The EU and regulation of Artificial Intelligence


It’s been a year since the European Commission presented its Proposal for regulation of Artificial Intelligence, an important step toward providing the entire EU with a clear and unified legal framework on the use of this technology. 

The regulatory process is not easy, and the large number of amendments the draft is receiving further slows down the timetable. But for the EADT, regulation is certainly the way forward, as the use of Artificial Intelligence can affect the fundamental rights and freedoms of EU citizens. 

The Vice President of the EADT, Ana Caballero, recently had the opportunity to analyse some aspects of this regulation. It was at the forum ‘Opportunities and Challenges for Society in the Use of Artificial Intelligence’, organised by Algoverit. 

Beyond the EADT’s general principles – the need to build a balanced digital transition, one that takes citizen rights fully into consideration and respects the EU’s founding values – Caballero delved into some of the more legal aspects of the regulation, drawing interesting parallels with the European General Data Protection Regulation (GDPR) of 2016. 

Artificial Intelligence feeds on data, and from the moment this is collected, the privacy standards defined in the GDPR must be applied. As Caballero spelled out, three articles in this Regulation are key to future legislation on Artificial Intelligence. 

These are articles 5, 22 and 24. The first establishes what is known as the ‘loyalty principle’, whereby personal data cannot be collected in bad faith, with malice or negligence, and especially by violating the holder’s trust. It’s important to remember that Article 13.2 of the GDPR establishes the obligation for prior information.

Likewise, Article 22 states that the person providing the data shall have the right not to be subject to a decision based solely on automated processing of their data, if this significantly affects them. And Article 24 establishes the principle of active responsibility by the data controller.

The new legislation on AI must be completely in line with the GDPR, as well as with the new data regulations the EU is preparing: the Data Governance Act and Data Regulation. For the EADT, the drafting of these regulations is a great opportunity to position Europe as the global ‘gold standard’ for ethical development of Artificial Intelligence, something that is already a reality in protection of data privacy. This ambition doesn’t necessarily have to mean limitations on the technology’s economic and business possibilities. And from the legal point of view, as Caballero pointed out, the drafting of a more complete and exhaustive community regulation of Artificial Intelligence represents a qualitative leap as compared to the current profusion of incomplete national guidelines, recommendations and regulations.