The new European Commission (EC) is racing to deliver on President von der Leyen’s political guidelines. In particular, in her first 100 days in office, von der Leyen pledged to put forward legislation on artificial intelligence (AI) and big data, as well as a new Digital Services Act for digital platforms, services and products. She also stressed the need for “technological sovereignty,” including by developing European standards for key technologies such as blockchain, high-performance and quantum computing, algorithms and tools for data sharing and usage.
According to its 2020 Work Programme, the EC will shortly publish a package of documents including a Strategy for Europe – Fit for the Digital Age, a White Paper on Artificial Intelligence, a European Strategy for Data and a communication on the European Union (EU’s) industrial strategy. Drafts of two key documents provide a good indication of what we can expect:
- AI White Paper. The Commission’s white paper on a European approach to AI (the AI White Paper) will launch a broad consultation on AI and outline policy actions the Commission plans to take to encourage the development and uptake of AI; ideas for facilitating access to data; and key elements of a legislative framework for AI, among other things.
- Data Strategy Communication. The Commission’s communication on a European strategy for data (the Data Strategy Communication) will outline proposed measures for data access and use; investments in data and strengthening European’s standards, tools and infrastructures for hosting, processing and using data; investing in general data literacy; and rolling out common European data spaces in key economic sectors.
The AI White Paper
The main part of the AI White Paper sets out key elements of a future legislative framework for AI to address perceived risks to fundamental rights and safety and liability risks. The EC has identified a number of weaknesses in the current legal framework as applied to AI:
- limitations of scope in the EU Charter of Fundamental Rights and sector-specific legislation;
- limitations of scope in EU product safety legislation;
- uncertainty as regards the allocation of responsibility in EU product safety legislation;
- changes in products’ safety risks due to post-sale software changes;
- emergence of new risks arising from the use of AI; and
- enforcement difficulties.
As a result, the EC plans to review and complement the existing legal framework, starting by defining AI. The EC suggests defining AI as software that simulates human intelligence through learning, problem-solving, reasoning and self-correction; performs complex tasks with a degree of autonomy; or involves the acquisition, processing, and rational or reasoned analysis of data. The future regulatory framework would set out obligations for both developers and users of AI, as well as potentially suppliers of services such as software updates. Different requirements would be assigned to different types of addressees based on their role in the AI lifecycle of products and services.
These obligations could include a combination of ex ante and ex post requirements. Ex ante requirements could include requirements for developers to disclose AI design parameters and metadata for training datasets; transparency and information requirements vis-à-vis individuals; general design principles; data quality and diversity requirements; risk assessment and record-keeping requirements; requirements for human oversight or review for non-personal data; additional product safety requirements; and requirements to address changes in function over a product’s lifecycle. Ex post requirements would relate to liability and redress options.
The AI White Paper also outlines a number of regulatory options for the new framework, ranging from voluntary labeling to sectoral requirements for governments and facial recognition; to mandatory risk-based requirements targeting high-risk applications; to reform of more general safety and liability legislation.
Any future rules would require reinforcement of public oversight. Member States would appoint authorities – who could be existing authorities – to be responsible for administrating any new regulatory framework.
The Data Strategy Communication
The Data Strategy Communication lays out a roadmap of policy measures and investments for the data economy. The EC aims to create a single European data space; a single market for data. The EC proposes to develop common rules and enforcement mechanisms so that data can flow within the EU and across sectors, with clear and trustworthy data governance mechanisms.
The EC’s strategy rests on four pillars: cross-sectoral regulations for data access and use; enabling investments in data and standards, tools and infrastructures for hosting, processing and using data; increasing competences and data literacy; and common European data spaces in crucial economic areas.
Data access and use regulations. The EC wants to avoid overly detailed, heavy-handed ex ante regulations, preferring an “agile” approach to governance. The first priority is to put in place an enabling legislative framework for the governance of common European data spaces, which the Commission plans to publish by the third quarter of 2020. This framework would strengthen governance mechanisms allowing data usage within common sectoral data spaces as well as across sectors; facilitate decisions as to who can use data for scientific research; and make it easier for individuals to authorize the use of their data for the public good.
The EC also plans to work on making more public sector data available for re-use, including by adopting implementing rules under the 2019 Open Data Directive, which Member States are required to implement by July 2021, making these data available for free, in machine-readable format and through standardized application programming interfaces.
The EC will explore the need for new legislation, possibly through a new Data Act to be published in 2021. Such legislation could address a range of issues including business-to-government data sharing; clarifying usage rights to co-generated data, for instance in the Internet of Things (IoT) context, to support business-to-business (B2B) data sharing; refining intellectual property rules such as the Database Directive and Trade Secrets Directive to further enable data sharing; establishing data pools for data analysis and machine learning; facilitating cloud provider switching; and clarifying jurisdiction over disputes involving EU citizens.
Separately, the EC will analyze the importance of data in the digital economy and review the existing policy framework in the context of the Digital Services Act package, which is expected to be published in the fourth quarter of 2020.
Enabling investments. The initiatives to be proposed include an investment of €1 billion to establish EU-wide common, interoperable data spaces in key sectors under the Digital Europe Programme (DEP); supporting progress on data technologies under the Horizon Europe Programme; developing federated European cloud capacity, including through a €600 million investment under the Connecting Europe Facility Programme and the DEP and entry into of memoranda of understanding between Member States by 2020; setting up a European cloud services marketplace by 2022; and publishing an EU cloud rulebook by 2022.
Increasing competence. The EC’s proposals to empower individuals with respect to their data include exploring an enhanced portability right for individuals to give them more control over whom can access and use machine generated data, which could be included in the proposed Data Act.
Common data spaces. The Commission intends to promote the development of common European data spaces in strategic economic sectors and domains of public interest, supported by common governance models complemented by sectoral legislation and mechanisms to ensure interoperability.
As mentioned, the Commission intends to clarify usage rights on co-generated IoT data as part of a wider Data Act, following discussions among key players in the manufacturing sector, starting in the second quarter of 2020, on conditions for sharing data and ways to boost data generation, notably via smart connected products. As part of the European Green Deal initiative, the Commission envisages a GreenData4All initiative and a “Planet Earth project” to create a “digital twin” of the Earth.
As specific European data space targets, the Commission highlights the mobility, health, financial, energy, agricultural and public procurement sectors. The Commission notes that mobility is at the forefront of the debate on data sharing and plans to review the current regulations on in-vehicle data access. The Commission will also study other options to make it easier to use data produced by connected cars while protecting the interests of car owners. In relation to health data, the Commission will consider sector-specific measures to build on the mapping of Member States’ use of personal health data and deploy data infrastructures, tools and computing capacity.
President von der Leyen has made development of new European approaches to AI and big data a top priority. The documents to be released in the coming weeks, including notably the AI White Paper and Data Strategy Communication, will set out the blueprint for EU initiatives in this area for years to come.
A key element of the EU’s strategy will be a consultation on options for a new EU legislative framework for AI. This framework, including notably a definition of AI, may include a combination of voluntary and mandatory elements to address identified gaps EU human rights and product safety legislation as applied to the AI lifecycle.
Similarly, the EC aims to create a legislative framework for “European data spaces,” initially including memoranda of understanding among Member States and implementing measures for the 2019 Open Data Directive. New legislation may be proposed on business-to-government data sharing; usage rights to IoT data for B2B data sharing; IP rules for data; data pooling and sharing; and cloud provider switching. Some of these issues will be addressed through amendments to existing EU legislation, while others may only be addressed in new Digital Services and Data Acts to be proposed later in 2020 and in 2021.
The EC also plans to invest heavily in a wide range of big data initiatives and to promote the development of common data spaces in key sectors. These sectors include initially the mobility, health, financial, energy, agricultural and public procurement.
These initiatives overlap with other major projects of the new EC, including developing a new industrial strategy. The new industrial strategy paper is expected to confirm not only the EC’s key AI and big data initiatives, but also to announce a review of EU competition policy to ensure that it is “fit for purpose and contribute to a strong European industry. Indeed, a number of key EC competition policy initiatives area already under way or announced, including reviews of the EC’s approach to horizontal and vertical cooperation agreements and the definition of relevant markets. These initiatives will take account of an important report published in May 2019, which, among other things, recommended significant changes in EU antitrust enforcement as related to big data and online platforms, as well as the sharing and pooling of data.
|Jay Modrall, Partner, Norton Rose Fulbright LLP
James R. Modrall is an antitrust and competition lawyer based in Brussels. He joined Norton Rose Fulbright LLP in September 2013 as partner, having been a resident partner in a major US law firm since 1986. A US-qualified lawyer by background, he is a member of the bar in New York, Washington, D.C. and Belgium.With 27 years of experience, he is a leading advisor for EU and international competition work, in particular the review and clearance of international mergers and acquisitions.
Mr Modrall also has extensive experience with EU financial regulatory reform, advising the world’s leading private equity groups in connection with the new EU directive on alternative investment fund managers and leading banks and investment firms on EU initiatives including EU regulation of derivatives, EU reforms in financial market regulation and the creation of a new EU framework for crisis management, among others.Mr. Modrall’s native language is English, and he is fluent in Italian and proficient in Dutch and French.