Catching up with the AI Act 

In April 2021, the European Commission proposed a Regulation for Artificial Intelligence (the Proposal), as discussed here. 

In the Council of the European Union, the Working Party on Telecommunications and Information Society is examining the Proposal. Recently, the Czech Republic Presidency of the Council published a final version of the compromise text and further amended this version on certain aspects, as reported by Euractive. The Presidency presented the final version to the Working Party in its meeting on 08 November 2022 and submitted the same to the Council’s Committee of Permanent Representatives (Coreper) on 11 November 2022.  

The European Parliament has assigned the Proposal to the Committee on Internal Market and Consumer Protection and the Committee on Civil Liberties, Justice and Home Affairs, jointly. In April 2022, the two Committees published a draft report suggesting amendments to the Proposal and have since tabled further amendments as well. In October 2022, the Parliament held a first round of discussions concerning the text of the Proposal, and recently, Euractive reported that co-rapporteurs Brando Benifei and Dragoș Tudorach circulated a new set of ‘compromise amendments’.  

Points of contention  

Given that Artificial Intelligence (AI) already permeates several aspects of our lives - from medical devices to crime prevention, the complexity and 'black box' modalities of AI raise pertinent questions regarding its impact on human rights and social welfare. Thus, any policy to regulate AI faces the challenge of creating an innovation friendly environment on one hand and providing safeguards against the potential harms arising from the use of AI on the other. The status of the Proposal in the EU testifies to this dilemma and is a development worth following.  

The legislative journey of the Proposal shows consensus on the need for regulation of AI in general. Yet, there exist several points of concern and contention amongst the lawmakers and relevant stakeholders regarding the actual text of the law. Some of the most contentious aspects of the Proposal include: the definition of AI; exemptions under the proposed Regulation; approach towards ‘general purpose AI systems’, ‘real-time biometric recognition’ and facial recognition; transparency obligations for developers/providers and users of AI; scope of ‘high-risk systems’; and administrative provisions concerning implementation and enforcement of the proposed Regulation. 

What are the next steps and important dates?  

As reported by Euractive, it is likely that the Council’s position on the Proposal will be formalized in its Coreper’s meeting on 18 November 2022, and finally adopted in the Working Party’s meeting on 06 December 2022. 

As for the Parliament, expectedly the appointed Committees will present a final report on the Proposal soon. Meanwhile, the recent amendments proposed by the Co-rapporteurs were scheduled for discussion in a technical meeting on 10 November 2022, according to Euractive.  

Once the Parliament has concurred in its position on the Proposal, the next steps would entail a possible trialogue between the Parliament, the Commission, and the Council to negotiate an agreement on the final text of the AI Regulation. If the negotiations succeed, the Parliament and the Council will need to ratify the amended Proposal. Given the political and economic ramifications of regulating AI, the journey of the Proposal to becoming a law could still take a while.  

What do these developments mean for businesses? 

As the Proposal continues to evolve with the ongoing deliberations in the concerned forums, it is hard to predict what the final AI Regulation would look like. However, there are certain aspects of the Proposal that have remained intact, in principle, through the many versions of compromise texts and amendments. It is plausible that these aspects will form an intrinsic part of the final scheme of the Regulation, such as:  

• A risk-based approach to regulation of AI: Providers/developers/users of AI are subjected to obligations such as implementation of 'quality management systems' and compliance with transparency requirements in proportion to the ‘risk’ imminent in the application of such AI.  
• Financial penalties against non-compliance: The Proposal contemplates penalties of up to 6% of the defaulting company’s annual global turnover, which is higher than the maximum fine imposed under existing laws. Thus, significantly high fines are expected under the AI Regulation.  
• Extra-territorial application of the Proposal: AI applications placed on or used in the EU markets will be subject to the provisions of the AI Regulation. In this respect, the Proposal and associated developments concern developers and providers of AI across the world. 

In this background, our advice to businesses would be to evaluate where and how they use or intend to use AI. Establishment and documentation of processes concerning design and use of AI along with testing procedures implemented prior to such use; conducting risk assessments on the lines of a privacy impact assessment but for AI (such as IAMA); and post-market monitoring are recommended. These steps would help ensure a foundation for compliance with the forthcoming AI Regulation, especially for businesses deploying AI in perceptibly high-risk contexts such as biometric identification, law enforcement and administrative decision-making. 

Considerati follows the developments concerning the Proposal closely. If you have any questions about the implications of the AI Act or preparing your organization for compliance with its provisions, do not hesitate to contact us.