subject to existing legislation, have an obligation of transparency, and can voluntarily comply with the requirements of the Draft Regulation on Artificial Intelligence based on a code of conduct or another self-regulatory scheme. The EU approach in the Proposal for a Regulation on Artificial Intelligence, according to the challenges arising from the use of AI, is based on the special treatment of high-risk AI systems. Special rules and a mechanism for enforcing these rules are established for high-risk systems that pose a high risk to the health, safety, and fundamental rights of individuals. The rules set out legal requirements regarding data and data management, documentation and record-keeping, transparency and information of users, human control, resilience, accuracy, and safety, which apply to manufacturers, importers, distributors, authorized representatives, and users. It is predicted that the European Committee for Artificial Intelligence will be established at the level of the European Union, together with bodies that will determine compliance with the requirements of the Regulation at the Member states' level, and in addition to supervisory bodies.
The European Artificial Intelligence Committee is made up of representatives of the Member States and the European Commission. National conformity assessment bodies will designate a competent national body, which will assess compliance with reliable quality management and risk management systems. It will also monitor the post-market artificial intelligence system and issue certificates of its compliance with the requirements of the Regulation. The national supervisory body will control the application and will drastically penalize producers who do not comply with the prescribed provisions with fines of up to 30 million euros, or up to 6% of the total annual turnover of companies in the world for the previous financial year. [10] In addition to these binding legal norms, the proposed mechanism of legal regulation envisages the creation of a code of conduct that would be voluntarily respected by manufacturers of high-risk artificial intelligence systems, as well as manufacturers of artificial intelligence systems that are not high-risk.
The Proposal for the Regulation on Artificial Intelligence itself contains the Rationale, Proposal, and Annexes. The explanation is very detailed and contains five parts. The first part provides the context of the proposal, the reasons, and objectives of the proposal, an overview of coherence with existing policies in this area, and coherence with other Union policies. The second part gives the legal basis and explains the subsidiarity and proportionality, as well as the choice of legal form. The third part of the explanation is dedicated to presenting the results of the ex-post evaluation, consultation with stakeholders, and impact assessment with special emphasis on the adequacy in general and adequacy of regulations and the relationship to fundamental rights. The fourth part discusses the impact the budget will have on the adoption of regulations. The fifth part of the explanation included implementation plans and mechanisms for monitoring, evaluation, and reporting, as well as detailed explanations of individual provisions of the proposal by chapters.
The draft regulation on artificial intelligence contains a preamble of 89 points and twelve titles with 85 articles. In the first Title entitled General Provisions, the subject of the Regulation is determined, the scope of the Regulation, 44 definitions of terms are given, among which the system of artificial intelligence is defined, and the manner of amending Annex I of the Regulation.
The second Title, entitled Prohibited Practices in the Field of Artificial Intelligence, lists exhaustive practices in the field of artificial intelligence that are prohibited.
The third Title, entitled High-risk systems of artificial intelligence, in the first Chapter sets out the rules for the classification of high-risk systems of artificial intelligence and defines the manner of amending Annex III of the Regulation.
The second chapter of the third title defines the requirements for high-risk systems, risk management systems, how to use data, how to keep technical documentation, how to record the work of high-risk systems, how to achieve transparency and inform users, how to control artificial intelligence systems manually, and how to improve technical resilience and cyber security of artificial intelligence systems.
The third chapter defines the obligations of manufacturers of artificial intelligence systems (quality management system, obligation to compile technical documentation, conformity assessment, automatic generation of event logs, corrective measures, notification obligations, cooperation with competent authorities, obligations of manufacturers, agents, importers, and distributors).
The fourth chapter includes the manner of submitting requests for designating conformity assessment bodies, the procedure of appointment, obligations, and functioning of designated conformity assessment bodies, subsidiaries, and sub-companies.
The fifth chapter explains the manner of conformity assessment based on standards and common specifications, issuance of certificates of conformity, appeal procedure against decisions of designated conformity assessment bodies, obligations of designated conformity assessment bodies regarding notification, and deviations from EU conformity assessment, along with the storage of documentation and registration in the database of high-risk artificial intelligence systems of the EU.
Then, the next, fourth Title defines transparency obligations for certain artificial intelligence systems, especially those for emotion recognition, biometric categorization, those that manipulate image, audio or video content in which there are significant similarities with existing persons, objects, places, events, etc.
Title V is dedicated to measures to support innovation, primarily isolated environments for artificial intelligence with a special legal regime and measures taken for small producers and users of artificial intelligence systems, so called “AI regulatory sandboxes”.
Title VI is dedicated to the management system. It is divided into two sub-chapters. The first chapter defines the structure and tasks of the European Committee for Artificial Intelligence, and the second defines the procedure for appointing national competent authorities.
Title VII is dedicated to the establishment and maintenance of a single database on registered high-risk artificial intelligence systems by the European Commission.
Title VIII defines in several chapters the system of monitoring high-risk artificial intelligence systems after placing them on the market, exchange of information on incidents and malfunctions of these systems and market surveillance and control on the EU and national level.
Title IX describes the codes of conduct for non-high-risk artificial intelligence systems. Confidentiality of information and data and sanctions for violating the provisions of the Regulation (misdemeanor fines) are the subject of Title X.
Delegation of power is the subject of Title XI of the Regulation.
Title XII, entitled Final Provisions, contains articles providing for amendments to certain EU acts to comply with the Regulation, as well as articles providing for the application of the Regulation to artificial intelligence systems already placed on the market, as well as articles relating to assessment and the need for future amendments to regulations and the entry into force of the Regulation. The nine annexes to the Draft EU Regulation on Artificial Intelligence define techniques and methods of artificial intelligence systems, list other harmonized Union legislation, list high-risk artificial intelligence systems, and define obligations related to technical documentation. The elements of the EU declaration of conformity are defined, the procedure of conformity assessment is defined based on internal control, and necessary set of requested information to be submitted to EC, which is based on quality management system assessment and technical documentation assessment.
At the national level, EU member states are obliged to harmonize their legislation with the provisions of the Regulation on Artificial Intelligence when it is adopted. The implementation of this regulation is expected from 2024. Countries wishing to become members of the EU are also expected to harmonize their legislation with the provisions of the Regulation and build mechanisms that will enable the safe use of high-risk artificial intelligence systems and legal certainty. The complex legal framework requires the adoption of new regulations and the amendment of existing regulations that have a binding effect and those that do not have a binding effect. The first category certainly includes a special law on artificial intelligence with a strict sanctions mechanism that will ensure effective implementation. Experience with the EU General Data Protection Regulation (GDPR) has shown how high monetary amounts of sanctions affect compliance. The second category of non-binding rules includes professional codes of conduct at the national level and recommendations and declarations, primarily from international organizations, such as the Council of Europe.
References
[1] Council of Europe. "Declaration by the committee of ministers on the manipulative capabilities of algorithmic processes." Decl (13/02/2019) 1, 13.2. 2019 (2019).
[2] European Commission, "White Paper on Artificial Intelligence - A European approach to excellence and trust", Brussels, 19.2.2020. COM (2020) 65 final.
[3] Council of Europe, "Recommendation CM/Rec (2020) 1 of the Committee of Ministers to Member States on the Human Rights Impacts of Algorithmic Systems"
[4] European Commission, "Fostering a European approach to Artificial Intelligence", Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Brussels, 21.4.2021. COM (2021) 205 final.
[5] Council of Europe, "The Risks of Computer-Assisted or Artificial-Intelligence-Enabled Decision Making in the Field of the Social Safety Net", Decl (17.3.2021).
[6] European Commission, "Commission Staff Working Document Impact Assessment Accompanying the Proposal for a Regulation of the European Parliament and the Council Laying Down Harmonized Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts", SWD (2021) 84 final, https://digitalstrategy.ec.europa.eu/en/library/impact-assessment-regulation-artificial-intelligence.
[7] European Commission, "Commission Staff Working Document Impact Assessment Accompanying the Proposal for a Regulation of the European Parliament and the Council Laying Down Harmonized Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts", SWD (2021) 84 final, https://digital-strategy.ec.europa.eu/en/library/impact-assessment-regulation-artificial-intelligence, 9.10.2021.
[8] European Commission, "Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonized Rules on Artificial Intelligence (Artificial intelligence Act) and Amending Certain Union Legislative Acts", Brussels, 21.4.2021. COM (2021) 206 final.
[9] European Commission, "Proposal for a Regulation of the Parliament and of the Council on European Data Governance (Data Governance Act)", COM (2020) 767 final.
[10] GENERAL PUBLICATIONS, 19 February 2020, White Paper on Artificial Intelligence: a European approach to excellence and trust, accessed on 26th January 2023