Consultation on Commission White Paper on AI

Confederation of Finnish Industries (“EK”) is the leading business organization in Finland. EK represents the entire private sector and companies of all sizes. It serves over 15,300 member companies across all business sectors. EK thanks for the opportunity to participate in the consultation and presents the following remarks.

1. Terminology and scope: Organizations and citizens need to have a clear understanding when/if something applies to them. Any regulation should have a clear definition of the scope, context, and specific properties that trigger its application. There are several proposals for definitions of AI, which is also recognized in the White Paper, and there is a clear need to develop these for legal language purposes. Preferably for interoperability reasons, the terminology should also reflect a wide consensus globally. Where needed, more precise references should be made to type of AI technology, depending on the context (machine learning, neural networks, etc.).

– Recommendation: follow closely global standardization work and for example OECD
developments in this area.

2. Risk-based approach: We welcome the principle of risk-based approach. Regulation in general, and AI regulation specifically, needs to address only recognized and real risks or otherwise risk unwanted market distortion. “One-size-fits-all” does not really work for AI; defining applicable high-risk sector and high-risk use combinations exhaustively upfront is not likely going to be univocally clear and predictable in a fast-moving technology environment. There already are sectoral rules for several identified use cases (e.g. transport, health). Additionally, referring to consumer applications qualifying as high risk seems overly broad and somewhat unqualified.

– Recommendation: align risk-management in principle-based manner based on objective,
technology-neutral and more nuanced criteria (vs. approaching it from strictly sectoral or
user group perspective).

3. Data – personal and non-personal: AI is as good as the data sets it uses. Further clarity is
needed on how handle different data rights, especially what type of IPR protection data enjoys
in AI context. The new Digital Single Market directive enables data mining, under specific
copyright exceptions for limited purposes under certain terms, but other IPR aspects also need
to be assessed. Looking at other key issues mentioned in data context (personal data, privacy
and non-discrimination, etc.), it seems clear that while AI may have triggered these discussions,
it does not automatically follow from that these issues should be dealt with a general AI
legislation. Therefore, certain challenges should be dealt in context of (and in relation to)
other legislation, especially concerning the interaction with the General Data Protection
Regulation.

– Recommendation: Trade secrets, data base rights and interactions with the GDPR need to
be clarified in AI context.

4. Ex ante / pre-market approval and governance: We are forced to take a very critical stand to
pre-market assessment and authority approvals for AI technology. Such approach would likely
severely stifle innovation and competitiveness in critical sectors. It is not even clear if current
Member State government systems would be up for the task. Such governance would require
experts in various fields (combinations of legal, engineering, coding and sectoral) and generally
deep knowledge of different algorithm, data set and AI technologies. Creating such capacities
would require considerable investment in time, resources, and highly skilled workforce, which
is already in high demand.

There is a better way, and market operators should drive the development of trustmechanisms (agreements, sandboxes, labelling etc.) to ensure agile approach and adaptation of best risk-management measures. We strongly encourage the Commission to support national, European, and international tools for development and use of AI.

– Recommendation:

• Support sandbox-initiatives for certain more sensitive sectors and uses to promote
  understanding for needed regulations together with developers and users;
• Support business-driven standardisation work for technical and administrational
  standards, to promote softer guiding instruments as part of regulatory framework.

5. Labelling: can be an appealing alternative and a softer approach compared to regulating, but it
must be ensured that any program, even if voluntary, does not create undue cost or
administrative burden and that it follows the risk-based approach. Labelling may have
unintended consequence and become de facto mandatory certification scheme. This could be
a clear hindrance, especially to SMEs.

– Recommendation: Promote voluntary labelling programs, but only where this is meaningful for users, consumers, and developers alike.

6. Safety and liability: We welcome efforts to assess product safety and liability regulations also
from AI perspective, as long as the overall aim is that safety and liability regulation remains
technology neutral. Only specific, identified needs backed by strong evidence and clear gaps in
current regulations should be addressed.

– Recommendation: any development in this area should maintain a careful balance between EU-level harmonization and national liability regimes and procedural rules.