There are already rules for AI applications
The European Commission has published a draft AI (Artificial Intelligence) Regulation. The current laws and regulations are inadequate for AI applications. The approach of this draft is to opt for human-centred AI. Developers of AI applications must assess for themselves in which of the four risk groups their applications fall. The higher the risk, the higher the requirements for that AI application. It will certainly take years before the AI Regulation will enter into force. In addition, there is a good chance that the draft will be adjusted in the coming period.
What does that mean for the AI applications that are currently being developed or used? Are there no rules for that?
For various AI applications, there are already laws and/or regulations that must be complied with. For example:
- Medical Devices Regulation: for AI applications in medical devices
- Constitution + Human Rights Treaties: for protection of fundamental rights such as speech, privacy, self-determination.
- General Data Protection Regulation: when processing personal data
- Product safety regulations: when an AI application causes injury
- Consumer protection: when information obligations arise from these regulations
- Codes of conduct: when a sector lays down rules (code of conduct) for AI applications
- Contracts: when parties have agreed on rules for AI applications in an agreement
In short, even without an AI regulation, there are already laws and regulations that an AI application must comply with. For AI developers, this means that they must make an inventory of which laws and regulations the AI application must comply with, and whether they comply with them. If they do not, a customer/client may later claim that the AI application did not meet the legal requirements. This may lead to damage claims. As a user/client for the development of an AI application, you will have to ask a similar question. The same applies to supervisors of parties using an AI application.
AI compliance assessment
Therefore, it is wise for both developers and users of AI applications to determine in an AI compliance assessment which laws and regulations apply to the AI application and whether it complies with them. If they are not complied with, timely action can be taken to become compliant.
For more questions about this, or for guidance in performing an AI compliance assessment, please contact Jos van der Wijst.