With just a few days to go before the next round of interinstitutional negotiations (‘trilogue’), which will take place on 18 July, the Spanish Presidency of the Council of the EU is continuing its work on the Artificial Intelligence Act (‘AI Act’) (see EUROPE 13214/16). In a document dated Monday 10 July, a copy of which has been obtained by EUROPE, it asks the Member States to indicate whether they could show flexibility on measures to support innovation and the assessment of the impact on fundamental rights of high-risk AI systems. These issues have already been discussed by the working group on 5 July.
In its approach, adopted on 14 June (see EUROPE 13201/1), the European Parliament plans to introduce an obligation for users of high-risk AI systems to carry out an assessment of the impact of these systems on fundamental rights before they are placed on the market. The Council of the EU imposes no such obligation. On the other hand, the Spanish Presidency of the Council believes that, “with a view to reaching an overall compromise in the negotiations”, this obligation could be included with a few changes.
The Council of the EU believes that fundamental rights impact assessments should only be carried out by public sector users of high-risk AI systems. This analysis should only be carried out for aspects not covered by other texts, such as the General Data Protection Regulation (GDPR), and should be aligned with existing procedures in order to “avoid any overlap and additional burden”.
In addition, the Spanish Presidency of the Council believes that it would also be possible to envisage that public sector users of high-risk systems would not be required to hold a six-week consultation with the competent authorities or representatives of the people likely to be affected by the AI systems concerned. At the very least, adds the document, this consultation could be on a voluntary basis.
‘Regulatory sandboxes’ at the heart of discussions
The positions of the Council of the EU and the Parliament also diverge on a number of points concerning measures to support innovation. The text adopted by the European Parliament provides for each Member State to be obliged to establish a ‘regulatory sandbox’ to enable players to test the technology or service developed without necessarily having to comply, for a limited period, with the entire normal regulatory framework. For the EU Council, this provision is optional.
In an attempt to bring the positions of the co-legislators closer together, the Spanish Presidency is asking Member States whether they would be prepared to accept the obligation sought by the European Parliament, while adding the possibility of establishing ‘regulatory sandboxes’ jointly with other Member States or fulfilling this obligation by joining ‘regulatory sandboxes’ at EU level, established by the Commission or the European Data Protection Supervisor.
The European Parliament text also provides for AI systems that emerge from a ‘regulatory sandbox’ to benefit from a presumption of conformity with specific requirements in order to encourage AI system suppliers to take part. This point does not appear in the approach adopted by the EU Council on 22 November (see EUROPE 13067/11).
On this aspect, Member States will have to indicate, before 14 July, the flexibility they could show, subject to the mandatory inclusion of the results of the ‘sandbox’ in an output report in the declaration of conformity of high-risk AI systems. These results would then be taken into account by market surveillance authorities or notified bodies as part of conformity assessment procedures.
In addition, the Member States will have to inform the Spanish Presidency of their flexibility regarding the possible inclusion of notified bodies in the ‘regulatory sandbox’ process, bodies which would be responsible for assessing the compliance of high-risk AI systems during the process.
Member States should also indicate whether they are open to the possibility of authorising real-life testing of high-risk AI systems, including additional safeguards so that the national competent authorities can better monitor the tests, in particular through stricter data protection conditions. The EU Council’s approach to this issue includes the possibility of testing high-risk AI systems under real conditions and outside the ‘regulatory sandbox’. The European Parliament does not provide for this possibility.
See the document: https://aeur.eu/f/7zp (Original version in French by Thomas Mangin)