European Commission Unveils Proposal for a Regulation on Artificial Intelligence

On April 21, 2021, the European Commission (EC) released a proposal for a regulation (the Draft Regulation) laying down harmonised rules on artificial intelligence (AI) aimed to ensure the protection of fundamental European Union (EU) rights and safety of AI system users, as well as trust in the development and uptake of AI. The much-anticipated Draft Regulation follows last year’s release of EC’s white paper setting out policy options for AI regulation in Europe (previously reported in E-TIPS Newsletter here).

The Draft Regulation applies to public and private actors (i.e. providers, importers, distributors and users of AI systems) established within the EU or in a third country that places AI systems on the market or puts them into service within the EU, or where their use affects people located in the EU. “AI system” is broadly defined as a software product that is developed using certain listed techniques and approaches that can generate outputs influencing the environments they interact with.

The Draft Regulation outlines a risk-based approach to differentiate between uses of AI that create:

1. unacceptable risk and are prohibited under the Draft Regulation (e.g. AI systems that can exploit vulnerabilities of a specific group of persons or use real-time remote biometric identification in publicly accessible spaces, subject to some exceptions);
2. high-risk to the health and safety or fundamental rights of natural persons (e.g. AI systems that perform a safety function in certain products, such as mobile devices, robotics, medical devices and other machinery); or
3. low and minimal risk (e.g. AI-enabled video games or chatbots).

AI systems deemed to be high-risk are subject to mandatory obligations covering risk management, data governance, technical documentation, record-keeping requirements, transparency and provision of information to users, human oversight, robustness, accuracy, cybersecurity, post-market monitoring and incident reporting.  The Draft Regulation contemplates substantial penalties of up to EUR 30 million or up to 6% of annual worldwide turnover, whichever is higher to be levied against companies for non-compliance.

The Draft Regulation must still go through the European legislative process and may be subject to further amendments before being adopted by the European Parliament and Member States. If successfully adopted, this legal framework for trustworthy AI will likely impact the regulatory approach to AI in other jurisdictions around the world.

Summary By: Anna Troshchynsky