EU Data Act + EU AI Act = digital sustainability by design
Saving hundreds of lives thanks to data and AI
On 24 August 2016, nearly 300 lives were lost when a catastrophic earthquake struck central Italy. Measuring 6.2 on the moment magnitude scale, it originated near Accumoli. While deadly seismic events are less common in Europe compared to other regions, powerful earthquakes still occur quite frequently.
Now, imagine that you were able to save hundreds of lives by predicting sufficiently in advance and, thus, managing earthquakes. What would you need and how would you proceed?
In 2024, the development of the European Union’s (EU) ability to predict and manage environmental disasters is one of the immediate priorities, which is also expressly underlined in the EU Green Deal. This ability is supported and boosted by the accessible and interoperable data projects, which are at the heart of the EU’s data-driven innovation. This data, combined with artificial intelligence (AI) and other digital infrastructure (e.g. supercomputers, cloud, ultra-fast networks), is expected to facilitate evidence-based decisions and expand EU and global capacity to tackle environmental challenges.
EU Data Act + EU AI Act = digital sustainability by design
The EU Data Act, effective as of 11 January 2024, will be fully and uniformly applicable across all EU Member States (MS) by 12 September 2025. It aims to establish fair access to, and use of, data. The Data Act is the cherry on the cake of the European strategy for data, positioning the EU as a leader in the digital economy, but also, and especially, in the accessibility and interoperability of data (as well as the regulation thereof), so important for tackling environmental and broader ecological challenges.
Furthermore, as the Green Deal aims to facilitate the realization of the digital transformation’s complete advantages to bolster the ecological transition, a primary focus is enhancing the EU’s capacity to anticipate and handle environmental crises effectively. To achieve this objective, one of key EU’s ambitions is to coordinate European scientific and industrial expertise to create an extremely precise digital model of the Earth. Hence, the accessibility and interoperability of data are of fundamental importance.
In general, the Data Act’s key provisions include reinforcing data portability rights and empowering consumers to access and control their device-generated data. The Act also promotes interoperability standards for sustainable data sharing and fostering fair negotiations and SME participation in the digital marketplace. It equally grants the public sector increased access to private data for emergency response.
The forthcoming EU AI Act, the first of its kind in the world, has been concluded and received endorsement from all 27 EU MSs on 2 February 2024. The previous version of the recent political agreement on the AI Act reached on 8 December 2023, compared to the text of the initial Commission proposal, added new elements of the provisional agreement in terms of risks deemed unacceptable, such as predictive policing for individuals, the untargeted scraping of facial images from the internet, and CCTV footage, as well as emotion recognition in the workplace and educational institutions.
On top of the above elements in earlier versions, the latest updated text endorsed on 2 February 2024 now features a revised definition of AI systems aligned with the OECD definition, defines deepfakes, and provides specific details regarding the addressees of the Act, along with obligations for providers and deployers of AI systems. Retaining the risk-based approach from previous drafts, the Act assesses the lawfulness of AI system development and usage based on the level of risk to fundamental rights.
The revised text bans entirely certain types of AI systems, like biometric identification and limits such real-time remote identification in public spaces. It also prohibits AI systems exploiting vulnerabilities based on age, disability, or social/economic status.
For high-risk AI systems, compliance obligations are detailed, including exemptions for those creating ‘no significant risk of harm’ to the health, safety or fundamental rights of natural persons, including by not materially influencing the outcome of decision making. Profiling of individuals always categorizes AI systems as high-risk.
The latest text extends to General Purpose AI (GPAI) providers, except for AI systems for scientific research. GPAI models with systemic risk face stricter regulations for evaluation, risk mitigation, incident reporting, and cybersecurity measures to ensure transparency and accountability.
The EU AI Act will soon be published in the EU Official Journal, taking effect 20 days afterward, with enforcement starting after a 24-month period.
Note that the newly enacted EU Data Act and the upcoming EU AI Act complement, strengthen, and sustain the GDPR. Unlike EU directives, setting out goals that EU MSs must achieve by devising their own laws on how to reach these goals, the two Acts are EU regulations. Therefore, the Acts aim to (i) regulate the data and AI-related issues in the same way in all EU MSs and thus (ii) harmonize the relevant regulatory framework across the Union.