The Draft Report for the Artificial Intelligence Act

On scope

Suggested inclusions for high-risk AI:

• An exception stating that AI systems used in credit scoring are not considered high-risk if put into service by small scale providers for their own use, is proposed to be deleted. This means that any AI system used in credit scoring would be considered high risk.
• AI systems used to determine eligibility on health and life insurance would be considered high-risk.
• Deep fakes and text content, such as novels and news articles, that are intended to falsely appear human.

On definitions

The definition for biometric data is proposed to be the same as that in the GDPR, rather than in line. Additionally, definitions are proposed for “wide-spread infringement” and “wide-spread infringement with a Union dimension”. The definition of “emotion recognition system” is expanded to include systems used to identify thoughts and states of mind of natural persons, not just emotions.

On assessing risk-levels

On assessing risk-levels, the Draft Report suggests that when an AI system is being assessed, it should be taken into account the extent to which the system is used, including reasonably foreseeable misuses, and the potential extent of such harm, including particular groups.

On data use and testing AI systems

Rather than requiring the data used in AI training to be free of errors, the Draft Report proposes a softer approach stating that it need just be “up-to-date, and to the best extent possible, free from errors”.

Incident reporting

Obligations for providers are in general in line with the Commission text, but the wording suggests that providers report incidents without delay. Incident reporting is suggested to be no later than 72 hours, rather than 15 days by the Commission text.

The Commission would have to develop guidance on facilitating compliance by the entry of force of the AI Act, rather than 12 months after, and it would be reviewed every year. 

On the European Artificial Intelligence Board

The Draft Report proposes a revamp to the structure of the European Artificial Intelligence Board, as proposed by the Commission. Notably, it would be headed by a chair and be an independent organisation. It proposed that the Board issue annual reports on its activity on a yearly basis, to be available publicly.

Like in the Commission Proposal, natural persons have to be assigned to ensure human oversight of high-risk AI, but the Draft Report proposes a specification that they be properly qualified and trained.

Cooperation mechanism between national supervisory authorities

The Draft Report would add a cooperation mechanism between national supervisory authorities in cases involving two or more member states. In cases of serious disagreement, the national supervisory authorities would have to notify the Board of all relevant information, after which the Board would have to issue a recommendation within three months. 

Commission intervention

A new chapter setting out the conditions for Commission intervention in enforcing the Regulation is suggested to be added, covering proposed articles Article 68a to 68i. It would state that the Commission would be empowered to initiative proceedings when it believes that there is a widespread infringement of the AI Act which affects or is likely to affect at least 45 million individuals, or where the infringement affects natural persons in at least two Member States that have not yet taken any action. In these situations, the national supervisory authorities would be precluded from exercising their investigatory and enforcement powers so as to avoid duplication. In order to investigate matters, the Commission would:

• Have access to any relevant documents, information and data necessary to open and conduct investigations and monitor compliance relating to the AI Act.
• Would be able to request any relevant information from any public authority, body, or agency, within the Member States, or from any natural or legal person.
• Have access to databases, algorithms and source codes, as well as their explanation.
• Be able to interview, upon their consent, any persons in possession of useful information.
• Be empowered to carry out remote and on-site inspections, and be empowered to enter any premises, land or means of transport of the business. 

Non compliance-decisions

Penalties are in line with the Commission text, although additional penalties of up to 2% of total turnover are proposed when operators fail to provide complete information; fail to provide information by a deadline set by the Commission, or refuse to submit to a remote or on-site inspection. 

On regulatory sandboxes

If significant risks to health, safety or fundamental rights are identified during the development and testing of AI in regulatory sandboxes, and mitigation is infective, the Draft Report suggests that the development and testing process be suspended without delay.

Next steps

The deadline for amendments is 18 May.