The EU is currently debating harmonised rules for artificial intelligence in the form of a legislative project aimed at making sustainable AI concrete. Finnish Parliament has also recently taken a position on the Commission’s proposed regulation. Clearly, this is a particularly relevant topic to designers and developers of AI systems. The proposed regulation has been criticised for its breadth and is set to keep industry operators on their toes as it develops towards its final form.
1.12.2021
Harmonised Rules to Keep Artificial Intelligence in Check
Related services
Tags
Four Main Classifications of AI
The goal of the proposed regulation is to incorporate obligations into special legislation in order to put the responsible use of AI into specific terms. AI systems often process information about the activities and lives of consumers, and responsibility in this context means, for example, transparency, fairness and ethicality. The aforementioned proposed AI regulation, which was published by the European Commission in April 2021, is an example of legislative efforts to harmonise the use of AI in the EU.
The goal for harmonised European rules is to increase trust in the use of AI and reduce applications of AI that violate of the EU’s fundamental rights, such as police state mass surveillance, scoring of citizens or other applications that pose a threat to citizens. These threats will be addressed by a classification of AI application into four main categories based on whether the application poses an unacceptable risk, high risk, limited risk or minimal risk.
These categories are based on the purpose of use, not the technology being used. AI is used for a wide array of applications, from chatbots to facial recognition and from the pharmaceutical industry to autonomous weapons. The obligations set forth in the proposed regulation are intended to promote transparency and consumer confidence.
Transparency Increases Trust
The responsible use of AI and responsible data processing require transparency. Transparency can be a strong competitive advantage not only in business but also from the perspective of customers or personnel. Keeping up with and adopting the latest technological developments can open up innovative business opportunities and perspectives. Clear communication to consumers creates an image of a company’s activities while increasing trust and commitment amongst consumers, employees and other stakeholder groups. However, it is important to note that many consumers may have difficulty conceptualising how AI functions.
Responsible use of AI can be seen as part of corporate responsibility. A regulatory model based on soft-law joint or self-regulation could be problematic, as it may not be enough to earn the trust of consumers, and other stakeholders would have little to no say in it. This kind of model also does not seek to distinguish between organisations responsible for supervision and those responsible for imposing sanctions.
Like the GDPR, the AI Regulation would require precision in data and data administration, sufficient data security and proper documentation of the realisation of transparency and the fulfilment of the disclosure obligation. The Commission’s proposal solves the separation of supervision and sanction power by establishing a European Artificial Intelligence Board, which would share responsibility for supervision with the Member States’ market supervisory authorities, while Member States would be responsible for imposing administrative fines and other sanctions. This is the same solution that was adopted in the GDPR.
Criticism of Proposed Regulation
The AI Regulation is a major legislative project, but the proposal is neither comprehensive nor watertight. For example, it presents few practical solutions to prevent algorithmic bias, despite the fact that this was one of the primary concerns that lead to the project being launched in the first place. The proposal’s definition of AI has also been criticised for being too broad. On the other hand, the reasoning behind the broad definition is to ensure that it is technology neutral and future proof so that it would not immediately become outdated as technology develops. The scope of application should be clear and the requirements proportionate. Clear boundaries can be justified, e.g. based on the principal of legal certainty. The definition of what applications are considered high risk is somewhat unclear in the annex of the proposed regulation, which creates uncertainty on the markets as to the suitability of the regulation.
The proposal has also been criticised for being overly complex and, as it would be directly applicable legislation, for leaving little room for Member States due to aiming for far-reaching harmonisation. There are also fears that increasing bureaucracy will hinder AI innovation.
What Next?
The Commission’s proposal is currently being debated by legislators, the European Parliament and the Council of Europe. Though the proposal has given rise to questions and doubts, the Member States are for the most part supportive of the goals of the proposal and have begun to find common ground in negotiations. The Slovenian EU presidency has aimed to present a compromise proposal in November 2021. Companies applying or planning to apply AI should keep abreast of the latest developments in the legislative project.
Latest insights
Article published 10.10.2024 – Data & Technology
New act on dual-use items entered into force in September – what companies need to know
Article published 5.9.2024 – Data & Technology
Technology acquisitions can boost companies’ growth – or cause them to fail
Article published 6.5.2024 – Employment
Outsourcing company functions – four key points for success
Article published 7.12.2023 – Data & Technology
Agreements define data sharing and re-use
Kim Parviainen, Lauri Laatunen & Joakim Jaulimo
Topi Lusenius, Anders Forss & Kim Parviainen
Tomi Kemppainen, Kim Parviainen & Eija Warma-Lehtinen
Latest references
Savings Banks Group – Sale of Sb Life Insurance
We advised the Savings Banks Group on an arrangement whereby the shares in Sp-Henkivakuutus Oy were sold to Henki-Fennia and at the same time the parties agreed on a long-term distribution cooperation for insurance savings and loan protection products. The closing of the transaction remains subject to regulatory approvals. Sb Life Insurance is a domestic life insurance company, established in 2007, offering insurance savings and risk insurance products to private customers and companies. The Savings Banks and Oma Säästöpankki Oyj act as agents for Sp-Life Insurance. Henki-Fennia is a subsidiary of Keskinäinen Vakuutusyhtiö Fennia, specialising in voluntary life, pension and savings insurance.
Case published 11.4.2025
Valio – Acquisition of the Härkis® and Beanit® fava bean brands
We advised Valio Oy in its acquisition of Raisio Oyj’s plant protein business, related fixed assets and the Härkis® and Beanit® fava bean brands. The fixed assets include, among other things, the production equipment of the factory that makes plant protein products in Kauhava. The transaction supports Valio’s strategy to grow from a dairy company to a food company. This business acquisition will make us an even more significant developer and producer of plant-based protein products. The demand for these products will grow in the long term, and a great deal of growth potential still remains. In 2022, we acquired the Gold&Green® business and, since then, we have been carrying out strong product development and renewed the brand. Following successful product launches, sales in the last quarter of 2024 increased by about 50% from the previous quarter. With this acquisition, we are building our own production capacity. The production equipment of the Kauhava factory is just right for our needs and situation. says Kimmo Luoma, Valio’s Senior Vice President. Valio is a Finnish dairy and food company founded in 1905 and owned by Finnish dairy cooperatives. Valio has subsidiaries in Sweden, Estonia, the United States and China. In 2023, the Group had a turnover of EUR 2 278 million and more than 4 000 employees.
Case published 14.2.2025
WithSecure – Sale of cyber security consulting business
We advised WithSecure Corporation in the sale of its cybersecurity consulting business to Neqst. WithSecure is a global cyber security company (listed on NASDAQ OMX Helsinki). Neqst is a Swedish investment firm, focusing on technology companies. The closing of the transaction remains subject to customary conditions and regulatory approvals.
Case published 24.1.2025
Smarter Contracts – Registration of the first non-EU data intermediation service in Finland
We assisted Smarter Contracts Ltd in the process where the Finnish Transport and Communications Agency Traficom confirmed it to be an EU-recognised data intermediation service. Non-EU companies must have a legal representative in some EU country so that they can offer data intermediation services in accordance with the Data Governance Act. Smarter Contracts is based in Great Britain and selected Finland for the task. Smarter Contracts is the first non-EU data intermediation service registered by Traficom. Wayne Lloyd, Founder & CEO of Smarter Contracts, remarked: The support from the Castrén team was exceptional from start to finish. Pioneering new territory is never without its challenges, and as the first non-EU data intermediation service provider, we faced significant legal uncertainties. Despite these complexities, the Castrén team expertly guided us through each step with remarkable efficiency, providing the certainty we needed. Smarter Contracts leverages its proprietary Pulse Permissions Protocol® to deliver advanced consent and access rights management services. This milestone highlights Castrén & Snellman’s proficiency in navigating intricate regulatory landscapes, whilst recognising the relevance of Smarter Contracts’ innovative approach to secure, compliant data management.
Case published 11.12.2024