In this edition of our regular roundup on legislative initiatives related to artificial intelligence (AI), cybersecurity, the Internet of Things (IoT), and connected and autonomous vehicles (CAVs), we focus on key developments in the European Union (EU).

There has been some policy activity in the U.S. this quarter, including the re-introduction of the SELF-DRIVE Act by Representative Bob Latta [R-OH] and the introduction of a new bipartisan resolution by Representatives Will Hurd [R-TX] and Robin Kelly [D-IL] setting forth a national AI strategy that addresses U.S. global leadership, workforce issues, research and development, national security, and ethics issues, and encourages greater harmonization with respect to AI across federal agencies.  The U.S. Department of Transportation also recently launched its AV Test tracking tool.  Other activity has slowed, however, as the U.S. grapples with the global pandemic, the impending national election, and related matters.  Meanwhile, there continue to be significant policy developments in the EU pertaining to these technologies, with further initiatives set to be announced later this year and early next year.

Artificial Intelligence

In February this year, the European Commission launched its much anticipated digital strategy. As discussed in our previous 4-part blog posts (herehere, here, and here), this included setting out its plans for a coordinated European approach to ethical AI through a White Paper On Artificial Intelligence – A European approach to excellence and trust (the “White Paper”), and a Report on the safety and liability implications of Artificial Intelligence, the Internet of Things and robotics. In the six months that have elapsed since, the Commission has publicly consulted on its plans and is developing proposals for AI legislation, now expected in early 2021.

  • AI White Paper Consultation: over 1200 stakeholders responded to the Commission’s AI White Paper, providing feedback on the policy and regulatory options it proposes. Stakeholders were mainly concerned about the potential for AI to breach fundamental rights or lead to discriminatory outcomes. The Commission published a summary report on the consultation’s preliminary findings this summer. The results of the consultation are likely to influence the Commission’s forthcoming regulatory proposal.
  • Inception Impact Assessment for AI Legislation: on 23 July 2020, the Commission unveiled its inception impact assessment for AI legislation. While the completed impact assessment is not expected until late 2020 or early 2021, this initial roadmap defines the Commission’s scope and goals for AI legislation. Several key concerns about AI are likely to be addressed through the new AI legislation, including: (1) protecting consumers from harm caused by AI, such as accidents caused by autonomous vehicles or other AI-driven robotics; (2) protecting fundamental rights, including against risks to privacy and freedom of expression caused by facial recognition surveillance and similar monitoring systems; and (3) unlawful discrimination that may be caused by AI tools displaying bias against certain populations.
  • European Parliament votes on AI reports: three reports (here, here, and here), setting out Members of the European Parliament’s demands to the Commission on how AI should be regulated in the areas of ethics, civil liability, and intellectual property, were voted on by the European Parliament’s Legal Affairs Committee (JURI) this September. The ethics report urges the Commission to present a legal framework for the development, deployment, and use of AI that respects fundamental rights, and calls for the establishment of a “European Agency for Artificial Intelligence” and a “European certification of ethical compliance.” The liability report contains proposals for a civil liability regime with a compensation system of up to 2 million euros. The reports are set to be voted upon by the plenary in October 2020, and could influence the Commission’s forthcoming legislative proposals.
  • New Global Partnerships on AI: as summarized here, this summer it was announced that the EU, UK, US, and nine other countries were joining forces to create the Global Partnership on Artificial Intelligence (GPAI). GPAI is an international initiative, housed at the OECD, to promote responsible AI that respects human rights and democratic values. Subsequently, on 25 September 2020, the UK and US announced a further agreement on cooperation in AI research and development (R&D). Building on the US-UK Science and Technology Agreement, signed in September 2017, the new agreement seeks to advance the US and UK’s shared vision of an AI R&D ecosystem that promotes the mutual wellbeing, prosperity, and security of present and future generations.
  • Digital Services Act: Alongside these developments, the Commission is currently working on its proposals for a Digital Services Act (DSA). The DSA will be presented in December 2020, and is expected to set out ex ante prohibitions of certain behaviour (particularly relating to data related, self-preferencing and bundling/tying practices) obliging companies to do more to protect their users against illegal content and activities. The legislation is expected to impose obligations on companies identified as “gatekeepers”.

Cybersecurity

The Commission has a number of new cybersecurity initiatives expected this quarter on the back of the Cybersecurity Strategy 2020-2025 it published in July 2020.

  • The Directive on security of network and information systems (“NIS Directive”) is currently under review by the Commission. Proposed updates to the EU’s laws on cybersecurity in critical infrastructure are expected by the end of this year.
  • A Joint Cyber Unit is to be set up by the Commission to further coordinate cybersecurity operational capabilities across the EU. Meanwhile, in September 2020, EU Member States launched a new platform to coordinate crisis response and cyber defenses in the case of large-scale cyberattacks. The Cyber Crisis Liaison Organisation Network (CyCLONe) is tasked with launching “consultations on national response strategies and coordinated impact assessment on the anticipated or observed impacts of a crisis.” The EU’s Cybersecurity Agency ENISA serves as its secretariat.
  • As part of a legislative package aimed at helping to digitalize the financial sector, the Commission is also working on proposals to better ensure financial services harmonize their online defenses and keep functioning despite cyberattacks.

Internet of Things

In July 2020, the European Commission launched an antitrust competition sector inquiry into the Internet of Things as it aims to understand more about consumer-facing IoT products and services over the next two years. Announcing the inquiry, Executive Vice-President Margrethe Vestager, in charge of competition policy, said the IoT sector had already acquired characteristics that indicate the possible existence of company practices that may structurally distort competition.

The European Commission sent Requests for Information to approximately 400 companies, addressing Consumer Internet of Things Services, Voice Assistants and Smart Home Devices, responses to which are due on 15 October. The RFIs focus heavily on privacy, data, access and interoperability issues.

The European Commission is expected to publish a preliminary report in spring 2021 followed by a final report in summer 2022.

Connected and Autonomous Vehicles

This September, the Commission published a report by an independent group of experts on the ethics of connected and automated vehicles. The report sets out twenty recommendations for a safe and ethical transition towards driverless mobility, including the creation of a culture of responsibility; responding to dilemma situations; and the promotion of data, algorithm and AI literacy through public participation. The report builds on the Commission’s strategy on Connected and Automated Mobility which aims to make Europe a world leader in the development and deployment of CAVs.

Meanwhile, the German government is preparing a law on autonomous driving (Gesetz zum autonomen Fahren). The new law is intended to regulate the deployment of CAVs in specific operational areas, and will stipulate the obligations of CAV operators and their liability regime. The German government also intends to create a “mobility data room”, a cloud storage space for pooling mobility data coming from the car industry, rail and local transport companies, and private mobility providers such as car sharers or bike rental companies. The idea is for these industries to share their data for the common purpose of creating more efficient passenger and freight traffic routes, and support the development of autonomous driving initiatives in Germany.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Moritz Hüsch Moritz Hüsch

Moritz Hüsch is partner in Covington’s Frankfurt office and co-chair of Covington’s Technology Industry Group as well as the Artificial Intelligence (AI) and Internet of Things (IoT) Practice Groups. His practice focuses on complex technology- and data-driven licensing deals and cooperations, outsourcing, commercial contracts…

Moritz Hüsch is partner in Covington’s Frankfurt office and co-chair of Covington’s Technology Industry Group as well as the Artificial Intelligence (AI) and Internet of Things (IoT) Practice Groups. His practice focuses on complex technology- and data-driven licensing deals and cooperations, outsourcing, commercial contracts, e-commerce, m-commerce, as well as privacy and cybersecurity.

Moritz is regularly advising on issues and contracts with respect to IoT, AV, big data, digital health, and cloud-related subject matters. In addition, he regularly advises on all IP/IT-related questions in connection with M&A transactions. A particular focus of Moritz’s practice is on advising companies in the pharmaceutical, life sciences and healthcare sectors, where he regularly advises on complex licensing, data protection and IT law issues.

Moritz is regularly listed as one of the best lawyers in the areas of IT and data protection, among others by Best Lawyers in cooperation with Handelsblatt, Wirtschaftswoche and Legal 500.

Photo of Lisa Peets Lisa Peets

Lisa Peets is co-chair of the firm’s Technology and Communications Regulation Practice Group and a member of the firm’s global Management Committee. Lisa divides her time between London and Brussels, and her practice embraces regulatory compliance and investigations alongside legislative advocacy. In this…

Lisa Peets is co-chair of the firm’s Technology and Communications Regulation Practice Group and a member of the firm’s global Management Committee. Lisa divides her time between London and Brussels, and her practice embraces regulatory compliance and investigations alongside legislative advocacy. In this context, she has worked closely with many of the world’s best-known technology companies.

Lisa counsels clients on a range of EU and UK legal frameworks affecting technology providers, including data protection, content moderation, platform regulation, copyright, e-commerce and consumer protection, and the rapidly expanding universe of additional rules applicable to technology, data and online services. Lisa also routinely advises clients in and outside of the technology sector on trade related matters, including EU trade controls rules.

According to Chambers UK (2024 edition), “Lisa provides an excellent service and familiarity with client needs.”

Photo of Jennifer Johnson Jennifer Johnson

Jennifer Johnson is a partner specializing in communications, media and technology matters who serves as Co-Chair of Covington’s Technology Industry Group and its global and multi-disciplinary Artificial Intelligence (AI) and Internet of Things (IoT) Groups. She represents and advises technology companies, content distributors…

Jennifer Johnson is a partner specializing in communications, media and technology matters who serves as Co-Chair of Covington’s Technology Industry Group and its global and multi-disciplinary Artificial Intelligence (AI) and Internet of Things (IoT) Groups. She represents and advises technology companies, content distributors, television companies, trade associations, and other entities on a wide range of media and technology matters. Jennifer has almost three decades of experience advising clients in the communications, media and technology sectors, and has held leadership roles in these practices for almost twenty years. On technology issues, she collaborates with Covington’s global, multi-disciplinary team to assist companies navigating the complex statutory and regulatory constructs surrounding this evolving area, including product counseling and technology transactions related to connected and autonomous vehicles, internet connected devices, artificial intelligence, smart ecosystems, and other IoT products and services. Jennifer serves on the Board of Editors of The Journal of Robotics, Artificial Intelligence & Law.

Jennifer assists clients in developing and pursuing strategic business and policy objectives before the Federal Communications Commission (FCC) and Congress and through transactions and other business arrangements. She regularly advises clients on FCC regulatory matters and advocates frequently before the FCC. Jennifer has extensive experience negotiating content acquisition and distribution agreements for media and technology companies, including program distribution agreements, network affiliation and other program rights agreements, and agreements providing for the aggregation and distribution of content on over-the-top app-based platforms. She also assists investment clients in structuring, evaluating, and pursuing potential investments in media and technology companies.

Photo of Marty Hansen Marty Hansen

Martin Hansen has over two decades of experience representing some of the world’s leading innovative companies in the internet, IT, e-commerce, and life sciences sectors on a broad range of regulatory, intellectual property, and competition issues. Martin has extensive experience in advising clients…

Martin Hansen has over two decades of experience representing some of the world’s leading innovative companies in the internet, IT, e-commerce, and life sciences sectors on a broad range of regulatory, intellectual property, and competition issues. Martin has extensive experience in advising clients on matters arising under EU and U.S. law, UK law, the World Trade Organization agreements, and other trade agreements.

Photo of Sam Jungyun Choi Sam Jungyun Choi

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such…

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such as AI, digital health, and autonomous vehicles.

Sam is an expert on the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act, having advised on these laws since they started to apply. In recent years, her work has evolved to include advising companies on new data and digital laws in the EU, including the AI Act, Data Act and the Digital Services Act.

Sam’s practice includes advising on regulatory, compliance and policy issues that affect leading companies in the technology, life sciences and gaming companies on laws relating to privacy and data protection, digital services and AI. She advises clients on designing of new products and services, preparing privacy documentation, and developing data and AI governance programs. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.

Photo of Marianna Drake Marianna Drake

Marianna Drake counsels leading multinational companies on some of their most complex regulatory, policy and compliance-related issues, including data privacy and AI regulation. She focuses her practice on compliance with UK, EU and global privacy frameworks, and new policy proposals and regulations relating…

Marianna Drake counsels leading multinational companies on some of their most complex regulatory, policy and compliance-related issues, including data privacy and AI regulation. She focuses her practice on compliance with UK, EU and global privacy frameworks, and new policy proposals and regulations relating to AI and data. She also advises clients on matters relating to children’s privacy, online safety and consumer protection and product safety laws.

Her practice includes defending organizations in cross-border, contentious investigations and regulatory enforcement in the UK and EU Member States. Marianna also routinely partners with clients on the design of new products and services, drafting and negotiating privacy terms, developing privacy notices and consent forms, and helping clients design governance programs for the development and deployment of AI technologies.

Marianna’s pro bono work includes providing data protection advice to UK-based human rights charities, and supporting a non-profit organization in conducting legal research for strategic litigation.