AI Act begins to take shape

The French Presidency of the Council has already presented a compromise text to the Member States, but they may still be a long way from reaching an agreement on the AI Act. The European Parliament, on the other hand, is at the early stages of its deliberations. The joint IMCO-LIBE committee will start the first hearing on 23 March and the schedule indicates that the plenary vote should take place in November. Then will come the trilogue with the European Commission and the Council, if they have agreed on a position by then.

The European Commission’s proposal for the AI Act is based on the concept of trust, which is vital to achieving greater uptake of AI. The use of AI solutions is important for competitiveness, security, good customer experience and for providing effective and appropriate services for citizens.

However, there are significant concerns amongst our members that the draft AI Act is far too wide-ranging, and with many vague legal concepts to truly boost the use of AI and EU competitiveness. The European Commission’s proposal would be difficult to apply and would entail increased costs for compliance. The Act proposal overlaps, and conflicts with, existing frameworks in a way that few companies will be able to address. It imposes unrealistic costs and administrative burdens, not least on start-ups and small- and medium-sized enterprises.

The proposal will also generate higher costs and create bottlenecks as a consequence of its extensive reach, while complex requirements will necessitate competence in areas where there are already considerable shortages of employees with relevant knowledge. This situation is a fact in both private and public sectors.

The French Presidency’s compromise proposal of 13 January does include some important clarifications. The concept of ‘risk’ has now been limited to the “health, safety, and fundamental rights in view of the intended purpose of the high-risk AI systems”, which cannot be “reasonably mitigated or eliminated through the development or design of the high-risk Ai system, or the provision of adequate technical information” (article 9).

The Presidency narrows the data and data governance requirements to biases that “are likely to affect health and safety of persons or lead to discrimination prohibited by Union law” (article 10). The text now clarifies that data sets need to be free of errors and complete only to “the best extent possible”.

The requirements for technical documentation (article 11) and keeping of records are in general very cumbersome (article 12). These obligations will be very difficult to meet for real-time systems with high numbers of decision points. Annex IV still includes challenging obligations on technical information. It is debatable whether it is even possible to provide authorities with this information.

While we note several improvements in the compromise proposal, we still see opportunities for further improvements, not least to ensure the easy adoption by SMEs and to accommodate future technological developments. It is important that the wording concerning high-risk AI systems is proportionate to the purpose of the AI Act (article 6). Rather than disproportionately imposing requirements on the structure of work within companies, what is illegal (not desirable) should be regulated. Articles 8-29 need to be further reviewed and redrafted. Creating a sizeable compliance structure for good technology support is unfortunate, overly prescriptive, and unnecessarily burdensome.

The use of AI does not absolve companies of their responsibility under already applicable laws and regulations. If regulation is not sufficient in certain areas, it should be supplemented in a technology-neutral way that last over time to ensure compliance and a good investment climate.

The Confederation of Swedish Enterprise: 

• welcomes the approach to protecting the users of AI systems and creating trust in the use of AI.
• criticises the proposal as it has extensive negative consequences for competitiveness, innovation, and entrepreneurship; the consequences of the proposal need to be examined in greater detail.
• emphasises that investments and compliance are ensured through clear, principle-based and technology-neutral rules that last over time.
• advocates the use of NLF principles and a legal framework that is limited to essential requirements, which leave technical implementation to product-specific and updated (state-of-the-art) voluntary standards developed by stakeholders.
• requests compliance with the Better Regulation agenda - make simpler and better EU laws with special attention to the implications and costs of applying legislation.
• believes that the proposal will have a negative impact on the freedom to conduct business and employers relevant AI use.
• observes that the AI Act overlaps with other regulations and needs to be harmonised with the Data Protection Regulation (GDPR) regarding data processing and storage.
• proposes more extensive initiatives for regulatory sandboxes and experimentation to promote test opportunities for innovative solutions in high-risk AI areas.
• questions the unjustifiably high levels of sanctions.
• highlights the considerable need for AI experts and staff with AI skills, a gap that must be addressed before the proposal enters into force.

For more details, please read the Confederation of Swedish Enterprise’s position paper.