EU White Paper on Artificial Intelligence – getting ready for the future

There has been quite some upheaval the last few weeks in the legal digital micro-space after a draft of the White Paper on Artificial Intelligence (AI) was leaked including the idea of a three-to-five-year ban on the use of facial recognition technology in public places.

However, those discussions can be put to bed for now, as the long-awaited White Paper on AI (available here) was finally released by the European Commission on 19 February 2020, without said ban being mentioned.

With this White Paper, the European Commission aims to be at the forefront of the next (industrial) data wave by creating a so-called "ecosystem of excellence" and "ecosystem of trust" to boost the uptake of AI and address the risks associated with certain uses of this new technology.

In this first part we will dive into these ecosystems in more detail and how the Commission aims to achieve these. In a second part (to be published next week) we will discuss the requirements set out by the White Paper to which AI applications should comply in the future.

1. Ecosystem of excellence

The White Paper details measures in order to mobilise resources at EU, national and regional level to achieve an "ecosystem of excellence" to support the development and uptake of AI across the EU economy and public administration. These measures are:

  1. Working with Member States: The Commission wants to encourage closer and more efficient cooperation between the Member States and the Commission in key areas, such as research, investment, market uptake, skills and talent, data and international cooperation. To this end, a revised version of the Coordinated Plan to foster the development and use of AI in the EU (see previous here) will soon be finalised by the Commission and presented to the Member States.
  2. Focus on a true research and innovation community: Better synergies and more networks between the multiple European research centres on AI will be key to develop pan-European efforts to improve excellence, retain and attract the best researchers and develop the best technology. Hence, the creation of "excellence and testing centres" that combine European, national and private investments will be further facilitated.
  3. Skills: A strong focus on skills is needed to fill in the current competence shortages. Therefore, the Commission will prioritise to establish and support networks of leading universities and other higher education institutes to attract the best academics and experts and offer world-leading masters programmes in AI.
  4. Focus on SMEs: In order to ensure that also SMEs can access and use AI, the Commission plans to further enhance access to AI funding for SMEs and start-ups to ensure a broader uptake of AI.
  5. Partnership with the private sector: A new public-private partnership in AI, data and robotics will be set up to combine efforts and ensure coordination of research, co-investment and innovation in AI.
  6. Promoting the adoption of AI by the public sector: The Commission is convinced that AI is ready for large-scale deployment in the healthcare and transport sectors and wants to support rapid deployment in these sectors of products and services relying on AI.
  7. Securing access to data and computing infrastructures: As data is the fuel of AI, the White Paper suggests to invest more than EUR 4 billion in computing infrastructures so that the EU can position itself at the forefront of the data and AI transformation.

2. Ecosystem of trust

To foster the adoption of AI by EU citizens and give private companies and public organizations the necessary legal certainty to innovate through using AI, the Commission wants to build an "ecosystem of trust" which relies on a clever mix of, on the one hand, targeted amendments to current EU legislation to cater for the specificities of AI, and, on the other hand, installing a future regulatory framework that exclusively applies to so-called "high-risk" AI applications.

Targeted amendments to current EU legislation

In order to address the main risks associated with the use of AI (e.g. the protection of fundamental rights, privacy and data protection, safety and liability-related issues), the Commission suggests to revise current EU legislation (including the GDPR, the General Product Safety Directive, the Unfair Commercial Practices Directive and the Consumer Rights Directive) to address specific risks created by AI. By way of example, legislative reforms can be expected to cover issues like:

  1. clarify legislations to ensure effective application and enforcement in relation to AI products;
  2. current general EU safety legislation applies to products and not to services and therefore not to services based on AI technology either – as a result, a revision of the scope of some legislations may be needed;
  3. the integration of AI into products may modify the functioning of such products during their lifecycle and create new risks that were not present when the system was placed on the market – to address these risks the existing legislation needs to be changed;
  4. uncertainty regarding the allocation of responsibilities between different economic operators (e.g. who should be liable when AI is added after the product is placed on the market by a party that is not the producer);
  5. the use of AI can give rise to safety risks that EU legislation currently does not explicitly address (e.g. cyber threats and personal security risks); and
  6. current EU legislation should make clear to which actors of the AI supply chain it is addressed and to which it is not.

Future regulatory framework for high-risk AI applications

In addition to targeted adjustments to current EU legislation, the White Paper envisages a specific new set of rules to deal with AI.

Compared to the "one-size fits-all" philosophy of the GDPR whereby all companies - from small SMEs and start-ups to blue chip companies (e.g. Facebook and Google) - are governed by the same legislation, the new legislative framework would follow a risk-based approach, meaning that only AI applications posing a "high risk" to citizens and society will be governed by this legislation. The reason for this innovative approach is that the Commission is wary that a new legislative framework may create a disproportionate burden on SMEs.

According to the White Paper, AI will be considered to be "high-risk" when two following cumulative criteria are met:

  1. the AI is used in a sensitive sector including, inter alia, the following sectors: healthcare, transport, energy and public sector areas such as asylum, migration border controls and judiciary, social security and employment services; and
  2. the use of AI in such sensitive sector is "likely to give rise to significant risks" – the White Paper provides less guidance on when such situation would arise but points out that the assessment of the level of risk of a given use case could be based on the impact of the affected parties (e.g. risks of injury, death or significant material or immaterial damage).

According to the White Paper a combined application of the two aforementioned conditions would ensure a narrow scope of application while, at the same time, providing the maximum level of legal certainty. In addition, the White Paper notes that there may exist situations where the use of AI applications for certain purposes will always be considered as high-risk, regardless whether the conditions are met (e.g. for the purpose of remote biometric identification and other intrusive surveillance technologies). The new legislative framework should also cater for such extremely sensitive situations.

For low-risk AI applications only the current (adjusted) EU legislation would apply but developers or deployers that voluntarily want to comply with the separate AI legislative framework will of course be able to do so. To encourage this, the White Paper suggest to put in place a certified quality label which can be awarded to such companies.

- - -

Stay tuned for our article next week in which we will discuss the (legal) requirements to which AI should comply in the future, the key guiding principles on the attribution of roles and responsibilities under the future legislative framework and the next steps of the Commission on this in 2020.

Please do not hesitate to get in touch if you would like to discuss any of above or if you plan on responding to the EU consultation on the White Paper and need any assistance from the Ashurst Digital Economy Team in this regard.