Opinions

Awaiting the Ai Act, proposals bubble up

Following the approval of the European Artificial Intelligence Regulation (Ai Act), which has not yet been published in the Official Journal of the European Union and will be fully applicable from 2026, national legislative initiatives follow one another, as this newspaper documented on Sunday

3' min read

3' min read

Following the approval of the European Artificial Intelligence Regulation (Ai Act), which has not yet been published in the Official Journal of the European Union and will be fully applicable from 2026, national legislative initiatives follow one another, as this newspaper documented on Sunday. These legislative proposals move in the space left vacant by the Ai Act, which defines access to the European market for artificial intelligence systems and products, classifying them according to the risk they may cause, and requiring compliance activities that differ according to the level of risk. The European legislator considered that it was protecting fundamental values and rights with this approach.

But the Ai Act, as we have repeatedly emphasised, is not a law that addresses or could address all the legal issues raised by artificial intelligence. In Italy, there are a dozen or so parliamentary initiatives, but the most important of the legislative proposals is certainly represented by the ddl on artificial intelligence approved by the Council of Ministers on 23 April. The ddl confirms and clarifies some general principles, anticipates some provisions of the Ai Act and, in the space left free by the European regulation, dictates some national rules.

Loading...

The choice on the governance of artificial intelligence is anticipated: the Agency for Digital Italy (AgID) and the Agency for National Cybersecurity (Acn), which are qualified National Authorities for artificial intelligence, will take care of it. Coordination between these and the Authorities that are already competent in certain subjects that are in any case touched by AI, which by its very nature covers all sectors, will be central and delicate. For instance, the competences of the Data Protection Authority are expressly mentioned, but obviously they are not the only ones.

Of great importance is the provision on sandboxes which, again, anticipating the European regulation, provides a space for regulatory experimentation. It is a method that will allow new rules to be drawn up in a circumscribed area: it may be the best way to lay down rules by adapting the regulatory approach to a phenomenon that we do not yet know completely. Turning to specific areas, many provisions are devoted to copyright and criminal law, but of enormous importance are the provisions on health data. The urgency to simplify the rules on the processing of health data is very strong today, and the so-called Pnrr bis decree, which entered into force on 1 May, also takes a step forward in this area.

The problem is well known: current Italian legislation severely restricts the use of health data for scientific research purposes. This makes our excellent researchers less competitive globally and ends up penalising Italian research. It is equally well known that Ia systems cannot be fed with data processed on the basis of individual consent, which is, in this case, neither an adequate nor an effective instrument. Just think what it would entail to manage the consent, given in advance, of thousands or millions of people, for each individual treatment. The bill seeks, therefore, to simplify data protection legislation concerning the processing of data for research and scientific experimentation in the implementation of artificial intelligence systems. Data processing for research and scientific experimentation in the realisation of artificial intelligence systems 'for purposes of prevention, diagnosis and treatment of diseases, development of drugs, therapies and rehabilitation technologies, realisation of medical apparatuses, including prostheses and interfaces between the body and instruments supporting the patient's condition, public health, personal safety, health and health security' are defined as being of 'public interest'. This provides an alternative legal basis to the consent of the data subject. Secondary use of the data is also authorised, as long as the data are free of direct identifiers.

Some adjustments are still necessary: scientific research today is often financed by the private sector, which should not be penalised. Again, the authorisation mechanism is not in the logic of the accountability envisaged by the GDPR. But the important step forward is that scientific research is given the importance it deserves. It is already protected by the Constitution, but it should always be made clear.

Copyright reserved ©
Loading...

Brand connect

Loading...

Newsletter

Notizie e approfondimenti sugli avvenimenti politici, economici e finanziari.

Iscriviti