1.12.2021

Harmonised Rules to Keep Artificial Intelligence in Check

The EU is currently debating harmonised rules for artificial intelligence in the form of a legislative project aimed at making sustainable AI concrete. Finnish Parliament has also recently taken a position on the Commission’s proposed regulation. Clearly, this is a particularly relevant topic to designers and developers of AI systems. The proposed regulation has been criticised for its breadth and is set to keep industry operators on their toes as it develops towards its final form.

Four Main Classifications of AI

The goal of the proposed regulation is to incorporate obligations into special legislation in order to put the responsible use of AI into specific terms. AI systems often process information about the activities and lives of consumers, and responsibility in this context means, for example, transparency, fairness and ethicality. The aforementioned proposed AI regulation, which was published by the European Commission in April 2021, is an example of legislative efforts to harmonise the use of AI in the EU.

The goal for harmonised European rules is to increase trust in the use of AI and reduce applications of AI that violate of the EU’s fundamental rights, such as police state mass surveillance, scoring of citizens or other applications that pose a threat to citizens. These threats will be addressed by a classification of AI application into four main categories based on whether the application poses an unacceptable risk, high risk, limited risk or minimal risk.

These categories are based on the purpose of use, not the technology being used. AI is used for a wide array of applications, from chatbots to facial recognition and from the pharmaceutical industry to autonomous weapons. The obligations set forth in the proposed regulation are intended to promote transparency and consumer confidence.

Transparency Increases Trust

The responsible use of AI and responsible data processing require transparency. Transparency can be a strong competitive advantage not only in business but also from the perspective of customers or personnel.  Keeping up with and adopting the latest technological developments can open up innovative business opportunities and perspectives. Clear communication to consumers creates an image of a company’s activities while increasing trust and commitment amongst consumers, employees and other stakeholder groups. However, it is important to note that many consumers may have difficulty conceptualising how AI functions.

Responsible use of AI can be seen as part of corporate responsibility. A regulatory model based on soft-law joint or self-regulation could be problematic, as it may not be enough to earn the trust of consumers, and other stakeholders would have little to no say in it. This kind of model also does not seek to distinguish between organisations responsible for supervision and those responsible for imposing sanctions.

Like the GDPR, the AI Regulation would require precision in data and data administration, sufficient data security and proper documentation of the realisation of transparency and the fulfilment of the disclosure obligation. The Commission’s proposal solves the separation of supervision and sanction power by establishing a European Artificial Intelligence Board, which would share responsibility for supervision with the Member States’ market supervisory authorities, while Member States would be responsible for imposing administrative fines and other sanctions. This is the same solution that was adopted in the GDPR.

Criticism of Proposed Regulation

The AI Regulation is a major legislative project, but the proposal is neither comprehensive nor watertight. For example, it presents few practical solutions to prevent algorithmic bias, despite the fact that this was one of the primary concerns that lead to the project being launched in the first place. The proposal’s definition of AI has also been criticised for being too broad. On the other hand, the reasoning behind the broad definition is to ensure that it is technology neutral and future proof so that it would not immediately become outdated as technology develops. The scope of application should be clear and the requirements proportionate. Clear boundaries can be justified, e.g. based on the principal of legal certainty. The definition of what applications are considered high risk is somewhat unclear in the annex of the proposed regulation, which creates uncertainty on the markets as to the suitability of the regulation.

The proposal has also been criticised for being overly complex and, as it would be directly applicable legislation, for leaving little room for Member States due to aiming for far-reaching harmonisation. There are also fears that increasing bureaucracy will hinder AI innovation.

What Next?

The Commission’s proposal is currently being debated by legislators, the European Parliament and the Council of Europe. Though the proposal has given rise to questions and doubts, the Member States are for the most part supportive of the goals of the proposal and have begun to find common ground in negotiations. The Slovenian EU presidency has aimed to present a compromise proposal in November 2021. Companies applying or planning to apply AI should keep abreast of the latest developments in the legislative project.

Latest references

We assisted Smarter Contracts Ltd in the process where the Finnish Transport and Communications Agency Traficom confirmed it to be an EU-recognised data intermediation service. Non-EU companies must have a legal representative in some EU country so that they can offer data intermediation services in accordance with the Data Governance Act. Smarter Contracts is based in Great Britain and selected Finland for the task. Smarter Contracts is the first non-EU data intermediation service registered by Traficom. Wayne Lloyd, Founder & CEO of Smarter Contracts, remarked:  The support from the Castrén team was exceptional from start to finish. Pioneering new territory is never without its challenges, and as the first non-EU data intermediation service provider, we faced significant legal uncertainties. Despite these complexities, the Castrén team expertly guided us through each step with remarkable efficiency, providing the certainty we needed. Smarter Contracts leverages its proprietary Pulse Permissions Protocol® to deliver advanced consent and access rights management services. This milestone highlights Castrén & Snellman’s proficiency in navigating intricate regulatory landscapes, whilst recognising the relevance of Smarter Contracts’ innovative approach to secure, compliant data management.
Case published 11.12.2024
We assisted Pharmaca Health Intelligence in its acquisition of Mediaattori Ltd’s PODIUM Connect® and PODIUM Visits businesses. Through the acquisition, Pharmaca Health Intelligence strengthens its extensive service offerings in medical information, data-driven management, and education for both healthcare and pharmaceutical companies. Pharmaca Health Intelligence is a pioneer in digital medical information and a reliable partner for wellbeing services counties, the private healthcare sector and pharmacies. The company invests in the development of technology and service solutions related to pharmaceutical information, also on an international scale.
Case published 5.12.2024
We are acting as the lead counsel to Fortum in a cross-border transaction in which Fortum is selling its recycling and waste business. The business is sold to thematic impact investing firm Summa Equity through its portfolio company NG Group. The debt-free purchase price is approximately EUR 800 million. The transaction is subject to authority approval and customary closing conditions. Fortum’s recycling and waste business to be sold comprises municipal and industrial waste management and end-to-end plastics, metals, ash, slag and hazardous waste treatment and recycling services. These businesses are located in Finland, Sweden, Denmark and Norway and currently employ approximately 900 employees.
Case published 18.7.2024
We advised Andritz Oy, a part of ANDRITZ group, with their acquisition of all the shares in Procemex Oy. The acquisition further strengthens ANDRITZ’s automation and digitalisation portfolio. Procemex is a global leader in integrated web monitoring and web inspection solutions for the pulp and paper industry. It has a team of more than 100 vision systems experts and has subsidiaries in Germany, Japan and the US. ANDRITZ offers a broad portfolio of innovative plants, equipment, systems, services and digital solutions for a wide range of industries and end markets. ANDRITZ is a global market leader in all four of its business areas – Pulp & Paper, Metals, Hydropower and Environment & Energy. The publicly listed group has around 30,000 employees and over 280 locations in more than 80 countries.
Case published 18.7.2024