On April 21, 2021, nearly three years after the EU General Data Protection Regulation (GDPR) entered into force, the European Commission (EC) proposed an ambitious regulation establishing a framework and rules for “trustworthy” artificial intelligence Systems (AI). Like the GDPR, the Proposed Regulation would apply to companies located in the European Economic Area (EEA) and third countries.
While recognizing the benefits of AI, the EC seeks to ensure that AI offered and used in the European market respects the fundamental rights of individuals. The EC specifically aims to protect against ethical and data privacy risks embedded in AI, including inherent bias in underlying data sets and discriminatory outcomes. Critics contend that while the proposed regulation creates certain initiatives to promote innovation, ultimately innovation will be stifled.
In the US, some of the largest federal financial regulators, including the Consumer Financial Protection Bureau and Federal Reserve Board, issued a request for information and comment on financial institutions’ use of AI in March 2021.
The EU’s proposed regulation, however, is the first to holistically regulate a specific technology. It appears to shift to companies much of the burden of addressing systemic bias and disparate impacts associated with AI. Therefore, it will be critically important for companies to start preparing now for new obligations.