The new European Commission (EC) is racing to deliver on President von der Leyen’s political guidelines. In particular, in her first 100 days in office, von der Leyen pledged to put forward legislation on artificial intelligence (AI) and big data, as well as a new Digital Services Act for digital platforms, services and products. She also stressed the need for “technological sovereignty”, including by developing European standards for key technologies, such as blockchain, high-performance and quantum computing, algorithms and tools for data sharing and usage.
According to its 2020 Work Programme, the EC will shortly publish a package of documents including a Strategy for Europe – Fit for the Digital Age, a White Paper on Artificial Intelligence, a European Strategy for Data and a communication on the European Union’s (EU) industrial strategy. Drafts of two key documents provide a good indication of what we can expect:
- AI White Paper: the Commission’s white paper on a European approach to AI (AI White Paper) will launch a broad consultation on AI and outline policy actions the Commission plans to take to encourage the development and uptake of AI; ideas for facilitating access to data; and key elements of a legislative framework for AI, among other things. (The AI White Paper will follow on from the New Technologies Formation (NTF) of the Expert Group on Liability and New Technologies, set up by the European Commission, whose recent report compared various aspects of existing EU liability regimes and discussed how emerging digital technologies could fit into the pre-existing framework.)
- Data Strategy Communication: the Commission’s communication on a European strategy for data (Data Strategy Communication) will outline proposed measures for data access and use; investments in data and strengthening European’s standards, tools and infrastructures for hosting, processing and using data; investing in general data literacy; and rolling out common European data spaces in key economic sectors.
The AI White Paper
The main part of the AI White Paper sets out key elements of a future legislative framework for AI to address perceived risks to fundamental rights and safety and liability risks. The EC has identified a number of weaknesses in the current legal framework as applied to AI:
- limitations of scope in the EU Charter of Fundamental Rights and sector-specific legislation;
- limitations of scope in EU product safety legislation;
- uncertainty as regards the allocation of responsibility in EU product safety legislation;
- changes in products’ safety risks due to post-sale software changes;
- emergence of new risks arising from the use of AI; and
- enforcement difficulties.
As a result, the EC plans to review and complement the existing legal framework, starting by defining AI. The EC suggests defining AI as software that simulates human intelligence through learning, problem-solving, reasoning and self-correction; performs complex tasks with a degree of autonomy; or involves the acquisition, processing, and rational or reasoned analysis of data.
The future regulatory framework would set out obligations for both developers and users of AI, as well as potentially suppliers of services, such as software updates. Different requirements would be assigned to different types of addressees based on their role in the AI lifecycle of products and services.
These obligations could include a combination of ex ante and ex post requirements. Ex ante requirements could include requirements for developers to disclose AI design parameters and metadata for training datasets; transparency and information requirements vis-à-vis individuals; general design principles; data quality and diversity requirements; risk assessment and record-keeping requirements; requirements for human oversight or review for non-personal data; additional product safety requirements; and requirements to address changes in function over a product’s lifecycle. Ex post requirements would relate to liability and redress options.
The AI White Paper also outlines a number of regulatory options for the new framework:
- voluntary labeling;
- sectoral requirements for governments and facial recognition;
- mandatory risk-based requirements targeting high-risk applications;
- reform of more general safety and liability legislation.
Any future rules would require reinforcement of public oversight. Member States would appoint authorities – who could be existing authorities – to be responsible for administrating any new regulatory framework.
The Data Strategy Communication
The Data Strategy Communication lays out a roadmap of policy measures and investments for the data economy. The EC:
- aims to create a single European data space and a single market for data; and
- proposes to develop common rules and enforcement mechanisms so that data can flow within the EU and across sectors, with clear and trustworthy data governance mechanisms.
The EC’s strategy rests on four pillars: cross-sectoral regulations for data access and use; enabling investments in data and standards, tools and infrastructures for hosting, processing and using data; increasing competences and data literacy; and common European data spaces in crucial economic areas.
Data access and use regulations
The EC wants to avoid overly detailed, heavy-handed ex ante regulations, preferring an agile approach to governance. The first priority is to put in place an enabling legislative framework for the governance of common European data spaces, which the Commission plans to publish by the third quarter of 2020.
This framework would:
- strengthen governance mechanisms allowing data usage within common sectoral data spaces as well as across sectors;
- facilitate decisions as to who can use data for scientific research; and
- make it easier for individuals to authorise the use of their data for the public good.
The EC also plans to work on making more public sector data available for re-use, including by adopting implementing rules under the 2019 Open Data Directive, which Member States are required to implement by July 2021, making these data available for free, in machine-readable format and through standardised application programming interfaces.
The EC will explore the need for new legislation, possibly through a new Data Act to be published in 2021. Such legislation could address a range of issues, including business-to-government data sharing; clarifying usage rights to co-generated data (for instance, in the Internet of Things (IoT) context), to support business-to-business (B2B) data sharing; refining intellectual property rules (such as the Database Directive and Trade Secrets Directive) to further enable data sharing; establishing data pools for data analysis and machine learning; cloud provider switching; and clarifying jurisdiction over disputes involving EU citizens.
Separately, the EC will analyse the importance of data in the digital economy and review the existing policy framework in the context of the Digital Services Act package, which is expected to be published in the fourth quarter of 2020.
The initiatives to be proposed include an investment of €1 billion to establish EU-wide common, interoperable data spaces in key sectors under the Digital Europe Programme (DEP); supporting progress on data technologies under the Horizon Europe Programme; developing federated European cloud capacity (including through a €600 million investment under the Connecting Europe Facility Programme and the DEP and entry into of memoranda of understanding between Member States by 2020); setting up a European cloud services marketplace by 2022; and publishing an EU cloud rulebook by 2022.
The EC’s proposals to empower individuals with respect to their data include exploring an enhanced portability right for individuals to give them more control over whom can access and use machine-generated data, which could be included in the proposed Data Act.
Common data spaces
- intends to promote the development of common European data spaces in strategic economic sectors and domains of public interest, supported by common governance models complemented by sectoral legislation and mechanisms to ensure interoperability;
- intends (as already mentioned) to clarify usage rights on co-generated IoT data as part of a wider Data Act, and to hold discussions among key players in the manufacturing sector (starting in the second quarter of 2020) in relation to conditions for sharing data and ways to boost data generation, notably via smart connected products; and
- as part of the European Green Deal initiative, envisages a GreenData4All initiative and a “Planet Earth project” to create a “digital twin” of the Earth.
As specific European data space targets, the Commission highlights the mobility, health, financial, energy, agricultural and public procurement sectors. It notes that mobility is at the forefront of the debate on data sharing and plans to review the current regulations on in-vehicle data access.
The Commission will also study other options to make it easier to use data produced by connected cars while protecting the interests of car owners. In relation to health data, the Commission will consider sector-specific measures to build on the mapping of Member States’ use of personal health data and deploy data infrastructures, tools and computing capacity.
President von der Leyen has made development of new European approaches to AI and big data a top priority. The documents to be released in the coming weeks, including notably the AI White Paper and Data Strategy Communication, will set out the blueprint for EU initiatives in this area for years to come.
These initiatives overlap with other major projects of the new EC, including developing a new industrial strategy. The new industrial strategy paper is expected to confirm not only the EC’s key AI and big data initiatives, but also to announce a review of EU competition policy to ensure that it is “fit for purpose and contributes to a strong European industry”.
Indeed, a number of key EC competition policy initiatives are already under way or announced, including reviews of the EC’s approach to horizontal and vertical cooperation agreements and the definition of relevant markets.
These initiatives will take account of an important report published in May 2019, which, among other things, recommended significant changes in EU antitrust enforcement as related to big data and online platforms, as well as the sharing and pooling of data.