On March 13th, the European Parliament adopted the legislative resolution on the proposal for a regulation of the European Parliament and of the Council on laying down harmonised rules on Artificial Intelligence (Artificial Intelligence Act) and amending certain Union Legislative Acts (COM(2021)0206 – C9-0146/2021 – 2021/0106(COD))(henceforth AI Act). This is the first law in the world, ruling Artificial Intelligence.
Such adoption is the final step of a path started on 2018, when the European Commission defined a strategy plan for the AI, being aware how the use of AI shows opportunities and risks: on the one hand AI can support and strengthen security of citizens, enabling them to enjoy their fundamental rights; on the other, AI can have unintended effects or can be used for malicious purposes (COM(2018) 237 final). Following this communication, a High-Level Expert Group was established, that drafted Ethics Guidelines on trustworthy AI, published on April 8th, 2019. These guidelines identified seven requirements for a trustworthy AI, including systemic, social and individual aspects: human agency and oversight; technical robustness and safety; privacy and data governance; transparency; diversity, non-discrimination and fairness; societal and environmental wellbeing; accountability.
On February 19th, 2020, there was the adoption of the White Paper on Artificial Intelligence. A European approach to excellence and trust (COM(2020)65 final). The White Paper analysed deeply several harms, having both a material and immaterial nature, related to the use of AI: among them, just cite risks for fundamental rights, including personal data and privacy protection and non-discrimination; and risks for safety and the functioning of the liability regime. Despite the existence of a regulatory framework, containing various requirements, there was currently no legislation to protect transparency, traceability, and human surveillance. Therefore, it was suggested that a clear and common regulatory framework should be drawn up, the adoption of which would strengthen consumer and business confidence, stimulating the use of this technology. There was the need of a legislation that, on the one hand, would provide a flexible definition of AI, to accommodate technical advances, and, on the other hand, would be sufficiently precise, to ensure legal certainty. Finally, the White Paper suggested that the regulation would have a risk-based approach, considered helpful to ensure that the regulatory intervention is proportionate. Such regulatory intervention should define clear criteria to differentiate between different AI applications, aimed at identifying which of them are high-risk.
Thus, the adoption of the Artificial Intelligence Act is the final step of such long process, aimed at ruling the matter, with the purpose of improving “the functioning of the internal market and promote the uptake of human-centric and trustworthy artificial intelligence (AI), while ensuring a high level of protection of health, safety, fundamental rights enshrined in the Charter of Fundamental Rights, including democracy, the rule of law and environmental protection, against the harmful effects of artificial intelligence systems (AI systems) in the Union, and to support innovation” (art. 1). According to what suggested by the White Paper, the AI Act prohibits some AI applications, that threaten citizens’ rights (among them are the biometric categorizations based on sensitive characteristics and the indiscriminate extrapolation of facial images from the internet or from CCTV recordings to create facial recognition databases (art. 5, pt. g). Law enforcement agencies can not use such technologies, except in some specific situations expressly provided for by law (art. 5, pt. h). Further, the AI Act introduces clear obligations for high-risk systems, that must assess and reduce risks, maintain record of use, be transparent and accurate (Section 2 and 3). Citizen will have the right to file complaints on AI systems and receive explanations on decisions based on high-risk AI systems that affect their rights (art. 85 and 86). There is also a general obligation of transparency and compliance with EU rules.
Once passed the final verification by lawyer-linguists, the Act needs to be formally approved by the Council and enter into force twenty days after publication in the Official Journal of the EU; it will start to apply 24 months after entry into force, except with respect to: prohibitions on banned practices, which will apply from six months after entry into force; codes of good practice (nine months later); rules on general purpose AI systems, including governance (12 months) and obligations for high-risk systems (36 months). The entry into force of such Act will represent a truly epoch-making turning point, whose effects will reverberate far beyond the borders of the EU, as has already happened with the GDPR.