Sie möchten Beschwerde gegen ein EU-Organ oder eine EU-Einrichtung einlegen?
- EN English
Report on the meeting of the European Ombudsman inquiry team with representatives of the European Commission on how decides on and uses artificial intelligence
Überprüfungsbericht - Datum Dienstag | 01 Oktober 2024
Fall SI/4/2024/MIK - Geöffnet am Freitag | 15 März 2024 - Entscheidung vom Freitag | 06 Dezember 2024 - Betroffene Institution Europäische Kommission - Land Frankreich
Untersuchung eingeleitet
15/03/2024Laufende Untersuchung
15/03/2024Ergebnis der Untersuchung
06/12/2024
Date: Tuesday, 24 September 2024
Remote arrangements
Present
European Commission
- Head of Unit – Data, Artificial Intelligence and Web, DIGIT.B1,
- Deputy Head of Unit – Data, Artificial Intelligence and Web, DIGIT.B1,
- Head of Sector – Data, AI and Innovation Policy, DIGIT,
- Deputy Head of Unit, COMP,
- Team leader, COMP,
- Coordinator Ombudsman questions, COMP.I1,
- Legal Officer, JRC,
- Legal Officer, DGT,
- Head of Sector – AI services, DGT,
- Policy Officer, CNECT
- Policy Officer, SG.E3,
- Adviser – Corporate Management and IT Governance, SG.A6,
- Senior Expert – Coordinator for inter-institutional Relations, relations with the European Ombudsman, SG.C2,
- Project Business manager – Better Regulation Portal/ Have your say, SG.B4,
- IT Project manager, SG.C5,
- Deputy Head of Unit, GROW.E1,
- Head of Unit, GROW.B3,
- Data Team Leader, GROW.B3.
European Ombudsman
- Michał Krajewski, inquiries officer,
- Josef Nejedly, inquiries officer,
- Christophe Lesauvage, legal expert,
- Markus Spoerer, policy adviser.
Purpose of the meeting
The purpose of the meeting was for the Ombudsman inquiry team to ask additional questions as a follow up to the Commission’s written reply provided to the Ombudsman in the context of this strategic initiative. An indicative list of questions was shared with the Commission before the meeting.
Introduction and procedural information
The Ombudsman inquiry team introduced themselves, thanked the Commission representatives for meeting with them and set out the purpose of the meeting. They outlined the legal framework that applies to meetings held by the Ombudsman, in particular, that the Ombudsman would not disclose any information identified by the Commission as confidential to any person outside the Ombudsman’s Office, without the Commission’s prior consent.[1]
The inquiry team explained that they would draw up a draft report on the meeting to be sent to the Commission to ensure that the contents were factually accurate and complete. The meeting report would then be finalised, included in the file and published on the Ombudsman’s website. No confidential information would be included in the report or otherwise published or provided to any third party.
Information exchanged
Background
In the context of this strategic initiative, the Ombudsman asked questions concerning three tools listed by the Commission in its Artificial Intelligence in the European Commission (AI@EC) Communication[2], namely (a) analysis of feedback from the public, (b) competition case management, (c) complaints-handling with AI (CHAI).
The Commission representatives made an opening statement. They said the Commission is currently exploring opportunities offered by artificial intelligence (‘AI’) to improve the efficiency and productivity of EU administration in compliance with the AI Act[3], especially if it were to use systems that the AI Act classifies as ‘high-risk’ to which most of the AI Act’s requirements apply. However, as the Commission’s AI@EC Communication stresses, AI can empower and improve EU administration, but it cannot replace human decision-makers. At the same time, the Commission is reflecting on the risks posed by AI systems. It intends to address them by improving the AI literacy of its staff and making them familiar with the new tools. It also encourages a voluntary application of the AI Act requirements to non-high risk AI systems.
1. Which legal and/or internal rules are applicable to these tools (the AI Act, the Commission’s AI Governance,[4] any other internal guidelines)?
Many sets of rules can apply to the AI systems, including the AI Act, the EU Data Protection Regulation[5], the Cybersecurity Policy, and sectoral rules. Moreover, the Commission is developing internal guidelines to facilitate the compliance with the AI Act. At the moment, the Commission is making sure it complies with the AI Act provisions on prohibited AI practices.[6] As a next step, it will assess whether any of its systems are ‘high-risk systems’[7]. Non-high risk AI tools will not necessarily have to comply with the requirements for high risk systems provided for in the AI Act. A cost-risk analysis will determine which requirements will be applicable.
The three AI tools that the Ombudsman asked about are only in the development or procurement phase now. Full compliance with the AI Act will be ensured before their launch. At the moment, it is not yet possible to say whether any of them are high-risk. The Commission follows a phased approach to the development and procurement of AI systems, via the established IT Governance. The Commission’s phased approach offers adaptability, which means that at a later stage of the development process the system owner (for instance, a Directorate-General) can decide, among other things, whether some possible functionalities of the system should be sacrificed to avoid making the system high-risk under the AI Act. At the same time, if it is clear that a system will be high-risk, the necessary safeguards will be provided. If a system is purchased from external providers, the system owners within the Commission can choose whether to activate specific functionalities or not, after assessing the risks these functionalities may pose and the costs this entails.
In accordance with the phased approach, the Commission will also assess in the future the need for the adoption of a ‘voluntary code of conduct’[8] regarding compliance by the Commission with the AI Act’s requirements also with regard to non-high risk systems.
2. What is the procedure for approving the launch of AI systems within the Commission?
The standard IT governance procedure is applied to systems with AI components, and is generally the same for all systems but, depending on the security profile of the system,[9] different bodies may be involved (e.g. a Data Protection Coordinator if the system processes personal data).
3. Is there a role for public consultations and increased transparency in the process of developing or purchasing AI systems by the Commission?
The Commission does not foresee developing or procuring tools that would replace humans, especially in adopting decisions producing legal effects, but only those that would improve the efficiency and productivity of their staff (that is, ‘back office’ systems), and human oversight will therefore be provided. The Commission may gather the input of affected stakeholders before putting a specific system in production. Specific systems may be subject to specific consultations if they are central to policies.
4. What will be the functionalities of the competition case management system?
The Commission intends to purchase an eDiscovery software with AI-based Technology Assisted Review (TAR) functionalities from a third-party provider. Such IT tools have already been used by other competition authorities and accepted by courts for over a decade for the review of very large volumes of documents. In competition law investigations such as those related to mergers, antitrust, DMA and Foreign Subsidies control, DG Competition requests internal company documents from investigated companies. Case handlers analyse these documents for evidence alongside market investigation results and other sources of evidence. These requests can generate millions of documents in a single case. The eDiscovery software will help case handlers to analyse such voluminous files obtained by the Commission in the context of its competition investigations. In this way, the software will foster the Commission’s ability to review relevant documents faster in order to comply with certain strict time limits such as those enshrined in the Merger Regulation. At first, specific teams of case handlers will perform a pilot test of the system. The public procurement process for this system is still at an early stage. The system will not result in automatic decision making. It will only support the work of case handlers who maintain full control over the assessment and use of the evidence, which can be cited in the Commission’s Statement of Objections or the final Decision.
5. What will be the functionalities of the system for analysing feedback from the public?
This system provides the Commission with information about the public feedback concerning the Commission’s policies and proposals. The system relies on semantics to establish whether the respondent overall agrees or disagrees with the Commission’s proposal. Based on this, it is possible to identify trends in how the public feels about specific proposals.
6. What will be the functionalities of the complaints-handling with AI (CHAI)?
The Commission’s replies to infringement complaints are not binding decisions. The system will support the case handlers in dealing with research and drafting the replies to infringement complaints. It is currently tested with a limited group of case handlers in DG GROW, which is the owner of the system. It is not used for ongoing complaints, but tested based on anonymised information from completed cases. It uses the same sources that the case handlers use in replying to infringement complaints (including past replies to similar complaints). The case handler always has the full control of the reply that is drafted. There is always traceability of the sources on which the system relies. The system will be checked for compliance with the AI act before going to production.
Conclusion of the meeting
The inquiry team thanked the Commission representatives for their time and for the explanations provided.
Brussels/Strasbourg, 1 October 2024
MICHAŁ KRAJEWSKI JOSEF NEJEDLY
Inquiries Officer Inquiries Officer
[1] Article 4.8 of the European Ombudsman’s Implementing Provisions.
[2] https://commission.europa.eu/publications/artificial-intelligence-european-commission-aiec-communication_en
[3] Regulation 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (...) (Artificial Intelligence Act), OJ 2024/1689.
[4] As mentioned in the Commission’s written reply to the Ombudsman provided in the context of this strategic initiative: https://www.ombudsman.europa.eu/en/doc/correspondence/en/191562.
[5] Regulation 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (...), OJ L 295/39.
[6] Article 5 of the Artificial Intelligence Act.
[7] Article 6 and Annex III of the Artificial Intelligence Act.
[8] Article 95 of the Artificial Intelligence Act.
[9] As described in the Commission’s written reply provided to the Ombudsman in the context of this strategic initiative: https://www.ombudsman.europa.eu/en/doc/correspondence/en/191562.