In this edition of our regular roundup on legislative initiatives related to artificial intelligence (AI), cybersecurity, the Internet of Things (IoT), and connected and autonomous vehicles (CAVs), we focus on key developments in the European Union (EU).

There has been some policy activity in the U.S. this quarter, including the re-introduction of the SELF-DRIVE Act by Representative Bob Latta [R-OH] and the introduction of a new bipartisan resolution by Representatives Will Hurd [R-TX] and Robin Kelly [D-IL] setting forth a national AI strategy that addresses U.S. global leadership, workforce issues, research and development, national security, and ethics issues, and encourages greater harmonization with respect to AI across federal agencies.  The U.S. Department of Transportation also recently launched its AV Test tracking tool.  Other activity has slowed, however, as the U.S. grapples with the global pandemic, the impending national election, and related matters.  Meanwhile, there continue to be significant policy developments in the EU pertaining to these technologies, with further initiatives set to be announced later this year and early next year.

Artificial Intelligence

In February this year, the European Commission launched its much anticipated digital strategy. As discussed in our previous 4-part blog posts (herehere, here, and here), this included setting out its plans for a coordinated European approach to ethical AI through a White Paper On Artificial Intelligence – A European approach to excellence and trust (the “White Paper”), and a Report on the safety and liability implications of Artificial Intelligence, the Internet of Things and robotics. In the six months that have elapsed since, the Commission has publicly consulted on its plans and is developing proposals for AI legislation, now expected in early 2021.

  • AI White Paper Consultation: over 1200 stakeholders responded to the Commission’s AI White Paper, providing feedback on the policy and regulatory options it proposes. Stakeholders were mainly concerned about the potential for AI to breach fundamental rights or lead to discriminatory outcomes. The Commission published a summary report on the consultation’s preliminary findings this summer. The results of the consultation are likely to influence the Commission’s forthcoming regulatory proposal.
  • Inception Impact Assessment for AI Legislation: on 23 July 2020, the Commission unveiled its inception impact assessment for AI legislation. While the completed impact assessment is not expected until late 2020 or early 2021, this initial roadmap defines the Commission’s scope and goals for AI legislation. Several key concerns about AI are likely to be addressed through the new AI legislation, including: (1) protecting consumers from harm caused by AI, such as accidents caused by autonomous vehicles or other AI-driven robotics; (2) protecting fundamental rights, including against risks to privacy and freedom of expression caused by facial recognition surveillance and similar monitoring systems; and (3) unlawful discrimination that may be caused by AI tools displaying bias against certain populations.
  • European Parliament votes on AI reports: three reports (here, here, and here), setting out Members of the European Parliament’s demands to the Commission on how AI should be regulated in the areas of ethics, civil liability, and intellectual property, were voted on by the European Parliament’s Legal Affairs Committee (JURI) this September. The ethics report urges the Commission to present a legal framework for the development, deployment, and use of AI that respects fundamental rights, and calls for the establishment of a “European Agency for Artificial Intelligence” and a “European certification of ethical compliance.” The liability report contains proposals for a civil liability regime with a compensation system of up to 2 million euros. The reports are set to be voted upon by the plenary in October 2020, and could influence the Commission’s forthcoming legislative proposals.
  • New Global Partnerships on AI: as summarized here, this summer it was announced that the EU, UK, US, and nine other countries were joining forces to create the Global Partnership on Artificial Intelligence (GPAI). GPAI is an international initiative, housed at the OECD, to promote responsible AI that respects human rights and democratic values. Subsequently, on 25 September 2020, the UK and US announced a further agreement on cooperation in AI research and development (R&D). Building on the US-UK Science and Technology Agreement, signed in September 2017, the new agreement seeks to advance the US and UK’s shared vision of an AI R&D ecosystem that promotes the mutual wellbeing, prosperity, and security of present and future generations.
  • Digital Services Act: Alongside these developments, the Commission is currently working on its proposals for a Digital Services Act (DSA). The DSA will be presented in December 2020, and is expected to set out ex ante prohibitions of certain behaviour (particularly relating to data related, self-preferencing and bundling/tying practices) obliging companies to do more to protect their users against illegal content and activities. The legislation is expected to impose obligations on companies identified as “gatekeepers”.

Cybersecurity

The Commission has a number of new cybersecurity initiatives expected this quarter on the back of the Cybersecurity Strategy 2020-2025 it published in July 2020.

  • The Directive on security of network and information systems (“NIS Directive”) is currently under review by the Commission. Proposed updates to the EU’s laws on cybersecurity in critical infrastructure are expected by the end of this year.
  • A Joint Cyber Unit is to be set up by the Commission to further coordinate cybersecurity operational capabilities across the EU. Meanwhile, in September 2020, EU Member States launched a new platform to coordinate crisis response and cyber defenses in the case of large-scale cyberattacks. The Cyber Crisis Liaison Organisation Network (CyCLONe) is tasked with launching “consultations on national response strategies and coordinated impact assessment on the anticipated or observed impacts of a crisis.” The EU’s Cybersecurity Agency ENISA serves as its secretariat.
  • As part of a legislative package aimed at helping to digitalize the financial sector, the Commission is also working on proposals to better ensure financial services harmonize their online defenses and keep functioning despite cyberattacks.

Internet of Things

In July 2020, the European Commission launched an antitrust competition sector inquiry into the Internet of Things as it aims to understand more about consumer-facing IoT products and services over the next two years. Announcing the inquiry, Executive Vice-President Margrethe Vestager, in charge of competition policy, said the IoT sector had already acquired characteristics that indicate the possible existence of company practices that may structurally distort competition.

The European Commission sent Requests for Information to approximately 400 companies, addressing Consumer Internet of Things Services, Voice Assistants and Smart Home Devices, responses to which are due on 15 October. The RFIs focus heavily on privacy, data, access and interoperability issues.

The European Commission is expected to publish a preliminary report in spring 2021 followed by a final report in summer 2022.

Connected and Autonomous Vehicles

This September, the Commission published a report by an independent group of experts on the ethics of connected and automated vehicles. The report sets out twenty recommendations for a safe and ethical transition towards driverless mobility, including the creation of a culture of responsibility; responding to dilemma situations; and the promotion of data, algorithm and AI literacy through public participation. The report builds on the Commission’s strategy on Connected and Automated Mobility which aims to make Europe a world leader in the development and deployment of CAVs.

Meanwhile, the German government is preparing a law on autonomous driving (Gesetz zum autonomen Fahren). The new law is intended to regulate the deployment of CAVs in specific operational areas, and will stipulate the obligations of CAV operators and their liability regime. The German government also intends to create a “mobility data room”, a cloud storage space for pooling mobility data coming from the car industry, rail and local transport companies, and private mobility providers such as car sharers or bike rental companies. The idea is for these industries to share their data for the common purpose of creating more efficient passenger and freight traffic routes, and support the development of autonomous driving initiatives in Germany.

 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Moritz Hüsch Moritz Hüsch

Moritz Hüsch is partner in Covington’s Frankfurt office and co-chair of Covington’s Technology Industry Group and Covington’s Internet of Things (IoT) Group. His practice focuses on complex technology- and data-driven licensing deals and cooperations, outsourcing, commercial contracts, e-commerce, m-commerce, as well as privacy…

Moritz Hüsch is partner in Covington’s Frankfurt office and co-chair of Covington’s Technology Industry Group and Covington’s Internet of Things (IoT) Group. His practice focuses on complex technology- and data-driven licensing deals and cooperations, outsourcing, commercial contracts, e-commerce, m-commerce, as well as privacy and cybersecurity.

Moritz is regularly advising on issues and contracts with respect to IoT, AV, big data, digital health, and cloud-related subject matters. In addition, he regularly advises on all IP/IT-related questions in connection with M&A transactions. A particular focus of Moritz’s practice is on advising companies in the pharmaceutical, life sciences and healthcare sectors, where he regularly advises on complex licensing, data protection and IT law issues.

Moritz is regularly listed as one of the best lawyers in the areas of IT and data protection, among others by Best Lawyers in cooperation with Handelsblatt, Wirtschaftswoche and Legal 500.

Photo of Lisa Peets Lisa Peets

Lisa Peets leads the Technology Regulatory and Policy practice in the London office and is a member of the firm’s Management Committee. Lisa divides her time between London and Brussels, and her practice embraces regulatory counsel and legislative advocacy. In this context, she…

Lisa Peets leads the Technology Regulatory and Policy practice in the London office and is a member of the firm’s Management Committee. Lisa divides her time between London and Brussels, and her practice embraces regulatory counsel and legislative advocacy. In this context, she has worked closely with leading multinationals in a number of sectors, including many of the world’s best-known technology companies.

Lisa counsels clients on a range of EU law issues, including data protection and related regimes, copyright, e-commerce and consumer protection, and the rapidly expanding universe of EU rules applicable to existing and emerging technologies. Lisa also routinely advises clients in and outside of the technology sector on trade related matters, including EU trade controls rules.

According to the latest edition of Chambers UK (2022), “Lisa is able to make an incredibly quick legal assessment whereby she perfectly distils the essential matters from the less relevant elements.” “Lisa has subject matter expertise but is also able to think like a generalist and prioritise. She brings a strategic lens to matters.”

Photo of Jennifer Johnson Jennifer Johnson

Jennifer Johnson is a partner specializing in communications, media and technology matters who serves as Co-Chair of Covington’s Technology Industry Group and its global and multi-disciplinary Artificial Intelligence (AI) and Internet of Things (IoT) Groups. She represents and advises technology companies, content distributors…

Jennifer Johnson is a partner specializing in communications, media and technology matters who serves as Co-Chair of Covington’s Technology Industry Group and its global and multi-disciplinary Artificial Intelligence (AI) and Internet of Things (IoT) Groups. She represents and advises technology companies, content distributors, television companies, trade associations, and other entities on a wide range of media and technology matters. Jennifer has almost three decades of experience advising clients in the communications, media and technology sectors, and has held leadership roles in these practices for almost twenty years. On technology issues, she collaborates with Covington’s global, multi-disciplinary team to assist companies navigating the complex statutory and regulatory constructs surrounding this evolving area, including product counseling and technology transactions related to connected and autonomous vehicles, internet connected devices, artificial intelligence, smart ecosystems, and other IoT products and services. Jennifer serves on the Board of Editors of The Journal of Robotics, Artificial Intelligence & Law.

Jennifer assists clients in developing and pursuing strategic business and policy objectives before the Federal Communications Commission (FCC) and Congress and through transactions and other business arrangements. She regularly advises clients on FCC regulatory matters and advocates frequently before the FCC. Jennifer has extensive experience negotiating content acquisition and distribution agreements for media and technology companies, including program distribution agreements, network affiliation and other program rights agreements, and agreements providing for the aggregation and distribution of content on over-the-top app-based platforms. She also assists investment clients in structuring, evaluating, and pursuing potential investments in media and technology companies.

Photo of Marty Hansen Marty Hansen

Martin Hansen has represented some of the world’s leading information technology, telecommunications, and pharmaceutical companies on a broad range of cutting edge international trade, intellectual property, and competition issues. Martin has extensive experience in advising clients on matters arising under the World Trade…

Martin Hansen has represented some of the world’s leading information technology, telecommunications, and pharmaceutical companies on a broad range of cutting edge international trade, intellectual property, and competition issues. Martin has extensive experience in advising clients on matters arising under the World Trade Organization agreements, treaties administered by the World Intellectual Property Organization, bilateral and regional free trade agreements, and other trade agreements.

Drawing on ten years of experience in Covington’s London and DC offices his practice focuses on helping innovative companies solve challenges on intellectual property and trade matters before U.S. courts, the U.S. government, and foreign governments and tribunals. Martin also represents software companies and a leading IT trade association on electronic commerce, Internet security, and online liability issues.

Photo of Sam Jungyun Choi Sam Jungyun Choi

Sam Jungyun Choi is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence, online platforms, digital health products and autonomous…

Sam Jungyun Choi is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence, online platforms, digital health products and autonomous vehicles. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.

Sam advises leading technology, software and life sciences companies on a wide range of matters relating to data protection and cybersecurity issues. Her work in this area has involved advising global companies on compliance with European data protection legislation, such as the General Data Protection Regulation (GDPR), the UK Data Protection Act, the ePrivacy Directive, and related EU and global legislation. She also advises on a variety of policy developments in Europe, including providing strategic advice on EU and national initiatives relating to artificial intelligence, data sharing, digital health, and online platforms.

Photo of Marianna Drake Marianna Drake

Marianna Drake counsels leading multinational companies on some of their most complex regulatory, policy and compliance-related issues, including data privacy and AI regulation. She focuses her practice on compliance with UK, EU and global privacy frameworks, and new policy proposals and regulations relating…

Marianna Drake counsels leading multinational companies on some of their most complex regulatory, policy and compliance-related issues, including data privacy and AI regulation. She focuses her practice on compliance with UK, EU and global privacy frameworks, and new policy proposals and regulations relating to AI and data. She also advises clients on matters relating to children’s privacy, online safety and consumer protection and product safety laws.

Her practice includes defending organizations in cross-border, contentious investigations and regulatory enforcement in the UK and EU Member States. Marianna also routinely partners with clients on the design of new products and services, drafting and negotiating privacy terms, developing privacy notices and consent forms, and helping clients design governance programs for the development and deployment of AI technologies.

Marianna’s pro bono work includes providing data protection advice to UK-based human rights charities, and supporting a non-profit organization in conducting legal research for strategic litigation.