EU regulatory work in the digital sector is booming and over a short period of time, the EU has released drafts of a Digital Governance Act, Digital Services Act, and Digital Markets Act.

Add to this now the European Commission’s proposed rules governing the use of artificial intelligence (AI) that could wind up becoming a de facto standard for how AI technology is governed in much of the world. This sounds pretty similar to what happened with the EU data protection regulation (GDPR) turning effectively into a global standard.

Whilst the proposed AI Regulation certainly draws parallels with the GDPR (think, for example, potential high fines and extraterritorial applicability), the AI regulation follows the format of EU product safety regulations with the primary obligations owed by the business (called “provider”) placing the AI system on the European market. In the case of high risk AI applications, this means that the provider will be subject to mandatory regulatory and technical requirements, including having a quality management system in place, going through third-party conformity checks to demonstrate safety, affixing a CE mark and implementing post-market monitoring plans to evaluate continuous compliance. Lesser but still onerous obligations are owed by “importers”, “distributors” and “users” of AI systems. Low(er) risk AI will primarily be regulated by soft law such as codes of conduct. The proposed AI Regulation applies across all industries, though specific rules will be in place to govern the interplay between the general AI Regulation and sector-specific laws (e.g. digital health apps or medical devices with an AI safety component which are subject to the medical device and in vitro diagnositc regulations).

It will take at least two years for the AI Regulation to wind its way through the EU’s legislative process with the European Parliament and Council (Member States) starting to scrutinize the proposal. However, there is no doubt that AI will be regulated soon and global businesses should get involved now in the creation of these AI rules by advocating their position and interests, and in assessing the impact of the proposed rules on their products, commercial arrangements and business model.