High-risk AI systems in the EU Commission’s Proposal for an AI Act

Abstract

On April 21, 2021, the EU Commission published a comprehensive proposal for an AI Act, which is intended to be the world s first set of regulations to create the legal framework for the development, use and sale of AI systems. The focus of the proposal is on the regulation of so-called high-risk AI systems. The article elaborates the obligations of providers, importers, traders and users of high-risk AI systems. These are part of IT and product safety law and - even if not explicitly addressed in the proposal - have an impact on contract law and tort law, which the article also illuminates. It is consequent that the Commission holds both providers and users responsible for subjecting high-risk AI systems to monitoring and security obligations throughout their entire life cycle. The requirements and obligations of the Proposed AI Act can ensure an increased level of legal certainty with regard to the use of AI systems in civil law. Nevertheless, the Proposed AI Act also reveals considerable weaknesses. First of all, the fuzzy definition of AI systems, which also includes software that does not pose any AI-specific risks, should be emphasized. Furthermore, the security requirements of the Proposed AI Act are partly too vague or difficult to implement in practice, which is particularly clear from the requirement for complete and error-free data sets and the retailer s inspection obligations. The relief for small and medium-sized companies is still too vague. In its current form, the Proposed AI Act could therefore ensure that Europe as an AI location is extremely cautious in developing and using AI. With a view to the wide range of applications of AI, it can be assumed that the AI Regulation will have just as much of an impact on the European and global market as the GDPR.