The Artificial Intelligence Act and consumer protection – are you ready?

The definition of AI and the Artificial Intelligence Act in light of consumer protection

A typical problem concerning AI is that it is very difficult to define, at least exhaustively. The Act defines AI as a software that has the ability, for a given set of human-defined objectives, to generate outputs such as content, predictions, recommendations, or decisions which influence the environment with which the system interacts. AI is not offered to consumers in a raw format. Instead, consumers receive products or services that are controlled by sophisticated algorithms and software.

The proposed regulation does not create new consumer rights or form new appeal proceedings as such. According to the proposal, when harmful AI practices and systems do not fall under the scope of prohibited AI practices as defined in the proposed regulation, they would be covered by general data and consumer protection legislation. The focus of the proposed regulation is on defining certain prohibited practices and strictly regulated high-risk systems. These practices are examined both on an industry and on a sector basis.

Prohibited practices

The proposal prohibits the use of AI systems that create an unacceptable risk. These systems create such an obvious threat to the safety, rights and livelihoods of people that the regulation prohibits their use entirely. Such systems include ones that have the potential to manipulate people through subliminal techniques beyond their conscious awareness and that are likely to cause psychological or physical harm. The proposal also prohibits certain systems that use social scoring, as they are considered contrary to fundamental values of the EU. They can also lead to discrimination.

High-risk systems

The proposal classifies as high-risk such AI systems that are intended to be used as safety components of products, for example, as well as systems that pose a high risk of harm to health and safety and that are used in specific areas. The proposal lists some examples of high-risk AI systems, including systems used as safety components in the management and operation of the supply of water, gas, heating and electricity, and systems used to evaluate the creditworthiness of natural persons in relation to essential private and public services.

The obligations of providers of high-risk AI systems are laid down in Article 16 of the proposed regulation. Among other things, such providers of AI systems shall:

Obligation to disclose information

The obligation to disclose information is central to the general principles of consumer protection. In the context of AI use, the obligation to disclose information is therefore a general principle for all AI systems affecting consumers. This means that consumers must have easy access to sufficient, clear and timely information on the existence of an AI system, its deductive processes and possible outcomes and its effects on consumers. Consumers must also be told how they can request the system’s operations to be reviewed or fixed and how they can contact a competent person. Information on disputing the matter must also be provided.

Further specifications to AI regulation

The Artificial Intelligence Act is meant to be a part of a larger whole, and some parts are not yet known. For example, there will be a separate proposal concerning the liability issues surrounding AI. It is likely that this proposal will be applicable to consumer protection as well. The proposal will also have several connecting factors to existing EU regulation, such as data protection and market supervision regulation and the general EU regulation on consumer protection binding on businesses.

Sources:

https://www.kkv.fi/ajankohtaista/lausunnot/lausunto-u-28-2021-vp-valtioneuvoston-kirjelma-eduskunnalle-komission-ehdotuksesta-euroopan-parlamentin-ja-neuvoston-asetukseksi-tekoalyn-harmonisoiduksi-saantelyksi-artificial-intelligence-act/

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52021PC0206&from=EN