Working Group on the self- and co-regulatory measures under the AI Act

In the wake of rapid advancements in artificial intelligence (AI) technology, the current legal framework (the “AI Act”) introduced by the European Commission aims to ensure transparency, accountability, and safety in the development and deployment of AI systems by adopting a classification system according to which AI systems are categorized based on their risk level from low-risk AI systems to prohibited AI.

With the Council of the EU having approved the AI Act on 21 May 2024 the AI Act is now expected to enter into force by June 2024. The obligations will be phased in over a period of three years, with the first key obligations on prohibited AI applying six months after the AI Act comes into force. All businesses involved in the development, deployment, distribution, oversight or utilization of AI will need to assess their use of AI to ensure compliance with the AI Act.

The working group's approach

This Working Group aims to explore and develop co/self-regulatory mechanisms outlined in the AI Act. In this process, it will examine the possible interplay between Codes of Practice and Codes of Conduct as well as standardisation and adequate alternative means, identifying any overlaps or complementary aspects.

The group will discuss and draft positions respectively pragmatic suggestions on who should be involved in creating Codes of Practice and Codes of Conduct. While the AI Act suggests that business stakeholders are optional in developing Codes of Practice, conditional to the de-facto processes of drafting codes under the AI Act, involving business stakeholders early might be crucial to adequately represent the needs of different market sectors. This includes paying special attention to the interests and needs of small and medium-sized enterprises (SMEs).

In this vein, the working group will also touch base on potential needs and benefits to consult with conformity experts, recognizing that market players may require additional support in developing these criteria.  Self- and coregulatory approach should ensure compatibility with existing legal frameworks, e.g. the GDPR, and to incorporate technical documentation referred to in Article 53(1) AI Act reflecting initiatives and developments supporting AI training addressing both general-purpose AI models and those with systemic risk. Therefore, the Working Group seeks to determine suitable methodologies. E.g., by analyzing existing initiatives and inviting their representatives to collaborate, the Working Group can build upon their work and ensure the Codes of Practice and Conduct can be broadly implemented. Where possible SRIW strives to build upon any existing work and will certainly invite representatives of such initiatives to collaborate.  

Finally, establishing a realistic timeline for effectively drafting self- and coregulatory measures, considering the AI Act's requirements and deadlines distinctively related to Codes of Practice, will be crucial for the Working Group’s success. 

Selbstregulierung Informationswirtschaft e.V. (SRIW) has been involved in several projects since establishment more than a decade ago. Its focus lies in operationalizing data protection and consumer protection. With this experience and considering current events, SRIW recognizes the uncertainty that AI training complexities and overlaps with other legal frameworks, such as the GDPR, may cause. SRIW also acknowledges the necessity for a robust and actionable co- or self-regulation mechanism to ensure coherent AI governance across the market.