|
Supporting the development and uptake of AI
A few actions are proposed to foster the development and uptake of AI in Europe:
-Supporting the deployment of a next generation high performance computing infrastructure, complemented by a European federation of cloud and computing infrastructures and targeted cloud-based AI services (to be funded via Horizon Europe and Digital Europe);
-Supporting the deployment of common European data spaces to facilitate pooling and sharing of data across Europe. These spaces will be organised by sector (for instance, agriculture) or problem area (such as climate change). They will combine the technical infrastructure for data sharing with governance mechanisms (to be funded via Digital Europe);
-Adopting (early 2021) an implementing act on high-value public sector datasets, based on the Open Data Directive. These data will have to be made available for free and in machine-readable format;
-Reinforcing European excellence centres for AI and facilitating their collaboration and networking. Europe can lead in four major sub-disciplines: 1) foundational research in AI algorithms, 2) perception and interaction, 3) robotics and 4) next generation of chips for AI;
-Establishing networks of leading universities to attract the best professors and scientists and offer master programmes in AI (to be funded via Horizon Europe and Digital Europe);
-Setting up a Leaders Group with high level representatives of major stakeholders. This Group would develop an industrial strategy and commit to its implementation. The Group would also offer strategic guidance to a new public-private partnership on AI, data and robotics (funded via Horizon Europe);
-Launching a pilot scheme under InnovFin to provide equity financing for AI and blockchain innovative developments, to be scaled up through InvestEU in 2021.
Proposed legal framework for AI
Legal definition of AI
The White Paper proposes a legal definition of AI as “software (integrated in hardware or self-standing) which provides for the following functions:
-simulation of human intelligence processes, such as learning, problem-solving, reasoning and self-correction;
-performing certain specified complex tasks, such as visual perception, speech recognition, decision-making and translation with a degree of autonomy, including through self-learning processes;
-involving the acquisition, processing and rational or reasoned analysis of data, typically in large quantities.”
Possible horizontal requirements
The Commission explains that it is necessary to review and complement the EU legislative framework applicable to AI to fully take into account its human and ethical implications.
EX ANTE requirements (before the product is placed on the market):
-Accountability and transparency requirements for developers to disclose the design parameters of the AI system, metadata of datasets used for training etc.;
-General design principles for developers to reduce the risks of the AI systems;
-Requirements for users regarding the quality and diversity of data used to train AI systems;
-Obligation for developers to carry out a risk assessment and take steps to minimise risks;
-Requirements for human oversight or a possible review of the automated decision by AI by a human (for instance, in case of denial of social benefits) as regards non-personal data (to complement GDPR).
EX POST requirements:
-Requirements on liability for harm/damage caused by a product or a service relying on AI, including the necessary procedural guarantees;
-Requirements on enforcement and redress for individuals and undertakings, including access to existing alternative online dispute resolution systems.
Possible regulatory options
Option 1: Voluntary labelling
Developers and users of AI could choose to comply with requirements for ethical and trustworthy AI. If compliant, they could use the label “ethical/trustworthy AI”.
Option 2: Sectorial requirements for public administration and facial recognition
This approach aims to ensure that public authorities deploy automated decision systems in a way that reduces risks to public institutions. For instance, it could establish requirements for impact assessments of the algorithms used.
Additionally, specific rules on facial recognition systems, used by either the public or private sector in public spaces, could be introduced. The regulatory framework could even include a time-limited (for instance 3-5 years) ban on the use of facial recognition technology by private or public actors in public spaces. During this ban period, an assessment of the impacts of the technology and risk management measures could be developed. However, the document underlines that some exceptions would be foreseen, notably for research and development, and for security purposes (subject to a decision by a relevant court). The Commission adds that this measure is far-reaching, hence it is preferable to focus at this stage on the full implementation of GDPR.
Option 3: Mandatory risk-based requirements for high-risk applications
Legally-binding requirements would be foreseen for developers and users of AI. These requirements would only apply to high risk applications of AI. The definition of high-risk applications would rely on a cumulative application of two criteria:
-an exhaustive list of sectors (for instance, healthcare, transport, police, judiciary) that would be specified in an annex;
-a more abstract definition of high-risk applications = “applications of AI which can produce legal effects for the individual or the legal entity or pose risks of injury, death or significant material damage for the individual or legal entity”.
For low risk applications, existing EU legislation would apply.
Option 4: Safety and liability
The Commission considers amending the EU safety and liability legislation, including the General Product Safety Directive, the Machinery Directive, the Radio Equipment Directive and the Product Liability Directive.
New requirements should address specific risks which are not sufficiently addressed in current EU legislation, such as cyber threats. Risks related to software updates and machine learning -when products are used- should be addressed too.
Moreover, clarifications should be made concerning the respective responsibilities of developers and producers of products using AI. The guiding principle for the attribution of roles and responsibilities is the following one: responsibility lies with the actor(s) best placed to address it. For instance, developers are best places to address risks arising from the development phase. Thus, EU safety legislation should lay down different obligations for different operators.
Additionally, the Product Liability Directive could be amended to alleviate the burden of proof for consumers.
All these changes could either take the shape of specific amendments to pieces of EU legislation or a new horizontal piece of legislation that would include the relevant requirements for AI.
Option 5: Governance
National authorities will monitor the implementation and enforcement of this future regulatory framework. It would be appropriate for Member States to appoint authorities responsible for monitoring the application of this AI framework (the same way national authorities appoint a body to supervise the implementation of GDPR). These tasks can be entrusted to an existing body.
The Commission concludes that option 3, combined with option 4 and option 5 are the most promising ones to address the risks specific to AI. The Commission may consider adopting horizontal instruments (for instance on transparency, accountability and governance), complemented by targeted amendments of existing EU safety and liability legislation.
Next steps:
19 February 2020: Exchanges on the White Paper during the Commission’s College Meeting
February 2020: Official publication of the (final) White Paper
For any questions on this issue, do not hesitate to contact Camille Dornier: camille.dornier@eurosmart.com |
