In 2021, the European Commission published the first proposal for a Regulation on Artificial Intelligence (AI Act), which is structured around an analysis of the risks that artificial intelligence (AI) systems may pose to fundamental rights, health, and safety.

In fact, the documents leading up to the draft Regulation highlighted precisely how the nature of the risks arising from AI systems differs significantly from previous technologies, as the potential impacts on the right to human dignity, privacy, non-discrimination, and the effective legal protection of citizens could face unprecedented erosion.

Europe appears determined to take responsibility for protecting fundamental human rights, just as enshrined in the Charter of Fundamental Rights.

It is on this foundation that the AI ACT itself is built; it not only classifies various AI applications into categories based on their level of risk to health, safety, and human rights, but also introduces a requirement for a system-level impact assessment capable of identifying potential social and environmental impacts, in order to support the development of technologies guided by principles of ethics, accountability, and safety.

The European trilogue phase on the AI ACT is beginning right now, during which the Parliament, the Commission, and the Council will negotiate the final text to be adopted, based on what was formally approved by the Parliament in its latest vote in June 2023—which (not surprisingly, given the evidence identified by the Commission) significantly strengthens the mechanisms for safeguarding fundamental rights—introducing, in particular, the obligation to include a vertical impact assessment of the effects that the riskiest AI systems may have on fundamental human rights.

 

In fact, the amendments to Article 29 are of paramount importance, as they aim to strengthen accountability and transparency among distributors of high-risk AI systems through mechanisms that ensure the quality of all actors in the value chain and effective, “human-centered” governance of the AI system.

But the most significant change is the new Article 29(a), which introduces—for the first time in European legislation—the obligation to conduct, prior to the deployment of a high-risk AI system, a detailed impact assessment on fundamental rights, with particular attention to marginalized groups and the environment: this assessment must not only analyze risks and impacts but also outline clear measures for governing the AI system and mitigating the identified risks.

The assessment must also be contextual, meaning it must include a precise description of the purpose for which the system will be used, as well as a clear description of the geographical and temporal context of the system’s use and the categories of individuals and groups most affected by its application.

The new article further requires that, when conducting the impact assessment, European data controllers—with certain exceptions—notify the national supervisory authority and actively involve relevant interest groups and representatives of potentially affected individuals, such as human rights organizations, consumers, and social stakeholders; and that they make the results of such an assessment available in a summary document to be filed with the relevant EU register.

From the perspective of resource sustainability, however, the article specifies that if a human rights impact assessment has already been conducted by the developer of the AI system, it may be considered valid for the purposes of regulatory compliance, unless there are new factors that render it obsolete. The possibility of relying on a previous human rights impact assessment clearly aims to encourage AI system developers to address the issue now (and not just when the regulation comes into force) so they can offer fully developed technologies and enjoy a solid competitive advantage during this phase of transformation.

It can therefore be said that, in light of the obligations introduced by the recent amendments approved by the European Parliament, European companies that develop or use high-risk AI systems will have to ensure that their solutions are fully compliant not only with regulatory and technical requirements but also with ethical standards.

What we are most interested in highlighting here, in fact, is the emphasis placed by European policymakers on fundamental rights as key players and drivers of an innovation ecosystem that expands—rather than constricts—the democratic space of a society in which technology is increasingly intertwined with the political sphere and the realm of values.