The Council of the European Union adopted, on Friday 18 November, its position (‘general approach’) for future interinstitutional negotiations with the European Parliament on legislation on artificial intelligence (AI) (see EUROPE 13055/2).
Concretely, the EU Council’s approach, in terms of the scope, confirms the will of a number of Member States and thus includes exemptions for the marketing and use of AI systems for the military, the defence sector or national security.
The issue of biometric recognition, which has long been the subject of debate, has also been resolved. On this point, the approach is based on a prohibition of remote identification, if the identification is made at a distance and if it is also independent of the participation of the person concerned.
Similarly, the issue of so-called ‘high-risk’ AI systems also featured prominently in the discussions in the EU Council. For example, in the interests of transparency, providers of high-risk AI systems are now required to specify in the notices and information documents what outcomes are expected when using their system.
Still on the subject of high-risk AI systems, the text stipulates that only those safety components that guarantee the integrity of infrastructures classified as ‘critical’ are considered high-risk.
Member States also agreed on the issue of general purpose AI systems. It will thus be up to the European Commission, by means of implementing acts, to take stock of and adapt the obligations for providers of general purpose AI systems. This provision was already included in the previous compromise proposals of the Czech Presidency of the EU Council (see EUROPE 13029/9).
In addition to giving Member States more room for manoeuvre in setting up ‘AI regulatory sandboxes’ - which should allow providers to test their AI systems for a defined period of time without necessarily having to comply with the regulatory framework - the paper also returns to the issue of sanctions.
Fines of up to €20 million or 4% of annual worldwide turnover could be applied. Several criteria had been introduced by the Czech Presidency of the EU Council in previous compromise documents for the definition of the amount of sanctions, such as whether an infringement is intentional or the result of negligence.
Following the adoption of its position by the Council of the EU, some industry players, such as the Business Software Alliance, called for work on several issues, such as definitions, in the forthcoming interinstitutional negotiations in order to “avoid legal uncertainty”. (Original version in French by Thomas Mangin)