Marvin van Bekkum,Frederik Zuiderveen Borgesius

DOI: https://doi.org/10.1016/j.clsr.2022.105770

2022-11-28

Abstract:Organisations can use artificial intelligence to make decisions about people for a variety of reasons, for instance, to select the best candidates from many job applications. However, AI systems can have discriminatory effects when used for decision-making. To illustrate, an AI system could reject applications of people with a certain ethnicity, while the organisation did not plan such ethnicity discrimination. But in Europe, an organisation runs into a problem when it wants to assess whether its AI system accidentally discriminates based on ethnicity: the organisation may not know the applicants' ethnicity. In principle, the GDPR bans the use of certain 'special categories of data' (sometimes called 'sensitive data'), which include data on ethnicity, religion, and sexual preference. The proposal for an AI Act of the European Commission includes a provision that would enable organisations to use special categories of data for auditing their AI systems. This paper asks whether the GDPR's rules on special categories of personal data hinder the prevention of AI-driven discrimination. We argue that the GDPR does prohibit such use of special category data in many circumstances. We also map out the arguments for and against creating an exception to the GDPR's ban on using special categories of personal data, to enable preventing discrimination by AI systems. The paper discusses European law, but the paper can be relevant outside Europe too, as many policymakers in the world grapple with the tension between privacy and non-discrimination policy.

Computers and Society

Luca Deck,Jan-Laurin Müller,Conradin Braun,Domenique Zipperling,Niklas Kühl

2024-06-26

Abstract:The topic of fairness in AI, as debated in the FATE (Fairness, Accountability, Transparency, and Ethics in AI) communities, has sparked meaningful discussions in the past years. However, from a legal perspective, particularly from the perspective of European Union law, many open questions remain. Whereas algorithmic fairness aims to mitigate structural inequalities at design-level, European non-discrimination law is tailored to individual cases of discrimination after an AI model has been deployed. The AI Act might present a tremendous step towards bridging these two approaches by shifting non-discrimination responsibilities into the design stage of AI models. Based on an integrative reading of the AI Act, we comment on legal as well as technical enforcement problems and propose practical implications on bias detection and bias correction in order to specify and comply with specific technical requirements.

Artificial Intelligence

Philipp Hacker

DOI: https://doi.org/10.1080/17579961.2021.1977219

2021-07-03

Law, Innovation and Technology

Abstract:In response to recent regulatory initiatives at the EU level, this article shows that training data for AI do not only play a key role in the development of AI applications, but are currently only inadequately captured by EU law. In this, I focus on three central risks of AI training data: risks of data quality, discrimination and innovation. Existing EU law, with the new copyright exception for text and data mining, only addresses a part of this risk profile adequately. Therefore, the article develops the foundations for a discrimination-sensitive quality regime for data sets and AI training, which emancipates itself from the controversial question of the applicability of data protection law to AI training data. Furthermore, it spells out concrete guidelines for the re-use of personal data for AI training purposes under the GDPR. Ultimately, the legislative and interpretive task rests in striking an appropriate balance between individual protection and the promotion of innovation. The article finishes with an assessment of the proposal for an Artificial Intelligence Act in this respect.

English Else

Pablo Cerezo-Martínez,Alejandro Nicolás-Sánchez,Francisco J Castro-Toledo

DOI: https://doi.org/10.3389/frai.2024.1393259

2024-06-25

Abstract:The European Union and some of its institutions have taken significant steps to address the challenges posed by the development and use of Artificial Intelligence (AI) in various contexts. The ubiquity of AI applications in everyday life, affecting both citizens and professionals, has made AI a common topic of discussion. However, as is evident from the documents analyzed here, concerns have been raised about the possible negative social consequences of AI, in particular discriminatory bias, making it a particularly relevant issue if people-centred, rights-based AI is to be implemented. This article aims to examine the challenges of defining, identifying and mitigating discriminatory bias in AI systems from two perspectives: (1) to conduct an ethical and normative review of European Commission documents from the last 8 years (from GDPR to AI Act regulation); and (2) to expose recommendations for key stakeholders, including designers, end-users and public authorities, to minimize/mitigate this risk. The document review was carried out on 21 EU regulatory and ethical guidelines in the field of AI, from which 152 measures were extracted, differentiated between design, governance and organizational measures. It has also been observed that there is no clear conceptual framework on the issue at the European level, showing a clear problem in providing definitions of algorithmic bias and discrimination, but not in assessing their potential negative impact on individuals. Secondly, these gaps may affect the concreteness and detail of the possible mitigation/minimization measures proposed and, subsequently, their application in different contexts. Finally, the last section of this paper presents a brief discussion and conclusions on possible issues related to the implementation of the measures extracted and certain limitations of the study.

Aude Cefaliello,Miriam Kullmann

DOI: https://doi.org/10.1177/20319525221114474

2022-10-20

European Labour Law Journal

Abstract:In April 2021, the European Commission published its first draft of the Proposal for a Regulation on Artificial Intelligence. Since AI in the work context has increasingly become important in organising work and managing workers, the AI Act will undoubtedly have an impact on EU and national labour law systems. One aim of the proposal is to guarantee ‘consistency with existing Union legislation applicable to sectors where high-risk Artificial Intelligence systems are already used or likely to be used in the near future’, which includes the EU social acquis. It could be argued that ensuring true consistency with EU law means guaranteeing that the way the AI Act will be implemented and applied will still allow the other pieces of EU labour law to fulfil their purpose. It is undeniable that the implementation of the AI Act will overlap with various fields of EU law, especially considering the increasing use of AI technology at work. Thus, this article seeks to identify ways to refine the AI Act, insofar as it impacts work. The contribution discusses the current AI Act as proposed in April 2021, thereby focusing on two particular areas, EU non-discrimination law and EU law on occupational health and safety (OSH), as these two areas are, more or less explicitly, addressed as legal fields in the AI Act. The article starts with taking the perspective of EU labour law influencing the development of AI systems used in the employment context. We argue that providers should respect EU labour law throughout the development of the AI system (section 2). Then, the areas where EU labour law and the AI overlap are identified, thereby viewing it from an employer's perspective, i.e., the user of the AI system (section 3). Using two specific EU labour law areas (the right not to be discriminated against and the right to healthy and safe working conditions) the article provides a first assessment of how the AI Act might influence work and the regulation thereof (section 4). Finally, the conclusion critically explores whether and to what extent AI in employment situations warrants particular attention (section 5).

Philipp Hacker,Johann Cordes,Janina Rochon

2023-08-24

Abstract:Artificial intelligence is not only increasingly used in business and administration contexts, but a race for its regulation is also underway, with the EU spearheading the efforts. Contrary to existing literature, this article suggests, however, that the most far-reaching and effective EU rules for AI applications in the digital economy will not be contained in the proposed AI Act - but have just been enacted in the Digital Markets Act. We analyze the impact of the DMA and related EU acts on AI models and their underlying data across four key areas: disclosure requirements; the regulation of AI training data; access rules; and the regime for fair rankings. The paper demonstrates that fairness, in the sense of the DMA, goes beyond traditionally protected categories of non-discrimination law on which scholarship at the intersection of AI and law has so far largely focused on. Rather, we draw on competition law and the FRAND criteria known from intellectual property law to interpret and refine the DMA provisions on fair rankings. Moreover, we show how, based on CJEU jurisprudence, a coherent interpretation of the concept of non-discrimination in both traditional non-discrimination and competition law may be found. The final part sketches specific proposals for a comprehensive framework of transparency, access, and fairness under the DMA and beyond.

Computers and Society,Artificial Intelligence

Martin Kretschmer,Tobias Kretschmer,Alexander Peukert,Christian Peukert

DOI: https://doi.org/10.48550/arXiv.2311.14684

2023-11-03

Computers and Society

Abstract:The development and regulation of multi-purpose, large "foundation models" of AI seems to have reached a critical stage, with major investments and new applications announced every other day. Some experts are calling for a moratorium on the training of AI systems more powerful than GPT-4. Legislators globally compete to set the blueprint for a new regulatory regime. This paper analyses the most advanced legal proposal, the European Union's AI Act currently in the stage of final "trilogue" negotiations between the EU institutions. This legislation will likely have extra-territorial implications, sometimes called "the Brussels effect". It also constitutes a radical departure from conventional information and communications technology policy by regulating AI ex-ante through a risk-based approach that seeks to prevent certain harmful outcomes based on product safety principles. We offer a review and critique, specifically discussing the AI Act's problematic obligations regarding data quality and human oversight. Our proposal is to take liability seriously as the key regulatory mechanism. This signals to industry that if a breach of law occurs, firms are required to know in particular what their inputs were and how to retrain the system to remedy the breach. Moreover, we suggest differentiating between endogenous and exogenous sources of potential harm, which can be mitigated by carefully allocating liability between developers and deployers of AI technology.

Hannah van Kolfschooten,Janneke van Oirschot

DOI: https://doi.org/10.1016/j.healthpol.2024.105152

IF: 3.255

2024-09-07

Health Policy

Abstract:In August 2024, the EU Artificial Intelligence Act (AI Act) entered into force. This legally binding instrument sets rules for the development, the placing on the market, the putting into service, and the use of AI systems in the European Union. As the world's first extensive legal framework on AI, it aims to boost innovation while protecting individuals against the harms of AI. Since healthcare is one of the top sectors for AI deployment, the new rules will significantly reform national policies and practices on health technology. In this article, we highlight the implications of the AI Act for the healthcare sector. We give a comprehensive overview of the new legal obligations for various healthcare stakeholders (tech developers; healthcare professionals; public health authorities). We conclude that, due to its horizontal approach, it is necessary to adopt further guidelines to address the unique needs of the healthcare sector. To this end, we make recommendations for the upcoming implementation and standardization phase.

Philipp Hacker,Johann Cordes,Janina Rochon

DOI: https://doi.org/10.1017/err.2023.81

2023-12-13

European Journal of Risk Regulation

Abstract:Artificial intelligence (AI) is not only increasingly being used in business and administration contexts, but a race for its regulation is also underway, with the European Union (EU) spearheading the efforts. Contrary to existing literature, this article suggests that the most far-reaching and effective EU rules for AI applications in the digital economy will not be contained in the proposed AI Act, but in the Digital Markets Act (DMA). We analyse the impact of the DMA and related EU acts on AI models and underlying data across four key areas: disclosure requirements; the regulation of AI training data; access rules; and the regime for fair rankings. We demonstrate that fairness, under the DMA, goes beyond traditionally protected categories of non-discrimination law on which scholarship at the intersection of AI and law has focused on. Rather, we draw on competition law and the FRAND criteria known from intellectual property law to interpret and refine the DMA provisions on fair rankings. Moreover, we show how, based on Court of Justice of the European Union jurisprudence, a coherent interpretation of the concept of non-discrimination in both traditional non-discrimination and competition law may be found. The final section sketches out proposals for a comprehensive framework of transparency, access and fairness under the DMA and beyond.

Jacintha Walters,Diptish Dey,Debarati Bhaumik,Sophie Horsman

2023-07-20

Abstract:The EU AI Act is the proposed EU legislation concerning AI systems. This paper identifies several categories of the AI Act. Based on this categorization, a questionnaire is developed that serves as a tool to offer insights by creating quantitative data. Analysis of the data shows various challenges for organizations in different compliance categories. The influence of organization characteristics, such as size and sector, is examined to determine the impact on compliance. The paper will also share qualitative data on which questions were prevalent among respondents, both on the content of the AI Act as the application. The paper concludes by stating that there is still room for improvement in terms of compliance with the AIA and refers to a related project that examines a solution to help these organizations.

Artificial Intelligence

Patricia Mergen

DOI: https://doi.org/10.3897/biss.8.135924

2024-09-02

Biodiversity Information Science and Standards

Abstract:In February 2024, the European Union (EU) endorsed the AI Act, launched the new European Artificial Intelligence Office and initiated the program Generative AI for the EU (GenAI4EU, Fig. 1). This legislation governs how AI is developed, deployed and used in Europe. The obligations will incrementally become mandatory until 2030. While the Act was primarily designed to identify and protect humans from risks of manipulation and illicit use of AI, it will not be without impact on the biodiversity community. AI in our domain will mostly be ranked as no-to-low risk (Fig. 2). However, we will have to adhere to the transparency requirements and be particularly attentive when combining AI with citizen science initiatives affecting potentially the general public or for example, if projects concern illegal trafficking of species and border control. A further point of attention with our worldwide scope, is that non-European AI initiatives or tools allowed to be deployed or used in Europe will have to commit to follow both the AI Act and the GDPR (General Data Protection Regulation) and have a reference person or institution with a legal address in Europe. There will be a two-year transition period as of 2026 to adapt to this regulation. EU proposals require filling out an extensive questionnaire as an annex on ethical aspects, which already included the trustworthy usage of AI. This questionnaire is regularly updated, increasing the number of questions and details related to AI following the new EU AI act regulations. While the usage of AI is already evaluated, if present during the review process of proposals selected for funding by the EU, future projects can be audited at any time during their execution period, challenging compliance with both legal and ethical requirements of AI, risking being put on hold or even stopped if they do not comply. The Belgian Association of Research Managers and Administrators of European-funded projects (Be-Arma) provided an online training on compliance with AI & ethics in Horizon Europe.Current discussions at the EU level are on how they can remain competitive in AI, compared to other countries where fewer legal or ethical barriers exist. While judged essential, there are no doubts that such regulations slow down the development and implementation processes, as largely addressed during the conference, Research to Reality: Digital Solutions to European Challenges, held during the Belgian EU Presidency. The balance between open collaboration and free sharing of data and knowledge are challenged by concerns about so called strategic autonomy (European Commission et al. 2024) and competitiveness. These concepts were pushed even further in the EU conference: Research Infrastructures in a Changing Global, Environmental and Socio-economical Context, where the current critical geo-political context was linked to a need for even more strategic autonomy in Europe, where AI and other digital solutions were explicitly mentioned. As an introduction to this session, this talk will go to the best of our knowledge over these new EU AI Act requirements and how it may affect future AI-linked activities in our natural sciences domain, including how they may affect the funding of our information technology activities.

Manuel Wörsdörfer

DOI: https://doi.org/10.1002/joe.22238

2023-11-14

Global Business and Organizational Excellence

Abstract:Abstract In light of the rise of generative AI and recent debates about the socio‐political implications of large‐language models, chatbots, and the like, this paper analyzes the E.U.’s Artificial Intelligence Act (AIA), the world's first comprehensive attempt by a government body to address and mitigate the potentially negative impacts of AI technologies. The paper critically analyzes the AIA from a business and computer ethics point of view—a perspective currently lacking in the academic (e.g., GBOE‐related) literature. It evaluates, in particular, the AIA's strengths and weaknesses and proposes reform measures that could help to strengthen the AIA. Among the AIA's strengths are its legally binding character, extra‐territoriality, ability to address data quality and discrimination risks, and institutional innovations such as the AI Board and publicly accessible logs and database for AI systems. Among its main weaknesses are its lack of effective enforcement, oversight, and control, absence of procedural rights and remedy mechanisms, inadequate worker protection, institutional ambiguities, insufficient funding and staffing, and inadequate consideration of sustainability issues. Reform suggestions include establishing independent conformity assessment procedures, strengthening democratic accountability and judicial oversight, introducing redress and complaint mechanisms, ensuring the participation and inclusion of workers, guaranteeing political independence of the AI Board, providing enhanced funding and staffing of market surveillance authorities, and mandating “green AI.”

Irena Barkane,Irena Nesterova

DOI: https://doi.org/10.3233/ip-211524

2022-04-22

Information Polity

Abstract:Artificial Intelligence (AI)-based surveillance technologies such as facial recognition, emotion recognition and other biometric technologies have been rapidly introduced by both public and private entities all around the world, raising major concerns about their impact on fundamental rights, the rule of law and democracy. This article questions the efficiency of the European Commission’s Proposal for Regulation of Artificial Intelligence, known as the AI Act, in addressing the threats and risks to fundamental rights posed by AI biometric surveillance systems. It argues that in order to meaningfully address risks to fundamental rights the proposed classification of these systems should be reconsidered. Although the draft AI Act acknowledges that some AI practices should be prohibited, the multiple exceptions and loopholes should be closed, and in addition new prohibitions, in particular to emotional recognition and biometric categorisation systems, should be added to counter AI surveillance practices violating fundamental rights. The AI Act should also introduce stronger legal requirements, such as third-party conformity assessment, fundamental rights impact assessment, transparency obligations as well as enhance existing EU data protection law and the rights and remedies available to individuals, thus not missing the unique opportunity to adopt the first legal framework that truly promotes trustworthy AI.

Anca Parmena Olimid

DOI: https://doi.org/10.33327/ajee-18-7.4-a000103

2024-09-02

Access to Justice in Eastern Europe

Abstract:Background: This study correlates the up-to-date ethical, functional and legal evaluations related to the management and governance of artificial intelligence (AI) under European Union (EU) law, particularly impacting the health data sector and medical standards as provided by the Artificial Intelligence Act within the Regulation adopted by the European Council in May 2024. The initial proposal for the management and governance of the AI sector was submitted in April 2021. Three years later, on 13 March 2024, the European Union Artificial Intelligence Act (EU AIA) was adopted by the European Parliament. Subsequently, on 21 May 2024, the Council adopted an innovative legislative framework that harmonises the standards and rules for AI regulation. This framework is set to take effect in May 2026, with the central objective of stimulating and motivating a fair, safe, legal single market that respects the principles of ethics and the fundamental rights of the human person. Methods: The current legal analysis focuses on the European Union’s new institutional governance involving a multistage approach to managing health data, ethical artificial intelligence, generative artificial intelligence and classification of types of AI by considering the degree of risk (e.g. artificial intelligence systems with limited risk and systems with high risk) and medical devices. It outlines the legal framework for AI regulation and governance in the EU by focusing on compliance with the previously adopted legislation in the Medical Devices Regulation (2017) and the In-Vitro Diagnostic Regulation (2017). The paper also examines the application of the newly adopted EU Artificial Intelligence Act in relation to national justice systems, previous EU regulations on medical devices and personal data protection regulation, and its correlation with the European Court of Human Rights jurisprudence. This opens up complex discussions related to judicial reform and access to justice. For this purpose, as a research objective, the legal analysis includes an innovative perspective following an integrative discussion on the latest legal reforms and regulations of the AI sector in Eastern Europe launched in 2024 with a special focus on the latest developments in the EU Candidate Countries namely Ukraine and the Republic of Moldova. Results and conclusions: The present research facilitates the exploration of the real benefits of managing innovative AI systems for medical data, research, and development, as well as within the medical technology industry.

Miranda Bogen,Aaron Rieke,Shazeda Ahmed

DOI: https://doi.org/10.48550/arXiv.1912.06171

2019-12-12

Computers and Society

Abstract:Organizations cannot address demographic disparities that they cannot see. Recent research on machine learning and fairness has emphasized that awareness of sensitive attributes, such as race and sex, is critical to the development of interventions. However, on the ground, the existence of these data cannot be taken for granted. This paper uses the domains of employment, credit, and healthcare in the United States to surface conditions that have shaped the availability of sensitive attribute data. For each domain, we describe how and when private companies collect or infer sensitive attribute data for antidiscrimination purposes. An inconsistent story emerges: Some companies are required by law to collect sensitive attribute data, while others are prohibited from doing so. Still others, in the absence of legal mandates, have determined that collection and imputation of these data are appropriate to address disparities. This story has important implications for fairness research and its future applications. If companies that mediate access to life opportunities are unable or hesitant to collect or infer sensitive attribute data, then proposed techniques to detect and mitigate bias in machine learning models might never be implemented outside the lab. We conclude that today's legal requirements and corporate practices, while highly inconsistent across domains, offer lessons for how to approach the collection and inference of sensitive data in appropriate circumstances. We urge stakeholders, including machine learning practitioners, to actively help chart a path forward that takes both policy goals and technical needs into account.

Huixin Zhong,Eamonn O'Neill,Janina A. Hoffmann

2024-02-26

Abstract:Article 5 of the European Union's Artificial Intelligence Act is intended to regulate AI use to prevent potentially harmful consequences. Nevertheless, applying this legislation practically is likely to be challenging because of ambiguously used terminologies and because it fails to specify which manipulation techniques may be invoked by AI, potentially leading to significant harm. This paper aims to bridge this gap by defining key terms and demonstrating how AI may invoke these techniques, drawing from insights in psychology and behavioural economics. First, this paper provides definitions of the terms "subliminal techniques", "manipulative techniques" and "deceptive techniques". Secondly, we identified from the literature in cognitive psychology and behavioural economics three subliminal and five manipulative techniques and exemplify how AI might implement these techniques to manipulate users in real-world case scenarios. These illustrations may serve as a practical guide for stakeholders to detect cases of AI manipulation and consequently devise preventive measures. Article 5 has also been criticised for offering inadequate protection. We critically assess the protection offered by Article 5, proposing specific revisions to paragraph 1, points (a) and (b) of Article 5 to increase its protective effectiveness.

Computers and Society,Artificial Intelligence

Fabian Lütz

DOI: https://doi.org/10.1007/s12027-024-00785-w

2024-06-13

ERA Forum

Abstract:This article assesses whether the Artificial Intelligence Act sufficiently addresses issues of gender equality and non-discrimination law. To this end, the substantive provisions of the AI Act are analysed through the lens of gender equality and non-discrimination law, highlighting the proposed tools of fundamental rights impact assessments and bias audits to reduce gender biases and discriminatory risk. Furthermore, the role of the AI Office and its cooperation with national, European, and international bodies for gender equality enforcement are discussed and positioned within the global landscape of AI regulation.

Hannah van Kolfschooten

DOI: https://doi.org/10.1093/jlb/lsad031

2023-12-07

Abstract:The use of Artificial Intelligence (AI) medical devices is rapidly growing. Although AI may benefit the quality and safety of healthcare for older adults, it simultaneously introduces new ethical and legal issues. Many AI medical devices exhibit age-related biases. The first part of this paper explains how 'digital ageism' is produced throughout the entire lifecycle of medical AI and may lead to health inequity for older people: systemic, avoidable differences in the health status of different population groups. This paper takes digital ageism as a use case to show the potential inequitable effects of AI, conceptualized as the 'AI cycle of health inequity'. The second part of this paper explores how the European Union (EU) regulatory framework addresses the issue of digital ageism. It argues that the negative effects of age-related bias in AI medical devices are insufficiently recognized within the regulatory framework of the EU Medical Devices Regulation and the new AI Act. It concludes that while the EU framework does address some of the key issues related to technical biases in AI medical devices by stipulating rules for performance and data quality, it does not account for contextual biases, therefore neglecting part of the AI cycle of health inequity.

Chalisa Veesommai Sillberg,Jose Siqueira De Cerqueira,Pekka Sillberg,Kai-Kristian Kemell,Pekka Abrahamsson

2024-11-13

Abstract:The EU AI Act was created to ensure ethical and safe Artificial Intelligence (AI) development and deployment across the EU. This study aims to identify key challenges and strategies for helping enterprises focus on resources effectively. To achieve this aim, we conducted a Multivocal Literature Review (MLR) to explore the sentiments of both the industry and the academia. From 130 articles, 56 met the criteria. Our key findings are three-fold. First, liability. Second, discrimination. Third, tool adequacy. Additionally, some negative sentiments were expressed by industry and academia regarding regulatory interpretations, specific requirements, and transparency issues. Next, our findings are three essential themes for enterprises. First, risk-based regulatory compliance. Second, ethical frameworks and principles in technology development. Third, policies and systems for regulatory risk management. These results identify the key challenges and strategies and provide less commonly discussed themes, enabling enterprises to align with the requirements and minimize their distance from the EU market.

Software Engineering

Iakovina Kindylidi,Inês Antas de Barros

DOI: https://doi.org/10.26512/lstr.v13i2.36253

2021-09-07

Abstract:[Purpose] At the earliest stages in AI lifecycle, training, verification and validation of machine learning and deep learning algorithm require vast datasets that usually contain personal data, which however is not obtained directly from the data subject, while very often the controller is not in a position to identify the data subjects or such identification may result to disproportionate effort. This situation raises the question on how the controller can comply with its obligation to provide information for the processing to the data subjects, especially when proving the information notice is impossible or requires a disproportionate effort. There is little to no guidance on the matter. The purpose of this paper is to address this gap by designing a clear risk-assessment methodology that can be followed by controllers when providing information to the data subjects is impossible or requires a disproportionate effort. [Methodology] After examining the scope of the transparency principle, Article 14 and its proportionality exemption in the training and verification stage of machine learning and deep learning algorithms following a doctrinal analysis, we assess whether already existing tools and methodologies can be adapted to accommodate the GDPR requirement of carrying a balancing test, in conjunction with, or independently of a DPIA. [Findings] Based on an interdisciplinary analysis, comprising theoretical and descriptive material from a legal and technological point of view, we propose a risk-assessment methodology as well as a series of risk-mitigating measures to ensure the protection of the data subject's rights and legitimate interests while fostering the uptake of the technology. [Practical Implications] The proposed balancing exercise and additional measures are designed to facilitate entities training or developing AI, especially SMEs, within and outside of the EEA, that wish to ensure and showcase the data protection compliance of their AI-based solutions.