Privacy & Information Security Law Blog

On June 11, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response (the “Response”) to the European Commission’s consultation regarding its white paper on “a European Approach to Excellence and Trust” on artificial intelligence (the “White Paper”).

As we previously reported, the Commission’s White Paper outlines its proposed steps toward building an “ecosystem of excellence” to support the development and adoption of Artificial Intelligence (“AI”) across the EU economy, including on the basis of AI regulation.

In its response to the consultation, CIPL recommends a minimal, risk-based and layered approach to regulating AI, relying on existing laws and standards, and building on accountable practices of organizations. This approach should be backed by innovative regulatory oversight and co-regulatory instruments.

In particular, to properly maximize AI benefits while minimizing risks, CIPL believes the EU AI regulatory approach should:

• Rely on impact assessments to trigger application of the law: These assessments should take into account the context and impact of a proposed use of AI, rather than the sector it is utilized in or its type. They should also focus on assessing not only the risks of an AI application but also the benefits and reticence risk. The focus of the regulatory framework should center on rebuttable presumptions of high risk rather than rigid pre-defined classifications, and prior consultation with regulators should be reserved for the most risky AI uses where risk cannot be mitigated.
• Foster innovation through accountable practices of organizations: The EU AI approach should set forth a general risk-based accountability requirement and outcomes rather than imposing prescriptive and indiscriminate requirements. It should also incentivize accountable practices of organizations and encourage co-regulatory tools. Importantly, any new AI rules must not duplicate or conflict with existing requirements in the EU General Data Protection Regulation.
• Enable consistent and modern approaches to regulatory oversight in line with the current ecosystem of regulators: The EU AI approach should seek to maintain the competence of data protection authorities when AI involves the processing of personal data and also set up regulatory hubs composed of AI experts from different regulatory bodies for consistency purposes in cases where the use of AI has a cross-border or cross-sectoral impact. Innovative regulatory oversight should also be enabled via the use of data review boards and regulatory sandboxes.

Read the response to learn about the above recommendations in more detail, along with all of CIPL’s other recommendations on the White Paper.