The French Presidency of the EU Council has finalised the first version of its compromise text concerning articles 16 to 29 of the European Commission’s proposal on artificial intelligence (AI) legislation (see EUROPE 12876/18), in a document dated 3 February of which EUROPE has obtained a copy. This version of the compromise text will be submitted to the Member States on 10 February at a meeting of the EU Council’s Telecommunications Working Party.
The document first specifies the requirements for high-risk AI service providers. Thus, these actors would be required to indicate, on the proposed AI system, their name, their corporate name, and the address at which they can be contacted. Where this is not possible, this information should appear on the packaging or accompanying product documentation.
In addition, suppliers would be required to keep their technical documentation available to the competent national authorities for a period of 10 years.
In the event of the bankruptcy of a provider established in its territory, it would then be up to the Member State concerned to determine the period of time during which this documentation must remain accessible to the national authorities.
Still on the subject of documentation, the text also specifies some of the requirements for importers. Thus, they would be required to keep a copy of the certificate issued by the notified body or the instructions for use and the EU declaration of conformity, also for a period of 10 years after the AI system was placed on the market or put into service.
The FPEU also revisited the issue of automatically generated logs in its compromise text. These are data files that are automatically generated by a computer that contain information about usage patterns, activities, and operations within an operating system or application.
On this subject, the FPEU proposes that such logs should be kept by the providers of high-risk AI systems for a period of at least 6 months, unless otherwise provided for by EU or national law.
Finally, the FPEU compromise document also addresses remedies in cases where a high-risk AI service provider “considers or has reason to consider that a high-risk AI system which it has placed on the market or commissioned is not in compliance with the Regulation”.
In this case, the supplier concerned will have to “immediately investigate the causes in collaboration with the reporting user” and take the necessary measures to bring its service into compliance, withdraw it from the market, or recall it. The supplier should also inform the distributors, the agent, and the importers of the offending AI system.
See the compromise text: https://aeur.eu/f/6z (in French) (Original version in French by Thomas Mangin)