The objective of the Artificial Intelligence Act (“AI Act”) being drafted is to ensure that the artificial intelligence systems released to the EU market and used there are safe and comply with fundamental rights. The AI Act also aims to facilitate developing the internal market and to promote competitiveness. Despite the good intentions, the end result may be quite the opposite. The so called Brussels effect came true for the General Data Protection Regulation.
5.9.2022
The EU is currently trying to decide what kind of intelligent systems we will use in the future
Eija Warma-Lehtinen & Sakari Salonen
Related services
Most of the developed countries can agree with the EU’s view on the prohibited uses of artificial intelligence, but is the EU able to produce AI regulation that would serve as a model for the whole world? Or will heavy AI regulation in the EU lead to a situation where Europe is left behind in AI development and eventually has to adapt to standards that have formed on other markets? Furthermore, is the new regulation actually necessary? For example, the frequently discussed matter of surveillance based on facial recognition in public places has already been opposed by the European Data Protection Board within the current regulation.
Unlike before, the AI Act concerns a specific technology. For this reason, the proposal raises the question: is the Act aimed at regulating the technology or the phenomenon for which the technology is used?
A lot of critique has been raised, indicating that the existing regulation, such as the GDPR and product liability and product safety regulations, could already offer sufficient protection for applying a specific technology. The GDPR regulates automatic decision-making based on personal data. It requires that the data is relevant, representative, accurate and complete. Particularly the requirement of completeness has long been debated: is any operator able to ensure the completeness and accurateness of data in any circumstances?
The key concepts of the proposal have also been criticised as too ambiguous, narrow or overlapping with other regulations. In addition, the proposal includes rather wide but ambiguous obligations for high-risk applications, such as wide obligations concerning human oversight. However, this does not guarantee that the persons conducting the oversight can actually detect and address deviations, which has become apparent when testing the operation of self-driving cars, for example. The obligations will be expensive for those parties that want to do what is right, whereas it may turn out to be difficult to call deceitful operators to account.
Despite the critique, the AI Act is on its way, so it is advisable to start preparing for its entry into force. The most important thing at the moment is to assess which of the three AI risk categories is the one that your application belongs to: unacceptable, high-risk or unregulated. If an application under development is categorised as a high-risk application, make sure that it fulfils the requirements of the Act, such as establishing a risk management system, drafting technical documentation, automatic recording of events and ensuring human oversight.
Latest insights
Article published 10.10.2024 – Data & Technology
New act on dual-use items entered into force in September – what companies need to know
Article published 5.9.2024 – Data & Technology
Technology acquisitions can boost companies’ growth – or cause them to fail
Article published 6.5.2024 – Employment
Outsourcing company functions – four key points for success
Article published 7.12.2023 – Data & Technology
Agreements define data sharing and re-use
Kim Parviainen, Lauri Laatunen & Joakim Jaulimo
Topi Lusenius, Anders Forss & Kim Parviainen
Tomi Kemppainen, Kim Parviainen & Eija Warma-Lehtinen
Latest references
PwC – Public tender in Kela’s Eepos procurement process
We are proud to have provided legal assistance to PwC in the successful public tendering process for the comprehensive renewal of Kela’s benefits processing systems. Kela is the Social Insurance Institution of Finland, and this project is a significant cornerstone in modernising Finland’s social security infrastructure. PwC was selected as Kela’s strategic partner to implement a comprehensive overhaul of the benefits processing systems, digital services, customer relationship management, and information exchange platforms. The project aims to meet the demands of the future digital environment and enhance customer experience through the adoption of Salesforce technology. The new systems are expected to simplify benefit processes, enhance user experience for both customers, employees and other stakeholders, and ensure adaptability to future legislative changes. Castrén & Snellman provided strategic legal support to PwC throughout its successful bidding process, which was carried out through a competitive negotiated procedure. We extend our warmest congratulations to PwC for their successful bid and look forward to seeing the positive impact of this project on Finland’s social security system.
Case published 24.4.2025
Savings Banks Group – Sale of Sb Life Insurance
We advised the Savings Banks Group on an arrangement whereby the shares in Sp-Henkivakuutus Oy were sold to Henki-Fennia and at the same time the parties agreed on a long-term distribution cooperation for insurance savings and loan protection products. The closing of the transaction remains subject to regulatory approvals. Sb Life Insurance is a domestic life insurance company, established in 2007, offering insurance savings and risk insurance products to private customers and companies. The Savings Banks and Oma Säästöpankki Oyj act as agents for Sp-Life Insurance. Henki-Fennia is a subsidiary of Keskinäinen Vakuutusyhtiö Fennia, specialising in voluntary life, pension and savings insurance.
Case published 11.4.2025
Valio – Acquisition of the Härkis® and Beanit® fava bean brands
We advised Valio Oy in its acquisition of Raisio Oyj’s plant protein business, related fixed assets and the Härkis® and Beanit® fava bean brands. The fixed assets include, among other things, the production equipment of the factory that makes plant protein products in Kauhava. The transaction supports Valio’s strategy to grow from a dairy company to a food company. This business acquisition will make us an even more significant developer and producer of plant-based protein products. The demand for these products will grow in the long term, and a great deal of growth potential still remains. In 2022, we acquired the Gold&Green® business and, since then, we have been carrying out strong product development and renewed the brand. Following successful product launches, sales in the last quarter of 2024 increased by about 50% from the previous quarter. With this acquisition, we are building our own production capacity. The production equipment of the Kauhava factory is just right for our needs and situation. says Kimmo Luoma, Valio’s Senior Vice President. Valio is a Finnish dairy and food company founded in 1905 and owned by Finnish dairy cooperatives. Valio has subsidiaries in Sweden, Estonia, the United States and China. In 2023, the Group had a turnover of EUR 2 278 million and more than 4 000 employees.
Case published 14.2.2025
WithSecure – Sale of cyber security consulting business
We advised WithSecure Corporation in the sale of its cybersecurity consulting business to Neqst. WithSecure is a global cyber security company (listed on NASDAQ OMX Helsinki). Neqst is a Swedish investment firm, focusing on technology companies. The closing of the transaction remains subject to customary conditions and regulatory approvals.
Case published 24.1.2025