Greetings from Brussels!
In recent years, artificial intelligence has become a byword for all that is smart innovation. From manufacturing across every services sector segment imaginable, the technology has been embraced as its development promises greater ingenuity and value. The expansive economic and social benefits of AI as we touch services and products are visibly undeniable.
However, as is usually the case, where there are fundamental shifts in industrial design and innovation, lawmakers are never too far behind. For some time, the European Commission and the European Parliament have been engaged in research and debating the topic with a first parliamentary resolution back in 2017. Following the commission AI white paper in 2020, this has finally culminated in the recent publication of the much-anticipated proposal for an EU AI regulation, more commonly referred to as the Artificial Intelligence Act. In a similar vein as the GDPR, this new EU proposal is every bit as ambitious, being the first-ever legal framework intended to regulate the risks and potential dangers posed by AI to future freedoms, rights and privacy writ large. Data governance is at the heart of this draft regulation.
I would point to two separate articles for a high-level summary and analysis of the proposed regulation, the first by Jetty Tielemans, a true denizen in our space. The second, which I also found to be a very thought-provoking narrative, is by Dan Whitehead of Hogan Lovells. Interestingly, and perhaps an indication of learning from current regulatory debate, while the proposal shares common principles with the GDPR in its design, the commission opted to leave enforcement to member state regulators, avoiding a one-stop-shop mechanism. There is, however, the provision for the implementation of a European AI Board with the stated goal of assisting regulatory authorities and the commission in the consistency of application and enforcement, issuing opinions and safeguarding good practices across the EU.
Given the contentious and far-reaching nature of AI, there will be many interested stakeholders with a voice on this latest proposal. The EDPS was one of the first to confirm its support, endorsing the need for regulatory assurance that AI solutions are shaped according to the EU's values and legal principles. Wojciech Wiewiórowski also commended the risk-based approach to the framework, acknowledging that numerous AI applications pose limited threats to the fundamental rights of privacy and data protection all the while bringing considerable benefits. The European Consumer Organisation was less buoyant in its position, stating the proposal falls short of consumer groups' expectations and the EU's own objective of enabling AI that people can trust. BEUC Director General Monique Goyens commented that the proposal "should have put more focus on (consumer rights) helping consumers trust AI in their daily lives." Goyens added, "the use of artificial intelligence and automated decision-making must not lead to discrimination or constrain consumers' autonomy and choice."
The European Commission has also launched a public consultation process and welcomes feedback on the proposal until 22 June. The feedback will be reviewed by the commission and presented to the European Parliament and Council in support of the legislative debate that will now ensue. As mentioned by Tielemans in her reflections, expect a rather "bumpy ride" to adoption, a rash of amendments by both the Parliament and member states: This is going to take some time.
The importance of the proposal should certainly not be understated as, like the GDPR, it extends to foreign tech companies that operate within the EU and even to those without an EU legal presence. One can only imagine that it may not be long before other jurisdictions follow suit with their own frameworks.