Artificial intelligence (AI) is undoubtedly one of the defining
topics of our time. The speed at which increasingly advanced AI
applications are coming onto the market and conquering new,
previously unconceivable areas of life has brought European
legislators onto the scene. Last week, two major AI agreements
cleared crucial legislative hurdles. The EU’s Artificial
Intelligence Act (AI Act) and the Council of Europe’s
Convention on Artificial Intelligence (AI Convention) will likely
have a lasting impact on AI regulation in Switzerland.
AI regulation is coming – and soon Following the clear
decision by the EU Parliament on 13 March 2024, it is all but
certain that the AI Act will become a reality in the near future.
It is expected to enter into force as an EU regulation at the
latest by the end of the current legislative period in July 2024.
As such, the AI Act will be directly enforceable in EU member
states within 24 months, and for some applications even sooner.
However, even companies outside the EU may fall under the
purview of the AI Act, for example if they use AI systems whose
output is used in the EU. This will prompt numerous Swiss companies
to confront the question of how the AI Act affects their operations
and what measures they must implement to comply with its
requirements.
Less than 48 hours after the EU Parliament’s decision, the
Council of Europe adopted its own ground breaking AI Con vention.
As chair of the pertinent working group, Switzerland holds a vested
interest in the successful implementation of the AI Convention. We
presume that Switzerland will try to ratify the AI Convention
sooner rather than later.
Objective and scope of AI regulation
The European Union has set itself the ambitious goal of
comprehensively regulating AI now, aiming to ensure that future AI
usage and development are safe, transparent and fully align with
fundamental rights. To realise this ambition, the EU is ready to
introduce detailed and multi-layered AI regulation, including
detailed provisions for monitoring and sanctioning the new rules.
With over 450 pages and 113 articles, the complexity of the AI Act
also significantly exceeds the GDPR, which will make compliance
with the AI Act challenging.
In contrast, the Council of Europe’s AI Convention operates
at a much higher level. As an intergovernmental convention, it
focuses primarily on establishing principles to ensure the use of
AI is compliant with human rights. In addition to the member states
of the Council of Europe, countries such as the USA and Japan as
well as representatives from the technology industry and civil
society also took part in the negotiations. The result is a very
broad-based agreement with global reach, but it only represents a
minimum standard for the responsible use of AI. The concrete
implementation of the defined principles will take place at member
state level. Switzerland is likely to model itself primarily on the
EU’s AI Act.
The AI Act is analysed in more detail below.
“The Risk-Based Approach” of the AI Act: from
unacceptable to minimal risk
The AI Act defines “AI systems” as machine-based,
(semi-)autonomous, adaptive systems that process inputs into
outputs such as predictions, recommendations or decisions. This
broad definition includes everything from simple automation to
complex machine learning models, and thus emphasises the
comprehensive regulatory approach of the AI Act across a wide range
of sectors and areas of application.
At the heart of the AI Act is a risk-based approach to
categorising AI systems based on their potential for harm. The
following risk categories are distinguished:
Regulation of “General Purpose Artificial
Intelligence” (GPAI)
In addition to regulation by risk category, the AI Act pre
scribes specific regulation for General Purpose AI systems (GPAI).
These technologies, developed for a wide range of applications and
not just specific tasks, are considered fundamentally risky due to
their flexibility and application potential. If a certain computing
power is exceeded, they are considered “high impact”
systems that are subject to strict rules.
Monitoring and enforcement of the AI Act
Various national and pan-European institutions are re sponsible
for the implementation, monitoring and enforcement of the AI Act.
This includes the establishment of a new European AI Office, which
will become part of the EU Commission and will be responsible for a
wide range of measures at the European level. Among other things,
the AI Office will develop voluntary model clauses for contracts
between providers of high-risk AI systems and third parties, draw
up codes of conduct, evaluate and monitor compliance with these
codes, and pub lish summaries of the training data used in AI
models.
The AI Act also includes a range of measures to enforce the
regulation. Depending on the type and severity of the offence,
fines of up to EUR 15 million or 3% of annual global turn over can
be imposed. However, this only affects providers of GPAI platforms
such as Open AI and Google AI.
Regulatory developments in Switzerland
After a certain delay, Switzerland is now addressing the issue
of AI regulation. At the end of 2023, the Federal Council1
announced that it would evaluate the need for AI regulation. It
expects a report on possible regulatory approaches by the end of
2024.
In view of the importance of the AI Act and the aim of
harmonising with EU law and international standards, it can be
assumed that Switzerland will follow a similar path in the medium
term.
However, the “Swiss Finish” – similar to data
protection – is likely to be less comprehensive but may
provide for other obligations. AI systems that process personal
data must already comply with the revised Swiss Data Protection
Act.
Challenges for practical implementation
The AI Act marks a turning point in technology regulation and
poses considerable challenges for Swiss companies. The key points
are:
- Complexity: at over 450 pages, the AI Act is
probably one of the world’s most comprehensive and complex
legal documents on technology regulation. This makes compli ance
with the AI Act challenging and resource intensive. - Broad scope of application: the AI Act
regulates a wide range of sectors and applications and therefore
affects many organisations. Due to its extraterritorial effect, it
is a challenge for Swiss companies to know to which rules of the AI
Act they are subject, in which situation and to what extent. - Legal uncertainty: unclear and partially
overlapping legal terms could lead to uncertainties and demarca
tion problems in practice. For example, it is likely to be a
challenge for many companies to clearly determine the context in
which they are acting, as a “provider”,
“deployer”, “distributor” and/or
“operator” of AI systems. - “Dual-use” problem: the possibility
of using technolo gies in both authorised and prohibited areas
harbours significant liability and compliance risks. In certain
situations, it will be almost impossible for companies to prevent
their AI systems from being used for prohibited purposes. The
question arises as to whether and to what extent they can be held
liable for the misuse of their AI systems.
The clarification of these uncertainties by the newly created
European AI supervisory authority and the courts will take time. In
the meantime, companies will face the challenge of implementing and
interpreting the AI Act independently.
Summary
In view of the complex challenges posed by the AI Act, it is
advisable for the Swiss to keep a close eye on its imple mentation
and further legal developments. Especially as they may be directly
subject to the AI Act, and the fines can be con siderable.
Ultimately, however, the legal challenges in AI regu lation are not
unusual, and are similar to other regulated eco nomic sectors in
which undefined legal terms are used in order to anticipate
developments that are not yet foreseeable.
Keyfacts
01 Last week, the EU and the Council of Europe adopted
ground-breaking AI agreement
02 The AI Act is expected to come into force as early as July
2024. It will be binding for all companies by 2026 at the
latest.
03 Due to its complexity and the potenti ally high fines,
compliance with the AI Act will pose major challenges for many
companies.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
#European #Union #Council #Europe #Give #Ahead #European #Regulation #Technology
