COP27 has drawn to a close. But what does its legacy mean for business?
Much has changed in the year since COP26 in Glasgow. The war in Ukraine has struck Europe with an...Read more
The proposal for an Artificial Intelligence Act was put forward by the European Commission in 2021. The file is now waiting for the European Parliament and the Council of EU to finalise the amendments within their own institutions to carry over to the interinstitutional negotiations (trilogue). This policy brief will recap the background and main elements of the Commission’s proposal, the Council’s and Parliament’s current positions, and the current status of the file.
Background to the issue
In April 2021, the European Commission published a proposal for a Regulation on Artificial Intelligence (AI Act), the first-ever horizontal legal framework on AI, which addresses the risks of AI. The regulatory Proposal aims to provide AI developers, deployers and users with clear requirements and obligations regarding specific uses of AI. The proposal is part of a wider AI package, which also includes measures to facilitate EU funding for research & innovation in AI.
The proposal establishes a technology-neutral definition of AI systems in EU law and addresses risks of specific AI utilisation and associated risks, categorising them into four levels of risk-based approach: unacceptable risk, high-risk, limited risk, and minimal risk.
The proposal aims to guarantee the safety and fundamental rights of people and businesses concerning AI; to make sure that Europeans can trust the AI they are using; to strengthen the EU’s ability to compete globally. The broader package also aims to strengthen the uptake, investment and innovation in AI across the EU.
Key elements: Commission’s proposal and position
The Commission’s proposal for a Regulation on Artificial Intelligence (AI Act) includes:
|Unacceptable Risk AI Systems: harmful uses of AI that contravene EU values will be banned. Prohibited are, for example, manipulation of human behaviour through subliminal techniques, social scoring, and real-time remote biometric identification for the purpose of law enforcement.|
|High-Risk AI Systems: are the focus of the regulation. High-risk AI is defined as a product falling under the EU product safety regulation, such as toys and medical devices, or belonging to a list of stand-alone high-risk AI systems laid down by the proposal. Annex III lists these systems, which include, for example, management of critical infrastructure; AI systems planned for employment and recruitment; access to public services; law enforcement; etc. High-risk AI systems that are safety components of products would also fall into this category.|
Obligations & requirements: Providers of high-risk AI systems must conform to stringent quality standards and comply with disclosure, control, and monitoring requirements. For example, they should ensure a quality management system, draw up the necessary technical documentation and ensure that the AI system undergoes the relevant conformity assessment procedure before being placed on the market.
|Limited Risk AI Systems: Such AI applications are permitted but subject to information or transparency obligations. Some systems can deceive people into thinking they are dealing with a human, for example, chatbots and deepfakes. In these instances, the proposal imposes transparency requirements to ensure that the affected person is aware of being exposed to an AI application.|
|Minimal or No-Risk AI Systems: are permitted without restrictions. All other AI systems can be developed and used in the EU without additional legal obligations to existing legislation.|
State of play in the Council of EU
In the Council, negotiations between member states started with the Slovenian presidency, which began by organising a virtual conference on the regulation of AI, ethics and fundamental rights on 20 July 2021. The following French presidency continued the work by circulating compromise texts of the proposed AI Act, with the final one being on 15 June 2022. In June 2022, EU ministers took note of a progress report presented by the French presidency, and so far, work in the Council has been continuing under the Czech presidency.
State of play in the Parliament
In the European Parliament (EP), the AI Act is managed jointly by the Committee on Internal Market and Consumer Protection (IMCO) and the Committee on Civil Liberties, Justice and Home Affairs (LIBE); but MEPs in the legal affairs group (JURI) have exclusive competence on several articles.
The Committees are now still working out several key issues. Co-rapporteurs Brando Benifei (Italy, S&Ds) and Dragos Tudorache (Romania, Renew) distributed several compromise amendments for deliberation before the technical meeting on the AI Act took place on 30 August.
For example, an amendment would allow AI-generated so-called deepfakes to be deployed in creative or satirical cases if their use is flagged. Others established that the level of human oversight on high-risk AI systems should be proportionate to the risks and added details to complaint-and-remedy mechanisms for people affected by AI decisions.
Given its exclusive competence, some of its decisions will definitely make it into the Parliament’s final position, while others will probably have a strong influence.
Following the Commission’s proposal, the Parliament and the Council are currently negotiating the draft written by the EU Commission within their own institutions. After this, the three bodies will go into trilogue negotiations. The vote on the joint IMCO and LIBE report is scheduled for October 2022 to then be voted on in plenary in November 2022. According to rapporteur Tudorache, the timeline may be delayed as he suggested that Parliament may not finalise its position on the AI Act until January 2023. On the other hand, the Council aims for an agreement by December 2022.
Once they both reach a consensus within their institutions, negotiations among Commission, Parliament and Council will start, most likely in January 2023, and will be closed with a final agreement, which seems possible in mid-2023. The earliest time the regulation could become applicable to private companies will be in mid-2025.