Skip to main content
Shaping Europe’s digital future logo

Regulatory framework proposal on artificial intelligence

The Commission is proposing the first ever legal framework on AI, which addresses the risks of AI and positions Europe to play a leading role globally.

© gorodenkoff - iStock Getty Images Plus

The regulatory proposal aims to provide AI developers, deployers and users with clear requirements and obligations regarding specific uses of AI. At the same time, the proposal seeks to reduce administrative and financial burdens for business, in particular small and medium-sized enterprises (SMEs). 

The proposal is part of a wider AI package, which also includes the updated Coordinated Plan on AI. Together they guarantee the safety and fundamental rights of people and businesses, while strengthening AI uptake, investment and innovation across the EU.

Why do we need rules on AI?

The proposed AI regulation ensures that Europeans can trust what AI has to offer. While most AI systems pose limited to no risk and can be used to solve many societal challenges, certain AI systems create risks that need to be addressed to avoid undesirable outcomes. 

For example, it is often not possible to find out why an AI system has made a decision or prediction and reached a certain outcome. So, it may become difficult to assess whether someone has been unfairly disadvantaged, such as in a hiring decision or in an application for a public benefit scheme.

Although existing legislation provides some protection, it is insufficient to address the specific challenges AI systems may bring.

The proposed rules will:

  • address risks specifically created by AI applications;
  • propose a list of high-risk applications;
  • set clear requirements for AI systems for high risk applications;
  • define specific obligations for AI users and providers of high risk applications;
  • propose a conformity assessment before the AI system is put into service or placed on the market;
  • propose enforcement after such an AI system is placed in the market;
  • propose a governance structure at European and national level.

A risk-based approach

pyramid showing the four levels of risk: Unacceptable risk; High-risk; limited risk, minimal or no risk

Unacceptable risk: All AI systems considered a clear threat to the safety, livelihoods and rights of people will be banned, from social scoring by governments to toys using voice assistance that encourages dangerous behaviour.

High-risk: AI systems identified as high-risk include AI technology used in:

  • Critical infrastructures (e.g. transport), that could put the life and health of citizens at risk; 
  • Educational or vocational training, that may determine the access to education and professional course of someone’s life (e.g. scoring of exams); 
  • Safety components of products (e.g. AI application in robot-assisted surgery);
  • Employment, workers management and access to self-employment (e.g. CV-sorting software for recruitment procedures);
  • Essential private and public services (e.g. credit scoring denying citizens opportunity to obtain a loan); 
  • Law enforcement that may interfere with people’s fundamental rights (e.g. evaluation of the reliability of evidence);
  • Migration, asylum and border control management (e.g. verification of authenticity of travel documents);
  • Administration of justice and democratic processes (e.g. applying the law to a concrete set of facts).

High-risk AI systems will be subject to strict obligations before they can be put on the market: 

  • Adequate risk assessment and mitigation systems;
  • High quality of the datasets feeding the system to minimise risks and discriminatory outcomes; 
  • Logging of activity to ensure traceability of results
  • Detailed documentation providing all information necessary on the system and its purpose for authorities to assess its compliance; 
  • Clear and adequate information to the user; 
  • Appropriate human oversight measures to minimise risk; 
  • High level of robustness, security and accuracy.

In particular, all remote biometric identification systems are considered high risk and subject to strict requirements. Their live use in publicly accessible spaces for law enforcement purposes is prohibited in principle. Narrow exceptions are strictly defined  and regulated (such as where strictly necessary to search for a missing child, to prevent a specific and imminent terrorist threat or to detect, locate, identify or prosecute a perpetrator or suspect of a serious criminal offence). Such use is subject to authorisation by a judicial or other independent body and to appropriate limits in time, geographic reach and the data bases searched.

Limited risk, i.e. AI systems with specific transparency obligations: When using AI systems such as chatbots, users should be aware that they are interacting with a machine so they can take an informed decision to continue or step back. 

Minimal risk: The proposal allows the free use of applications such as AI-enabled video games or spam filters. The vast majority of AI systems currently used in the EU fall into this category, where they represent minimal or no risk. 

step-by-step process for declaration of conformity
How does it all work in practice for providers of high risk AI systems?

Once the AI system is on the market, authorities are in charge of the market surveillance, users ensure human oversight and monitoring, and providers have a post-market monitoring system in place. Providers and users will also report serious incidents and malfunctioning.

Future-proof legislation

As AI is a fast evolving technology, the proposal is based on a future-proof approach, allowing rules to adapt to technological change. AI applications should remain trustworthy even after they have been placed on the market. This requires ongoing quality and risk management by providers. 

Next steps

Following the Commission’s proposal in April 2021, the regulation could enter into force in the second half of 2022 in a transitional period. In this period, standards would be mandated and developed, and the governance structures set up would be operational. The second half of 2024 is the earliest time the regulation could become applicable to operators with the standards ready and the first conformity assessments carried out.

Latest

PRESS RELEASE |
Trade and Technology Council: Inaugural meeting agrees on important deliverables and outlines areas for future EU-US cooperation

At the first meeting of the Trade and Technology Council (TTC) in Pittsburgh, the EU and the US agreed on concrete deliverables and outlined the future scope of work. Notably, the EU and the US committed to cooperating closely on shared priorities such as export controls, foreign investment screening, critical and emerging technology standards including Artificial Intelligence, and secure supply chains including on semiconductors. They also agreed to work together on important global trade issues, such as the challenges posed by non-market economies and trade-related climate and environment

PRESS RELEASE |
Coronavirus: 200th EU disinfection robot delivered to European hospital, a further 100 confirmed

This week the Commission delivered the 200th disinfection robot – to Consorci Corporació Sanitària Parc Taulí hospital in Barcelona. The robots, donated by the Commission, help sanitise COVID-19 patient rooms and are part of the Commission's action to supply hospitals across the EU to help them cope with the effects of the coronavirus pandemic. Further to these initial 200 robots announced in November last year, the Commission secured the purchase an additional 100, bringing the total donations to 300.

Related Content

Big Picture

A European approach to artificial intelligence

The EU’s approach to artificial intelligence centres on excellence and trust, aiming to boost research and industrial capacity and ensure fundamental rights.

See Also

The European AI Alliance

The European AI Alliance is a forum engaged in a broad and open discussion of all aspects of Artificial Intelligence development and its impact.