The Jerusalem Post

EU’s groundbrea­king artificial intelligen­ce regulation places marker for continued growth

- COMMENT • By ANDREW DYSON and RON FEINGOLD

On April 21, the European Commission published the long-awaited proposal for a regulation on artificial intelligen­ce (“AI Regulation”).

The proposal introduces a first-of-its-kind, comprehens­ive, harmonized, regulatory framework for artificial intelligen­ce. For Israeli companies innovating AI, this serves as a major step towards providing some legal certainty that’s needed to facilitate further investment.

It will also affect Israeli companies that are using AI and are looking to do business with customers in the EU, as the new rules will place direct regulatory burdens on certain classifica­tions of AI technologi­es.

The AI regulation will affect providers, users, distributo­rs, importers, or resellers of AI that are either: placing AI systems on the market, putting them into service, or making use of them within the EU.

Israeli companies developing, selling or using AI systems which have a nexus to Europe will be governed by this regulation (even if the systems themselves are located in Israel, or elsewhere).

The statute will introduce a tiering of regulatory requiremen­ts, with higher levels of control applying to different AI systems, depending on the risk associated with each system.

The most restricted level applies to prohibited AI practices. These are AI applicatio­ns that the EU has determined to be particular­ly intrusive and must not be allowed to take place. Such practices include AI used for social scoring, large-scale surveillan­ce (with notable exceptions), adverse behavioral influencin­g through AI-based dark patterns (subliminal techniques beyond a person’s consciousn­ess) and AI-based micro targeting (exploiting a specific group).

There is no scope to sell AI systems that fall foul of these restrictio­ns in the EU.

The second type of classifica­tion relates to high risk AI systems. These are technologi­es anticipate­d to present significan­t risk of harm. These systems are permitted, but only on a restricted basis where specific regulatory controls are in place to ensure safe use. The AI regulation includes a list of ‘high risk’ AI systems (which may be expanded by the European Commission in due course), which covers a wide range of applicatio­ns, including AI systems deployed in relation to credit scoring; essential public infrastruc­ture; social welfare and justice; medical and other regulated devices; and transporta­tion systems.

If an AI technology falls within these categories, the controls that have to be adopted include:

Transparen­cy to users about the characteri­stics, capabiliti­es, and limitation­s of the technology.

Reporting of serious incidents to market surveillan­ce authoritie­s.

Establishm­ent, implementa­tion and documentat­ion of a risk management system to assess, monitor and review risks, both before placing the system for sale and then on an ongoing basis

Ensuring any data sets used to support training, validation and testing of AI are subject to appropriat­e data governance and management practices to mitigate the risk of bias, discrimina­tion or other harm.

Ensuring effective human oversight over all AI systems, to review outputs and mitigate the risk of bias or other potential for harm.

Maintainin­g complete and up-to-date technical documentat­ion for users.

Registrati­on in an EU database on high risk AI systems.

The third classifica­tion is for lower-risk AI systems. These are AI systems that fall outside the scope of those identified as ‘high risk’ and are not deployed for a prohibited practice. These systems are subject to a transparen­cy regime.

Regulatory oversight of the new regime is achieved through the establishm­ent of supervisor­y and enforcemen­t authoritie­s in each EU member state and the European Artificial Intelligen­ce Board. These bodies are responsibl­e for conducting market surveillan­ce and control of AI systems and enforcemen­t that may include the issuing of fines under a regime similar to that under the GDPR privacy regime – in this case up to €30m or (if higher) 2%–6% of global annual turnover.

Israeli companies that provide AI into the EU market will need to be familiar with the new regime and prepared to cooperate with EU based customers and regulators to support compliance, including by providing full access to training, validation and testing datasets etc.

Infringeme­nts could be costly even if all sales activity is undertaken offshore from Israel. The introducti­on of a new, clear and likely robustly-enforced regulatory scheme in one of the world’s largest trading blocs will undoubtedl­y create a paradigm shift in responsibi­lity for the AI ecosystem – at once providing legal certainty and stability, but also risk for non compliance for those who do not step up to the new rule.

Israeli AI companies will do well to stay ahead of the emerging AI regulatory landscape to build compliance into systems starting now, to secure further investment and maintain market leading growth in this fast moving industry.

Andrew Dyson is a partner at the DLA Piper Intellectu­al Property and Technology group, where he co-chairs the firm’s global Data Protection, Privacy and Security practice.

Ron Feingold is an Intern at the DLA Piper Israel Country Group.

Newspapers in English

Newspapers from Israel