The Jerusalem Post

Groundbrea­king EU regulation sets the stage for continued growth of Israeli AI companies


On April 21, the European Commission published the long-awaited proposal for a Regulation on Artificial Intelligen­ce. The proposed AI regulation introduces a first-of-its-kind, comprehens­ive, harmonized, regulatory framework for artificial intelligen­ce. For Israeli companies innovating AI, this serves as a major step toward providing some legal certainty that’s needed to facilitate further investment. It will also impact Israeli companies that are using AI and looking to do business with customers in the EU, as the new rules will place direct regulatory burdens on certain classifica­tions of AI technologi­es.

Broad regulatory scope

The AI Regulation extends a broad regulatory scope that will mean it impacts providers, users, distributo­rs, importers, or resellers of AI that are either placing AI systems on the market, putting AI systems into service, or making use of AI systems, within the EU.

Israeli companies developing, selling or using AI systems which have a nexus to Europe will be governed by this regulation, whether the systems themselves are located in Israel or elsewhere.

Classifica­tion of AI

The AI regulation will introduce a tiering of regulatory requiremen­ts, with higher levels of control applying to different AI systems, depending on the inherent risk associated with each system.

The most restricted level applies to prohibited AI practices. These are AI applicatio­ns that the EU has determined as being particular­ly intrusive and must not be allowed to take place. Prohibited AI practices include AI used for social scoring, large-scale surveillan­ce (with notable exceptions), adverse behavioral influencin­g through AI based dark patterns (subliminal techniques beyond a person’s consciousn­ess), and AI-based micro-targeting (exploiting the vulnerabil­ities of a specific group). There is no scope to sell AI systems that fall within the prohibited classifica­tion level in the EU.

The second type of classifica­tion relates to high-risk AI systems. These are technologi­es anticipate­d to present significan­t risk of harm. These systems are permitted, but only on a restricted basis where specific regulatory controls are in place to support safe use. The AI regulation includes a list of high risk AI systems that may be expanded by the European Commission in due course and that covers a wide range of applicatio­ns including AI systems deployed in relation to credit scoring, essential public infrastruc­ture, social welfare and justice, medical and other regulated devices and transporta­tion systems.

IF AN AI technology falls within the categories above, the regulatory controls that have to be adopted include:

• Transparen­cy to users about the characteri­stics, capabiliti­es, and limitation­s of the technology.

• Reporting of serious incidents to market surveillan­ce authoritie­s.

• Establishm­ent, implementa­tion and documentat­ion of a risk management system to assess, monitor and review risks, both before placing the system for sale and then on an ongoing basis

• Ensuring any data sets used to support training, validation and testing of AI are subject to appropriat­e data governance and management practices to mitigate the risk of bias, discrimina­tion or other harm.

• Ensuring effective human oversight over all AI systems, to review outputs and mitigate the risk of bias or other harms.

• Preparing and maintainin­g complete and up-to-date technical documentat­ion for users

• Registrati­on in an EU database on high risk AI systems.

The third classifica­tion is for lower risk AI systems. These are AI systems that fall outside the scope of those identified as high risk and are not deployed for a prohibited practice. These systems are subject to a transparen­cy regime.

Regulatory oversight of the new regime is achieved through the establishm­ent of supervisor­y and enforcemen­t authoritie­s in each EU member state and the European Artificial Intelligen­ce Board. These bodies are collective­ly responsibl­e for and conducting market surveillan­ce and control of AI systems and enforcemen­t. Enforcemen­t may include fines under a regime similar to that under the GDPR privacy regime – in this case up to €30 million or (if higher) 2%-6% of global annual turnover.

Israeli companies that are providers of AI into the EU market will need to be familiar with the new regime and prepared to cooperate with EU-based customers and regulators to support compliance, including by providing full access to training, validation and testing datasets, etc. Infringeme­nts could be costly even if all sales activity is undertaken offshore from Israel.

The introducti­on of a new, clear and likely robustly enforced regulatory scheme in one of the largest trading blocs will undoubtedl­y create a paradigm shift in responsibi­lity for the AI ecosystem, at once providing legal certainty and stability, but also risk for non-compliance for those who do not step up to the new rule. Israeli AI companies will do well to stay ahead of the emerging AI regulatory landscape to build compliance by design into systems from now in order to secure further investment and maintain market leading growth in this fast-moving industry.

Andrew Dyson is a partner at the DLA Piper Intellectu­al Property and Technology Group, where he co-chairs the firm’s global data protection, privacy and security practice. Ron Feingold is an intern at the DLA Piper Israel Country Group.

 ?? (Olivier Hoslet/Pool via Reuters) ?? EUROPEAN EXECUTIVE Vice President Margrethe Vestager speaks at a media conference on the European Union’s approach to artificial intelligen­ce, in Brussels, in April.
(Olivier Hoslet/Pool via Reuters) EUROPEAN EXECUTIVE Vice President Margrethe Vestager speaks at a media conference on the European Union’s approach to artificial intelligen­ce, in Brussels, in April.

Newspapers in English

Newspapers from Israel