People and companies that are harmed in any way by a drone, robot or software driven by artificial intelligence will be able to sue for compensation under new EU rules. While this offers extra protection to citizens, questions remain over where the buck stops in the supply chain.
The AI Liability Directive brings together a patchwork of national rules from across all 27 member countries and is designed to “ensure that victims benefit from the same standards of protection when harmed by AI products or services, as they would if harm was caused under any other circumstances”.
Victims will be able to sue the developers, providers, and users of AI technology for compensation if they suffered harm to their life, property, health and privacy due to a fault or omission caused by AI and can also sue if discriminated against during a recruitment process that used AI but it is unclear where overall responsibility will lie under the current draft version of the directive,
Guillaume Couneson, partner at law firm Linklaters told Tech Monitor the directive “does not indicate against whom the victim of damages caused by an AI system should file its claim. It envisages that the defendant could be the provider or the user of the AI system.
“So let’s say a recruitment company uses an AI made by a third party to filter CVs and it automatically dismisses people from minority backgrounds. Would the developer or the recruitment company be at fault? The principle remains that the party which committed the fault is liable.”
It doesn’t institute a no-fault liability regime, but Couneson suggests this may come in the future – rather it aims to help the victim of an AI-caused harm to provide evidence in court. “It does so via two mechanisms, namely an obligation for the defendant to disclose evidence in certain circumstances and the presumption of a causal link between the fault of the defendant and the (failed) output of the AI system.”
EU artificial intelligence laws: the presumption of causality
This is done via the introduction of a “presumption of causality” which means victims only have to show that there was a failure to comply with certain requirements that led to the harm, then link this to the AI.
The directive covers tangible and intangible unsafe products, which includes software that is standalone or embedded and digital services that are needed to make the product work.
BSA, the software alliance industry association broadly supports efforts to harmonise AI rules across Europe but warns of a need for greater clarity over responsibility if AI goes wrong – particularly whether it should fall on a developer, deployer or operator.
“EU policymakers should clarify the allocation of responsibility along the AI value chain to make sure that responsibilities for compliance and liability are assigned to the entities best placed to mitigate harms and risks,” said Matteo Quattrocchi, BSA policy director for Europe.
“The goals of AI governance should be to promote innovation and enhance public trust. Earning trust will depend on ensuring that existing legal protections continue to apply to the use of artificial intelligence.”
Bart Willemsen, analyst at Gartner, told Tech Monitor the new amendment “puts victims of negative impact through AI-based decision making in a stronger position than when things are left in a ‘computer says no’ type of world, something we all very much should want to prevent”.
He said it also ties in with the new European Union AI Act, which is incredibly broad and addresses anyone putting an AI system into the market, those using the system within the EU but also any company outside the EU producing systems that will be used or deployed in the EU.
How tech leaders should approach the new AI rules
The impact of AI can vary from minimal to damaging if managed incorrectly and so the EU has updated legislation to make it easier to take action when it is mismanaged. The UK has similar proposals under the new AI Framework, taking a ‘risk-based’ approach to the legislation.
Willemsen says there are high-profile cases where AI and algorithms have had a dangerous impact on certain groups, citing Instagram and TikTok’s impact on mental disorders and young teenagers, and the effects of data harvesting through companies such as Cambridge Analytica on the political agenda.
“The liability clauses are therefore in line with the prohibitions with which the AI Regulation starts off to begin with,” he said. “The point of the AI liability directive here, is to empower victims of things like the above and of similar negative effects from AI usage and simplifies the legal process.”
He explained that the “presumption of causality” was particularly important as it means laymen will not have to go into too much technical detail about an AI model to prove it was involved in the harm, but so was the ability for victims to demand information from companies.
Companies must define organisational roles and assignments for managing AI trust, risk and security management, Willemsen warned, this will include privacy protection as part of preparing for the introduction of these new AI liability rules.
Its also important to “document the intentions of each AI model, including its function in the ecosystem of deployment, desired bias controls, and optimal business outcomes”.
Finally, he warned companies should avoid deploying AI models on individuals if it can be prevented, such as when using digital twin technology as it’s enough to address a “persona rather than a person” and always hold activities and technologies to “sufficient moral and societal standards”.
Overall the new liabilities are designed to modernise and reinforce existing liability rules already in place for manufacturers, but expanding them to consider automation and artificial intelligence.
Commissioner for Internal Market, Thierry Breton, said in a statement: “The new rules will reflect global value chains, foster innovation and consumer trust, and provide stronger legal certainty for businesses involved in the green and digital transition.