Explanatory Memorandum to COM(2024)264 - - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
dossier | COM(2024)264 - . |
---|---|
source | COM(2024)264 |
date | 26-06-2024 |
1. CONTEXT OF THE PROPOSAL
• Reasons for and objectives of the proposal
Artificial intelligence (AI) offers great opportunities, but certain applications and uses may also cause harm and risks to individuals’ fundamental rights and other public interests.
With Regulation (EU) 2024/[….] of the European Parliament and the Council laying down harmonised rules on artificial intelligence (‘AI Act’), the Union has adopted the first comprehensive regulation on AI, setting a standard globally. The AI Act was adopted on 12 June 2024 (1) and will enter into force within 20 days from its publication in the Official Journal. The AI Act fully harmonises the rules for the placing on the market, the putting into service and the use of AI systems in the Member States (2), with the objective to promote innovation and uptake of trustworthy AI, while protecting health, safety and fundamental rights, including democracy, rule of law and the environment.
Various international organisations, including the Council of Europe, have also stepped up their efforts in regulating AI, recognising the cross-border nature of AI and the need for international cooperation to address common challenges posed by these technologies.
Since June 2022, the Council of Europe's Committee on Artificial Intelligence (CAI) (3) has elaborated a legally binding Framework Convention (hereinafter ‘the Convention’) to address the potential risks that AI poses to human rights, democracy and the rule of law. The Union negotiated the Convention based on Article 216(1) fourth alternative TFEU, according to which the Union may negotiate4 and conclude an international agreement, where that ‘[…] is likely to affect common rules or alter their scope’. The European Commission represented the Union in the negotiations of the Convention, in accordance with Article 218(3) of the Treaty on the Functioning of the European Union (‘TFEU’) and based on a Council decision authorising the opening of the negotiations on behalf of the European Union (5).
The Union has participated actively in the negotiations and pursued the goal of ensuring compatibility of the Convention with Union law, consistency with the AI Act, as well as quality and added value of the Convention as the first international treaty on AI. In that context, the international reach of the Convention has also been an objective of the Union.
After multiple negotiations rounds, the CAI approved the text of the Convention at its 10th Plenary session, which took place from 11 to 14 March 2024. On 17 May 2024, the Council of Europe Committee of Ministers adopted the Convention, agreed to open it for signature in Vilnius (Lithuania) on 5 September 2024, on the occasion of an informal Conference of Ministers of Justice and invited members of the Council of Europe, other third countries which participated in its drafting and the Union to consider signing it on this occasion, while recalling that the Convention is also open for accession by other non-member States (6).
In this context, the purpose of the present proposal is launching the process for the signature by the Union of the Convention with the intention to subsequently ratify by proposing to the Council to adopt a decision to authorise the Union to sign the Convention in accordance with Article 218(5) TFEU. The Convention is fully compatible with Union law in general, and the AI Act in particular, and will promote key concepts from the Union approach to AI regulation globally among other Council of Europe members and key international partners that can become parties to the Convention.
Content of the Convention
The objective of the Convention is to ensure that activities within the lifecycle of AI systems are fully consistent with human rights, democracy and the rule of law.
Parties to the Convention will have to implement it through appropriate legislative, administrative or other measures to give effect to its provisions, following a graduated and differentiated approach, depending on the severity and probability of the adverse impacts. The Convention should be exclusively implemented in the Union through the AI Act, which fully harmonises the rules for the placing on the market, putting into service and use of AI systems, and other relevant Union acquis, where applicable.
The scope of the Convention covers AI systems potentially interfering with human rights, democracy and the rule of law, following a differentiated approach. The principles and the obligations envisaged in the Convention will apply to activities within the lifecycle of AI systems undertaken by public authorities or private actors acting on their behalf. As to the private sector, Parties are obliged to address risks and impacts arising from activities within the lifecycle of AI systems by private actors in a manner conforming with the object and purpose of the Convention but have the choice whether to apply the Convention obligations or take other appropriate measures. Parties will need to make a declaration on the choice they make in that respect upon signing or acceding to the Convention. The Union should issue a declaration upon the conclusion of the Convention that the Union, through the AI Act and other relevant Union acquis, will implement the principles and obligations set forth in Chapters II to VI of the Convention to activities of private actors placing on the market, putting into service, and using AI systems in the Union.
AI activities related to national security are excluded from the scope of the Convention with the understanding that they must be, in any case, conducted in a manner consistent with applicable international human rights law and with respect for democratic institutions and processes. The Convention also excludes research and development activities regarding AI systems not yet made available for use, unless testing or similar activities have the potential to interfere with human rights, democracy and the rule of law. In line with the Statute of the Council of Europe, matters relating to national defence do not fall within the scope of the Convention.
The Convention further provides for a set of general obligations and fundamental principles, including the protection of human dignity and individual autonomy, as well as the promotion of equality and non-discrimination. Additionally, it mandates respect for privacy and personal data protection along with transparency and oversight to ensure accountability and responsibility. A principle is also devoted to safe innovation and experimentation in controlled environments.
A dedicated chapter on remedies also envisages a set of measures that aim to ensure availability of accessible and effective remedies for violations of human rights resulting from the activities within the lifecycle of AI systems. It also includes effective procedural guarantees and safeguards for persons whose rights have been significantly affected by the use of AI systems. Additionally, individuals should be provided with notice that they are interacting with an AI system and not with a human being.
The Convention also includes a chapter on measures for the assessment and mitigation of risks and adverse impacts to be carried out in an iterative manner, so as to identify actual and potential impacts on human rights, democracy and the rule of law and take appropriate prevention and mitigation measures.
Furthermore, the Convention provides that Parties should assess the need for bans or moratoria on certain applications of AI systems considered incompatible with the respect of human rights, the functioning of democracy, or the rule of law.
The Convention provides a follow-up mechanism within a Conference of the Parties, composed of representatives of the Parties that will consult periodically with a view to facilitating the effective use and implementation of the Convention. It also envisages a mechanism for international cooperation both between Parties to the Convention and in relations with third countries and relevant stakeholders, to achieve the purpose of the Convention.
Each Party should furthermore establish or designate at domestic level one or more effective mechanisms to oversee compliance with the obligations in the Convention, as given effect by the Parties.
• Consistency with existing policy provisions in the policy area
The Convention lays down general principles and obligations for the protection of human rights, democracy and rule of law that are fully consistent and aligned with the objectives of the AI Act and the detailed requirements for AI systems and obligations imposed on providers and deployers of such systems.
The definition of AI system in the Convention is fully aligned with the definition in the AI Act, since both are based on the definition of such systems in the Organisation for Economic Cooperation and Development’s AI Principles (7), thus ensuring a common understanding of which digital technologies constitute AI.
Both the Convention and the AI Act also follow a risk-based approach to the regulation of AI systems and include specific provisions for risk and impact assessments and risk mitigation measures. The AI Act includes, in particular, a number of relevant prohibitions and high-risk use cases for AI systems in all public and private sectors, including in the area of democracy and justice. The AI Act’s detailed rules and procedures for the development, placing on the market, and deployment of AI systems in those areas will thus ensure that fundamental rights, democracy and the rule of law are respected throughout the whole AI lifecycle.
The Convention includes principles and obligations already covered by the AI Act, such as measures to protect human rights, safety and reliability, accountability and responsibility, data governance and data protection, transparency and oversight, equality and non-discrimination, digital skills and literacy.
Transparency is another common element of both legal instruments, including measures with regard to the identification of AI-generated content and the notification of persons interacting with AI systems. Both legal instruments also include relevant provisions on risk and impact assessments and risk management, record-keeping, disclosure (to authorized bodies and authorities and, as appropriate, affected persons), traceability and explainability, safe innovation and experimentation in controlled environments, and a set of measures to enable effective remedies, including a right to request and obtain information and complaint to a competent authority and procedural safeguards.
The oversight system envisaged in the Convention is also fully consistent with the AI Act’s comprehensive system of governance and enforcement, which consists of Union and national level enforcement, with procedures for the consistent implementation of the Union rules across the Member States. In particular, the Convention envisages one or more effective oversight mechanisms at domestic level that must exercise their duties independently and impartially and have the necessary powers, expertise and resources to effectively fulfil the tasks of overseeing compliance with the obligations in the Convention, as given effect by the Parties.
While the AI Act will apply to AI systems placed on the market, put into service, or used in the Union, the Convention has a broader geographic reach encompassing Council of Europe members and third states around the world that can become parties to the Convention. The Convention thus represents a unique opportunity to foster trustworthy AI beyond the Union in a first international legally binding treaty grounded in a strong human rights approach to AI regulation.
Both the Convention and the AI Act are integral components of a regulatory approach to AI, with consistent and mutually reinforcing commitments at multiple international levels, and sharing the common objective to ensure trustworthy AI.
• Consistency with other Union policies
The Convention also shares common objectives with other Union policies and legislation that aim to implement fundamental rights enshrined in the Charter of Fundamental Rights of the Union (8).
In particular, the principle of equality and non-discrimination enshrined in the Convention is fully consistent with Union non-discrimination legislation and will promote integration of equality considerations in the design, development, and use of AI systems and the effective implementation of the prohibition of discrimination, as provided under applicable international and domestic law of the Parties.
The Convention is furthermore consistent with the Union data protection acquis, including the General Data Protection Regulation (9) in relation to the fundamental rights to privacy and personal data protection with effective guarantees and safeguards that must be in place for individuals, in line with applicable domestic and international legal obligations of the Parties.
Measures envisaged in the Convention intended to protect Parties’ democratic processes in the context of activities within the lifecycle of AI system are fully consistent with the objectives and detailed rules in the Digital Services Act (10), which regulates the provision of intermediary services in the Union with the aim of ensuring a safe, predictable and trusted online environment where fundamental rights, including the right to freedom of expression and the right to receive and impart information, are respected. They are also consistent with the Regulation on the transparency and targeting of political advertising (11), the Code of Practice on Disinformation (12) and the Union’s policies in the field of democracy and free, fair and resilient elections (13), including the 2020 European democracy action plan (14), the elections and integrity package (15) and recently the 2023 Defence of Democracy package (16).
The Convention is consistent with the Union’s overall digital strategy in its contribution to promoting technology that works for people, one of the three main pillars of the policy orientation and objectives announced in the Communication ‘Shaping Europe's digital future’ (17). The latter aims to ensure AI is developed in ways that respect human rights and earn people’s trust, making Europe fit for the digital age and turning the next years into the Digital Decade (18).
Moreover, the European Declaration on Digital Rights and Principles for the Digital Decade (19) contains several digital rights and principles that are aligned with the objectives and the principles of the Convention, with both instruments promoting a strong human rights-based approach to technology.
The Convention is also consistent with the EU Strategy on the rights of the child (20), and the European strategy for a better internet for kids (BIK+) (21), which aim to ensure that children are protected, respected, and empowered online, to face challenges of new virtual words and AI.
2. LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY
• Legal basis
The proposal for a decision authorising the signature of the Convention on behalf of the Union is submitted to the Council pursuant to Article 218(5) TFEU.
The substantive legal basis for a decision under Article 218(5) TFEU depends primarily on the objective and content of the agreement. According to the case-law, if an examination of a Union measure reveals that it pursues two purposes or that it comprises two components and if one of these is identifiable as the main or predominant purpose or component, whereas the other is merely incidental, the measure must be founded on a single legal basis, namely that required by the main or predominant purpose or component.
With regard to the substantive legal basis, the material scope of the Convention coincides with that of the AI Act (22), including in relation to the exemption from scope regarding research and development, national security and defence activities. The principles and obligations in the Convention coincide with the more detailed requirements for AI systems and the specific obligations of providers and deployers of such systems under the AI Act and other relevant Union legislation. If the Council adopts the proposed decision and the Union signs the Convention, the AI Act will constitute the primary Union legislation to implement the Convention in the Union legal order with fully harmonised rules on the placing on the market, putting into service, and use of AI systems in the Union that are directly applicable in the Member States, unless the AI Act specifically provides otherwise (23).
Considering that the scope and objectives of the Convention are aligned and fully consistent with those of the AI Act and that the personal and material scope of both legal instruments coincide, the substantive legal basis for the conclusion of the Convention is Article 114 TFEU, which is the primary legal basis of the AI Act.
The nature of the international agreements (‘EU Only’ or ‘mixed’) is contingent upon the specific subject matter's compatibility with the Union competences.
Article 3(2) TFEU provides that the Union has exclusive competence “for the conclusion of an international agreement […] in so far as its conclusion may affect common rules or alter their scope.” An international agreement may affect common rules or alter their scope where the area covered by the agreement is to a large extent covered by Union law (24).
The personal scope of the Convention is fully aligned with the AI Act in that both legal instruments cover, in principle, both public and private actors (with the optional application of the principles and the obligations of the Convention to private actors other than those acting on behalf of public authorities), while the material scope of both legal instruments exclude AI activities related to national security, defence and research from the applicable rules.
Considering that the personal and material scope of the Convention coincides with that of the AI Act, the conclusion of the Convention may affect common Union rules or alter their scope within the meaning of Article 3(2) TFEU. Consequently, the Union should be considered to enjoy exclusive external competence to conclude the Convention and the Convention should be signed on behalf of the Union as an ‘EU only’ agreement, subject to its conclusion at a later date.
• Proportionality
The Convention does not go beyond what is necessary to achieve the policy objectives developing a coherent approach to AI regulation at international level.
The Convention sets a high-level legal framework for AI that allows flexibility, enabling Parties to concretely design the implementation frameworks. The risk-based approach also ensures proportionality of the rules and enables differentiation of the implementation measures in a manner proportionate to the risks, in a similar fashion to the AI Act.
• Choice of the instrument
The chosen instrument is a proposal for a Council decision pursuant to Article 218(5) TFEU.
3. RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS
• Ex-post evaluations/fitness checks of existing legislation
Not applicable.
• Stakeholder consultations
The European Commission has not carried out specific stakeholder consultation on this proposal.
The elaboration of the Convention was a collaborative effort of the Council of Europe Committee on Artificial Intelligence, involving all 46 member states of the Council of Europe, as well as observer states including Canada, Japan, Mexico, the Holy See, the United States of America, and the European Union. Additionally, several other non-member states participated, including Australia, Argentina, Costa Rica, Israel, Peru and Uruguay.
In accordance with the Council of Europe's commitment to engaging with diverse stakeholders, the development of the Convention also involved input from 68 international representatives from civil society, academia, industry and other international organizations, ensuring a comprehensive and inclusive approach. The development of the Convention also involved collaboration with various other international organizations, including the Organisation for Security and Co-operation in Europe (OSCE), the Organisation for Economic Co-operation and Development (OECD), and the United Nations Educational, Scientific and Cultural Organisation (UNESCO). Additionally, relevant bodies and committees within the Council of Europe contributed to the process. The Union’s participation was led by the European Commission. Representatives from the European Union Agency for Fundamental Rights and the European Data Protection Supervisor were also present as observers.
• Collection and use of expertise
The Union's negotiation positions for the Convention have been prepared in consultations with a special committee designated by the Council (the Council Working Party on Telecommunications and Information Society).
• Impact assessment
Not applicable.
• Regulatory fitness and simplification
Not applicable.
• Fundamental rights
The Convention aims to address potential risks and harms to human rights by ensuring that activities within the lifecycle of AI systems align with the principles of respect for human rights, democracy and the rule of law, while also recognising the potential of AI to protect and facilitate the exercise of those rights in the digital environment and to improve societal and environmental well-being and technological progress.
The concrete principles and obligations envisaged in the Convention are intended to protect and respect human rights, enshrined in multiple international and regional instruments (25), as applicable to the Parties, including the Charter of Fundamental Rights of the Union and international instruments on human rights which the Union has concluded.
The Convention thus sets a common minimum standard for application of human rights protection in the context of AI, while safeguarding existing human rights protections and allowing the Parties to provide a wider protection with more stringent safeguards.
4. BUDGETARY IMPLICATIONS
The Conventionenvisages financial contributions of non-member States to the activities of the Conference of the Parties. While all members of the Council of Europe will contribute through the ordinary budget of the Council of Europe in accordance with the Statute of the Council of Europe, Parties that are not members will make extrabudgetary contributions. The contribution of a non-member of the Council of Europe shall be established jointly by the Committee of Ministers and that non-member.
The Convention does not interfere with the domestic laws and regulations of Parties governing budgetary competencies and procedures for budgetary appropriations. It also allows non-member States to make their contributions within the approved budget limits set by their legislative branch, without prejudice to any prior agreements.
5. OTHER ELEMENTS
• Implementation plans and monitoring, evaluation and reporting arrangements
The Conference of the Parties composed of the representatives of the Parties will monitor that the Convention's objectives are effectively met and its provisions implemented by the Parties.
Each Party will need to submit a report to the Conference of the Parties due within the first two years of joining and at regular intervals thereafter, detailing the measures taken to implement the Convention.
Parties are further encouraged to cooperate in fulfilling the aims of the Convention. This international cooperation may include the sharing of relevant information regarding AI and its potential to adversely or positively impact human rights, democracy and the rule of law.
To ensure effective monitoring and implementation, each Party will need to designate one or more effective oversight mechanisms at domestic level.