The contentious EU Regulation proposing standardized regulations on artificial intelligence, commonly referred to as the AI Act Proposal, was recently scrutinized in a fresh perspective released on October 24, 2023, by the European Data Protection Supervisor (EDPS). The EDPS, acting as the supervisory body for EU institutions, bodies, offices, and agencies (EUIs), holds a significant sway in the European and global regulatory arenas despite not having jurisdiction over the private sector.
The German Commission introduced the AI Act Proposal in April 2021 to establish cohesive directives for AI across the EU. Essentially, the AI Act aims to govern the development and deployment of AI technologies based on their associated risks.
In a collaborative effort in June 2021, the EDPS and the European Data Protection Board put forth a joint perspective. As deliberations on the AI Act Proposal near finalization, this new standpoint, spearheaded solely by the EDPS, seeks to provide supplementary recommendations to the EU co-legislators. The perspective delves into various administrative, legal, and technical facets concerning the EDPS’s prospective role and obligations as the potential AI overseer for EUIs.
Key Points:
- Both the EU Charter of Fundamental Rights and the European Convention on Human Rights contain clauses supporting the establishment of a robust framework for AI technologies.
- Upholding the “red lines” delineated in the previous joint perspective, the EDPS advocates for the prohibition of certain AI applications due to their severe encroachment on fundamental rights. These include utilizing AI for social scoring, biometric-based categorization, and individual risk assessments in law enforcement.
- Leveraging their expertise in AI legislation, the novel opinion underscores the possibility of designating national Data Protection Authorities as the competent national regulatory bodies. The EDPS stresses the imperative of collaboration between these authorities and other supervisory bodies to ensure the reliability, security, and compliance of AI systems with EU regulations during their deployment.
- Precision in defining “high-risk AI technologies,” “providers,” and “development” is emphasized by the EDPS.
- Existing AI systems at the time of the AI Act’s relevance are not exempt from its provisions and must adhere to the established rules from that point onward.
- The suggested roles for the EDPS encompass acting as a notified body for pre-market scrutiny, a market surveillance authority for post-market oversight, and a competent entity to supervise the development, provision, or utilization of AI systems by EUIs.
- To enhance EU policing and prevent “forum shopping” by AI system providers, the proposed AI Office, a prospective EU entity facilitating coordinated AI Act enforcement, must operate independently. The EDPS, in its capacity as the AI officer, stresses the necessity of fostering collaboration between the AI Office and itself. It laments the lack of voting rights on the AI Office’s management board compared to national regulatory authorities.
- Proposals include granting the right to lodge complaints with the relevant regulatory body, as well as ensuring efficient legal recourse against the authority’s decisions following a complaint (while respecting the authority’s competencies).
- Recommendations advocate for the right to request human intervention and challenge decision outcomes, especially in scenarios involving high-risk AI systems. Additionally, deployers of AI systems should receive explanations for decisions significantly impacting users.
In essence, the recent opinion by the EDPS aims to provide detailed guidance on elucidating the duties, responsibilities, and authority outlined in the AI Act, along with additional recommendations for ensuring effective implementation through a coherent “European approach.”
We will monitor developments in this domain and update you on any noteworthy progress.