On Wednesday 28 September, the European Commission presented its proposal for a directive on liability for artificial intelligence (AI). This text, which should in particular facilitate access to compensation for users of AI systems who suffer damage, was unveiled at the same time as the second part of this legislative package, which provides for the revision of the directive on product liability.
In detail, the Commission aims to establish uniform rules for access to information and alleviation of the burden of proof when damages such as privacy breaches or security problems are caused by AI systems.
In doing so, the Commission started from a fairly simple observation: AI can be autonomous - an algorithm can make a decision that cannot be predicted by a human being - and machine learning - fed by incoming data - can lead to an outcome where the reasons behind it cannot necessarily be explained. However, “in all Member States, in order to prove liability when a victim has suffered damage, it is necessary to demonstrate that there is human error”, explains a diplomatic source. “The current rules are not up to the task, damage can be caused without the person being compensated”, the source added.
In concrete terms, the proposed directive aims to simplify legal procedures for victims by introducing two features.
Firstly, in case of fault and when a causal link with the performance of an AI system seems likely, the presumption of causality would allow victims to avoid having to give explanations while the field of artificial intelligence is very complex.
In addition, victims would have more tools to obtain redress, including the introduction of provisions to facilitate access to evidence from companies or suppliers in cases where ‘high-risk’ AI systems are involved.
On this point, the Commission specifies that, in situations where the accused entities refuse to transmit certain information, the presumption of an existing problem would be proven.
“The burden of proof should not be on the victim, but on the producer responsible”, commented Commissioner for Justice Didier Reynders.
With this proposal, the Commission wants to strengthen its strategy to increase user confidence in AI. It had already begun this with its data legislation, which the EU Parliament and EU Council are currently working on (see EUROPE 13029/9).
“The less victim-friendly the rules are, the less trust there is in AI. There is a link between confidence and empowerment. And we also want to develop a framework of legal security for companies: they must know what their responsibility is, what risks they run, if we want to have guarantees to encourage investment”, concluded a diplomatic source.
Revision of the Product Liability Directive
In addition, the European Commission addressed the second pillar of the package, announcing the revision of the Product Liability Directive, adopted in 1985.
In this respect, the proposal provides for the introduction of clearer and fairer liability rules for companies that modify their products.
The text also provides for the modernisation of liability rules for digital products. On this point, compensation will be possible when damage is caused by products such as robots, drones or intelligent home systems made unsafe by software updates, or when manufacturers fail to remedy cybersecurity flaws. The Commission provides for exemptions for open-source software, provided that it is not involved in commercial activity.
The new rules, the Commission says, should create a “more level playing field between EU and third country manufacturers”. The text does provide that consumers injured by products imported from outside the EU can have recourse to the importer or the manufacturer’s representative in the EU for compensation.
Finally, although a company’s commercial and secret data will continue to be protected, requirements will be introduced for manufacturers to disclose evidence of malfunction.
The issue of delays and other obstacles to compensation for victims was also raised. For example, the Commission proposes to extend the product liability period from 10 years to 15 years and to remove the threshold of a minimum of €500 of material damage for compensation, which is not provided for in the current rules.
See the proposal on artificial intelligence: https://aeur.eu/f/3an
See the proposal on product liability: https://aeur.eu/f/3am (Original version in French by Thomas Mangin)