The European Commission recently publish a first draft of its new Artificial Intelligence Regulation (AI Regulation).
The AI Regulation covers both Providers (i.e. developers) and business Users of AI systems. Providers have a broad set of obligations owed to Users. Under the AI Regulation, AI systems are categorised as:
The new AI Regulation places human oversight and ultimate control over AI systems at its core. As such Providers of high risk AI Systems will need to comply with an array of new obligations. These include implementing risk and quality management systems, validating the quality of the data used to train AI systems, providing clear instructions for Users, ensuring “state of the art” consistency, accuracy, robustness and cybersecurity of AI systems, and self-certifying conformity assessment via CE marking. Providers must also register details of the AI system on an EU database, monitor performance of the AI system, report serious incidents and breaches, and correct, withdraw or recall non-conforming AI systems, as well as cooperating with and providing information to regulators when required to do so.
In a similar vein to the General Data Protection Regulation (GDPR), the AI Regulation will have global reach since it will govern AI systems, and the outputs of such systems, with an impact in the European Union. As a result, AI developers round the world will need to pay careful attention to complying with the new AI Regulation if they wish to access the EU market (although the regulation of AI systems developed or used exclusively for military purposes are specifically excluded). Providers located in third countries outside the EU will be required to appoint EU representatives.
Just like the GDPR, the AI Regulation brings with it the risk of enormous fines - in this case of up to the greater of €30 million or 6% of annual turnover for the most serious offences, relating to prohibited AI systems and the quality of training data (to address the issue of AI bias and discrimination). And, the GDPR and the AI Regulation are not mutually exclusive - the AI Regulation will sit alongside GDPR as an additional set of requirements.
The AI Regulation will now make its way through the EU’s legislative processes and is not expected to come into force until 2024 at the earliest.
New legislation introduced to extend digital connectivity, regulate direct marketing and protect con...Read more
Given that most high-profile competition law actions tend to involve the decisions of large-scale re...Read more
Fladgate has advised the founders of Teachers2Parents (T2P) on the sale to Education Brands. Many p...Read more
Tailored insights delivered to your inbox