30 Apr 2020 – Originally published as a guest post at nsucyberlaw.org.
In February, the European Commission released a White Paper entitled, “On Artificial Intelligence – A European Approach to Excellence and Trust,” in support of the European Commission (EC) five-year strategy for EU technology policy. Presented by EC President Ursula von der Leyen in support of her goal of “tech sovereignty” for the EU,[1] the White Paper was released in conjunction with “A European Strategy for Data,” a communication that previews the EC’s comprehensive digital strategy. These publications set forth an ambitious and – from von der Leyen’s perspective – optimistic[2] plan for the EU to enjoy an enduring leadership role in the data economy and in the use and regulation of artificial intelligence (AI).
While campaigning for the EC presidency, one of the promises that von der Leyen made was to initiate legislation to support “a coordinated European approach on the human and ethical implications of Artificial Intelligence.”[3] With the publication of the AI White Paper last week, the EC presented policy options to build on the EC’s 2018 AI strategy[4] and has moved one step closer to the promised AI legislation. Recognizing AI’s primary importance within the data economy,[5] the AI White Paper also acknowledges the need for AI policy to be based on the EU’s commitment to its core values, including privacy protection and human dignity.[6] In addition, the White Paper points out the unifying role that EU legislation could play in avoiding the legal uncertainty of a fragmented approach to AI laws within the single market.[7]
The AI White Paper proposes specific revisions to existing EU AI frameworks, addressing risks based on current related legislation and focusing on the challenge of balancing legal certainty in the area with the need for flexibility due to the dynamic nature of technology.[8] Organized under the categories of an “ecosystem of excellence,” and an “ecosystem of trust,” the White Paper’s proposed global legislative vision includes partnerships and coordination with members states and the private sector to promote optimal investment in necessary research, infrastructure workforce skills, and support for small and medium-sized enterprises.[9]
In addition, the AI White Paper proposes a review of the current EU legislative framework, including sectoral regulations, to ensure that they fully address risk associated with AI systems. Several risks are discussed, including consumer protection from algorithmic bias and risks inherent in the shifting concept of “safety” as new threats related to technology develop.[10] The EC’s “Report on the Safety and Liability Implications of Artificial Intelligence, the Internet of Things and Robotics” accompanies the AI White Paper and expands upon safety and liability implications of new and transforming technologies in even greater detail. The White Paper considers the possibility that new AI legislation might be necessary in addition to amendments to existing laws to thoroughly address developments in technology.[11] It also stresses the importance of a continuing risk analysis, so that areas of minimal risk are not over-regulated.[12]
The European Strategy for Data communication[13] echoes the importance of investment in AI and of common action to avoid fragmentation among member state legal frameworks, with a focus on the overall benefits to the EU single market of data-driven innovation.[14] The EC also has made a policy commitment to a new Digital Services Act to complete the digital single market by improving liability and safety regulations for the digital environment.[15] Much Internet-based commerce, including platform and provider liability, is still regulated in the EU by the 20-year-old eCommerce Directive; the creation of the Digital Services Act will provide the opportunity to incorporate updated rules for online services into the unified regulatory approach to digital technology.
In addition to the review, amendment, and likely supplementation of existing EU legislation to account for AI, the EU digital plan contemplates a far-reaching approach to the regulation of all aspects of technology. If speculation that AI is the most important area ripe for comprehensive regulatory overhaul since GDPR is correct,[16] the resulting unified strategy might go a long way to advance the EU’s goal as a leader in technology economy.
Although it is possible that the EC will revise its timeline based on the global attention focused on the COVID-19 virus response, the AI White Paper will be open for comments until May 19, 2020 at https://ec.europa.eu/eusurvey/runner/AIConsult2020. The EC also is accepting comments on the European Strategy for Data plan at https://ec.europa.eu/eusurvey/runner/DataStrategy.
[1] Shaping Europe’s digital future: op-ed by Ursula von der Leyen, President of the European Commission, (19 February 2020), available at https://ec.europa.eu/commission/presscorner/detail/en/ac_20_260.
[2] Id.
[3] Political Guidelines of Ursula von der Leyen, available at https://ec.europa.eu/commission/sites/beta-political/files/political-guidelines-next-commission_en.pdf.
[4] AI for Europe, COM/2018/237, available at https://ec.europa.eu/transparency/regdoc/rep/1/2018/EN/COM-2018-237-F1-EN-MAIN-PART-1.PDF
[5] On Artificial Intelligence – A European Approach to Excellence and Trust, COM/2020/65.
[6] Id., p. 2.
[7] Id. p.2, 15, 24.
[8] Id.at 9-16.
[9] Id. at 3-7.
[10]Id. at 13-14.
[11] Id.
[12] Id. at 17.
[13] A European Strategy for Data, COM/2020/66.
[14] Id. at 1.2, 6.
[15]Supra note 3.
[16] See, e.g., Kayali, Laura, “Next European Commission takes aim at AI: Artificial intelligence will be the next GDPR,” politico.com (18 July 2019), available at https://www.politico.eu/article/ai-data-regulator-rules-next-european-commission-takes-aim/.