24 July 2023/
By Christian Djeffal
/
Blogpost 32/2023
Advances in artificial intelligence (AI) have once again surprised people. New approaches to training very large context-aware systems have enabled generative AI systems (GAI), especially large language models (LLMs), which can produce content that is, in many cases, indistinguishable from the products of the human mind. ChatGPT, an LLM, has proven to be one of the fastest-growing consumer applications, and such popularity raises the question of how to govern and regulate AI even more pressing. Discussions in the AI community have been at a fever pitch. Two letters with humongous support from the AI community tried to stir debates. One from the Institute for the Future of Life called for a 6-month moratorium on experiments to figure out how to deal with systems adequately. Another letter stressed the risk of extinction to get policymakers to act. These debates on GAI and large AI systems have landed them in the middle of deliberations over a proposed AI Act. While there is a great deal of overlap between the European Commission’s (Commission) original draft, the position of the Council of the European Union (Council), and the European Parliament’s (Parliament) position, they diverge on how to deal with the models that are under discussion. Continue reading
20 July 2023/
By Thomas Yaw Voets
Blogpost 31/2023
On 26 June 2023, the International Tribunal for the Law of the Sea (ITLOS) announced that it had received written statements from 31 States Parties and eight intergovernmental organisations with regard to Case No. 31 (Request for an Advisory Opinion submitted by the Commission of Small Island States on Climate Change and International Law). As expected, this included European Union (EU) member states’ submissions. More precisely, from Poland, Germany, Italy, Latvia, France, Portugal and the Netherlands.
However, perhaps somewhat surprisingly, the European Commission (EC) also submitted a written statement on behalf of the EU to ITLOS, adding an intriguing dimension to the proceedings. After all, the decision by the EC to submit a written statement revives the discussion on the EU’s representation before International Courts and Tribunals. For that reason, this blogpost aims to assess possible salient aspects regarding the statement submitted by the Commission on behalf of the EU. Does it contradict the views of the Member States that submitted their observations? What implications arise from the fact that the Member States themselves have submitted observations in this case? How does this align with the principle of sincere cooperation under EU external relations law, particularly considering the C‑246/07, European Commission v Kingdom of Sweden PFOS judgment?Continue reading
19 July 2023/
By Inge Graef
Blogpost 30/2023
Competition authorities can identify a violation of the data protection rules when such a finding is necessary to establish an abuse of dominance under the competition rules. This is the main outcome of the judgment that the Court delivered in Meta Platforms on 4 July 2023. The judgment is the next step in the saga that started with the 2019 competition decision of the Bundeskartellamt (the German Federal Cartel Office) requiring Facebook (now Meta) to refrain from combining user data from different sources beyond its social network. The judgment provides a welcome confirmation that data protection standards can also matter for the interpretation of the competition rules. However, what is more remarkable and less expected is the general framework the Court sets out for coordination between competition and data protection authorities building on the duty of sincere cooperation and the clarity with which it evaluates the different legal bases Meta invoked for processing user data. The judgment can become a reference point for assessing the legality of personal data processing by dominant firms, but also leaves competition and data protection authorities with an assignment to explore how to coordinate their work in the future. Continue reading
10 July 2023/
By Pielpa Ollikainen
Blogpost 29/2023
On 1 February 2023 the General Court delivered its judgment in T-354/21 ClientEarth v Commission. The case concerned the Commission’s refusal to allow access to several audit documents on fisheries control systems in Denmark and France. Its refusal was based on a general presumption of non-disclosure for documents related to infringement proceedings that are in preparation or ongoing. ClientEarth unsuccessfully argued that an overriding public interest nonetheless justified their disclosure, and asked for an annulment of the Commission’s decision. The General Court found in favour of the Commission and dismissed the case, yet again illustrating the deficiencies in the EU’s access to documents regime laid down in the Transparency Regulation, and leaving ClientEarth to appeal the case to the Court of Justice.
Continue reading
Blogpost 28/2023
The leaked May 2023 draft of the EU’s Proposed Cybersecurity Certification Scheme for Cloud Services (EUCS) has caused a stir due to its continued inclusion of strong digital sovereignty requirements. The stated goal of the EUCS is to enable cloud service providers (CSPs) to “demonstrate their trustworthiness and the effectiveness of their cybersecurity defenses” to European governments and businesses. EUCS, however, threatens to impose data localization requirements on any CSP aiming to qualify for a high level of cybersecurity certification within the European Union. It also effectively would exclude CSPs headquartered outside the EU from seeking “the highest level of … certification” on the grounds that such CSPs would not be immune from foreign law. The immunity requirement demands that such CSPs “are operated only by companies based in the EU” with their “registered head office and global headquarters … in a Member State.”
A working group of the European Agency for Cybersecurity (ENISA), the body charged with drafting EUCS, discussed the latest (now-leaked) EUCS proposal on 26 May 2023. The European Commission strongly defended the proposal, but according to observers several EU member states, led by the Netherlands, resisted the sovereignty requirements, and asked for an impact assessment. France reportedly preferred the previous proposal, while Germany, a pivotal player, maintained an ambiguous silence. As a next step, member states will submit written comments by the end of June 2023, including on the important question of the costs of compliance with the requirements envisaged for high level cybersecurity certification.
Continue reading
16 June 2023/
By Miriam Schuler
Blogpost 27/2023
Over the past years, backsliding EU member states have caused increasing concerns. For almost a decade, EU institutions have concentrated most of their efforts on defending the rule of law against attacks from member states. On 8th June, however, the European Commission seems to have broadened the scope of value enforcement. In a Press Release, the Commission has announced its most recent infringement action against Poland. This time the focus is not on reforms which undermine the independence of the judiciary and thereby violate an essential component of the rule of law. This time, the principle of democracy is the central element of the Commission’s concern. Considering that this is the very first time that a violation of the principle of democracy is invoked against member states, and given that EU law, to date, does not provide a clear answer as to what democratic standards member states are obliged to respect under Article 2 TEU, this is a ground-breaking development.Continue reading
Blogpost 26/2023
Over the past few months, general-purpose artificial intelligence (AI) has emerged as a hot topic for policymakers. The ‘AI hype’ that followed the seemingly immediate success of the conversational bot ChatGPT has led to renewed calls for regulation in the EU, placing Large Language Models (LLMs) in the spotlight. Such models, which can be described as a subset of general-purpose AI that can process and generate human-like text, are increasingly being integrated into various industries. Healthcare is no exception, with potential applications ranging from clinical and operational decision-making to patient engagement. AI enthusiasts hope that LLMs will enable better communication between patients, physicians and healthcare workers, improve healthcare delivery or contribute to the advent of personal therapy bots. It remains to be seen which of these promises are feasible and realistic, but their capabilities have been and are continuing to grow exponentially, enabling them to reliably perform routine tasks for care providers like collecting information or navigating health record systems (an area of particular interest). Recent peer-reviewed studies have shown that virtual assistants and other AI-based tools can already perform many healthcare tasks better than specialist physicians, leaving experts wondering about the future of the human element in the patient experience.
Continue reading
Blogpost 25/2023
The views expressed on this post bind the author exclusively.
The Markets in Crypto-assets Regulation (“MiCA”), even though not yet published in the Official Journal of the European Union, is now politically agreed upon and its final text (formal revisions notwithstanding) has been adopted by the European Parliament and the Council of the European Union. The MiCA Regulation is a ground-breaking piece of legislation, as it seeks to create a comprehensive framework applicable to various aspects of crypto-assets issued and traded in the European Union.
The EU is taking the lead in the regulation of crypto-assets, as it tries to strike a middle-ground between a complete absence of rules protecting investors and consumers, and stifling prohibition, trying to make the EU an attractive but safe hub for blockchain-based activity and business. However, leading the field in regulation always implies a certain degree of risk and the new instrument is not without its shortcomings.
This post, after a brief overview of the scope and main features of the MiCA Regulation, will make some remarks on two outstanding issues: the doubtful rationale behind the scope of the Regulation, and its choice not to deal with decentralisation.Continue reading