On 21st April 2021 the EU Commission published a proposal for a new AI Regulation which will attempt to guarantee the safety and fundamental rights of individuals and businesses whilst boosting investment and innovation in AI across Europe. Described by the Commission as the 'first-ever legal framework on AI', the new rules are intended to strengthen Europe's position in the development of ' human-centric, sustainable, secure, inclusive and trustworthy AI.'
The new rules will apply to providers deploying AI systems throughout the EU regardless of where they are based. They will also apply to users of AI systems located within the EU and providers and users of AI systems located in third countries where the output produced by the system is used in the EU. As with the GDPR which came into effect on 25th May 2018, the wide application of the proposed Regulation means it is likely to shape the practices of providers, importers, distributors and users of AI systems whether they are based in the EU or elsewhere.
Despite the UK's departure from the EU it is likely that the impact on UK businesses will be substantial. With a population of approximately 450m people, some commentators believe the size of the EU market & scope of the proposed AI Regulation will result in the rules becoming the de-facto standard for AI practices around the world. In response to the EU proposal it remains to be seen whether the UK Government will propose similar legislation to facilitate trade with the EU. Nevertheless, the impact on UK AI providers is clear; if they wish to sell their products and services into the EU they will need to comply. Furthermore, UK multinationals using AI technology with a presence in the EU will need to consider whether to utilise a common set of AI systems compliant with the Regulation, or adopt different technology in different jurisdictions. With a need to fully leverage data and maximise efficiency a holistic approach may well be the way forward for these multinationals. The impact on UK SMEs using AI technology is less clear but where they are using AI to process the data of EU citizens or where the output of the AI system is used in the EU they may well be caught by the Regulation.
The EU proposal sets out a risk based regulatory structure which will ban some uses of AI whilst heavily regulating certain high risk uses and lightly regulating those deemed ‘low risk’. An AI system's level of risk will be assessed through analysis of its intended purpose, the irreversibility of any harm and the likely number of people it will affect. AI systems considered a clear threat to the safety, livelihoods and rights of individuals will be banned, this will include the use of 'subliminal techniques' used to exploit vulnerable people or which encourage individuals to act against their own interests or distort their behaviour and in particular AI used in certain sectors like education, employment and essential services.
Providers of high risk AI systems will be subject to strict obligations. The new rules will require businesses to prove the safety of the technology, document how it makes decisions, conduct conformity assessments and guarantee human oversight in how AI applications are used and created.
The proposal includes a variety of administrative fines depending on the nature of the breach. Where organisations are found to be using AI systems for prohibited purposes or are in breach of their data governance obligations they may face fines of 6% of their annual global turnover or €30m. Non-compliance of the AI system with other obligations under the Regulation may lead to fines of €20m or 4% of turnover. The supply of incorrect or misleading information in reply to a request by an authority may lead to fines of 2% of turnover or €10m.
Although the list of high risk uses and their corresponding obligations are likely to be subject to close scrutiny and amendment before the proposals are adopted, the breadth and onerous nature of the obligations may require significant investment & alterations to business processes for organisations striving to comply. Concerns have also been raised that the proposed Regulation will stifle growth, innovation and productivity, preventing organisations from harnessing emerging technology and leading European businesses to fall behind their US and Chinese counterparts. UK businesses should be closely monitoring the developments of the EU proposals, consider how this will impact them and be keeping an eye out for any similar legislation which is proposed by the UK Government.
For more information on the article above please contact Suzie Miles.