On 19 February 2020, the European Commission presented its long-awaited strategies for data and AI.  These follow Commission President Ursula von der Leyen’s commitment upon taking office to put forward legislative proposals for a “coordinated European approach to the human and ethical implications of AI” within the new Commission’s first 100 days.  Although the papers published this week do not set out a comprehensive EU legal framework for AI, they do give a clear indication of the Commission’s key priorities and anticipated next steps.

The Commission strategies are set out in four separate papers—two on AI, and one each on Europe’s digital future and the data economy.  Read together, it is clear that the Commission seeks to position the EU as a digital leader, both in terms of trustworthy AI and the wider data economy.

We will publish more detailed analyses of each paper in subsequent blogs.  Headline points include:

White Paper on Artificial Intelligence – A European approach to excellence and trust

  • The Commission’s AI white paper emphasizes the importance of establishing a uniform approach to AI in the EU in order to avoid barriers to the EU’s single market.  It discusses risks related to the use of AI, such as the potential to infringe fundamental rights, safety risks, and liability-related issues.
  • The Commission also sets out its plan to take a risk-based approach to regulating AI.  Specifically, the Commission proposes to focus in the near term on “high-risk” AI applications.  An AI application would be deemed high risk only if it was deployed in a high-risk sector and in a high-risk manner.  The white paper lists healthcare, transport, energy, and parts of the public sector as sectors likely to be high-risk.  Whether a specific AI application is high risk will likely turn on whether it has the potential to produce legal or similarly significant effects on the rights of an individual or company.  AI applications used for remote biometric identification (e.g., surveillance using facial recognition technology) would also be considered high-risk.
  • AI applications deemed high risk would be subject to various transparency and other requirements, which would be enforced through mandatory pre-marketing conformity assessment requirements. These requirements would apply to all operators offering AI products or services in the EU, regardless of their place of establishment.
  • Separately, the white paper proposes that AI applications that do not qualify as “high risk” could be subject to a voluntary labelling scheme.  In the Commission’s view, such a scheme would allow suppliers of non-high-risk AI to nonetheless “signal that their AI-enabled products and services are trustworthy.”  Although entirely voluntary, once a supplier opted to use the label, the requirements would be binding.
  • In addition to AI regulation (to establish an “ecosystem of AI trust”), the white paper also proposes several measures designed to promote an “ecosystem of AI excellence,” including through research funding, skills development, and partnerships with the private sector.
  • The proposals set out in the white paper are open for public consultation until 19 May 2020.

Report on the safety and liability implications of Artificial Intelligence, the Internet of Things and robotics

  • The report focuses on the current EU product safety regime and assesses how it can be improved to address innovations in the area of AI, IoT and robotics.  It notes the challenges presented by emerging technologies to the existing EU regulatory framework, including those related to connectivity, autonomy, data dependency, opacity, complexity of the products and systems, software, and complex value chains.
  • The Commission proposes updating the existing framework to ensure, among other things, that compensation is always available for damage caused by products that are defective because of software or other digital features.
  • The Commission is also seeking views on whether it should consider reversing or otherwise altering the burdens of proof on plaintiffs required by national liability rules for damage caused by the operation of AI applications.  It notes that the complexity of AI/IoT supply chains and difficulties in establishing what components caused a malfunction can be difficult to prove in cases involving AI and IoT products.

Communication on shaping Europe’s digital future

  • The Commission in the Communication sets out a vision for a European society powered by digital solutions that is rooted in common European values.  The Commission underscores that its conception of “European technological sovereignty” is not defined “against anyone else,” but is focused on the needs of Europeans and of the European social model.
  • The strategy seeks to achieve three key objectives: (i) ensuring that technology works for people; (ii) a fair and competitive economy; and (iii) an open, democratic, and sustainable society.
  • The Communication describes the EU’s plans to increase European investment in technological innovation, in order to reduce reliance on digital solutions developed outside of Europe.  The Communication also recommends enhancing regulatory frameworks to – among other things – ensure fairness, support user choice, and prevent the over-concentration of market power.  More specifically, the Communication proposes greater investments (through various channels, such as the new EU Multiannual Financial Framework) in innovation, connectivity, smart energy & transport structures, enhanced cybersecurity, and digital skills.  It also endorses various legislative measures, such as rules targeting digital services and online platforms to give users greater control over data, measures ensuring legal protections for digital platform workers, and rules aimed at promoting transparency in the democratic process (e.g., advertising in the context of political elections).

Communication on a European strategy for data

  • The Commission’s data strategy Communication articulates the EU’s aspiration to be a role model of a society powered by data to make better decisions.  The Communication highlights what the Commissions sees as challenges to attaining this goal, including: a lack of available data, imbalances of market power, reliance on non-EU cloud providers, a lack of digital skills, and cybersecurity risks.
  • To address these challenges, the Communication proposes a four-pillar strategy that includes:
    • a cross-sectoral governance framework for data access and use that will cover, among other measures, new EU mechanisms and guidance on data sharing;
    • investments in data and strengthening of the EU’s capabilities and infrastructures for hosting, processing and using data;
    • greater investment in digital skills and in SMEs; and
    • the development of common European data spaces in strategic sectors and domains of public interest.

In addition to the papers above, the Commission has also released a number of fact sheets, Q&As, and other documents supporting these publications.

Please keep an eye out for our forthcoming blog posts.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lisa Peets Lisa Peets

Lisa Peets is co-chair of the firm’s Technology and Communications Regulation Practice Group and a member of the firm’s global Management Committee. Lisa divides her time between London and Brussels, and her practice encompasses regulatory compliance and investigations alongside legislative advocacy. For more…

Lisa Peets is co-chair of the firm’s Technology and Communications Regulation Practice Group and a member of the firm’s global Management Committee. Lisa divides her time between London and Brussels, and her practice encompasses regulatory compliance and investigations alongside legislative advocacy. For more than two decades, she has worked closely with many of the world’s best-known technology companies.

Lisa counsels clients on a range of EU and UK legal frameworks affecting technology providers, including data protection, content moderation, artificial intelligence, platform regulation, copyright, e-commerce and consumer protection, and the rapidly expanding universe of additional rules applicable to technology, data and online services.

Lisa also supports Covington’s disputes team in litigation involving technology providers.

According to Chambers UK (2024 edition), “Lisa provides an excellent service and familiarity with client needs.”

Photo of Marty Hansen Marty Hansen

Martin Hansen has over two decades of experience representing some of the world’s leading innovative companies in the internet, IT, e-commerce, and life sciences sectors on a broad range of regulatory, intellectual property, and competition issues, including related to artificial intelligence. Martin has…

Martin Hansen has over two decades of experience representing some of the world’s leading innovative companies in the internet, IT, e-commerce, and life sciences sectors on a broad range of regulatory, intellectual property, and competition issues, including related to artificial intelligence. Martin has extensive experience in advising clients on matters arising under EU and U.S. law, UK law, the World Trade Organization agreements, and other trade agreements.

Photo of Sam Jungyun Choi Sam Jungyun Choi

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such…

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such as AI, digital health, and autonomous vehicles.

Sam is an expert on the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act, having advised on these laws since they started to apply. In recent years, her work has evolved to include advising companies on new data and digital laws in the EU, including the AI Act, Data Act and the Digital Services Act.

Sam’s practice includes advising on regulatory, compliance and policy issues that affect leading companies in the technology, life sciences and gaming companies on laws relating to privacy and data protection, digital services and AI. She advises clients on designing of new products and services, preparing privacy documentation, and developing data and AI governance programs. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.

Photo of Nicholas Shepherd Nicholas Shepherd

Nicholas Shepherd is an associate in Covington’s Washington, DC office, where he is a member of the Data Privacy and Cybersecurity Practice Group, advising clients on compliance with all aspects of the European General Data Protection Regulation (GDPR), ePrivacy Directive, European direct marketing…

Nicholas Shepherd is an associate in Covington’s Washington, DC office, where he is a member of the Data Privacy and Cybersecurity Practice Group, advising clients on compliance with all aspects of the European General Data Protection Regulation (GDPR), ePrivacy Directive, European direct marketing laws, and other privacy and cybersecurity laws worldwide. Nick counsels on topics that include adtech, anonymization, children’s privacy, cross-border transfer restrictions, and much more, providing advice tailored to product- and service-specific contexts to help clients apply a risk-based approach in addressing requirements in relation to transparency, consent, lawful processing, data sharing, and others.

A U.S.-trained and qualified lawyer with 7 years of working experience in Europe, Nick leverages his multi-faceted legal background and international experience to provide clear and pragmatic advice to help organizations address their privacy compliance obligations across jurisdictions.

Photo of Anna Oberschelp de Meneses Anna Oberschelp de Meneses

Anna Sophia Oberschelp de Meneses is an associate in the Data Privacy and Cybersecurity Practice Group.

Anna is a qualified Portuguese lawyer, but is both a native Portuguese and German speaker.

Anna advises companies on European data protection law and helps clients coordinate…

Anna Sophia Oberschelp de Meneses is an associate in the Data Privacy and Cybersecurity Practice Group.

Anna is a qualified Portuguese lawyer, but is both a native Portuguese and German speaker.

Anna advises companies on European data protection law and helps clients coordinate international data protection law projects.

She has obtained a certificate for “corporate data protection officer” by the German Association for Data Protection and Data Security (“Gesellschaft für Datenschutz und Datensicherheit e.V.”). She is also Certified Information Privacy Professional Europe (CIPPE/EU) by the International Association of Privacy Professionals (IAPP).

Anna also advises companies in the field of EU consumer law and has been closely tracking the developments in this area.

Her extensive language skills allow her to monitor developments and help clients tackle EU Data Privacy, Cybersecurity and Consumer Law issues in various EU and ROW jurisdictions.