chatbots

Spanish Agency for the supervision of Artificial Intelligence

The proposal for the European Regulation on Artificial Intelligence places a particular emphasis on Governance. Which is regulated in its title VI. In this title, a series of control bodies are established, one of which relates to the obligation to designate Artificial Intelligence Supervisory Authorities in each Member State.

For this reason, the following laws have been cited as the background for its creation:

In the one hundred and thirtieth additional provision of Law 22/2021, of 28 December, on General State Budgets. The creation of the  (AESIA) was established. The Agency is defined as having full organic and functional independence and that it must carry out measures to minimise significant risks to the safety and health of people. As well as to their fundamental rights, risks that may arise from the use of artificial intelligence systems.

Law 28/2022, of 21 December, to promote the ecosystem of emerging companies, known as the Startup Law. Also provides for the creation of the AESIA  in its seventh additional provision.

Lastly, Royal Decree 729/2023, of 22 August, on the Statute of the Spanish Agency for the Supervision of Artificial Intelligence provides for its effective implementation with the constitution of the governing council. Within a maximum period corresponding to the entry into force of this royal decree.

Lastly, on 7 December 2023, the Secretary of State for Digitalisation and Artificial Intelligence published the names of the members of the Governing Council. Thus establishing this ground-breaking Agency. The creation of this Agency means that Spain becomes the first European country to have an authority with these characteristics and it anticipates the entry into force of the European Regulation on AI.

This Agency, based in Galicia, will not be the only national authority. Since the proposal for the European Regulation on Artificial Intelligence states that Member States will have to designate competent national authorities and select a national supervisory authority among them.

Functions of AESIA

  • Oversee compliance with applicable regulations in the scope of Artificial Intelligence. Having the power to impose penalties for possible violations thereof.
  • Promote testing environments that enable AI Systems to be correctly adapted to reinforce user protection and avoid discriminatory biases. For this reason, Royal Decree 817/2013, establishing a controlled testing environment for assessing compliance with the proposal of the European Regulation on Artificial Intelligence was published on 8 November 2023.
  • Strengthen trust in technology, through the creation of a voluntary certification framework for private entities. Which makes it possible to offer guarantees on the responsible design of digital solutions and ensure technical standards.
  • Create knowledge, training and dissemination related to ethical and humanistic artificial intelligence to show both its potential and opportunities for socioeconomic development. Innovation and the transformation of the productive model, as well as the challenges, risks and uncertainties posed by its development and adoption.
  • Stimulate the market to boost innovative and transformative practical initiatives in the scope of AI.
  • Help to implement programs in the scope of Artificial Intelligence through agreements. Contracts or any other legally binding instrument to support the implementation of Artificial Intelligence programs.

Comparisions with the Spanish Data Protection (AEPD)

In general, these two authorities have similar functions. Although each in its own field. In France, its data protection authority, CNIL, will be the one to have the powers of the Supervisory Authority within its borders.

Even then, AESIA and AEPD cannot be compared since the presidency of the Governing Council is the responsibility of the Secretary of State for Digitalisation and Artificial Intelligence. Who will directly propose who will be the general director of AESIA, whereas the Statute of the AEPD appoints its positions by parliamentary agreement.

 

inteligencia_artificial

One step closer to regulating artificial intelligence in Europe

A few days ago, the news broke about the provisional agreement on the European Artificial Intelligence Act. After negotiations took place between the Council and the European Parliament.

It is the Proposed European Regulation laying down harmonised rules on artificial intelligence, prepared by the European Commission on 21 April 2021.

After this proposal was presented, the Council agreed on its position regarding the Regulation on 6 December 2022. And on 9 December 2023, the Council and the Parliament were finally able to reach an agreement on it.

1.Timeline

 

2. AIM of the artificial intelligence regulation

The new regulation represents a paradigm shift in the EU, but it will also impact the rest of the world, as was the case with the Data Protection Regulation, since it applies to:

  • Providers placing on the market or putting into service AI systems in the Union, irrespective of their location.
  • Users of AI systems located within the Union.
  • Providers and users of AI systems that are located in a third country, where the output information produced by the system is used in the Union.

This regulation has a number of main aims:

  • Create harmonised rules for the placing on the market, the putting into service and the use of Artificial Intelligence systems in the entire Union.
  • Prohibitions of certain AI practices.
  • Requirements for High Risk systems and obligations for operators of such systems.
  • Transparency requirements.
  • Rules on market monitoring and surveillance.

These aims focus on risk and ranges from complete prohibition to certain obligations.

It establishes practices that are completely prohibited in order to protect the rights and liberties of citizens, such as:

Following the approach on risk, the prohibited practices are followed by a classification of high-risk systems. For which conditions are set forth so that these systems are more viable from a technical perspective and are a smaller burden for the interested parties. The requirements are as follows:

Another notable aspect includes generative AI systems, which must comply with transparency criteria. These include clearly specifying when a text, song or photograph has been created using AI.

3.Penalties

The text also establishes a series of penalties for non-compliance with the guidelines, which the Member State must apply. This means they must notify the established penalty regime. These may reach:

  • Administrative fines up to 30 M or 6% of the total worldwide annual turnover for the preceding financial year (non-compliance with the prohibition of prohibited practices).
  • Administrative fines up to 20 M or 4% of the total worldwide annual turnover for the preceding financial year, for non-compliance with any requirement set forth in the regulation.

4. Artificial intelligence and GDPR

Whenever Artificial Intelligence Systems handle personal data, they must comply with all the provisions of the personal Data Protection Regulation: duty of information, basis for legitimacy, principles, etc.

One of the problems that may arise is that today AI commonly uses large amounts of personal data, and in order to comply with the provisions of the GDPR, it uses anonymised data.

With regards to anonymised data, GDPR does not apply but taking into account the significant technological advances that take place every day, the anonymised data of today may be pseudonymised tomorrow, which must comply with the requirements of the data protection regulation.

Another requirement for AI systems that handle personal data is the obligation to carry out a Data Protection Impact Assessment since it meets requirements that mean it must be performed: as innovatively used technology, mass data handling, etc.