Last month, an expert roundtable took place convened by Freshfields’ EU Regulatory & Public Affairs team based in Brussels, together with global companies from different sectors and one of the European Parliament’s lead negotiators on the first ever regulatory framework on Artificial Intelligence. Together with German Member of the European Parliament (MEP) Axel Voss, participants discussed the state of play of the negotiations on the AI Act, the focus areas of the text and what can be expected over the next months considering that the Spanish Presidency of the Council has made reaching a final agreement before the end of this year a top priority.
The roundtable in Brussels was organized by Freshfields, hosted and led by Christoph Werkmeister (Partner at Freshfields, Global Co-Head of the Data and Technology Practice) and Natalie Pettinger Kearney (Head of the EU Regulatory & Public Affairs at Freshfields).
The AI Act proposal sets up a legislative framework based on risk: the higher the perceived risk, the stricter the rule. To be more precise, the AI Act proposes different levels of risk – unacceptable risk, high risk, limited risk and minimal risk – which encompass different obligations for AI providers, users and manufacturers (see Freshfields client briefing on the initial proposal here).
Overall the AI Act proposal was unveiled by the Commission in April 2021 with the aim of addressing perceived risks linked to AI and with the intention of becoming a global standard setter in this field. In fact, since the EU is the first jurisdiction to regulate AI, this proposal could serve as a blueprint for other regulatory authorities around the world. Following more than two years of intense negotiations between the co-legislators, the AI Act is currently under the final phase of the EU legislative process; the interinstitutional negotiations (trilogues). While the finalisation of the AI Act before the end of the year is a top priority for the Spanish Presidency of the Council, we should only expect the AI Act to start applying as of 2026.
From the latest co-legislators’ positions and the current discussion in trilogues, it is clear that there are still many outstanding issues to be agreed, a number of which were discussed with Freshfields and the company representatives who attended to the roundtable. Below we set out the key issues that were highlighted during the roundtable as being the most critical.
Defining AI
One of the key discussion topics was the definition of AI systems given there was some concern about the fact that the definition proposed by the Commission was very broad. How AI is defined in this proposal is extremely important because it will determine which activities and sectors will be captured under the AI Act. Overall there was agreement about the fact that the definition of AI should be aligned with international standards such as those from the OECD or the NIST. It is up to the Spanish Presidency to design a compromise proposal that finds the right balance for EU policymakers, citizens and businesses while bearing in mind that the OECD is also revising its own definition of AI.
High-risk categorisation and list of prohibited practices
Part of the discussion also focused on the prohibited practices and the list of high-risk categorisation given there are certain disagreements among MEPs, but also between the final positions of the Parliament and the Council. It was agreed that the potential ban on biometric identification will be a key hot topic for the trilogues, but the fact that some MEPs are not comfortable with the Parliament’s position could weaken their bargaining power when agreeing on a compromise with the Council which seems to have a more solid position on this specific aspect. During the discussion, it was also flagged that a lot of additional requirements were created for the system itself and for the deployers which could create administrative burden for businesses.
Interlinkages with other pieces of legislation
The idea of an existing conflict between GDPR and the AI Act when it comes to sandboxes was also floated during the discussion. According to several participants, for an AI system not to be biased and discriminatory, it would need to be trained with a lot of personal data, which may lead to conflicts with the GDPR which stipulates a data minimisation and a purpose limitation principle (i.e. personal data collected for one purpose shall generally not be used for other purposes, unless certain requirements under the GDPR are met). While the Parliament has included a provision which explicitly allows the use of certain personal data for different purposes, some stakeholders had concerns about how this could work in practice (see Freshfields latest blogpost on the Parliament’s position here).
As a follow up to the widespread use of generative AI systems, the Parliament has added an additional layer of regulation under the AI Act by making a distinction between foundation models and Generative AI systems. This distinction has also raised frictions with other pieces of legislation, especially in the field of copyright. Against this background, it was pointed out that the Parliament has introduced additional transparency requirements for these systems, as well as safeguards against generating illegal content.
As anticipated, the discussion was very open and lively. Indeed, German MEP Axel Voss was keen to hear from companies across sectors (e.g. financial, automotive, tech) what the main challenges for the different sectors represented in the room are, and shared views on what Europe should do to be at the forefront of digital regulation whilst preserving innovation. If you would like to know more about what was discussed and be considered for the next roundtable, please do not hesitate to reach out to the Freshfields EU Regulatory & Public Affairs team.