The European AI Regulation: Towards an Ethical and Safe Framework – INCIPE:Instituto de Cuestiones Internacionales y Política Exterior

On December 18, 2024, INCIPE held a virtual session titled "The European AI Regulation: Towards an Ethical and Secure Framework", dedicated to analyzing progress in European regulation on Artificial Intelligence. The session featured the participation of Carlos Romero Duplá, Director of the Brussels Office at Vinces. The event was introduced by INCIPE's Secretary-General, Ricardo Díez-Hochleitner. Following the speaker's presentation, a Q&A session was moderated by INCIPE's Director-General, Vicente Garrido.

The session was conducted in Spanish and gathered an audience interested in understanding the key points of European regulations on Artificial Intelligence. To this end, we had the participation of Carlos Romero Duplá, Digital Transformation Adviser at the REPER of Spain in Brussels (2013-2024). During the session, Carlos Romero presented a detailed analysis of the scope of the recent European Union Artificial Intelligence (AI) Regulation.

Carlos Romero began his presentation by highlighting the European Union’s AI Regulation as a milestone in the EU’s ability to respond quickly and proactively to a technological, political, and economic reality that requires urgent attention. AI, as a technological disruption, is deeply affecting society and will continue to do so in the future. Aware of this situation, Ursula von der Leyen’s Commission proposed in 2020 to legislate promptly on this reality. The regulation proposal was introduced in April 2021, and after a record interinstitutional negotiation period, the negotiation was concluded in December 2023, reflecting Europe’s determination to lead in this area.

This was a particularly sensitive regulation, as AI is a global technology with impact on strategic sectors ranging from defense to the economy. According to the speaker, the regulation combines basic ethical principles with a focus on product safety, drawing on European regulations in this latter area. This led to a complex negotiation due to the need to balance ethical and socio-economic impacts while regulating without harming competitiveness or innovation. Additionally, some countries, such as Germany and France, exerted political pressure to influence the content of the regulation. Despite these tensions, there was a general political interest in being the first to establish regulation on the matter, as it would give the EU a strategic advantage on the global stage.

The Regulation is based on a pyramid of risks that classifies AI systems, placing at the base those systems that are prohibited because they could violate citizens’ fundamental rights. The regulation pays particular attention to real-time biometric recognition systems in public spaces, a controversial issue due to its intrusive nature. While their use was allowed in exceptional cases related to crime-fighting and with strict guarantees, the regulation avoids adopting a mass surveillance model through such programs. For high-risk systems, such as those used in medical devices, machinery, or financial services, detailed requirements were established to ensure safety, including technical documentation, certifications, and quality standards.

The adaptability of the Regulation is another of its core pillars. Although it is a regulation with direct application, it includes mechanisms to adjust it to technological evolution. Furthermore, it fosters innovation by allowing the creation of controlled testing environments, with the aim of making Europe an attractive place for AI system investment. In this context, it also allows testing systems under real-world conditions, encouraging technological development within the EU.

Initially, the Regulation was focused on specific AI applications, leaving out general-use systems like generative AI. However, the need to include basic standards for these programs was quickly identified, as their failures can cause significant damage. While the European Parliament sought highly detailed regulation, it was ultimately decided to establish minimum principles using the adaptive capacity of the general regulation. In this way, basic principles on transparency, intellectual property, and security were set. Moreover, space is left for further regulation through codes of practice developed in collaboration with the industry.

The governance of the regulation establishes a harmonized European framework. The most relevant models will be supervised by a new AI Office in the European Commission, which will be functionally autonomous, while Member States must designate national authorities to oversee other types of systems. Some countries, like Spain, have opted for a single entity, such as ESIA, to manage this task.

The Regulation entered into force in August 2024, with staggered implementation periods according to different provisions, as it is an evolving regulation that needs to adapt to the changing reality of AI. The European Commission, for its part, has started working on a guide to interpret the prohibitions and a procedure to develop codes of practice in collaboration with the industry.

Finally, the speaker frames the regulation in a global context where other actors, such as the United States and China, are also developing regulations according to their own interests. Carlos Romero concludes by emphasizing that, despite the risks associated with AI, its great opportunities in sectors such as agriculture, energy, health, and civil rights must be recognized, as it can generate significant socio-economic efficiencies when used appropriately.

The session concluded with a debate in which participants were able to ask questions about the topics discussed. This exchange highlighted the importance of regulating pioneering technologies like AI to ensure safe innovation that protects fundamental rights.

Lucía Rodríguez