Federal government wants to massively revise EU AI rules

Contents

Two months before Christmas, the federal government sent its wish list for the so-called Digital Omnibus to Brussels. And it contains quite a bit: over ten pages, it details what changes the government would like to see in the revision of digital legislation planned by the EU Commission. Some requested changes, however, are significant and go far beyond the usual minor amendments in such procedures. This is also why there have been intensive negotiations within the federal government for weeks.

Berlin calls for postponement of high-risk AI regulation

The list of requested changes for the AI regulation turned out to be particularly long. During its initial adoption, the member states were proud to regulate a new technology early on. Now, significant changes are to be made. The most important proposal is likely to delay the application for the two high-risk areas in Annexes I and III of the AI Regulation by one year. Annex I covers several systems already regulated elsewhere, such as toys or motorboats. Annex III deals with systems for biometric surveillance and critical infrastructure, among other things.

The proposal, which Digital Minister Karsten Wildberger first made several months ago, now provides for the extended regulation under the AI Regulation to take effect one year later, i.e., in 2027 instead of 2026. In addition, the federal government proposes that the criteria for determining whether a general-purpose AI model (gpAI) has “highly capable capabilities” and is therefore classified as a gpAI model with systemic risk should be revised. Until now, this has been defined primarily by the threshold of computing power for the training dataset—something that has been criticized from the outset. Here, the federal government wants to differentiate beyond pure computing power in the future.

Individual deletions with major impact

The demand for the deletion of the human rights impact assessment for high-risk systems without replacement is likely to cause some discussion. This is because whether algorithmically “learned” discrimination or discrimination promoted by training datasets perpetuates or concentrates, and whether non-European models have been designed in active contradiction to European values, was of great importance in the development history of the AI Regulation of great importance..

Berlin also wants to retain further exceptions for research. The federal government proposes that the research advantage in Article 2 of the AI Regulation should also apply to real-world applications in the future, which was not permitted until now. However, since AI model training is always research and development, and the exception is not limited to research institutions, this could in fact mean a complete erosion of the regulations.

SME exemptions would undermine the AI Regulation

The federal government also proposes that the exemptions under Article 63(1) of the AI Regulation should apply not only to microenterprises, i.e., companies with fewer than 10 employees and less than 2 million euros in annual turnover, but also to all so-called small and medium-sized enterprises. This would include companies with up to 50 million euros in annual turnover and up to 249 employees. According to EU statistics, if SMEs were also exempted, 99 percent of companies in the EU would be exempted from many AI Act obligations. The fact that the existing criteria already have their pitfalls, as digital companies can quickly develop a large impact even with few employees and formally low annual turnover, is ignored in Berlin's input for Brussels.

The government also expresses the wish to define consistent terminology across various legal acts. Previously, there were sometimes identical terms that were defined differently depending on the law—the federal government's paper mentions, for example, the definition of placing a model on the market or necessary safety measures between the AI Regulation and the Machinery Regulation.

Questionable cookie compromise proposal

Beyond the AI Act, Berlin has also submitted proposals for legislative changes. While the federal government is holding back on proposals for the Omnibus regarding data protection, only vaguely advocating for the broadest possible exemption for small, medium-sized, and low-risk data processing, it is also pushing for an amendment to the e-Privacy Directive: “Consent is not required if the technical storage or access clearly has no impact on privacy and data protection,” the paper states. The fact that this clarity is unlikely to be given will also have been well aware to the federal ministries. In the medium term, Germany wants greater consideration of competitiveness in data protection law—but without lowering the level. The statement does not reveal how this is to be achieved.

The ideas with which the federal government wants to revise the Data Act are more concrete: from the definition of what exactly falls under this law to the associated obligations, to the deletion of entire parts and the abolition of the regulation on the free movement of non-personal data in the EU, these are the ideas that Berlin has sent to Brussels. Apparently, Berlin seems to be under the impression that the various regulatory strands, in which all previous federal governments have also participated, are currently causing mainly confusion.

Only where the state itself is the actor has the wish list been particularly terse: In administrative digitalization, Berlin remains vague in its statement: here, the different regulations should be better coordinated, is the wish. The EU Commission wants to present its plans on November 19, and the article law called “Digital Omnibus” could be adopted relatively quickly; after removing overly contentious points, the parties involved hope.

(dmk)