On 19 February 2020, the European Commission presented its long-awaited strategies for data and AI.  These follow Commission President Ursula von der Leyen’s commitment upon taking office to put forward legislative proposals for a “coordinated European approach to the human and ethical implications of AI” within the new Commission’s first 100 days.  Although the papers published this week do not set out a comprehensive EU legal framework for AI, they do give a clear indication of the Commission’s key priorities and anticipated next steps.

The Commission strategies are set out in four separate papers—two on AI, and one each on Europe’s digital future and the data economy.  Read together, it is clear that the Commission seeks to position the EU as a digital leader, both in terms of trustworthy AI and the wider data economy.

We will publish more detailed analyses of each paper in subsequent blogs.  Headline points include:

White Paper on Artificial Intelligence – A European approach to excellence and trust

  • The Commission’s AI white paper emphasizes the importance of establishing a uniform approach to AI in the EU in order to avoid barriers to the EU’s single market.  It discusses risks related to the use of AI, such as the potential to infringe fundamental rights, safety risks, and liability-related issues.
  • The Commission also sets out its plan to take a risk-based approach to regulating AI.  Specifically, the Commission proposes to focus in the near term on “high-risk” AI applications.  An AI application would be deemed high risk only if it was deployed in a high-risk sector and in a high-risk manner.  The white paper lists healthcare, transport, energy, and parts of the public sector as sectors likely to be high-risk.  Whether a specific AI application is high risk will likely turn on whether it has the potential to produce legal or similarly significant effects on the rights of an individual or company.  AI applications used for remote biometric identification (e.g., surveillance using facial recognition technology) would also be considered high-risk.
  • AI applications deemed high risk would be subject to various transparency and other requirements, which would be enforced through mandatory pre-marketing conformity assessment requirements. These requirements would apply to all operators offering AI products or services in the EU, regardless of their place of establishment.
  • Separately, the white paper proposes that AI applications that do not qualify as “high risk” could be subject to a voluntary labelling scheme.  In the Commission’s view, such a scheme would allow suppliers of non-high-risk AI to nonetheless “signal that their AI-enabled products and services are trustworthy.”  Although entirely voluntary, once a supplier opted to use the label, the requirements would be binding.
  • In addition to AI regulation (to establish an “ecosystem of AI trust”), the white paper also proposes several measures designed to promote an “ecosystem of AI excellence,” including through research funding, skills development, and partnerships with the private sector.
  • The proposals set out in the white paper are open for public consultation until 19 May 2020.

Report on the safety and liability implications of Artificial Intelligence, the Internet of Things and robotics

  • The report focuses on the current EU product safety regime and assesses how it can be improved to address innovations in the area of AI, IoT and robotics.  It notes the challenges presented by emerging technologies to the existing EU regulatory framework, including those related to connectivity, autonomy, data dependency, opacity, complexity of the products and systems, software, and complex value chains.
  • The Commission proposes updating the existing framework to ensure, among other things, that compensation is always available for damage caused by products that are defective because of software or other digital features.
  • The Commission is also seeking views on whether it should consider reversing or otherwise altering the burdens of proof on plaintiffs required by national liability rules for damage caused by the operation of AI applications.  It notes that the complexity of AI/IoT supply chains and difficulties in establishing what components caused a malfunction can be difficult to prove in cases involving AI and IoT products.

Communication on shaping Europe’s digital future

  • The Commission in the Communication sets out a vision for a European society powered by digital solutions that is rooted in common European values.  The Commission underscores that its conception of “European technological sovereignty” is not defined “against anyone else,” but is focused on the needs of Europeans and of the European social model.
  • The strategy seeks to achieve three key objectives: (i) ensuring that technology works for people; (ii) a fair and competitive economy; and (iii) an open, democratic, and sustainable society.
  • The Communication describes the EU’s plans to increase European investment in technological innovation, in order to reduce reliance on digital solutions developed outside of Europe.  The Communication also recommends enhancing regulatory frameworks to – among other things – ensure fairness, support user choice, and prevent the over-concentration of market power.  More specifically, the Communication proposes greater investments (through various channels, such as the new EU Multiannual Financial Framework) in innovation, connectivity, smart energy & transport structures, enhanced cybersecurity, and digital skills.  It also endorses various legislative measures, such as rules targeting digital services and online platforms to give users greater control over data, measures ensuring legal protections for digital platform workers, and rules aimed at promoting transparency in the democratic process (e.g., advertising in the context of political elections).

Communication on a European strategy for data

  • The Commission’s data strategy Communication articulates the EU’s aspiration to be a role model of a society powered by data to make better decisions.  The Communication highlights what the Commissions sees as challenges to attaining this goal, including: a lack of available data, imbalances of market power, reliance on non-EU cloud providers, a lack of digital skills, and cybersecurity risks.
  • To address these challenges, the Communication proposes a four-pillar strategy that includes:
    • a cross-sectoral governance framework for data access and use that will cover, among other measures, new EU mechanisms and guidance on data sharing;
    • investments in data and strengthening of the EU’s capabilities and infrastructures for hosting, processing and using data;
    • greater investment in digital skills and in SMEs; and
    • the development of common European data spaces in strategic sectors and domains of public interest.

In addition to the papers above, the Commission has also released a number of fact sheets, Q&As, and other documents supporting these publications.

Please keep an eye out for our forthcoming blog posts.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lisa Peets Lisa Peets

Lisa Peets leads the Technology Regulatory and Policy practice in the London office and is a member of the firm’s Management Committee. Lisa divides her time between London and Brussels, and her practice embraces regulatory counsel and legislative advocacy. In this context, she…

Lisa Peets leads the Technology Regulatory and Policy practice in the London office and is a member of the firm’s Management Committee. Lisa divides her time between London and Brussels, and her practice embraces regulatory counsel and legislative advocacy. In this context, she has worked closely with leading multinationals in a number of sectors, including many of the world’s best-known technology companies.

Lisa counsels clients on a range of EU law issues, including data protection and related regimes, copyright, e-commerce and consumer protection, and the rapidly expanding universe of EU rules applicable to existing and emerging technologies. Lisa also routinely advises clients in and outside of the technology sector on trade related matters, including EU trade controls rules.

According to the latest edition of Chambers UK (2022), “Lisa is able to make an incredibly quick legal assessment whereby she perfectly distils the essential matters from the less relevant elements.” “Lisa has subject matter expertise but is also able to think like a generalist and prioritise. She brings a strategic lens to matters.”

Photo of Marty Hansen Marty Hansen

Martin Hansen has represented some of the world’s leading information technology, telecommunications, and pharmaceutical companies on a broad range of cutting edge international trade, intellectual property, and competition issues. Martin has extensive experience in advising clients on matters arising under the World Trade…

Martin Hansen has represented some of the world’s leading information technology, telecommunications, and pharmaceutical companies on a broad range of cutting edge international trade, intellectual property, and competition issues. Martin has extensive experience in advising clients on matters arising under the World Trade Organization agreements, treaties administered by the World Intellectual Property Organization, bilateral and regional free trade agreements, and other trade agreements.

Drawing on ten years of experience in Covington’s London and DC offices his practice focuses on helping innovative companies solve challenges on intellectual property and trade matters before U.S. courts, the U.S. government, and foreign governments and tribunals. Martin also represents software companies and a leading IT trade association on electronic commerce, Internet security, and online liability issues.

Photo of Sam Jungyun Choi Sam Jungyun Choi

Sam Jungyun Choi is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence, online platforms, digital health products and autonomous…

Sam Jungyun Choi is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence, online platforms, digital health products and autonomous vehicles. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.

Sam advises leading technology, software and life sciences companies on a wide range of matters relating to data protection and cybersecurity issues. Her work in this area has involved advising global companies on compliance with European data protection legislation, such as the General Data Protection Regulation (GDPR), the UK Data Protection Act, the ePrivacy Directive, and related EU and global legislation. She also advises on a variety of policy developments in Europe, including providing strategic advice on EU and national initiatives relating to artificial intelligence, data sharing, digital health, and online platforms.

Photo of Nicholas Shepherd Nicholas Shepherd

Nicholas Shepherd is an associate in Covington’s Washington, DC office, where he is a member of the Data Privacy and Cybersecurity Practice Group, advising clients on compliance with all aspects of the European General Data Protection Regulation (GDPR), ePrivacy Directive, European direct marketing…

Nicholas Shepherd is an associate in Covington’s Washington, DC office, where he is a member of the Data Privacy and Cybersecurity Practice Group, advising clients on compliance with all aspects of the European General Data Protection Regulation (GDPR), ePrivacy Directive, European direct marketing laws, and other privacy and cybersecurity laws worldwide. Nick counsels on topics that include adtech, anonymization, children’s privacy, cross-border transfer restrictions, and much more, providing advice tailored to product- and service-specific contexts to help clients apply a risk-based approach in addressing requirements in relation to transparency, consent, lawful processing, data sharing, and others.

A U.S.-trained and qualified lawyer with 7 years of working experience in Europe, Nick leverages his multi-faceted legal background and international experience to provide clear and pragmatic advice to help organizations address their privacy compliance obligations across jurisdictions.

Nicholas is a member of the Bar of Texas and Brussels Bar (Dutch Section, B-List). District of Columbia bar application pending; supervised by principals of the firm.

Photo of Anna Oberschelp de Meneses Anna Oberschelp de Meneses

Anna Sophia Oberschelp de Meneses is an associate in the Data Privacy and Cybersecurity Practice Group.  Anna is a qualified Portuguese lawyer, but is both a native Portuguese and German speaker.  Anna advises companies on European data protection law and helps clients coordinate…

Anna Sophia Oberschelp de Meneses is an associate in the Data Privacy and Cybersecurity Practice Group.  Anna is a qualified Portuguese lawyer, but is both a native Portuguese and German speaker.  Anna advises companies on European data protection law and helps clients coordinate international data protection law projects.  She has obtained a certificate for “corporate data protection officer” by the German Association for Data Protection and Data Security (“Gesellschaft für Datenschutz und Datensicherheit e.V.”). She is also Certified Information Privacy Professional Europe (CIPPE/EU) by the International Association of Privacy Professionals (IAPP).  Anna also advises companies in the field of EU consumer law and has been closely tracking the developments in this area.  Her extensive language skills allow her to monitor developments and help clients tackle EU Data Privacy, Cybersecurity and Consumer Law issues in various EU and ROW jurisdictions.