Harmonised Rules to Keep Artificial Intelligence in Check

The EU is currently debating harmonised rules for artificial intelligence in the form of a legislative project aimed at making sustainable AI concrete. Finnish Parliament has also recently taken a position on the Commission’s proposed regulation. Clearly, this is a particularly relevant topic to designers and developers of AI systems. The proposed regulation has been criticised for its breadth and is set to keep industry operators on their toes as it develops towards its final form.

Four Main Classifications of AI

The goal of the proposed regulation is to incorporate obligations into special legislation in order to put the responsible use of AI into specific terms. AI systems often process information about the activities and lives of consumers, and responsibility in this context means, for example, transparency, fairness and ethicality. The aforementioned proposed AI regulation, which was published by the European Commission in April 2021, is an example of legislative efforts to harmonise the use of AI in the EU.

The goal for harmonised European rules is to increase trust in the use of AI and reduce applications of AI that violate of the EU's fundamental rights, such as police state mass surveillance, scoring of citizens or other applications that pose a threat to citizens. These threats will be addressed by a classification of AI application into four main categories based on whether the application poses an unacceptable risk, high risk, limited risk or minimal risk.

These categories are based on the purpose of use, not the technology being used. AI is used for a wide array of applications, from chatbots to facial recognition and from the pharmaceutical industry to autonomous weapons. The obligations set forth in the proposed regulation are intended to promote transparency and consumer confidence.

Transparency Increases Trust

The responsible use of AI and responsible data processing require transparency. Transparency can be a strong competitive advantage not only in business but also from the perspective of customers or personnel.  Keeping up with and adopting the latest technological developments can open up innovative business opportunities and perspectives. Clear communication to consumers creates an image of a company's activities while increasing trust and commitment amongst consumers, employees and other stakeholder groups. However, it is important to note that many consumers may have difficulty conceptualising how AI functions.

Responsible use of AI can be seen as part of corporate responsibility. A regulatory model based on soft-law joint or self-regulation could be problematic, as it may not be enough to earn the trust of consumers, and other stakeholders would have little to no say in it. This kind of model also does not seek to distinguish between organisations responsible for supervision and those responsible for imposing sanctions.

Like the GDPR, the AI Regulation would require precision in data and data administration, sufficient data security and proper documentation of the realisation of transparency and the fulfilment of the disclosure obligation. The Commission’s proposal solves the separation of supervision and sanction power by establishing a European Artificial Intelligence Board, which would share responsibility for supervision with the Member States’ market supervisory authorities, while Member States would be responsible for imposing administrative fines and other sanctions. This is the same solution that was adopted in the GDPR.

Criticism of Proposed Regulation

The AI Regulation is a major legislative project, but the proposal is neither comprehensive nor watertight. For example, it presents few practical solutions to prevent algorithmic bias, despite the fact that this was one of the primary concerns that lead to the project being launched in the first place. The proposal’s definition of AI has also been criticised for being too broad. On the other hand, the reasoning behind the broad definition is to ensure that it is technology neutral and future proof so that it would not immediately become outdated as technology develops. The scope of application should be clear and the requirements proportionate. Clear boundaries can be justified, e.g. based on the principal of legal certainty. The definition of what applications are considered high risk is somewhat unclear in the annex of the proposed regulation, which creates uncertainty on the markets as to the suitability of the regulation.

The proposal has also been criticised for being overly complex and, as it would be directly applicable legislation, for leaving little room for Member States due to aiming for far-reaching harmonisation. There are also fears that increasing bureaucracy will hinder AI innovation.

What Next?

The Commission’s proposal is currently being debated by legislators, the European Parliament and the Council of Europe. Though the proposal has given rise to questions and doubts, the Member States are for the most part supportive of the goals of the proposal and have begun to find common ground in negotiations. The Slovenian EU presidency has aimed to present a compromise proposal in November 2021. Companies applying or planning to apply AI should keep abreast of the latest developments in the legislative project.