Busy times to draft formulate the AI Act 

The key purpose of the new regulation is to strengthen trust in AI. To achieve this in daily practice the regulation must be clear and relevant. But will legislators be able to formulate predictable and applicable law that fulfils the purpose of the proposals? If not, the EU will fail in its ambition to strengthen AI uptake, investment, and innovation.

Many questions remain unanswered over how it will be possible to achieve these aims with the AI Act. The extensive technical documentation (annex IV), the limited sandboxes, the sharing of data, along with the extensive administrative burden for high-risk AI risk undermining European competitiveness.

Nordic stakeholders have placed great importance in the first parts of the proposal. For example, ensuring that the definition of AI aligns with the OECD definition. We must keep in mind that to support the enforcement of the AI Act, some sort of qualifying criteria for what an ‘AI system’ entails is needed. Therefore, retaining phrasing such as ‘certain level of autonomy’ are crucial to make identification possible. Any usage of delegated Acts to update these definitions is detrimental to creating legal certainty in the long run.

Another important issue is horizontal high-risk distribution. The starting point should be that the classification of an AI systems as high-risk work in a way where they affect people to be in the scope for high-risk requirements. Furthermore, a risk-based approach should be adopted, as in the GDPR.

Legislators need to review the section on high-risk applications in Chapter 2 of the AI Act to ensure that obligations are technically feasible, output-oriented, (define obligations less prescriptively), and to ensure proportionality, (for example, reduce overly detailed information requirements that do not add value for AI users).

When it comes to innovation, Article 54.1 sets out the important option to process lawfully collected personal data within a sandbox for other purposes. This could be a key public benefit in areas such as health, environment, climate change, energy, cybersecurity, and the efficiency of public services. However, access to regulatory sandboxes is limited. Not least in terms of authorities’ ability to handle sandboxes when it comes to competence and capacity. Most likely, there is a need to readjust priorities, focus on access for all businesses to a much larger extent, and simplify the use of sandboxes as far as possible. To pave the way for trustworthy AI, legislators need to face the market reality that it is often large businesses that can invest in AI development and push innovation forward.

Council Articles 2.6 and 2.7 are crucial for innovation. To maintain European competitiveness, it is critical to keep EU innovation in AI attractive. These exemptions should help, while also alleviating pressure on ensuring that sandboxes are the only route for innovation in the field of high-risk AI. There should be greater awareness that access to sandboxes is extremely limited.

Throughout the AI Act, there are provisions that will create bottlenecks due to demands on non-existing expertise and lack of competencies and experience in entities and authorities. Third party assessments and regulatory sandboxes are examples.

The overall concern persists. Which businesses will be able to comply and use AI? Everything in the act that does not directly contribute to building trustworthy AI needs to be removed if the EU’s intention to strengthen AI use is to succeed.