Opinion of the European Economic and Social Committee on ‘Proposal for a Directive of the European Parliament and of the Council on adapting non-contractual civil liability rules to artificial intelligence (AI Liability Directive)’

(COM(2022) 496 final — 2022/0303 (COD))

(2023/C 140/05)

Rapporteur-general:

Wautier ROBYNS DE SCHNEIDAUER

Referral	European Parliament, 6.10.2022
	Council of the European Union, 14.10.2022
Legal basis	Article 114 of the Treaty on the Functioning of the European Union
Section responsible	Single Market, Production and Consumption
Bureau decision	20.9.2023
Adopted at plenary	24.1.2023
Plenary session No	575
Outcome of vote (for/against/abstentions)	154/1/0

1.   Conclusions and recommendations

1.1.

The EESC has been developing its views on artificial intelligence (AI) since its pioneering work in 2017, insisting that it is necessary that human supervision of AI applications also include liabilities and establish trust in such technology. It called for clear rules including, in the case of wrongful (or presumably wrongful) use, the liability of physical persons or legal entities, as expressed in its opinion of 2019 (1).

1.2.

The EESC welcomes and supports the Commission’s proposal to improve the rights of victims who have suffered any damage — as admissible under national law — due to such wrongful use of AI by providing specific rights on top of existing national tort-based or strict liability law, the provisions of the Product Liability Directive and criminal law.

1.3.

The EESC recognises that a minimal harmonisation serves this objective best, but is wary of the risk of divergent interpretations by stakeholders involved in the development and supply chain and by judges. It therefore insists upon clear legal definitions and the need to further enhance the required expertise of those who will have to apply this new legislation across the EU with appropriate digital capacity. The Commission’s ultimate goal should be to pursue and develop a liability scheme that is as uniform as possible in its application across the EU.

1.4.

The EESC recognises the interaction between prevention and security rules, on the one hand, and redress opportunities on the other, on top of public authorities’ supervisory role, so as to ensure compliance with EU and national standards on the responsible development of AI. It calls for setting up a network of alternative dispute resolution bodies to make it easier for victims to exercise their rights and to collect more evidence on the outcomes of the directive.

1.5.

The EESC appreciates the balance the directive strikes between victims’ rights and the interests of AI developers. This makes it possible to reap the benefits of the digital transition and may set a standard for third countries considering following this path.

1.6.

The EESC calls upon the Commission to closely monitor the development of financial guarantees or insurance covering AI liability, with due regard to their availability and extent as the new framework should provide legal certainty for operators and insurers alike. Evidence of incidents is key to assessing whether there is any need for measures in this regard: documenting and reporting those incidents is therefore crucial.

1.7.

The EESC calls on the Commission to include the rights granted to victims of damage caused by AI in its communication strategy, in order to increase confidence in the digital transition.

1.8.

Considering the speed of technological developments, the EESC supports the intention to review this legislation as soon as evidence justifies. It is of the opinion that 5 years after this directive enters into force would be an excessive delay and recommends having this review 3 years after this moment. The EESC is willing to take stock in this review and to assess the experience of EU civil society organisations, more specifically with respect to the feedback from end-users with regard to the burden of proof and to potentially divergent definitions of eligible damage under national laws.

1.9.

As the use of AI can lead to sensitive policy choices that should not be left solely to the parties involved in the AI supply chain, the EESC also asks to be involved and consulted in setting ethical standards.

2.   Summary of the proposal

2.1.

The proposal for a directive on non-contractual liability in relation to artificial intelligence (‘AI Liability Directive’) builds upon the Commission’s 2020 White Paper on AI, its simultaneous report on safety and liability in the field of AI, and the 2021 AI Act proposal which focuses on prevention and safety. It is linked with the review of the 1985 Product Liability Directive (‘revised Product Liability Directive’), which was presented on the same date as the AI Liability Directive examined in this opinion. Both proposals allow plaintiffs to make claims against certain parties, with some differences in the scope of both instruments.

2.2.

The purpose of the AI Liability Directive is to lay down uniform rules regarding some aspects of non-contractual liability for damage caused using AI systems. By doing so, it aims to improve the functioning of the single market and establishes broader protection for victims (be it individuals or businesses), and fosters trust in AI through harmonised rules. This covers, for example, breaches of privacy, data loss or damages caused by safety issues. The new rules will, for instance, make it easier to obtain compensation if someone has been discriminated against in a recruitment process involving AI technology even though several (legal) hurdles remain. In order to remove remaining legal uncertainty, the EESC recommends providing a legal definition of a decision as made by machines making use of AI.

2.3.

With this directive, the Commission for the first time is proposing a targeted harmonisation of national liability rules for AI, making it easier for victims of AI-related damage to get compensation. In line with the objectives of the AI White Paper and with the Commission’s 2021 AI Act proposal — setting out principles of rule of law through a framework for reliability and trust in AI — the new rules will ensure that victims benefit from fair protection when harmed by AI products or services, as if harm were caused under any other circumstances.

2.4.

While taking care not to jeopardise or jettison technological progress in Europe, the directive introduces a harmonised legal framework that addresses the complexity of AI systems from lab to market and simplifies the legal process for victims of harm caused by AI systems through two main legal innovations that meet existing needs: — first, when a relevant failure to comply with (a duty of care following) EU or national regulations has been established and a causal link to the (output of the) AI system seems reasonably likely, a rebuttable ‘presumption of causality’ will address the difficulties experienced by victims in having to explain in detail how harm was caused by a specific fault or omission, which can be particularly hard when trying to understand complex AI systems. Specific provisions apply for providers of high-risk AI systems (see point 4.1), persons acting on the latter’s behalf and users. The proposal reduces the severity of the presumption when the AI system is used by a non-professional user who did not interfere with the operation of the AI system, — second, while in product liability it is easier to identify whom to sue, the AI environment is more complex. Under the proposed directive, victims will have more tools to seek legal redress, through a right of access to evidence from companies and suppliers, in cases in which high-risk AI is involved and when it is necessary to obtain such evidence, and in a proportionate measure. Victims will be able to obtain an order from the court giving access to the information needed to determine what caused the harm they suffered and which physical or legal defendant they can address for this damage. When evidence is easily accessible, the presumption is no longer applicable, which provides a serious incentive to make such information available.

Through these two measures, the proposed directive helps victims to achieve redress, individually or collectively (if applicable), without abolishing the concept of causality.

3.   Guaranteeing human-centric technological evolution

3.1.

The EESC is aware of the benefits and potential risks AI encompasses. Its use should not be limited to just improving productivity by substituting human tasks and reducing costs. This development calls for attention to risks regarding its impact on health as a result of modified working conditions, rights, such as privacy, and for reconsidering the balance between machine and man in the workplace, as human control is to be privileged, with due regard to the possible persistence of human prejudice and bias in machine functioning. Responsibility for initial design and ultimate liability for its possible failures should remain with human actors, as acknowledged by the High-Level Expert Group on Artificial Intelligence in their ethics guidelines. Many other evolutions are less well documented today, such as the environmental impact of nanotechnologies. The EESC believes that both AI operators and other stakeholders, for instance risk management consultants and insurers as well as public authorities and workers’ representatives, should monitor potential impact through risk analysis, auditing and safety engineering through tests in an environment similar to the real world. As expressed in its previous opinion (2), the EESC would welcome certification procedures ensuring safety and alignment with human interests.

3.2.

The EESC is conscious of the exposure of AI applications to failures and to malicious cyber acts and refers to its recent opinions on the Digital Operational Resilience Act (DORA) (3) and on the Cybersecurity and Resilience of Critical Entities Directive (4) proposals. Those risks and threats evidently justify the existing prevention and monitoring prescriptions as well as future developments as new vulnerabilities may emerge.

3.3.

The EESC supports the intention to keep pace with fast-moving future developments and to review the effects of the directive as evidence justifies, leading to an update subject to necessity and proportionality. It considers the 5-year target set in the proposal to be too distant and suggests acting earlier, at most 3 years after the directive enters into force. It insists on the involvement of civil society in this evaluation, as the EESC reflects the views of citizens, consumers, workers and businesses great and small in its unique way, paying due attention to fundamental human rights, including workers’ rights, as well as economic opportunities and obstacles.

4.   Safeguarding fundamental EU values

4.1.

The EESC supports the approach the Commission took in the AI Act, which distinguishes prohibited uses of AI like ‘social scoring’ of citizens by intrusive governments, high-risk applications by businesses including recruitment and merit rating scoring as well as critical infrastructures and technical devices used in healthcare, and a large number of less risky activities. The EESC calls for an unambiguous definition of high-risk activities. The EESC repeats its call to add potential harm to the environment as one of the factors to be included in the high-risk category. The EESC observes that compensation should be awarded to victims regardless of the classification of risky and less risky AI applications.

4.2.

As stated in its 2020 opinion on the White Paper on AI, the EESC insists on its commitment to safeguarding fundamental rights and human stewardship at the final decision stage as cornerstones of responsible development of AI in the European Union. Choices and decisions made by machines may lack the human understanding of unintended consequences especially when these choices and decisions affect vulnerable people like children or elderly people.

4.3.

The EESC stresses the importance of the trust of the public in AI developments with regard to protection of privacy, fair treatment and redress when appropriate. The proposed directive aims to ensure at least equal compensation for damages caused or caused in part by the use of AI systems as compared to damage suffered in situations where AI systems are not involved. It is important that the Commission, the Member States and users of AI systems join efforts in conveying this message to a wide audience.

5.   Facilitating compensation for victims of damages caused by AI

5.1.

The AI Liability Directive provides for increased protection of citizens, workers and economic actors against damages as recognised in the national legal environment of those victims, extending this protection beyond just physical injury and material losses as provided for in the Product Liability Directive proposal. This extension allows for the compensation of purely economic damages caused, for instance, in cases of unfair discrimination, denial of access to care or education, erroneous profiling by the police or through data loss. The EESC insists on the need to provide a clear understanding of eligible damage, in order to avoid unwanted diverging interpretations under national case law, and to provide training to this end to practitioners including national judges using appropriate means. The EESC points out the possibility for national courts to ask the ECJ for prejudicial rulings on points where interpretations may deviate.

5.2.

The EESC finds that access to redress and compensation is not equal for citizens, consumers, workers or businesses across the European Union. The goodwill towards plaintiffs, the rules of procedures and costs associated with a claim through the judiciary system and the degree to which plaintiffs are covered against legal expenses in civil liability cases significantly differ across Member States and social classes. Therefore, and as already expressed as a principle in the more general opinion on the AI Regulation (5), the EESC advocates setting up easily accessible, free and mandatory alternative dispute resolution schemes in matters involving civil liability in AI applications at national level with an EU-wide coordination such as exists in the sphere of financial services (FIN-NET), for instance, and to do so in cooperation with relevant representative bodies of civil society. Such services would contribute to the assessment of the effects of the directive by keeping track of out-of-court settlements brought to their attention.

5.3.

The EESC welcomes the efforts made to provide victims with increased means to claim fair compensation when they suffer damages caused by AI applications, which otherwise may be unavailable or complicated and expensive, due to the opacity and complexity of AI applications. Many citizens and consumers are suspicious about ‘robots’ and algorithms. The EESC recommends action to foster citizens’ confidence, particularly through tutorials on widely used social media, as a part of the Commission’s communication strategy.

5.4.

Victims of damage caused by AI systems will be able to invoke the presumption of operators who fail to comply with EU or national requirements. The fact that operators will have to log their compliance with such rules serves as a defence against careless behaviour

6.   Integrating new legal principles in the single market

6.1.

The AI Liability Directive comes at a time when liability for AI failures is on the legislative agenda of several Member States. The EESC understands the approach of the proposal in safeguarding, at this stage, national legal principles and supports the use of a directive in order both to avoid excessive inconsistencies in liability principles across the EU, and allowing Member States to fine-tune the protection they deem necessary and proportionate in the general interest. It draws the attention of policymakers to the downside of fragmented legal environments, which impede the realisation of a true digital single market, maintain differences between European citizens and businesses and could hinder European technological innovation. It believes that the risk of misinterpretation of the general interest principle should not be underestimated, as procedures to challenge this are cumbersome and their authority does not extend beyond the issue at stake in each procedure before the Court of Justice.

6.2.

The EESC understands the extent to which national legal regimes applicable to civil liability claims still differ among Member States and has over the years paid great attention to efforts to overcome those differences, for instance through an alternative regime to the national standards (‘28th regime’). With this in mind, it understands the choice of legal instrument proposed at this stage by the Commission, but points to the risk that several concepts might give rise to different interpretations under different national legal systems. The EESC insists the Commission should pursue a liability scheme as uniform in its application across the EU as possible as an ultimate goal.

6.3.

The EESC stresses the right of the defendant party, notably including (small) retailers, to make a legal claim vis-à-vis its provider or to relevant stakeholders upstream in the supply chain, and the duty of the latter to bear responsibility for the consequences of their negligent or presumably wrongful behaviour. Those suppliers should, in such cases, be legally bound to provide indemnification to such defendants.

7.   Supporting the competitiveness of European AI developments

7.1.

The EESC considers legal certainty to be an economic incentive for European research and development by scientific centres, public authorities and undertakings and contributes to pioneering innovations in a global environment. The proposed AI Liability Directive provides timely guidance needed to give innovators more of the required confidence about legal risks, especially when working across borders, as different jurisdictions have their own liability regimes. This will be of significant value to start-ups and SMEs which do not have the same access to legal advice as larger enterprises. The new framework may also help developers launch new AI applications with a better understanding of legal implications, contributing to the EU strategy on digital and green transitions.

7.2.

The proposed AI Liability Directive does not include compulsory insurance for AI applications at this stage. Considering that AI applications are still in full development, especially intricate systems, it would be hard to establish rating methods for lack of past experience which would reasonably be reliable enough to be representative of future damages and claims, especially with regard to the fact that occurrence of damages and claims could be interconnected and cause replication of failures and therefore escalation of the severity of incidents and accumulation of losses, while capacity is currently limited with (re)insurance enterprises. The EESC therefore understands the Commission’s choice not to engage further in the issue of whether, for which activities and to what extent mandatory insurance or other financial guarantees should be introduced at this stage, but invites the Commission to closely monitor the availability and extent of insurance. A monitoring scheme providing insight into incidents involving AI systems is needed to assess whether additional measures are needed such as strict liability or mandatory insurance.

7.3.

The EESC observes that several risks are subject to compulsory insurance or other financial guarantees under national or EU law. This is more specifically the case with the use of motor vehicles, where development of autonomous vehicles is under way. In such cases, where compulsory insurance extends not only to the behaviour of the driver or passengers but also to equipment malfunction, more specifically in autopilot mode, compensation is in most cases (6) guaranteed to victims under current legislation and contracts. Insurance companies can, when applicable, claim reimbursement for their expenses from manufacturers. This should reduce costs to motorists and shift the economic centre of gravity of the relevant lines of insurance from a business-to-consumer market to a business-to-business model. The EESC therefore believes that no significant further legislative action is needed in areas where compulsory insurance already exists or is to be introduced at EU level. Still, the EESC will closely monitor the ethical choices presiding over issues such as collision avoidance and accident management scenarios.

7.4.

The EESC considers the compliance and risk management constraints embedded in the AI Liability Directive as well as the presumption which puts the onus of rebuttal on providers, persons acting on the latter’s behalf and users of AI systems to be proportionate measures targeted at the right levels of risk of damage caused by AI applications.

7.5.

With regard to access to evidence, the EESC approves of the measures taken to protect trade secrets, which are an important aspect of the competitiveness of European innovators, as well as confidential information when invoked in a legitimate way and with due respect for established rights such as the legally recognised privileges of whistle-blowers that exist in the workplace, for example.

7.6.

The EESC believes that the adoption of a moderate presumption rather than strict liability eases developments for AI technology in the European Union and could confirm the EU’s role as a global standard-setter, since other countries may well align their legislations with this regime. This aspect should also be part of the future review, together with the clarification of concepts which might be necessary as a result of this first experience.

---

(1)  Opinion of the European Economic and Social Committee on ‘Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions — Building trust in human-centric artificial intelligence’ (COM(2019) 168 final) (OJ C 47, 11.2.2020, p. 64).

(2)  Opinion of the European Economic and Social Committee on ‘Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions — Building trust in human-centric artificial intelligence’ (COM(2019) 168 final) (OJ C 47, 11.2.2020, p. 64).

(3)  Opinion of the European Economic and Social Committee on: Proposal for a Regulation of the European Parliament and of the Council on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014 (COM(2020) 595 final — 2020/0266 (COD)) — Proposal for a Directive of the European Parliament and of the Council amending Directives 2006/43/EC, 2009/65/EC, 2009/138/EC, 2011/61/EU, 2013/36/EU, 2014/65/EU, (EU) 2015/2366 and (EU) 2016/2341(COM(2020) 596 final — 2020/0268 (COD)) (OJ C 155, 30.4.2021, p. 38).

(4)  Opinion of the European Economic and Social Committee on ‘Proposal for a Directive of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148 and Proposal for a Directive of the European Parliament and of the Council on the resilience of critical entities’ (COM(2020) 823 final — 2020/0359 (COD) — COM(2020) 829 final — 2020/0365 (COD)) (OJ C 286, 16.7.2021, p. 170).

(5)  Opinion of the European Economic and Social Committee on Proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain union legislative acts (COM(2021) 206 final — 2021/106 (COD)) (OJ C 517, 22.12.2021, p. 61).

(6)  The person at the wheel is entitled to file a claim under product liability law.