Projekt rozporządzenia ws. sztucznej inteligencji – opis zmian wprowadzonych w dokumencie z dnia 29 listopada 2021 r.

On 21 April 2021, the European Commission presented a proposal for a regulation laying down harmonised rules on artificial intelligence and amending certain union legislative acts ("Regulation”, „Proposal"). On 12 October 2021, the Slovenian Presidency of the European Union requested the Delegation to provide written comments and suggestions regarding drafting of the first 29 articles of the Regulation. Based on written representations from the Delegation, the Presidency has drawn up a first compromise proposal for the Regulation, covering Articles 1-7 and Annexes I-III.

The main amendments that have been introduced to the wording of the Regulation concerned: i) the subject matter and scope of the Regulation, ii) definitions, in particular of artificial intelligence system, provider, user, authorised representative, manufacturer, critical infrastructure, personal data, non-personal data, and definitions regarding biometrics, iii) prohibited practices in the scope of artificial intelligence, including, i.a. expansion of the prohibition of the use of artificial intelligence for the scoring of natural persons and bodies governed by private law.

Changes have been made to the subject matter and scope of the Regulation, in particular Article 1 of the Regulation has been clarified in order to better reflect the purpose of the Regulation, and as a result, the part of the content in letter c which initially narrowed down the scope of the harmonised transparency rules regarding artificial intelligence systems has been removed:

harmonised transparency rules for AI systems intended to interact with natural persons, emotion recognition systems and biometric categorisation systems, and AI systems used to generate or manipulate image, audio or video content;

The material scope in Article 2 of the Regulation has been clarified. The amendment to the provision involved emphasising that matters of national security are excluded from the scope of the Regulation (Article 2(3)). The above solution is also justified by Article 4(2) of the Treaty on European Union, according to which the safeguarding of national security is the sole responsibility of each Member State.

Recital 12 of the Regulation includes clarifications regarding artificial intelligence systems (‘AI systems’) that have been developed and used exclusively for military purposes. Similarly, Article 2 sections 6 and 7 of the Regulation, as well as Recital 12a stipulate that the Regulation should not apply to artificial intelligence systems and their results used exclusively for research and development purposes.

The proposal for the Regulation of 29 November 2021 also amended the definitions, i.e. the definitions were corrected or new ones were added. In particular, the definition of ‘AI system’ in Article 3(1), together with clarifications in paragraph 6 has been adjusted to ensure legal certainty and transparency in the definition of AI system for the purposes of the Regulation, explicitly indicating that any such AI system should specify achievement of a given set of human-defined objectives through learning, reasoning or simulation. This amendment has been made also to prevent inclusion of more traditional software systems, which are currently not considered AI, in the scope of the proposed Regulation.

Definitions of some of the entities included in the Regulation (e.g. provider, user, authorised representative) have been corrected or new definitions have been added (e.g. manufacturer) in order to better clarify their roles and obligations within the supply chain of the AI. Definitions referring to biometrics have also been improved in accordance with the amendments made to the relevant provisions. In Article 3 of the Regulation, three new definitions have been added: “critical infrastructure”, “personal data” and “non-personal data”.

In relation to title II of the Regulation, i.e. with reference to the prohibited practices in the scope of AI, Article 5(1)(c) has expanded the prohibition of using AI for the purposes of social score, and this prohibition has also been extended to private entities.

The EU Council wants to enable private entities to operate mass biometric surveillance systems on behalf of police and intends to expand the purposes for which such systems may be used under the Regulation proposed by the EU. In relation to justice and internal affairs, the document stipulates that:

„With regard to the use of ‘real-time’ remote biometric identification systems in publicly accessible spaces by law enforcement authorities, it was clarified that such systems may also be used by other entities acting on behalf of law enforcement authorities”.

This is coherent with earlier comments sent out within the Council. The compromise text of the Presidency refers to Article 5(d) of the Regulation:

d) the use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for the purpose of law enforcement, unless and in as far as such use is strictly necessary for one of the following objectives:

(ii) the prevention of a specific, substantial and imminent threat to the life or physical safety of natural persons or of a terrorist attack;

(ii) the prevention of a specific i substantial and imminent threat to the life or physical safety of natural persons or of a terrorist attack;

(iii) the detection, localisation, identification or prosecution of a perpetrator or suspect of a criminal offence referred to in Article 2(2) of Council Framework Decision 2002/584/JHA 62 and punishable in the Member State concerned by a custodial sentence or a detention order for a maximum period of at least three years, as determined by the law of that Member State.

One should pay attention in particular to the fact that using ‘real-time’ remote biometric categorisation systems in public space by law enforcement authorities, namely Article 6 (1)(d) of the Regulation will mean that these systems may also be used by other entities acting on behalf of law enforcement authorities. Furthermore, the list of purposes for which law enforcement authorities should be allowed to use ‘real-time’ remote biometric categorisation systems has been partially extended. Provisions regarding the process of granting authorisation for the use of the aforementioned systems have also been amended (Article 5(3) of the Regulation). The provision of Article 5(1)(b) has been amended in a way prohibiting the use of AI systems which would take advantage of the vulnerable position of certain groups of people who are more vulnerable, in particular because of their economic or social situation.

With reference to the issue of the classification rules for high-risk AI systems, Article 6 of the Regulation has been rewritten in its entirety in order to better illustrate and clarify the logic behind classification of high-risk AI systems in the Regulation and its correlation with Annexes II and III of the Regulation.

Furthermore, the list of areas significant for the purpose of identification of high-risk AI systems has been updated, as enumerated in Annex III. In particular, AI systems that should be used in surveillance process or as elements of digital infrastructure security, and AI systems that will be used in monitoring of emissions and pollution have been added in point 2. AI systems used for insurance purposes have been added in point 5, whereas the reference to systems used by law enforcement authorities or by other authorities acting on their behalf in order to carry out criminal analysis has been removed from point 6.

A new Article 52a and the associated Recital 70a have been added in order to clarify the general purpose of AI systems, which should not be considered as systems with an intended purpose within the meaning of the Regulation. Moreover, the new provisions also explain that placing on the market, putting into service or using a general purpose AI system should not make them subject to the regime of the Regulation.

With regard to the method of updating Annexes I and III, Article 84 introduces a new reporting obligation on the Commission, according to which the Commission will be obliged to make an assessment of the need to amend the lists in these Annexes every 24 months after entry into force of the Regulation.

Źródła:
1. Proposal For A Regulation Of The European Parliament And Of The Council Laying Down Harmonised Rules On Artificial Intelligence (Artificial Intelligence Act) And Amending Certain Union Legislative Acts COM/2021/206 final (dostępny na stronie: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52021PC0206)

2. Proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain Union legislative acts – Presidency compromise text (dostępny na stronie: https://data.consilium.europa.eu/doc/document/ST-14278-2021-INIT/en/pdf

Proposal for a regulation on artificial intelligence - description of changes made in the document of 29 November 2021

Facial recognition technology by private sector entities under the existing EU legal framework

Attention to AI-generated legal advice. Introduction to the liability of publishing entities.

Find article