EU AI Act
The European Union has now a legal framework for Artificial Intelligence (AI), the respective Regulation having already been published in the Official Journal since last week. Known as the EU AI Act, it is the first world-wide regulation that sets out complex rules for the development and use of AI, while also laying down rules for when such technologies are brought to market and supplied. The idea behind this regulation came from the European Commission, which proposed a legal framework on AI as part of the European Digital Decade, to which the proposals and amendments made by the European Parliament and the Council of the Union were added. For example, MEPs considered it appropriate for AI systems in the Union to be not only secure, but also transparent, traceable, non-discriminatory, and environmentally friendly.
The new rules establish obligations for providers and users based on the level of risk of AI. Instead, AI systems that harm human rights and the rule of law are banned altogether – we mean those that manipulate behavior or decisions, or exploit social vulnerabilities, for example. But in addition to the strict rules, the new regulation gives start-ups and SMEs opportunities to develop and train AI models before launching them. The AI Act also addresses the use of General Purpose AI (GPAI) models, these systemic risk-free models to be subject to minor and limited rules (e.g.: from a transparency perspective).
With high complexity, this regulation applies to the entire value chain in the AI industry, from developers to legal entities using AI. Thus, from February next year, companies in EU member states must comply with these usage rules, especially entities that use high-risk applications (e.g. energy markets, healthcare, financial-banking and telecommunications services). The use of AI will need to be human and rights-centered, without prejudice to the Union’s rules and values on safety, health, the environment and democracy. Therefore, entities using AI will have to comply with these new rules, otherwise the use of the technology will be prohibited. To ensure that the new Regulation is properly applied and respected, both developers and companies using AI will be required to implement a governance framework. Although this is a European regulation, we do expect it to set a precedent for future global AI standards, as it happened with the EU General Data Protection Regulation (GDPR).
As a regulation, the EU AI Act is directly applicable in member states from August 1, 2024, but there is also transitional activity, especially for development and companies in the Union, with the rules on the use of AI applying from February 2, 2025. Instead, the rules for GPAI will apply from May next year.
Romania’s National Strategy on AI
Responding to the new European regulation in an unexpectedly short time, the Romanian Government has already adopted the 2024-2027 National Strategy in the field of Artificial Intelligence (SN-IA). Although it can be considered a framework for AI, it only has strategic valences, a kind of guidelines we could say, as it does not impose actual rules for the use of this technology. With a public consultation held last September, the SN-IA incorporates both the proposals of the National Committee for AI and of the private sector.
According to the Government, this strategic framework is intended rather to support the public administration in its efforts to standardize, operationalize and regulate the development of AI. The goal? “The preparation of the Romanian society in the understanding, acceptance and valorization of the transformative processes generated by AI”. as shown in the substantiation note of SN-IA. For example, the national strategic framework aims to support and develop research-development-innovation (R&D) education and AI skills, while also aiming to develop and use data infrastructure and datasets. In addition, with the help of partnerships, technological transfer would be ensured, and, in essence, the adoption of new technology would be facilitated at the level of the entire society. Finally, returning to its main role, the Executive also plans a robust system of governance and regulation of AI. All these aspects will be dealt with by an interministerial Commission for coordinating the implementation of SN-IA, which will include no less than 34 institutions, including secret and intelligence services (SRI, SIE), but also the consumer protection body (ANPC) and the Competition Council.
However, the new strategy does not explain how the previously mentioned objectives will be achieved, nor what actions are on the agenda of the central authorities. Without a current plan to implement this strategic framework, we can only wait for this implementation rules, which will most likely be initiated by the Ministry of Digitalization (MCID) and the Authority for the Digitalization of Romania (ADR).
