The European Union is entering the final stage of negotiations on its Artificial Intelligence Act (AI Act), but Big Tech and other industry players have lobbied to introduce a major loophole to the high-risk classification process, undermining the entire legislation. We call on EU legislators to remove this loophole and maintain a high level of protection in the AI Act.
The EU AI Act has the potential to improve protections for people impacted by AI systems. In its original form, it outlined a list of ‘high-risk uses’ of AI, including AI systems used to monitor students, to assess consumers’ creditworthiness, to evaluate job-seekers, and to determine who gets access to welfare benefits.
The legislation requires developers and deployers of such ‘high-risk’ AI to ensure that their systems are safe, free from discriminatory bias, and to provide publicly accessible information about how their systems work. However, these benefits will be undermined by a dangerous loophole introduced into the high-risk classification process in Article 6.
In the original draft from the European Commission, an AI system was considered ‘high risk’ if it was to be used for one of the high-risk purposes listed in Annex III. However, the Council and the European Parliament have introduced a loophole that would allow developers of these systems decide themselves if they believe the system is ‘high-risk’.1 The same company that would be subject to the law is given the power to unilaterally decide whether or not it should apply to them.
These changes to Article 6 must be rejected and the European Commission’s original risk classification process must be restored. There must be an objective, coherent and legally certain process to determine which AI systems are ‘high-risk’ in the AI Act.
If the changes to Article 6 are not reversed, the AI Act will enable AI developers to decide to exempt themselves from all substantive rules for high-risk systems. The AI Act would:
- Introduce high legal uncertainty as to which systems are considered ‘high risk’;
- Lead to fragmentation of the EU single market, with different interpretations of what constitutes ‘high-risk’ across Member States;
- Result in Member State authorities facing severe challenges to enforce the legislation, without enough resources to monitor developers’ self-assessment sufficiently;
- Allow unscrupulous developers to avoid the basic requirements of the law that are meant to make their systems safer and more reliable. This would put responsible AI developers at a disadvantage.
We urge lawmakers to reverse these changes and restore the Commission’s original language in Article 6. The AI Act must prioritise the rights of people affected by AI systems and ensure that AI development and use is both accountable and transparent.
Signatures:
Access Now
BEUC – The European Consumer Organisation
European Digital Rights (EDRi)
Access Info Europe
AlgoRace
Algorights
AlgorithmWatch
All Faiths and None
All Out
Alternatif Bilisim (AiA-Alternative Informatics Association)
Amnesty International
ARSIS Association for the Social Support of Youth
Article 19
Asia Indigenous Peoples Pact
Aspiration
Association for Legal Studies on Immigration (ASGI)
Association Konekt
Balkan Civil Society Development Network
Bits of Freedom
Bulgarian center for Not-for-Profit Law (BCNL)
Center for AI and Digital Policy (CAIDP)
Chaos Computer Club
Civil Rights Defenders
CIVIL SOCIETY ADVOCATES
CNVOS Slovenia
Coalizione Italiana Libertà e i Diritti civili
Comisión General Justicia y Paz de España
Controle Alt Delete
Corporate Europe Observatory (CEO)
D64 – Zentrum für Digitalen Fortschritt e. V.
DanChurchAid (DCA)
Danes je nov dan, Inštitut za druga vprašanja
Defend Democracy
Democracy Development Foundation Armenia
Digitalcourage
Digital Security Lab Ukraine
Digitale Gesellschaft
Digitalfems
DonesTech
dTest, o.p.s.
Eticas
EuroMed Rights
European Anti-Poverty Network (EAPN)
European Center for Not-for-Profit Law
European Civic Forum
European Movement Italy
European Network Against Racism (ENAR)
European Network on Statelessness
Fair Trials
Fair Vote UK
Fundación CIVES
Federación de Consumidores y Usuarios CECU
Federación de Sindicatos de Periodistas (FeSP)
Federation of German Consumer Organisations (Verbraucherzentrale Bundesverband – vzbv) FIPR
Fritidsodlingens Riksorganisation
Gong
Greek Forum of Refugees
Health Action International
Homo Digitalis
Hungarian Civil Liberties Union
I Have Rights
IDAY Liberia Coalition Inc.
Institute Circle
Institute for Strategic Dialogue (ISD)
Irish Council for Civil Liberties
IT-Pol
Iuridicum Remedium
KEPKA- Consumers Protection Center
Kif Kif vzw
KOK German NGO Network against Trafficking in Human Beings
Konsumentvägladarnas Förening
Kosovar Civil Society Foundation (KCSF)
LA LIGUE DE L’ENSEIGNEMENT
La Strada International
Lafede.cat
LDH (Ligue des droits de l’Homme)
Legal Centre Lesvos
Liberty
Ligue des droits humains
Metamorphosis Foundation
Migrant Tales
Mobile Info Team
Moje Państwo Foundation
National Federation of Polish NGOs (OFOP)
National NGO Coalition
New Europeans International
Norwegian Consumer Council
Novact
OCU (ORGANIZACIÓN DE CONSUMIDORES Y USUARIOS)
Ökotárs – Hungarian Environmental Partnership Foundation
Open Knowledge Foundation Germany
Panoptykon Foundation
Partners Albania for Change and Development
PIC – Legal Center for the Protection of Human Rights and the Environment
Platform for International Cooperation on Undocumented Migrants (PICUM)
Polish Women’s Strike Foundation
Politiscope
Privacy First
Privacy International
Privacy Network
PRO, Pensionärernas riksorganisation
Promo-LEX Association
Prostitution Information Center
Protection International
Red en Defensa de los Derechos Digitales
REPONGAC
SKPF Pensionärerna
SOLIDAR & SOLIDAR Foundation
Spiralis
Statewatch
Stichting LOS
Superbloom (previously known as Simply Secure)
Swedish Asthma and Allergy Association
SYMBIOSIS
Symbiosis – Council of Europe School of Political Studies in Greece
The Swedish Consumers’ Association
Wikimedia Deutschland e. V.
1. The Council text proposes to exclude high-risk systems where the output of the system is ‘purely accessory in respect of the relevant action or decision to be taken’. The European Parliament text states that a system is high risk only if it poses a ‘significant risk’ to fundamental rights, health and safety. If the developer considers their system does not pose such a risk, they must notify a national authority, which has 3 months to respond.
2. 150 civil society organisations have called on the EU institutions to ensure the AI act protect’s peoples’ rights during the AI Act trilogues: https://edri.org/wp-content/uploads/2023/07/Civil-society-AI-Act-triloguesstatement.pdf