The Artificial Intelligence Act and consumer protection – are you ready?

Artificial intelligence, or AI for short, plays a major role in the modern lives of people and companies. Various automations and algorithms govern online services, online trade and digital marketing. This has a significant impact on consumer behaviour. When it comes to consumer protection, the new regulation aims to increase consumers’ trust in AI and increase responsibility and safety in the market’s technological development. On 21 April 2021, the European Commission proposed a regulation laying down harmonised rules on artificial intelligence. According to estimates, the regulation could enter into force before the end of the year. With a transitional period of two years, the regulation would become applicable by the end of 2024.

The definition of AI and the Artificial Intelligence Act in light of consumer protection

A typical problem concerning AI is that it is very difficult to define, at least exhaustively. The Act defines AI as a software that has the ability, for a given set of human-defined objectives, to generate outputs such as content, predictions, recommendations, or decisions which influence the environment with which the system interacts. AI is not offered to consumers in a raw format. Instead, consumers receive products or services that are controlled by sophisticated algorithms and software.

The proposed regulation does not create new consumer rights or form new appeal proceedings as such. According to the proposal, when harmful AI practices and systems do not fall under the scope of prohibited AI practices as defined in the proposed regulation, they would be covered by general data and consumer protection legislation. The focus of the proposed regulation is on defining certain prohibited practices and strictly regulated high-risk systems. These practices are examined both on an industry and on a sector basis.

Prohibited practices

The proposal prohibits the use of AI systems that create an unacceptable risk. These systems create such an obvious threat to the safety, rights and livelihoods of people that the regulation prohibits their use entirely. Such systems include ones that have the potential to manipulate people through subliminal techniques beyond their conscious awareness and that are likely to cause psychological or physical harm. The proposal also prohibits certain systems that use social scoring, as they are considered contrary to fundamental values of the EU. They can also lead to discrimination.

High-risk systems

The proposal classifies as high-risk such AI systems that are intended to be used as safety components of products, for example, as well as systems that pose a high risk of harm to health and safety and that are used in specific areas. The proposal lists some examples of high-risk AI systems, including systems used as safety components in the management and operation of the supply of water, gas, heating and electricity, and systems used to evaluate the creditworthiness of natural persons in relation to essential private and public services.

The obligations of providers of high-risk AI systems are laid down in Article 16 of the proposed regulation. Among other things, such providers of AI systems shall:

Obligation to disclose information

The obligation to disclose information is central to the general principles of consumer protection. In the context of AI use, the obligation to disclose information is therefore a general principle for all AI systems affecting consumers. This means that consumers must have easy access to sufficient, clear and timely information on the existence of an AI system, its deductive processes and possible outcomes and its effects on consumers. Consumers must also be told how they can request the system’s operations to be reviewed or fixed and how they can contact a competent person. Information on disputing the matter must also be provided.

Further specifications to AI regulation

The Artificial Intelligence Act is meant to be a part of a larger whole, and some parts are not yet known. For example, there will be a separate proposal concerning the liability issues surrounding AI. It is likely that this proposal will be applicable to consumer protection as well. The proposal will also have several connecting factors to existing EU regulation, such as data protection and market supervision regulation and the general EU regulation on consumer protection binding on businesses.