On May 17, 2024, the Council of Europe adopted the Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law (the “Convention”).  The Convention represents the first international treaty on AI that will be legally binding on the signatories.  The Convention will be open for signature on September 5, 2024. 

The Convention was drafted by representatives from the 46 Council of Europe member states, the European Union and 11 non-member states (Argentina, Australia, Canada, Costa Rica, the Holy See, Israel, Japan, Mexico, Peru, the United States of America, and Uruguay).  The Convention is not directly applicable to businesses – it requires the signatories (the “CoE signatories”) to implement laws or other legal measures to give it effect.  The Convention represents an international consensus on the key aspects of AI legislation that are likely to emerge among the CoE signatories.

The Convention bears many similarities with the EU AI Act. (For more information on the EU AI Act, please refer to our latest blog posts here, here and here.) Some of these similarities are as follows:

  • The Convention covers the use of AI systems in both the public and private sectors, with exceptions for AI systems related to the protection of national security interests and research and development activities.
  • The definition of “AI system” is similar to that in the EU AI Act, which is based on the OECD’s definition of AI.
  • The Convention calls for the signatories to adopt or maintain measures to ensure, among other things: transparency and oversight, accountability and responsibility, equality and non-discrimination, privacy and data protection, reliability – themes which are also central to the EU AI Act.
  • Like the EU AI Act, the Convention calls for the Parties to adopt measures that require entities to implement risk and impact management frameworks for AI systems.

The Convention gives the CoE signatories the discretion to either adopt or maintain legislative, administrative or other measures to give effect to the provisions in the Convention. The Convention provides that such measures may be graduated and differentiated in view of the severity and probability of the occurrence of adverse impacts on human rights, democracy and the rule of law throughout the lifecycle of AI systems – in other words, that a risk-based approach may be taken. The Convention also gives the CoE signatories leeway to implement the framework for remedies and oversight mechanisms as appropriate to the jurisdiction. It also calls on the CoE signatories to strengthen cooperation efforts and to exchange relevant and useful information between themselves.

* The Council of Europe is an international organization that is distinct from the European Union.  Founded in 1949, the Council of Europe has a mandate to promote and safeguard the human rights enshrined in the European Convention on Human Rights. The organization brings together 47 countries, including all of the 27 EU member states. 

This blog post was written with the contributions of Diane Valat.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Dan Cooper Dan Cooper

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing…

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing clients in regulatory proceedings before privacy authorities in Europe and counseling them on their global compliance and government affairs strategies. Dan regularly lectures on the topic, and was instrumental in drafting the privacy standards applied in professional sport.

According to Chambers UK, his “level of expertise is second to none, but it’s also equally paired with a keen understanding of our business and direction.” It was noted that “he is very good at calibrating and helping to gauge risk.”

Dan is qualified to practice law in the United States, the United Kingdom, Ireland and Belgium. He has also been appointed to the advisory and expert boards of privacy NGOs and agencies, such as Privacy International and the European security agency, ENISA.

Photo of Sam Jungyun Choi Sam Jungyun Choi

Sam Jungyun Choi is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence, online platforms, digital health products and autonomous…

Sam Jungyun Choi is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence, online platforms, digital health products and autonomous vehicles. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.

Sam advises leading technology, software and life sciences companies on a wide range of matters relating to data protection and cybersecurity issues. Her work in this area has involved advising global companies on compliance with European data protection legislation, such as the General Data Protection Regulation (GDPR), the UK Data Protection Act, the ePrivacy Directive, and related EU and global legislation. She also advises on a variety of policy developments in Europe, including providing strategic advice on EU and national initiatives relating to artificial intelligence, data sharing, digital health, and online platforms.