The rapporteur on the ‘AI Act’ legislation for the European Parliament’s Committee on Legal Affairs (JURI), Axel Voss (EPP, Germany), spoke to EUROPE about the main issues and challenges surrounding artificial intelligence (AI). Definitions, clarifications and links with the General Data Protection Regulation will be at the heart of the lively discussions that are expected. Interview by Thomas Mangin.
Agence Europe - What do you think are the most important issues to address regarding the ‘AI Act’?
Axel Voss - We need to clarify the definitions of AI, to base them more on the OECD definition. The focus should be on autonomous algorithms and self-learning of AI systems. The second point is the issue of high-risk systems. There is no definition, but there is an approach. I would be in favour of narrowing the scope, because not all embedded AI systems are harmful or detrimental. It would depend on what the algorithm does, but I think it is necessary to narrow the scope.
What would be your approach to this issue?
The approach could be based, for the classification of high-risk systems, on the intention to make critical use in a critical area. We could have these two criteria, and perhaps even think of a third and a fourth criterion that could help define what a high-risk system is. There are many requirements for developers and those who deploy systems. We should avoid labelling certain systems - for example, navigation in vehicles - as high risk. Some systems, even if they operate in a critical infrastructure, are not necessarily high-risk systems. We really need to focus on what truly represents a risk.
Hence the importance, as you mentioned on 28 March before the members of the ‘JURI’ committee (see EUROPE 12920/10), of “knowing what risks we want to guard against”?
One must indeed ask oneself what risk one wants to protect oneself from. Apart from the risks to fundamental rights, we could have a text that says ‘if you create something like this, you have to have this in mind, in terms of security and data protection, attention to gender equality, making sure there is no discrimination’. You have to protect yourself in the areas of health, or even employment, credit, etc., which could influence the future of your life.
This is a very complex issue - do you think you can agree with the other political groups?
I always hope that reality also plays a role in our negotiations and that we do not only have an ideological approach. We have to be aware that we are not leading the race. AI is strategically important, and we need to focus on that, on becoming leaders; otherwise we will be out of the competition and become a kind of colony. If other groups have an approach that says ‘I have my ideology and everything the EPP says is wrong’, you will no longer have a practical approach. This is what we fear. A balance must be found.
Will the GDPR be an important part of your discussions?
It will be necessary to find a way to resolve contests between the AI Act and the GDPR. The GDPR is based on the principle of ‘do not process data unless you have a legal basis’. To train systems and algorithms, you need a lot of good data. If we cannot do this, then we will not be able to meet needs and expectations.
And what about revising the GDPR?
I have been arguing for years for a revision of the GDPR. Some groups say ‘Axel Voss doesn’t like data protection’. The Commission says ‘we have the highest standards, we don’t have to relax the GDPR’, but fails to see that there are issues that are not being addressed, that are creating uncertainty and driving our developers out of the EU. We do not have to open everything up again. Perhaps we could just review the GDPR surgically. This could be a way forward, but it isn’t happening, and it can be frustrating. If we wait for the GDPR to be revised to better take AI into account, it will take years and we will lose the race.
Which tools do you think should be highlighted?
Regulatory sandboxes are very important. If we seize the opportunity of regulatory sandboxes, which could be kind of freer zones for AI development that would not be harmful, then one could compensate for some of the restrictions of the GDPR, but one will have to be careful about the wording. Synthetic data could also help.
As regards governance, you have put forward several hypotheses, such as the creation of a new European agency. Which path do you think should be followed?
This is a controversial point. The question is: will the existing national structures be strengthened, or will a new agency be created for all digital issues? There are possibilities for this track, if work on digital markets (DMA) (see EUROPE 12919/12) and services (DSA) (see EUROPE 12924/17) legislation, in particular, is pooled. If we put it all together, it could be interesting.
Could we imagine this being part of the future text on AI?
I would not be a fan of this idea, and I am not sure that this issue can be addressed in the AI Act. But if you combine it with other legislation, maybe it would be worth considering.
What about the expected timeframe?
It is very early days, but the relevant committees hope to conclude the negotiations internally in November, before starting the trilogues. I think that, on the EU Council side, the objective is also to reach a common position in November. Optimistically, we can imagine results in a year’s time, and then there will be a deadline for transposition into national law.