The digitalization process that our society has embraced, as with any new technology, brings great opportunities and benefits but also risks and challenges. One such challenge is how to regulate new digital technologies to allow their development and use within the constitutional/political values and legal framework of a given jurisdiction.
The EU, comprising its three main institutions (Parliament, Council and Commission), has in recent years been the main international player for regulation of new IT technologies. The GDPR of 2018, a complex statute that involved years of discussions, has demonstrated that the EU can produce legislation that both protects its citizens and companies against threats but also that influences other jurisdictions, projecting the EU constitutional values beyond its frontiers.
After the GDPR, the list of EU legislative acts is rather impressive including approval of the DSA, DORA and NIS2 in 2022 and the DMA, DSA Audit Act, the Data Act and the Chips Act in 2023. The list of legislation currently under discussion is also long, and includes the FIDA II, the AI & AI Liability Acts, the European Health Data Space and the Cyber Resilience Act (CRA).
As to the AI Act, the EU concluded interinstitutional negotiations (or trilogue) on 8 December 2023 to reach a political agreement on a general regulation of AI.
The AI Act that will be published in the coming weeks is perhaps the first example of general and quasi-integral regulation of an entire new digital technology. Examples of regulations on the IP protection of software, (Dir. 2009/24/EC), the sui generis data base rights (Dir. 96/9/EC) and the NIS 1 and 2 Directives on cybersecurity or even the GDPR do not in my view embrace an entire technology.
We will analyze in upcoming posts some of the tools and techniques that the EU intends to use to regulate AI as a disruptive digital technology, such as the risk categorization of applications, the approach towards the use of the technology or the so called AI Pact, an interesting initiative to foster the disclosure of best compliance practices.
More in coming posts.