On 19 February 2020, the European Commission presented its long-awaited strategies for data and AI.  These follow Commission President Ursula von der Leyen’s commitment upon taking office to put forward legislative proposals for a “coordinated European approach to the human and ethical implications of AI” within the new Commission’s first 100 days.  Although the papers published this week do not set out a comprehensive EU legal framework for AI, they do give a clear indication of the Commission’s key priorities and anticipated next steps.

The Commission strategies are set out in four separate papers—two on AI, and one each on Europe’s digital future and the data economy.  Read together, it is clear that the Commission seeks to position the EU as a digital leader, both in terms of trustworthy AI and the wider data economy.

We will publish more detailed analyses of each paper in subsequent blogs.  Headline points include:

White Paper on Artificial Intelligence – A European approach to excellence and trust

  • The Commission’s AI white paper emphasizes the importance of establishing a uniform approach to AI in the EU in order to avoid barriers to the EU’s single market.  It discusses risks related to the use of AI, such as the potential to infringe fundamental rights, safety risks, and liability-related issues.
  • The Commission also sets out its plan to take a risk-based approach to regulating AI.  Specifically, the Commission proposes to focus in the near term on “high-risk” AI applications.  An AI application would be deemed high risk only if it was deployed in a high-risk sector and in a high-risk manner.  The white paper lists healthcare, transport, energy, and parts of the public sector as sectors likely to be high-risk.  Whether a specific AI application is high risk will likely turn on whether it has the potential to produce legal or similarly significant effects on the rights of an individual or company.  AI applications used for remote biometric identification (e.g., surveillance using facial recognition technology) would also be considered high-risk.
  • AI applications deemed high risk would be subject to various transparency and other requirements, which would be enforced through mandatory pre-marketing conformity assessment requirements. These requirements would apply to all operators offering AI products or services in the EU, regardless of their place of establishment.
  • Separately, the white paper proposes that AI applications that do not qualify as “high risk” could be subject to a voluntary labelling scheme.  In the Commission’s view, such a scheme would allow suppliers of non-high-risk AI to nonetheless “signal that their AI-enabled products and services are trustworthy.”  Although entirely voluntary, once a supplier opted to use the label, the requirements would be binding.
  • In addition to AI regulation (to establish an “ecosystem of AI trust”), the white paper also proposes several measures designed to promote an “ecosystem of AI excellence,” including through research funding, skills development, and partnerships with the private sector.
  • The proposals set out in the white paper are open for public consultation until 19 May 2020.

Report on the safety and liability implications of Artificial Intelligence, the Internet of Things and robotics

  • The report focuses on the current EU product safety regime and assesses how it can be improved to address innovations in the area of AI, IoT and robotics.  It notes the challenges presented by emerging technologies to the existing EU regulatory framework, including those related to connectivity, autonomy, data dependency, opacity, complexity of the products and systems, software, and complex value chains.
  • The Commission proposes updating the existing framework to ensure, among other things, that compensation is always available for damage caused by products that are defective because of software or other digital features.
  • The Commission is also seeking views on whether it should consider reversing or otherwise altering the burdens of proof on plaintiffs required by national liability rules for damage caused by the operation of AI applications.  It notes that the complexity of AI/IoT supply chains and difficulties in establishing what components caused a malfunction can be difficult to prove in cases involving AI and IoT products.

Communication on shaping Europe’s digital future

  • The Commission in the Communication sets out a vision for a European society powered by digital solutions that is rooted in common European values.  The Commission underscores that its conception of “European technological sovereignty” is not defined “against anyone else,” but is focused on the needs of Europeans and of the European social model.
  • The strategy seeks to achieve three key objectives: (i) ensuring that technology works for people; (ii) a fair and competitive economy; and (iii) an open, democratic, and sustainable society.
  • The Communication describes the EU’s plans to increase European investment in technological innovation, in order to reduce reliance on digital solutions developed outside of Europe.  The Communication also recommends enhancing regulatory frameworks to – among other things – ensure fairness, support user choice, and prevent the over-concentration of market power.  More specifically, the Communication proposes greater investments (through various channels, such as the new EU Multiannual Financial Framework) in innovation, connectivity, smart energy & transport structures, enhanced cybersecurity, and digital skills.  It also endorses various legislative measures, such as rules targeting digital services and online platforms to give users greater control over data, measures ensuring legal protections for digital platform workers, and rules aimed at promoting transparency in the democratic process (e.g., advertising in the context of political elections).

Communication on a European strategy for data

  • The Commission’s data strategy Communication articulates the EU’s aspiration to be a role model of a society powered by data to make better decisions.  The Communication highlights what the Commissions sees as challenges to attaining this goal, including: a lack of available data, imbalances of market power, reliance on non-EU cloud providers, a lack of digital skills, and cybersecurity risks.
  • To address these challenges, the Communication proposes a four-pillar strategy that includes:
    • a cross-sectoral governance framework for data access and use that will cover, among other measures, new EU mechanisms and guidance on data sharing;
    • investments in data and strengthening of the EU’s capabilities and infrastructures for hosting, processing and using data;
    • greater investment in digital skills and in SMEs; and
    • the development of common European data spaces in strategic sectors and domains of public interest.

In addition to the papers above, the Commission has also released a number of fact sheets, Q&As, and other documents supporting these publications.

Please keep an eye out for our forthcoming blog posts.