For instance, the White Paper on AI outlined the essential components of a potential European legislative framework for AI. However, since they were put into place when AI was still in its infancy, they don’t really cover many AI-specific topics.
The European Commission introduced the first-ever AI Act in April 2021 in an effort to close the regulatory gap, offer harmonized rules designed to complement the GDPR, and extend the applicability of existing sectoral product safety legislation to high-risk AI systems. Nonetheless, the New EU AI regulation might not come into effect until 2024, and even then, it might not address the issue in sufficient detail, leading to several regulatory pitfalls which we point out below. The highly anticipated AI Act is expected to be put to a vote at the European Parliament at the end of March 2023, at which point individual nations will begin negotiating the final terms of the legislation. The final EU AI Act is expected to be adopted at the end of 2023.
AI Act - regulatory shortcomings affecting the business players
The Artificial Intelligence Act aims primarily to cover the use of artificial intelligence, arguably neglecting to ensure AI providers consider the impact of that use on society as a whole, as opposed to just individuals. While it is incontrovertible that AI applications causing even a tiny amount of harm to individuals are highly undesirable, the Act seems to fail to fully grasp the much more significant harms such applications may cause on the societal level. For instance, a marketing application meant to influence citizens´ voting behavior can affect free election results.
The generalization of AI systems for multiple purposes, such as producing descriptions for biometric identification as well as generating newspaper image captions, has also become an increasingly alarming issue. It is widely advocated that the risk-based approach of the Act is modified as to include full and future risks and enhancement of fundamental rights protections, while still boosting innovation. Transparency obligations currently arising from the AI Act may need to be stronger and include measures, such as bans, to ensure the protection of fundamental rights, especially in relation to biometric applications. The Centre for the Study of Existential Risk at the University of Cambridge has suggested that reasonable proposed changes to the list of restricted and high-risk systems should be permitted, giving the regulation greater flexibility and a wider scope. It will be crucial that the regulation can be adapted to cover evolving technology and meet new risks as they arise.
As standardization bodies such as CEN (The European Committee for Standardization) and CENELEC (European Committee for Electrotechnical Standardization) are yet to publish their standards to eliminate the need for third party verification, there is currently a lack of enforcement mechanisms. The AI Act fails to adequately address legal compliance. As a result, the compliance would be almost entirely reliant on self-assessment by the providers, rendering the act incapable of achieving its stated goals. Furthermore, it has been suggested that the proposal of standards should encompass practicality for digital SMEs. According to Oxford Information Labs, conformance with harmonized standards will lead to a presumption of conformity for high-risk AI. Arguably, national, and European institutions should take the reins when it comes to policing AI. It is crucial that governance remains up-to-date on and responsive to technological trends through fast and systematic communication through incident reports from member states, for example. The framework for the enforcement of legal rights and duties, such as transparency and accountability, will remain one of the greatest challenges if the scope of the AI Act is to remain up to date.
According to the Center for Data Innovation, costs will inevitably become a major factor in AI investments and regulation. The Center claims AI will cost €31 billion over the next five years and AI investments will reduce by almost 20%. On the other hand, academics claim it will likely be much cheaper as the Act mainly covers high-risk AI, which only forms a small proportion of all AI, and regulation benefits fail to be considered.
Although progress has certainly been made towards effective and harmonized rules on development and the use of artificial intelligence, there is still a long way to go towards ensuring the objective safety of such innovation. While access to the development stage is constantly being made easier, many businesses will have to wait until proper and detailed fundamental rights protections are put in place before they are allowed to freely market their AI products. The following year will be one of standards, conformance, adaptability, and transparency, when it comes to regulating artificial intelligence.
Martina Gavalec, Senior Associate, CMS
Emma Kochová, CMS