news – European Area of Freedom Security & Justice

Why the European Parliament should reject (or substantially amend) the Commission’s proposal on EU Information Security (“INFOSEC”). (1) The issue of “classified information”

By Emilio De Capitani

1.Setting the scene of EU legal framework on access to documents and to confidential information before the Lisbon Treaty

To better understand why the Commission “INFOSEC” draft legislative proposal (2022/0084(COD) on information security shall be substantially amended, let’s recall what was before the Lisbon Treaty and of the Charter, the EU legal framework on access to documents, and notably of EU classified information. With the entry into force of the Amsterdam Treaty on May 1999 the EP and the Council have been under the obligation (art.255 TCE) of adopting in two years time new EU rules framing the individual right of access to documents by establishing at the same time “the general principles and limits of public interests” which may limit such right of access.(emphasis added).

Notwithstanding a rather prudent Commission’s legislative proposal the EP strongly advocated a stronger legal framework for access to documents, for legislative transparency and even for the treatment at EU level of information which, because of their content, should be treated confidentially (so called ,“sensitive” or “classified information”).

Needless to say “Sensitive” or “classified information” at Member States level, are deemed to protect “essential interests” of the State and, by law, are subject to a special parliamentary and judicial oversight regime.[1] As a consequence, at EU level, even after Lisbon, national classified information are considered an essential aspect of national security which “.. remains the sole responsibility of each Member State” (art. 4.2 TEU) and “..no Member State shall be obliged to supply information the disclosure of which it considers contrary to the essential interests of its security;”(art 346.1(a)TFEU.

However, if national classified information is shared at EU level as it is the case for EU internal or external security policies it shall be treated as for any other EU policy by complying with EU rules. Point is on what legal basis these rules should be founded. This issue came to the fore already in 2000 when the newly appointed Council Secretary General Xavier SOLANA negotiated with NATO a first interim agreement on the exchange of classified information. The agreement which mirrored at EU level the NATO Classification standards (“Confidential”, “Secret” and “Top Secret”) was founded on the Council internal organizational power but this “administrative” approach was immediately challenged before the Court of Justice by the a Member State (NL) [2]and by the European Parliament itself [3] which considered that the correct legal basis should had been the new legislation on access to documents foreseen by art 255 of TEC which was at the time under negotiation. The Council, at last, acknowledged that art.255 TEC on access to documents was right legal basis and a specific article (art.9[4]) was inserted in in Regulation 1049/01 implementing art.255 TEC and the EP and NL withdrew their applications before the CJEU[5].

Point is that Art.9 of Regulation 1049/01 still covers only the possible access by EU citizens and such access may be vetoed by the “originator” of the classified information. Unlike national legislation on classified information art.9 didn’t solved, unfortunately, for the lack of time, the issue of the democratic and judicial control by the European Parliament and by the Court of Justice to the EUCI. Art.9(7) of Regulation 1049/01 makes only a generic reference to the fact that “The Commission and the Council shall inform the European Parliament regarding sensitive documents in accordance with arrangements agreed between the institutions.” A transitional and partial solution has then been founded by negotiating Interinstitutional Agreements between the Council and the EP in 2002 [6]and in 2014 [7]and between the European Commission[8] in 2010.

Point is that interinstitutional agreements even if they may be binding (art.295 TFEU) they can only “facilitate” the implementation of EU law which, as described above, in the case of democratic and judicial control of classified information still does not exists. Not surprisingly, both the Council and the Commission Interinstitutional agreements consider that the “originator” principle should also be binding for the other EU institutions such as the European Parliament and the Court of Justice.

This situation is clearly unacceptable in an EU deemed to be democratic and bound by the rule of law as it create zones where not only the EU Citizens but also their Representatives may have no access because of “originator’s” veto. As result, in these situations the EU is no more governed by the rule of law but only by the “goodwill” of the former.

To make things even worse the Council established practice is to negotiate with third Countries and international organizations agreements [9]covering the exchange of confidential information by declaring that the other EU Institutions (such as the EP and the Court of Justice) should be considered “third parties” subject then to the “originator” principle.

Such situation has become kafkianesque with the entry into force of the Lisbon treaty which recognize now at primary law level the EP right to be “fully and timely” informed also on classified information exchanged during the negotiation of an international agreement[10]. Inexplicabily , fourtheen years since the entry into force of the Traty the European Parliament has not yet challenged before the Court of Justice these clearly unlawful agreements.

That Institutional problem kept apart, fact remains that until the presentation of the draft INFOSEC proposal none challenged the idea that in the EU the correct legal basis supporting the treatment also of classified information should be the same of access to documents which after the entry into force of the Lisbon treaty is now art.15.3 of the TFEU[11].

2 Why the Commission choice of art 298 TFEU as the legal basis for the INFOSEC proposal is highly questionable [12]

After the entry into force of the Lisbon Treaty and of the Charter the relation between the fundamental right of access to documents and the corresponding obligation of the EU administration of granting administrative transparency and disclose or not its information/documents has now been strengthened also because of art.52 of the EU Charter.

In an EU bound by the rule of law and by democratic principles, openness and the fundamental right of access should be the general rule and “limits” to such rights should be an exception framed only “by law”. As described above the correct legal basis for such “law” is art.15 of the TFEU which, as the former art.255 TEC, states that “General principles and limits on grounds of public or private interest..” may limit the right of access and the obligation of disclosing EU internal information / documents. Also from a systemic point of view “limits” to disclosure and to access are now covered by the same Treaty article which frames (in much stronger words than art 255 before Lisbon) the principles of “good governance”(par 1), of legislative transparency (par 2) and of administrative transparency (par 3).

Such general “Transparency” rule is worded as following: “1. In order to promote good governance and ensure the participation of civil society, the Union institutions, bodies, offices and agencies shall conduct their work as openly as possible.(..) Each institution, body, office or agency shall ensure that its proceedings are transparent and shall elaborate in its own Rules of Procedure specific provisions regarding access to its documents, in accordance with the regulations referred to in the second subparagraph.”

Bizarrely, the European Commission has chosen for the INFOSEC regulation art.298 TFEU on an open, independent and efficient EU administration by simply ignoring art.15 TFEU and by making an ambiguous reference to the fact that INFOSEC should be implemented “without prejudice” of the pre-Lisbon Regulation 1049/01 dealing with access to documents and administrative transparency. How a “prejudice” may not exist when both Regulations are overlapping and INFOSEC Regulation is upgrading the Council Internal Security rules at legislative level is a challenging question.

It is indeed self evident that both the INFOSEC Regulation and Regulation 1049/01 deal with the authorized/unauthorised “disclosure” of EU internal information/documents.

Such overlapping of the two Regulations is even more striking for the treatment EU Classified information (EUCI) as these information are covered both by art. 9 of Regulation 1049/01 and now by articles 18 to 58 and annexes II to VI of the INFOSEC Regulation.

As described above, Art 255 TCE has since Lisbon been replaced and strengthened by art 15 TFEU so that the Commission proposal of replacing it with art.298 TFEU looks like a “detournement de procedure” which may be challenged before the Court for almost the same reasons already raised in 2000 by the EP and by NL. It would then been sensible to relaunch the negotiations on the revision of Regulation 1049 in the new post-Lisbon perspective but the Commission has decided this year to withdraw the relevant legislative procedure. Submitting a legislative proposal such INFOSEC promoting overall confidentiality and withdrawing at the same time a legislative proposal promoting transparency seems a rather Commission’s strong message to the public.

3 Does the INFOSEC proposal grant a true security for EU internal information?

Point is that European administrative transparency is now a fundamental right of the individual enshrined in the Charter (Article 42).The protection of administrative data is one of the aspects of the “duty” of good administration enshrined in Article 41 of the Charter which stipulates that every person has the right of access to their file, “with due regard for the legitimate interests of confidentiality and professional and business secrecy.”

However Art.298 TFEU is not the legal basis framing professional secrecy. It is only a provision on the functioning of the institutions and bodies which, “in carrying out their tasks … [must be based] on an “open” European administration”[13] and is not an article intended to ensure the protection of administrative documents.

This objective is better served by other legal basis of the Treaties.

First of all, protecting the archives of EU institutions and bodies from outside interference is, even before being a legitimate interest, an imperative condition laid down by the Treatiesand the related 1965 Protocol on the Privileges and Immunities of the Union adopted on the basis of the current Article 343 TFEU. Articles 1 and 2 of that Protocol stipulate that the premises and buildings of the Union, as well as its archives, “shall be inviolable.”

Furthermore, in order to ensure that, in the performance of their duties, officials are obliged to protect the documents of their institutions, Article 17 of the Staff Regulations stipulates that

1. Officials shall refrain from any unauthorized disclosure of information coming to their knowledge in the course of their duties, unless such information has already been made public or is accessible to the public.

Again, (as for Regulation 1049/01), the INFOSEC regulation reinstate that it should be applied “without prejudice” of the Staff Regulation by so mirroring the second paragraph of art.298 TFEU which states that itself states that it should be implemented “in accordance with the Staff Regulations and the rules adopted on the basis of Article 336.” So, also from this second perspective, the correct legal basis for INFOSEC could be the Article 339 (on professional secrecy) and 336 TFEU, with the consequent amendment of the Staff Regulations by means of a legislative regulation of the Parliament and the Council.

By proposing a legislative regulation on the basis of Article 298, the Commission therefore circumvents both the obligation imposed by Article 336, art 339 (on professional secrecy) and, more importantly of Article 15(3) TFEU, according to which each institution or body “..shall ensure (i.e., must ensure) the transparency of its proceedings [and therefore also their protection from external interference] and shall lay down in its rules of procedure specific provisions concerning access to its documents [and therefore also concerning their protection], in accordance with the regulations referred to in the second subparagraph.”(NDR currently Regulation 1049/01)

The objectives set out in Article 298 cannot therefore override the requirements of protecting the fundamental right of access to documents, nor those of Article 15 TFEU which could be considered the “center of gravity”when several legal basis are competing [14].

The same applies to compliance with the regulation establishing the Statute and, in particular, compliance with Article 17 thereof, cited above.

Ultimately, the provisions on the legislative procedure for Union legislative acts are not at the disposal of the Commission, given that administrative transparency is a fundamental right and the protection of documents is a corollary thereof and not a means of functioning of the institutions. Administrative transparency is a fundamental right of every person; the protection of administrative data is a legitimate interest of every administration.

A ”public” interest that can certainly limit the right of access, but only under the conditions established by the legislator of art 15 TFEU and only by the latter.

4. Conclusions

If a recommendation may be made now to the co-legislators is to avoid illusionary shortcuts such as the current Commission proposal whose real impact on the EU administrative “bubble” is far to be clear[15] . The EU Legislator, since the entry into force of the Lisbon Treaty more than fourteen years ago is faced to much more pressing problems.

What is mostly needed is not inventing several layers of illusionary “protection” of the EU information but framing the administrative procedures by law as suggested several times by the European Parliament and by the multiannual endeavor of brilliant scholars focusing on the EU Administrative law[16].

What matters is that the management and the access to EU information should be framed by law and not depend from the goodwill of the administrative author or the receiver as proposed by the INFOSEC Regulation. Nor information security is strengthened transforming each one of the 64 EU “entities” covered by the INFOSEC Regulation [17] in sand-boxes where the information is shared only with the people who, according to the “originator” has a “need to know” and not a “right to know”.

Moreover the EU should limit and not generalize the power for each one of the 64 EU entities of create “classified” information (EUCI). In this perspective art.9 of Regulation 1049/01 needs indeed a true revision but in view of the new EU Constitutional framework and of the new institutional balance arising from the Lisbon treaty and of the Charter.

Fourtheen years after Lisbon the democratic oversight of the European Parliament and the judicial control of the Court of Justice on classified documents , shall be granted by EU law as it is the case in most of the EU Countriesand not by interinstitutional agreements which maintain the “Originator” against these institutions in violation of the rule of law principle as well as of the EU institutional balance.

Could still be acceptable fourteen years after the entry into force of the Lisbon Treaty that the European Parliament and the Court of justice are not taken in account in the dozens of international agreements by which the Council frame the exchange of EUCI with third countries and international organizations?

Instead of dealing with these fundamental issues the European Commission in its 67 pages proposal makes no reference to 24 years of experience in the treatment of classified information and prefer dragging the co-legislators in Kafkian debates dealing with “sensitive but not classified information” or on the strange idea by which documents should marked “public” by purpose and not by their nature (by so crossing the line separating public transparency from public propaganda).

But all that been said, it is not the Commission which will be responsible before the Citizens (and the European Court) for badly drafted legislation. It will be the European Parliament and the Council which shall now take their responsibility. They can’t hide behind the Commission unwillingness to deal with substantive issues (as well as with other aspects of legislative and administrative transparency) ; if the Council also prefer maintain the things as they were before Lisbon it is up to the European Parliament to take the lead and establish a frank discussion with the other co-legislator and verify if there is the will of fixing the real growing shortcomings in the EU administrative “Bubble”.

Continuing with the negotiations on the current version of the INFOSEC proposal notably on the complex issue of classified information paves the way to even bigger problems which (better soon than later) risk to be brought as in 2000 on the CJEU table.

[1] According to the Venice Commission “.. at International and national level access to classified documents is restricted by law to a particular group of persons. A formal security clearance is required to handle classified documents or access classified data. Such restrictions on the fundamental right of access to information are permissible only when disclosure will result in substantial harm to a protected interest and the resulting harm is greater than the public interest in disclosure. Danger is that if authorities engage in human rights violations and declare those activities state secrets and thus avoid any judicial oversight and accountability. Giving bureaucrats new powers to classify even more information will have a chilling effect on freedom of information – the touchstone freedom for all other rights and democracy – and it may also hinder the strive towards transparent and democratic governance as foreseen since Lisbon by art.15.1 of TFEU (emphasis added) The basic fear is that secrecy bills will be abused by authorities and that they lead to wide classification of information which ought to be publicly accessible for the sake of democratic accountability. Unreasonable secrecy is thus seen as acting against national security as “it shields incompetence and inaction, at a time that competence and action are both badly needed”. (…) Authorities must provide reasons for any refusal to provide access to information. The ways the laws are crafted and applied must be in a manner that conforms to the strict requirements provided for in the restriction clauses of the freedom of information provisions in the ECHR and the ICCPR.”

[2] Action brought on 9 October 2000 by the Kingdom of the Netherlands against the Council of the European Union (Case C-369/00) (2000/C 316/37)

[3] Action brought on 23 October 2000 by the European Parliament against the Council of the European Union (Case C-387/00) (2000/C 355/31) LINK chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:C2000/355/31

[4] Regulation 1049/01 Article 9”Treatment of sensitive documents

1. Sensitive documents are documents originating from the institutions or the agencies established by them, from Member States, third countries or International Organisations, classified as “TRÈS SECRET/TOP SECRET”, “SECRET” or “CONFIDENTIEL” in accordance with the rules of the institution concerned, which protect essential interests of the European Union or of one or more of its Member States in the areas covered by Article 4(1)(a), notably public security, defence and military matters.

2. Applications for access to sensitive documents under the procedures laid down in Articles 7 and 8 shall be handled only by those persons who have a right to acquaint themselves with those documents. These persons shall also, without prejudice to Article 11(2), assess which references to sensitive documents could be made in the public register.

3. Sensitive documents shall be recorded in the register or released only with the consent of the originator.

4. An institution which decides to refuse access to a sensitive document shall give the reasons for its decision in a manner which does not harm the interests protected in Article 4.

5. Member States shall take appropriate measures to ensure that when handling applications for sensitive documents the principles in this Article and Article 4 are respected.

6. The rules of the institutions concerning sensitive documents shall be made public.

7. The Commission and the Council shall inform the European Parliament regarding sensitive documents in accordance with arrangements agreed between the institutions.

[5] Notice for the OJ.Removal from the register of Case C-387/00¹By order of 22 March 2002 the President of the Court of Justice of the European Communities ordered the removal from the register of Case C-387/00: European Parliament v Council of the European Union. OJ C 355 of 09.12.2000.

[6] Interinstitutional Agreement of 20 November 2002 between the European Parliament and the Council concerning access by the European Parliament to sensitive information of the Council in the field of security and defence policy (OJ C 298, 30.11.2002, p. 1).

[7] According to the Interinstitutional Agreement of 12 March 2014 between the European Parliament and the Council concerning the forwarding to and handling by the European Parliament of classified information held by the Council on matters other than those in the area of the common foreign and security policy (OJ C 95, 1.4.2014, pp. 1–7) “4. The Council may grant the European Parliament access to classified information which originates in other Union institutions, bodies, offices or agencies, or in Member States, third States or international organisations only with the prior written consent of the originator.”

[8] According to annex III point 5 of the Framework Agreement on relations between the European Parliament and the European Commission (OJ L 304, 20.11.2010, pp. 47–62) In the case of international agreements the conclusion of which requires Parliament’s consent, the Commission shall provide to Parliament during the negotiation process all relevant information that it also provides to the Council (or to the special committee appointed by the Council). This shall include draft amendments to adopted negotiating directives, draft negotiating texts, agreed articles, the agreed date for initialling the agreement and the text of the agreement to be initialled. The Commission shall also transmit to Parliament, as it does to the Council (or to the special committee appointed by the Council), any relevant documents received from third parties, subject to the originator’s consent. The Commission shall keep the responsible parliamentary committee informed about developments in the negotiations and, in particular, explain how Parliament’s views have been taken into account.”

[9] SEE : Agreements on the security of classified information Link : https://eur-lex.europa.eu/EN/legal-content/summary/agreements-on-the-security-of-classified-information.html

[10] Article 218.10 TFUE states clearly that “The European Parliament shall be immediately and fully informed at all stages of the procedure” when the EU is negotiating international agreements even when the agreements “relates exclusively or principally to the common foreign and security policy,” (art.218.3 TFUE).

[11] Interestingly reference to art.15 of the TFEU is also made in the EP-Council 2014 Interinstitutional Agreement on access to classified information (not dealing with External Defence) See point 15 : This Agreement is without prejudice to existing and future rules on access to documents adopted in accordance with Article 15(3) TFEU; rules on the protection of personal data adopted in accordance with Article 16(2) TFEU; rules on the European Parliament’s right of inquiry adopted in accordance with third paragraph of Article 226 TFEU; and relevant provisions relating to the European Anti-Fraud Office (OLAF)

[12] However this legal basis was fit for another legislative proposal, of a more technical nature, which has now become EU Regulation 2023/2841 layng down measures for a high common level of cybersecurity for the institutions, bodies, offices and agencies of the Union. This Regulation apply at EU administrative level the principles established for the EU Member States by Directive (EU) 2022/2555 (²) improving the cyber resilience and incident response capacities of public and private entities. It created an Interinstitutional Cybersecurity Board ( IICB) and a Computer Emergency Response Team (CERT) which operationalizes the standards defined by the IICB and interact with the other EU Agencies (such as the EU Agency dealing with informatic security, Enisa), the corresponding structures in the EU Member States and even the NATO structures. It may be too early to evaluate if the Regulation is fit for its purpose ([12]) but the general impression is that its new common and cooperative system of alert and mutual support between the EU Institutions, Agencies and bodies may comply with the letter and spirit of art.298 of the TFEU

[13] Quite bizarrely this “open” attribute is not cited in the INFOSEC proposal and, even more strangely, none of the EU institutions has until now consulted the EU Ombudsman and/or the Fundamental Rights Agency.

[14] See Case C-338/01 Commission of the European Communities v Council of the European Union(Directive 2001/44/EC – Choice of legal basis)“The choice of the legal basis for a Community measure must rest on objective factors amenable to judicial review, which include in particular the aim and the content of the measure. If examination of a Community measure reveals that it pursues a twofold purpose or that it has a twofold component and if one of these is identifiable as the main or predominant purpose or component whereas the other is merely incidental, the act must be based on a single legal basis, namely that required by the main or predominant purpose or component. By way of exception, if it is established that the measure simultaneously pursues several objectives which are inseparably linked without one being secondary and indirect in relation to the other, the measure must be founded on the corresponding legal bases…”

[15] Suffice to cite the following legal disclaimer :”This Regulation is without prejudice to Regulation (Euratom) No 3/1958 17 , Regulation No 31 (EEC), 11 (EAEC), laying down the Staff Regulations of Officials and the Conditions of Employment of other servants of the European Economic Community and the European Atomic Energy Community 18 , Regulation (EC) 1049/2001 of the European Parliament and of the Council 19 , Regulation (EU) 2018/1725 of the European Parliament and of the Council 20 , Council Regulation (EEC, EURATOM) No 354/83 21 , Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council 22 , Regulation (EU) 2021/697 of the European Parliament and of the Council 23 , Regulation (EU) [2023/2841] of the European Parliament and of the Council 24 laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union.

[16] See ReNEUAL Model Rules on EU Administrative Procedure. ReNEUAL working groups have developed a set of model rules designed as a draft proposal for binding legislation identifying – on the basis of comparative research – best practices in different specific policies of the EU, in order to reinforce general principles of EU law

https://www.reneual.eu/projects-and-publications/reneual-1-0

[17] The Council has listed not less than 64 EU entities (EU Institutions Agencies and Bodies – EUIBAs) in document WK8535/2023

“Re-arming” Europe without real democratic control?

by Emilio DE CAPITANI

The European Council Conclusions of March 6th extraordinary meeting mark an unexpected change of course towards an European Union defence policy. If confirmed at the next meeting on March 20th/21st, this would see the European ship leave a safe port – even if essentially intergovernmental – to set sail for a destination that, at least from these first steps, seems to be clearly drifting away from the main course that the Union’s institutions have always followed until now. The course is one that, over the last 70 years, has allowed an entire Continent to live in peace, without any need for rearmament, through the use of the “community method” and economic and civil integration. A continent that had previously been the scene of two world wars, both triggered by imperialistic ambitions and, in the second, also by the ethical baseness of a violence never before reached in the history of human civilization.

Returning to the theme of the drift of the Conclusions of March 6, it is worth saying that what caused the shift was not so much Putin’s aggression against Ukraine (already underway since 2014 following the invasion of Crimea) but rather US President Trump’s position making clear to the other NATO allies that, in the event of military aggression of a member state, the protection of the American umbrella will be no longer automatic nor the financial contribution to this North Atlantic defense pact by the United States. Following these messages Ursula Von Der Leyen (VDL), President of the Commission, after, most probably having received the green light from the chancelleries of most EU member states, presented on March 5th a first plan, inappropriately called the “Re-arm Europe”, and whose objectives, as expected, have been, at least for the time being, unanimously approved by all the members of the European Council.

European public opinion has thus, suddenly, realized, that within the European Council, the highest political body of the European Union bringing together the Heads of State and Government, there is a great desire to take up arms, without any of them having consulted, beforehand, not even their parliaments in public session or, at least, the European Parliament. It looks that, once again, these leaders consider that it’s better to give this news to their citizens only after the fact, even though the same citizens, in the case of “rearmament” will not only put in their money but also the people necessary to ensure the increased defense measures. Moreover it will be easy, for these Heads of State and Government returning home from Brussels, to explain to the their national press that all the other colleagues pushed for it and “Brussel” has decided it. All for one (the Member States), and one for all (the Union), as usual….

Why is it “improperly” called a “Rearm Plan”? First of all, because the word “rearmament” has been banned from the European political lexicon since the Schuman Declaration of 1950. Secondly, because the term “rearmament” – that is, a return to the use of weapons – does not evoke a defensive intention, and even less of peace, as it could be, for example: “the new EU Military Defense Plan”. If until now the Union, in order to achieve peace, has welcomed millions of displaced Ukrainians, deployed money and adopted restrictive measures against Russia, the time has come, after President Trump’s announcements, of launching an European Union diplomatic initiative, according to the most authentic ” community method” and re-launch the role of the United Nations, rediscover the spirit of the Helsinki Accords that in 1975 contributed to overcoming the East-West divide on the European continent and try to bring the countries directly and indirectly involved around a table.

In any case, the plan proposed by President VDL, consisting of two distinct financial packages, raises serious reservations, not only political, but also parliamentary and legal.

The first package is the loosening of budgetary constraints up to 1.5% for defense spending by member states. Overall, this initiative should free up to 650 billion euros of national resources, to be spent not so much on the development of the defense industries already present in some Member States, but following a new European defense strategy. And this should happen through a mechanism of indebtedness that had not even been granted to the Member States for the achievement of fundamental objectives such as social protection or the fight against pollution…. From a European perspective, the choice may be questionable also due to the fact that, in March 2024, the Commission itself has already submitted to the European legislator an “EDIP” draft regulation (1) see below).

From a national perspective, however, it will be up to the parliaments of the Member States to decide whether or not to support the choices of their governments

Well, it’s clear that since this is a financial plan combined with the second basket of the VDL proposal engaging 150 billion euro on the EU Budget, all the national and European parliaments will wait until the next European Council on March 21st to find out if the Council, on the proposal of the Commission, will indeed adopt a new financial instrument in favor of Member States on art. 122 TFEU (2) as announced by the Commission President Von Der Leyen’s proposal to establish “a new EU instrument under Article 122 TFEU to provide Member States with loans backed by the EU budget.” According to the letter “ With up to EUR 150 billion, this instrument would strongly support EU efforts to achieve a rapid and significant increase in investments in Europe’s defence capabilities – now and over this decade. Such funding could be used for priority capabilities domains for which action is necessary at European level, in alignment with NATO:

air and missile defence;
artillery systems;
missiles and ammunition;
drones and anti-drone systems;
strategic enablers and critical infrastructure protection, including in relation to space;
military mobility;
cyber, artificial intelligence and electronic warfare.

Further increasing the impact of this new instrument would be achieved by buying together, which would ensure interoperability and predictability, reduce costs, and create the scale needed to strengthen our European defence industrial base.” (emphasis added)

The “new instrument” proposed by the President of the Commission is therefore much more ambitious than the initiatives undertaken until now by the EU in this field. Moreover, it presupposes the definition, at a European level, of “priority capability areas where action is needed at the European level, in line with NATO”. Therefore prior consultation with NATO (where the US ambassador sits) is foreseen, while the European Parliament itself is not involved, even if not only European taxpayer/citizen money is at stake, but also the content of policies that affect its rights and vital interests.

But, with the current Treaty, who is authorized to make this kind of decision?

The answer is not simple because the Treaties, even after Lisbon, have provided a framework that is ambiguous to say the least, if not incomplete and contradictory. This is because, at least until recently, the majority of Member States relied on the NATO Treaty for the defense of the Union’s territory, in a sort of division of labor with the EU Treaties (see art. 42 TEU). However,following the recent positions taken on the other side of the Atlantic, this division of labor is now being questioned and various solutions are being studied, first and foremost that of the construction of a “European pillar” within NATO. However, the impression is that this too is a temporary solution and that, sooner or later, the European Union must finally assume responsibility for its own defense.
If this is the medium to long term perspective, it should be self evident that the European Union, even before a future formal amendment of the Treaties, must apply to this “European” rearmament plan the same fundamental democratic principles, as it does to the rest of European policies. It would indeed be paradoxical that in fields that are sensitive and essential for the security of citizens in the face of increasing external threats the EU will not abide to the principles according to which “the functioning of the Union is founded on representative democracy” (art.10.1 TEU) or that according to which “Every citizen shall have the right to participate in the democratic life of the Union. Decisions are taken as openly as possible and as closely as possible to the citizen. (art.10.3 TEU).

In such constitutional context, the Commission’s proposal to base the financing of 150 billion on the basis of art.122 TFEU, without the direct involvement of the European Parliament, is highly questionable, not to say contrary to Union law. It is worth noting that Article 122, has been already used in the past to try to stem the Greek Euro crisis, the COVID crisis and the energy crisis following the Russian invasion of Ukraine, but it is a legal basis suitable only for emergency measures in the economic domain, and therefore unusable in situations dealing with defence and that can last for years. Suffice it to remember that during the Euro crisis art.122 TFEU was abandoned by the same Member States who proposed it because they recognized that it was necessary, for a medium long perspective, to adopt a real Treaty, even though “complementing” the TEU (the European Stability Mechanism – ESM).

So a first reason why art.122 TFEU, should be excluded as a legal basis justifying a Council measure aimed at defending the citizens of the Union, in the years to come is that it is a temporary measure, even though is intended, as President VDL herself admits in her letter, to be valid for at least the next decade. But, most importantly, art. 122 does not foresee the involvement of the European Parliament which, as it happened for the European Council conclusion on the Rearm Europe project, will be “informed” only after the fact. Democratic control, which in military matters and the recruitment of people to be entrusted with the use of arms, are the basis of the Constitution of every democratic state, must also be respected within the EU by involving the EP in these extremely important political decisions, and this through the identification of an appropriate legal basis that involves it. In this perspective President VDL proposal is in itself not only clearly anti-parliamentary, anti-democratic but it contradicts the assessment according to which we are facing historic times. So, why not take this occasion to set the basis for a true EU defence policy in the Treaty instead of prolonging the current anti-democratic regime set fifteen years ago for the EU Defense policy?

Let’s hope that the European Parliament will take this occasion to re-establish the EU institutional balance also in this domain and will formally reserve the right, starting with its next resolutions on defense, to challenge before the Court of Justice any type of measure or act taken without its prior and effective involvement. Moreover, since this matter also directly involves the national parliaments, the European Parliament should also call them together in the spirit and letter of Article 12 TEU, according to which they contribute to the European construction (thereby also strenghtening parliamentary democracy within the EU).

As for the merits, it is only necessary to remember that, according to articles 3 to 6 TFEU, the Union has no direct powers regarding rearmament, and it may be questionable whether it has any regarding support for member states [i];

In this context and, as the Treaty currently stands, the only possible legal basis for such involvement of the Union and the association of the EP in the construction of a defense policy is that of art. 352.1 TFEU according to which ” If action by the Union should prove necessary, within the framework of the policies defined in the Treaties, to attain one of the objectives set out in the Treaties, and the Treaties have not provided the necessary powers, the Council, acting unanimously on a proposal from the Commission and after obtaining the consent of the European Parliament, shall adopt the appropriate measures. (emphasis added) It is worth recalling that previous amendments of the Treaties were anticipated by legislative measures adopted with this “implicit” powers legal basis.

That having been said it is quite likely that for different political and institutional reasons the EU will not be ready to use art.352 TFEU ( notably because it requires unanimity in the Council and we all know how slippery the situation is in the Council when Unanimity is at stake…) However, another alternative, even if less clean and straight, is to integrate the VDL Objectives and the 150 billion financing in the draft “EDIP” Regulation(3) currently under discussion at the EP and the Council which already foresee the adoption of an EU Defense Strategy. It is worth mentioning that, despite all the limitations of this proposal already denounced by the European Court of Auditors , EDIP would follow an ordinary legislative procedure, thus guaranteeing the full co-responsibility of the European Parliament without requiring unanimity in the Council as provided for in Article 352 TFEU. Negotiations are proceeding swiftly in both the Council and the European Parliament and this should allow the inter-institutional negotiations (trilogue) to start as soon as possible.

As explained above there are therefore serious alternatives to recourse to Article 122 that the European Parliament may raise to protect its constitutional prerogatives in the face of an initiative by which the European Council, the Council and the Commission exclude it from the decision-making process. By appealing to the Court, against the choice of that legal basis (NDR : moreover emergency measures in the defence sector require art.222 TFUE and not 122 TFUE) the Parliament would not only defend its constitutional prerogatives, but also the fundamental need of respect democratic principles, the Rule of Law and, above all, the rights of the citizens who elected it, even in matters of defense. Then, who knows, the Council and the Commission could accept the fall back position of dealing with these matters in codecision with the EP through the EDIP legislative proposal…

NOTES
1 REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL establishing the European Defence Industrial Program and a framework for measures to ensure the timely availability and supply of defence products (“EDIP”) (2024/0061(COD) Link https://eur-lex.europa. eu/legal-content/IT/TXT/HTML/?uri=CELEX:52024PC0150

2 Article 122 (ex Article 100 of the TEC) 1.Without prejudice to any other procedures provided for in the Treaties, the Council, on a proposal from the Commission, may decide, in a spirit of solidarity between Member States, upon the measures appropriate to the economic situation, in particular if severe difficulties arise in the supply of certain products, notably in the area of energy. 2. Where a Member State is in difficulties or is seriously threatened with severe difficulties caused by natural disasters or exceptional occurrences beyond its control, the Council, on a proposal from the Commission, may grant, under certain conditions, Union financial assistance to the Member State concerned. The President of the Council shall inform the European Parliament of the decision taken.

(3) The legal bases for the draft EDIP Regulation aimed at ensuring the timely availability and supply of defense products are (1) Article 173 TFEU in relation to the competitiveness of the EDTIB; (2) Article 114 TFEU in relation to the European Defense Equipment Market (EDEM); (3) Article 212 TFEU in relation to strengthening Ukraine’s DTIB and (4) Article 322 TFEU in relation to financial provisions.

The Commission proposal of withdrawing the draft AI Liability Directive: a “strategic error” both from an institutional and content perspective? (1)

by Emilio DE CAPITANI

Maybe it is a pure coincidence, but the Commission proposal to withdraw the drat AI liability Directive seems to be the immediate answer to the US Vice-president, J.D. Vance request at the Artificial Intelligence Action Summit in Paris that the EU (and its Member States) should avoid any regulation deemed (by the US) too “aggressive” against the American technology giants. To confirm such suspicion are the Commission Vice President Sefcovic justifications according to which the Commission was withdrawing the text because of the “lack of progress” in the legislative process. This justification is simply unfounded because both the Council and the Parliament are currently actively working on the issue : the Council is debating the reactions of the Member States on the Commission’s proposal (see here and here) and the European Parliament held an hearing on this subject not later than two weeks ago, following which the EP Rapporteur has already announced a draft report in the coming months.

So, the Commission justification for withdrawing the AI Liability Directive proposal because of lack of progress is factually unfounded and, even, legally questionable. (see my other general post Here). Suffice to remember that according to the CJEU judgement withdrawing a legislative proposal may be justified only ‘where an amendment planned by the Parliament and the Council distorts the proposal for a legislative act in a manner which prevents achievement of the objectives pursued by the proposal and which, therefore, deprives it of its raison d’être, the Commission is entitled to withdraw it’. It may however do so only after having had due regard to Parliament’s and Council’s concerns behind their wish to amend the proposal.” (C- C‑409/13, p.83). Again this seems to be of common sense interpretation. Until the Treaty will not recognize a full right of legislative initiative to the EP and to the Council these institutions may only ask the Commission to submit a legislative proposal (art.225 of the TFEU for the EP).

However, until now no formal amendment depriving the AI Liability proposal of its raison d’être have been tabled by the EP or by the Council so that the co-legislator may well continue to work on the current legislative proposal. Needless to say that, in case of formal withdrawal of the text by the Commission the co-legislators or even only one of them may well bring that institution to the Court for infringement of the principle of conferral and of Institutional Balance.

(continue)

EU Transparency and participative democracy in the EU institutions after Lisbon :“Everything must change for everything to remain the same”?

by Emilio DE CAPITANI *[1]

Foreword

In a famous Italian novel “The Leopard” which describes a key moment of regime change in Sicily a young protagonist, Tancredi, addresses the old Prince of Salina, suggesting as the best strategy in order to maintain the old privileges to adapt, at least apparently, to the new situation.

This seems to be also the strategy chosen by the European institutions after the entry into force of the Treaty of Lisbon when dealing with openness and transparency of their decision-making process.

This Treaty marks a radical change from the previous situation, notably because it make visible and strengthens the interrelation between the principles of the Rule of law, democracy, mutual trust and transparency in the EU. This relation was already implicit before the Treaty but has become more evident at primary law level with the definition of the EU funding values (art 2 TEU), the binding nature of the EU Charter of fundamental rights and the establishment in the Treaties of clear legal basis transforming these principles in reality within the EU institutional framework and in relation with the EU Member States.

Under this perspective several articles of the EU Charter become relevant when dealing with principles of openness and transparency in the EU such the art.11 on Freedom of expression and information and articles 41 and 42 on the right to good administration and of access to EU documents. These rights should be granted and promoted not only by the EU Institutions Agencies and bodies but also by the Member states when implementing EU law. If a decision making process should be transparent at EU level the same transparency should be granted when EU measures are transposed at national level [2].

Openness and Transparency as corollaries of EU democracy

Furthermore the Lisbon Treaty has also endorsed several ambitious institutional innovations negotiated at the time of the draft Constitutional Treaty and which have now a direct or indirect impact on EU notions of rule of law, mutual trust, democracy and transparency.

First of all, the Treaty makes clear the democratic nature of the EU not only by strengthening representative democracy (“The functioning of the Union shall be founded on representative democracy.” Art.10.1 TEU) but also by recognizing the principle of participative democracy [3] (“Every citizen shall have the right to participate in the democratic life of the Union. Decisions shall be taken as openly and as closely as possible to the citizen” art.10.3 TEU).

Participative democracy is further strengthened by recognizing the role of Civil Society in art.11 TEU according to which “1. The institutions shall, by appropriate means, give citizens and representative associations the opportunity to make known and publicly exchange their views in all areas of Union action. 2. The institutions shall maintain an open, transparent and regular dialogue with representative associations and civil society.”.

Moreover, the Lisbon treaty confirms the principle of openness when it states that “(EU) decisions are taken as openly as possible and as closely as possible to the citizen.”(art 1, 2nd Alinea TEU). This provision was already present before Lisbon, but since then the notion of what could be considered “possible” has evolved both from a technical and political point of view. From a technical perspective, in the last twenty years the digital transformation has already triggered also at EU level the notion of e-government[4], of re-use of public data [5]. In a Google era efficient communication techniques that involve and empower citizens make now possible involving citizens in public decision-making processes.[6]

From a political perspective the new Treaty emphasizes that “In all its activities, the Union shall observe the principle of the equality of its citizens, who shall receive equal attention from its institutions, bodies, offices and agencies.” (art.9 TEU). When translated in transparency policies this principle requires that, when in public domain, information should be accessible by means and procedures which should not be directly or indirectly discriminatory [7].

(EU) Preaching “Transparency by design…

The Lisbon Treaty not only proclaimed the democratic principles on which the EU is founded and should be promoted (art 9-12 TEU) but confirmed the principle of openness and of participative democracy according to which ‘(EU) decisions are taken as openly as possible and as closely as possible to the citizens’ (art.1.2 TEU) and “[e]very citizen shall have the right to participate in the democratic life of the Union. Decisions shall be taken as openly and as closely as possible to the citizen.”(art.10.3 TEU).

Moreover, EU Legislative acts [8] are now defined at primary law level (art.289 TFEU) and the obligation of granting ‘Legislative transparency’ is now foreseen by Article 15(2) TFEU according to which “The European Parliament shall meet in public, as shall the Council when considering and voting on a draft legislative act.” As a consequence, granting legislative transparency has become a self-standing constitutional obligation which cannot be jeopardized by measures of EU secondary law or even more, by internal practices of the EU institutions. In other words, the mandatory principle of ‘legislative transparency’ established by Article 15(2) TFEU and 16.8 TEU should no more, be mixed with the ‘transparency on demand’ approach of the “pre-Lisbon” era when the scope of legislative transparency was often linked to the aleatory condition that a citizen may ask or not access to a legislative preparatory document.

…but framing “confidentiality by design”.

Unfortunately, even today, fifteen years since the entry into force of the Lisbon Treaty legislative preparatory documents made proactively public by the EU legislators following art.15.2 TFEU are still a fraction of the documents prepared and debated by the Commission, the Council and, even by the European Parliament along a legislative procedure.

The Council is the most appalling case of hiding legislative preparatory documents.

Even today, the Council’ internal Rules of procedures [9]consider that confidentiality should be the rule and transparency the exception. According to Council Internal Guidelines transparency of Council meetings when debating legislative procedures (as required by Article 16(8) TEU) is required only for “formal” Meetings at ministerial level. By so doing, citizen’s access is excluded not only from the “informal” Ministerial meetings but also from all the Coreper and working parties meetings no matter if, in a more general perspective, the Council is a single legal entity and preparatory bodies should not be considered apart).[10] As a proof that the main Council inspiration is “confidentiality by design” instead of “transparency by design” is the Council reorganization operational since 2015 of its internal document management[11]. Its 130/150 internal working parties have been transformed into ‘virtual communities’, which are de facto also virtual ‘sandboxes’ where working (WK) documents covering also legislative preparatory works (also at ‘trilogue level’) are shared only between the Community members [12].

By doing so the Council of the European Union is, since years preventing, routinely, access and democratic participation of EU citizens and of civil society, and is making unduly difficult the work of journalists, preventing the National Parliaments from checking the respect of the principle of subsidiarity and, last but not least, hiding essential information to the other co-legislator, the European Parliament.

The EU “Catch 22” how promoting confidentiality to protect ..transparency

To justify this behavior the Council still today refer to the exceptions set in art.4 and 9 of the pre-Lisbon Regulation 1049/2001 , and notably to the need of ‘protecting its decision making process’ as foreseen by art.4.3 of that Regulation. According to this principle “Access to a document, drawn up by an institution for internal use or received by an institution, which relates to a matter where the decision has not been taken by the institution, shall be refused if disclosure of the document would seriously undermine the institution’s decision-making process, unless there is an overriding public interest in disclosure”. Suffice to note that, if transposed to legislative preparatory works this principle may justify, for instance, the confidentiality of the work of the Parliamentary committees but this will clash with the provisions of art. 15.2 TFEU imposing the publicity of meetings of the EP and of the Council when acting as legislators (and this voer also the preparatory bodies as the EP and the Council have a single institutional identity). Moreover such use of a generic exception by an institution in its own interest will clash with the interinstitutional nature of the EU legislative process as described by art 294 of the TFEU.

To overcome the clash between the current provisions of the treaty and the exception described in art.4.3 of the pre-Lisbon Regulation 1049/01 there are then only two possibilities: either you consider that this exception is not relevant for legislative procedures or you consider that when legislation is at stake the “overriding public interest” is directly foreseen by the treaty and no exception can be raised. Behaving like the Council does when acting as legislator, create a “Catch 22” situation where confidential is invoked to “protect” a procedure which should be …transparent.

Needless to say this Council behavior has been denounced in several occasions, not only by the other co-legislator, the EP, but also by the EU Ombudsman not to speak of the Court of Justice. The latter with several rulings has framed in stricter terms the scope of Regulation 1049/01 exceptions even before the entry into force of the Lisbon treaty and of art.15.2 TFEU. It is then quite appalling that the impact on the Council practice of the EP pressure, of the Ombudsman recommendations of the CJUE jurisprudence has been very limited and anecdotical. [14]

To overcome all these legal inconsistencies the European Parliament voted on December 15^th , 2011[15] several ambitious amendments aligning Regulation 1049/2001 to the post-Lisbon new Constitutional framework. The EP Plenary not only considered that legislative debates should not be covered by the pre-Lisbon exceptions listed in art. 4, but voted also a legislative framework for classified documents (art. 9) and paved the way for the implementation of the principle of good administration by EU institutions, agencies and bodies. In the same perspective it also adopted two legislative proposals on framing the principle of good administration by the EU institutions, Agencies and bodies [16]

Unfortunately, the EP position on the alignment of Regulation 1049/01 with the Lisbon treaty, is , since thirteen years still formally pending, and has not been endorsed by the European Commission nor by the EU Council so that the EU and its citizens are still confronted with a secondary law (Regulation 1049/2001) and a wide practice of the EU institutions, agencies and bodies not complying with the new post-Lisbon constitutional framework.

In a quite opposite direction from the EP recommendation on the revision of Regulation 1049/01 and on the establishment of an EU code on good administration founded on art 298 TFUE (open, independent and efficient EU Public administration) the European Commission submitted in 2022 on the same legal basis (and without consulting the EU Ombudsman) a legislative proposal[17] dealing with information security in the institutions, bodies, offices and agencies of the Union.

The so called ‘INFOSEC’ Proposal, if adopted as it stands, may even pave the way for the transformation of the ‘EU Bubble’ into a sort of (administrative) fortress and substitute the principle of ‘transparency by design’ arising from art. 1.2 TEU with the principle of ‘confidentiality by design’[18] of all EU Institutions, Agencies and Bodies. It does so by redefining the conditions of treatment, access and sharing of all kinds of information/documents treated by the EU institutions, agencies and bodies by so overlapping and turning upside down Regulation 1049/2001 and the letter and spirit of the Treaty.

If the principle of Regulation 1049/2001 is to frame the right to know of EU citizens by granting that everything is public unless a specific exception is applicable, the logic of the new Commission proposal is that almost all internal documents should be protected and shared only with people with a recognised ‘need to know’ unless the document is marked as ‘public’. This will generalise to all the EU Institutions, Agencies and bodies the current Council practice of limiting the access internal documents in clear clash with art. 1 of the TEU which requires that the EU Institutions should act as openly as possible and the art.298 TFEU requiring that the EU administration should be not only indipendent and efficient but also “open”.

With the new proposed legal regime, the Commission, by endorsing and widening in a legislative measure the current Council internal security rules, is proposing to go back to the pre-Maastricht era when it was up to the EU institutions to decide whether or not to give access to their internal documents [19]. But since the Amsterdam Treaty (Article 255 TCE) and, even more, since the Lisbon Treaty, this practice is no longer compatible within an EU that is bound by the rule of law.

The core of the proposed INFOSEC Regulation is the creation and management of EU classified information (EUCI). By doing so, it substantially amends Article 9 of Regulation 1049/2001, which deals with so-called ‘sensitive documents’. It does not regulate how the information should be classified and declassified in the interests of the EU, as opposed to the interests of the originator (whether that be a member State, EU institution, agency or body). It is worth recalling that Article 9 of Regulation 1049/2001 recognises the so-called ‘originator privilege’ only in the domain of ‘sensitive’ documents and information mainly covered by the EU external defence policy (former Second “Pillar”). As such it is an exception to the general philosophy of Regulation 1049/2001 according to which the EU institutions may only be bound by law and not by the will of an ‘author’, even if it were an EU Member State. [20]

How the EP risks slowly turning to intergovernamental practices

The EP has been, since its first direct election, the most supportive institution of the transparency of the EU decision making process both in the interest of the EU citizens and its own constitutional role. For decades it has challenged the Council and Commission reluctance when sharing the relevant information on what was happening on the ground inside or outside the EU. The Court of Justice has recognised in several cases that the EP’s right to relevant information is explicitly recognised by the Treaty notably for international agreements (Article 218 (10) TFEU).

Unfortunately, instead of pushing the Council towards an open ‘parliamentary’ approach to legislation, the EP has followed the Council ‘diplomatic’ approach notably in the crucial phase of inter-institutional negotiations (‘trilogues’) even when, as is normally the case, these negotiations take place in the first parliamentary ‘reading’.

Although the CJEU considers the documents shared within the trilogues meetings as ‘legislative’[21], the European Parliament still publish these documents only since March 2023 but only after specific requests for access by EU citizens and after a consistent delay so that the information becomes available when the agreements have been reached.

This practice does not fit with Article 15(2) TFEU nor with the CJEU jurisprudence according to which ‘[i]n a system based on the principle of democratic legitimacy, co-legislators must be answerable for their actions to the public and if citizens are to be able to exercise their democratic rights they must be in a position to follow in detail the decision-making process within the institutions taking part in the legislative procedures and to have access to all relevant information.’[22]

[1] Affiliate to the Scuola Superiore S.Anna (Pisa)

[2] In this perspective it is quite bizarre that the Council evoke the notion of sincere cooperation by the Member States in order not to debate publicly at national level the EU legislative preparatory documents (coded as LIMITE) notably through the National Parliaments

[3] This emphasis for participative democracy is now also echoed at UN level by the 2030 Agenda for Sustainable Development whose Goal 16 foresees notably, to “Develop effective, accountable and transparent institutions at all levels”(16.6) Ensure responsive, inclusive, participatory and representative decision-making at all levels (16.7) 16.10 Ensure public access to information and protect fundamental freedoms, in accordance with national legislation and international agreements (16.10)

[4] See the European Commission communication https://commission.europa.eu/business-economy-euro/egovernment_en

[5] See the Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information which maybe a clear reference also for comparable initiatives of the EU Institutions, agencies and bodies.

[6] See the recent Council Conclusions on the EU’s ambition to play a leading role globally in the digital transformation and digital governance that respects, promotes and protects universal human rights, democracy and sustainable development, and puts people and their universal human rights at the centre, in line with the international law and the EU Declaration on Digital Rights and Principles. (Doc 9957/24 of 21^st of May 2024)

[7] This issue is relevant not only in cases of proactive publication but also when an information is disclosed following a Citizen’s request. If the information/document deals with legislative procedures it should be accessible in the public domain to everyone without further request for access.

[8] It should be noted that the concept of draft legislative act and legislative acts referred to in Article 15(2) TFEU does not correspond to the concept of legislative documents and legislative procedures referred to in the Pre-Lisbon Regulation 1049/01. While Article 15(2) TFEU refers to the projects and legislative acts defined in Article 289 TFEU (i.e. the joint adoption of legislative acts by the Council and the European Parliament), the Regulation, which pre-dates the entry into force of Article 289 TFEU, refers to “documents drawn up or received in the course of procedures for the adoption of acts which are legally binding”.2 Now, according for instance to the new Article 290 TFEU, Commission delegated acts which were “legislative” before Lisbon are now “non-legislative acts” (see also Article 16.8 TEU as to the “non-legislative activities” of the Council

[9] Council Decision of 1 December 2009 adopting the Council’s Rules of Procedure Link : https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32009D0937

[10] Indeed, Article 5(1) of the Council Rules of Procedure (CRP) provides that, unless deliberating or voting on legislative acts, Council meetings must not be public, and Article 6(1) CRP stipulates that ‘Without prejudice to Articles 7, 8 and 9 and to provisions on public access to documents, the deliberations of the Council shall be covered by the obligation of professional secrecy …’, but on page 54 of its commentary on the CRP it is notably stated explicitly that : This rule also applies to the preparatory work for Council meetings, that is, all the Council’s preparatory bodies (Coreper, committees and working parties). However, legislative work in preparatory bodies is not public.”(emphasis added)

[11] See the Council public document 7385/16 of 2 May 2016, “Delegates Portal: a new Community Approach to document distribution”. The reorganization of the internal production/diffusion of Council internal documents has been endorsed by the Coreper in public document 6704/13 CIS 5 work on COCOON (Council Collaboration Online)”. The system has been generalised to all Working Parties in 2015. See https://data.consilium.europa.eu/doc/document/ST-7385-2016-INIT/en/pdf .

[12] Meijers Committee, ‘Working Documents’ in the Council of the EU cause a worrying increase in secrecy in the legislative process, CM2107 June 2021 https://www.commissie-meijers.nl/wp-content/uploads/2021/09/2107_en.pdf .

101See (2022/0084(COD) https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52022PC0119.

[13] Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access

to European Parliament, Council and Commission documents.

[14] European Ombudsman openly stated for the first time in a recent decision of March 2024 that EU institutions are not giving effect to case law on public access to legislative documents. See European Ombudsman, Case OI/4/2023/MIK, ‘How the European Parliament, the Council of the EU and the European Commission deal with requests for public access to legislative documents’, https://www.ombudsman.europa.eu/en/case/en/64321.. Cited by the EP Study “Regulation 1049/2001 on the right of access to documents, including the digital context” https://www.europarl.europa.eu/RegData/etudes/STUD/2024/762890/IPOL_STU(2024)762890_EN.pdf

[15] See Legislative Procedure 2008/0090(COD).Link https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?lang=en&reference=2008/0090(COD)

[16] With the aim of guaranteeing the right to good administration and ensuring an open, efficient and independent EU civil service, on 15 January 2013 the European Parliament adopted a first resolution (Rapporteur Luigi Berlinguer SD Italy) presenting detailed recommendations to the Commission on a Law of Administrative Procedure of the EU under the new legal basis of Article 298 of the Treaty on the Functioning of the European Union (TFEU). A second resolution for an open, efficient and independent European Union administration (rapporteur: Haidi Hautala, Greens/EFA, Finland) in June 2016 (2016/2610(RSP)).

[17] See Legislative Procedure 2022/0084(COD) Proposal for a Regulation of the European Parliament and of the Council on information security in the institutions, bodies, offices and agencies of the Union Link : https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2022/0084(COD)&l=en

[18] In principle, the objective as announced in the title of the proposal is legitimate: granting a comparable level of protection in all the EU institutions, agencies and bodies, for information and documents, which, according to the law, should be protected. To do so a wide inter-institutional coordination group is proposed, as well as a network of security officials in all the EU entities and a securitised informatic network (TEMPEST) is foreseen.

[19] By replacing the ‘right to know’ foreseen at the Treaty with the a ‘need to know’ mechanism the proposed Regulation

turn upside down the EU openness and transparency principle.

[20] What the INFOSEC proposal does is transform the exception of the ‘originator principle’ in a rule against the provision of Regulation 1049/2001. It does not foresee judicial oversight of classified information. It does not solve the problem of the sharing of ‘sensitive information’ between entities that have a legitimate “need to know”. Last but not least, it threatens the EP oversight role of EU security agreements with third countries and international organisations on the exchange of classified information.

[21] See Case T-540/15 De Capitani v European Parliament

[22] Case T-163/21 De Capitani v Council EU:T:2023:15.

European Law Blog : The Complex Landscape of Asylum Border Procedures in the new Asylum Procedures Regulation

25 JUNE 2024/ BY VASILIKI APATZIDOU

Blogpost 31/2024

At the heart of the negotiations for the New Pact on Migration and Asylum lies one of its most contentious elements: the regulation of border procedures. During the Council negotiations, the Asylum Procedures Regulation (APR) underwent significant modifications, particularly in the provisions that regulate border procedures, to incorporate perspectives from all Member States. Despite expectations for improvements during trialogues with the Parliament, the final outcome in December 2023 witnessed a step back from many of the anticipated safeguards.

Border procedures are perceived in the agreed text as an important ‘migration management tool’ and as a responsibility mechanism, mandating the examination of asylum applications at the borders, while asylum seekers will be subject to the ‘non-entry’ fiction. This blogpost aims to examine the complex landscape of border procedures based on the final text of the APR.

The Arduous Negotiations on Border Procedures

The EU Pact placed a paramount emphasis on the EU’s external borders, introducing a ‘seamless link’ between all stages of the pre-entry phase, from the screening procedure, to an expanded use of asylum border procedures and where applicable, return border procedures for rejected asylum seekers.

Border procedures involve the swift processing of asylum claims at border locations, while third-country national are subject to the ‘non-entry’ fiction. The main reason for their implementation is to guarantee the first-entry states’ responsibility by keeping asylum seekers at the external borders and preventing secondary movements within the EU.

Despite being initially regulated in only two provisions within the amended proposal for an APR (Article 41 and 41a APR), the final text includes twelve provisions on border procedures (Article 43-54 APR), highlighting their contentious nature during the negotiations and the difficulty of Member States in reaching an agreement.

The most difficult and divisive question during the negotiations was whether border procedures should be obligatory or voluntary. On the one hand, central EU countries sought to make the use of border procedures obligatory to prevent ‘secondary’ movements of asylum seekers and manage migration at the EU external borders.

On the other hand, southern EU states opposed this, given that their widespread implementation would place a further strain on their resources and overburden their capacities for processing asylum claims. In addition, they argued that whether or not to apply border procedures, as well as the categories of persons to whom these should apply, should remain a prerogative of Member States, that are best placed to decide if a procedure is feasible given their specific circumstances.

Despite years of negotiations, with the APR text being discussed since 2016, the outcome is an extended regulation of border procedures, rendering them mandatory in some cases.

This prolonged negotiation process has resulted in a complex framework with many provisions designed to accommodate the diverse interests of all involved Member States.

The scope of application of border procedures

Despite challenging negotiations on border procedures, the agreed text extends their scope of application (Articles 44-45 APR). Firstly, it renders their use mandatory when certain acceleration grounds are met.

The mandatory application of border procedures is stipulated for those that have a low probability of international protection (20%) according to Union-wide average Eurostat data (Article 45 APR), those who pose potential threats to national security or public order and cases involving applicants who mislead the authorities. Regarding the last category of applicants, the APR text foresees that ‘after having been provided with a full opportunity to show good cause‘, those considered to have intentionally misled the authorities are subject to mandatory border procedures. While this wording aims to guard against arbitrary practices, there still remains a risk of wide interpretation by authorities.

Regarding the first reason, and according to the Council, an effective and meaningful border procedure should ensure that the number of persons that would actually be channeled to the border procedure remains high, and despite proposals from the Parliament to reduce the threshold to 10%, the recognition rate of 20% remained in the final text with a corrective mechanism introduced during the negotiations with the Parliament (Article 45 and Article 42j APR).

The corrective mechanism allows authorities to deviate from this threshold if there has been a significant change in the applicant’s country of origin since the publication of the relevant Eurostat data. It also allows states to take into account significant differences between first-instance decisions and final decisions (appeals).

For example, if there is a notable discrepancy indicating that many initial rejections are overturned on appeal, this could be a factor in deciding not to apply the border procedure to an applicant from that country. However, this practice introduces a nationality-based criterion for the application of border procedures which may lead to discrimination, and it also raises important issues as there are significant discrepancies in the recognition rates of asylum seekers across European countries.

In addition to these obligatory cases, border procedures may be used at the discretion of authorities to examine the merits or the inadmissibility of an application under certain conditions. Specifically, this discretion applies if any of the circumstances listed in Article 42(1), points (a) to (g) and (j), and Article 42(3), point (b), are met, as well as when there is an inadmissibility ground in accordance with Article 38. This discretionary use could impede harmonization across the EU due to varying interpretations and implementations by different Member States.

Moreover, the regulation broadens the personal scope of border procedures, allowing their application following the screening, and when an application is made a) at an external border crossing point or transit zone (this was also foreseen in the APD), but also b) following apprehension in connection with an unauthorized border crossing of the external border, which means that individuals who are already within the territory of a Member State could be subjected to border procedures, and finally c) following disembarkation after a search and rescue operation (Article 43 APR).

Another important aspect discussed during the negotiations was the application of border procedures to unaccompanied minors with an agreement on excluding them from border procedures always, except for national security grounds (Article 53 (1) APR). Families with minors will be included in border procedures with additional safeguards: de-prioritisation of their examination and always reside in facilities that comply with the Reception Conditions Directive (RCD). Specifically, Article 44 (3) APR foresees that where the number of applicants exceeds the number referred to in the provision that regulates the member State’s adequate capacity level, priority shall be given to applications of certain third-country nationals that are not minor applicants and their family members. To the contrary, following admission to a border procedure, priority shall be given to the examination of the applications of minor applicants and their family members.

Finally, vulnerable individuals will be exempted from border procedures only when it is assessed that the ‘necessary support’ cannot be provided to applicants with special reception or procedural needs (Article 53 (2) APR).

The concept of adequate capacity

In exchange for increased responsibility of frontline states through the wide implementation of border procedures, the APR introduces the concept of ‘adequate capacity’, with two distinct levels identified: the Union-level which is set at 30,000 (Article 46 APR), though the derivation of this figure remains unexplained, and the individual Member State level which is calculated based on numerical factors: by multiplying the number set out in Article 46 (Union-level adequate capacity) by the sum of irregular crossings of the external border, arrivals following search and rescue operations and refusals of entry at the external border in the Member State concerned during the previous three years and dividing the result thereby obtained by the sum of irregular crossings of the external border, arrivals following search and rescue operations and refusals of entry at the external border in the Union as a whole during the same period according to the latest available Frontex and Eurostat data (Article 47 APR).

Only applications subject to the border procedure should be calculated towards reaching the adequate capacity.

Once ‘adequate capacity’ is reached (Article 48), the Commission will be notified and it will have to examine if the state is identified as being under a migratory pressure according to the Asylum and Migration Management Regulation. In such case, states will be able to derogate from the provisions that mandate the use of border procedures, and e.g. choose to keep asylum seekers at the borders and refer them in regular asylum procedures or transfer them within the territory and once again implement regular asylum procedures.

However, such authorisation will not exempt the Member State from the obligation to examine in the border procedure applications made by applicants that are considered as a danger to national security or public order.

The introduction of the concept of ‘adequate capacity’ was designed to render the prescribed use of border procedures cognizant to the needs and migratory pressures on first-entry states and in this way to ensure their buy in. However, the final provisions demonstrate that the calculation of ‘adequate capacity’ is rather complex, while it relies solely on numerical data, overlooking the specific characteristics of arrivals or the actual capacity of first-entry countries.

It seems that, in essense, this concept was added to ensure ‘predictability‘ by making sure that southern states will fulfill their responsibilities by examining a minimum number of applications through border procedures. In addition, this will in practice incentivise Member States to use even more border procedures to reach their ‘adequate capacity’, in detention or other designated spaces created for these procedures, turning the process into a ‘lottery’ largely dependent on the timing of arrivals.

If a person arrives before the ‘adequate capacity’ is reached, they will most probably be subjected to border procedures. Conversely, if they are fortunate enough to arrive once the capacity is reached, their cases will be examined under a regular asylum procedure with more safeguards. Finally, this approach is also potentially hindering harmonisation by prioritising national-level exception measures over solidarity and relocation in times of pressure.

Rights at Risk

Although border procedures were initially implemented exceptionally in some Member States to address the 2015-2016 refugee ‘crisis,’ this practice has become the ‘norm’ in certain Member States, such as Greece and Italy, where they are routinely applied, even in situations with no notable increase in arrivals. It is expected that their use will rise as border procedures become mandatory for certain categories of asylum seekers.

Border procedures have been described as sub-standard procedures, due to the fast processing of asylum claims, the locations where these procedures are implemented, and the legal fiction of ‘non-entry’, a concept which means that asylum seekers will be considered as not entered into the territory while their claim will be examined in a border procedure. This provision is also maintained in the final text (Article 43 (2) APR).

The legislation creates therefore avenues for disentangling the relation between physical presence of an asylum seeker on the territory and the legal presence.

As scholars have pointed out, this legal fiction, justifies the creation of ‘liminal’ space or ‘anomalous’ zones where common legal rules do not fully apply. Notably, Article 54 APR, allows their implementation within the territory, justifying the application of the ‘non-entry’ fiction even in locations far away from the actual territorial border. By shifting the border inwards, entire areas are treated as ‘borders’, and asylum seekers in these locations are subjected to a different, often more restrictive, set of rights compared to those who apply for asylum through regular in-country procedures. This practice can imperil several key rights of asylum seekers as it will be described below.

Towards more detention

During border procedures, asylum seekers should be kept at or close to the borders, leading to increased and systematic detention or other area-based restrictions. Within the APR, detention is not prescribed clearly, but it is not precluded either (Article 54 APR). The legal basis for imposing detention during border procedures can be found however in the agreed Reception Conditions Directive, where it is envisaged that detention may be imposed ‘in order to decide, in the context of a procedure, on the applicant’s right to enter the territory’ (Article 8c RCD).

To what extent policies of non-entry undermine the right to liberty and freedom of movement is a matter raised many times in the case law of the CJEU, and in some cases of the ECtHR where the case-law on detention to prevent unauthorized entry (Article 5 (1) (f)) seems to be rather controversial. What is important to note though is that the ‘non-entry’ fiction in conjunction with the absence of clarifying the reception conditions (Article 54 APR) applicable in border procedures may lead to increased and routinised detention practices in EU external states.

The issue of legal aid

The question of free legal assistance in border procedures has been another area of contention during the negotiations. While the European Parliament stressed its importance, the Member States were against expanding it to the first instance procedure due to financial and administrative constraints. A compromise solution was agreed offering free legal counseling for the administrative procedure (interview), excluding representation and allowing flexibility for Member States (Article 16 APR).

As outlined in the new APR (Article 16), legal counseling includes guidance and explanations of the administrative procedure, including information on rights and obligations during the process. Additionally, the legal counsellor will offer assistance with lodging the application as well as guidance on the different examination procedures and the reasons for their application e.g. admissibility rules or when someone is referred to accelerated or border procedures.

However, this form of assistance does not extend to escorting individuals during the asylum interview, preparing them for the interview, or submitting legal memos at the first instance procedure. In contrast, legal assistance and representation which is applicable in the appeal procedure (Article 17 APR) goes further, including the preparation of procedural documents and active participation in the hearing.

Despite the supposed extension of legal aid, highlighted in a dedicated section (Section III), its provision remains in the form of counseling, marking a notable step back from the Parliament’s initial proposal. Furthermore, in practice, limited access both to counselling and legal assistance may occur due to the locations that border procedures take place such as detention or remote locations near the borders. This situation underscores potential challenges in ensuring effective legal support within the border procedures.

The right to asylum and protection from refoulement

Other rights that may be undermined in the context of border procedures are the right to asylum and the protection from refoulement. These rights may be compromised primarily due to the limited procedural safeguards applicable in border procedures, such as the very short time-limits (as stipulated in Article 51 APR, border procedure shall be as short as possible and a maximum of 12 weeks) combined with the limited access to legal assistance due to the locations where border procedures are taking place (detention or de facto detention) which may significantly impact the overall quality of the asylum procedure.

In addition, implementing border procedures to vulnerable applicants raises concerns that their special procedural needs may not be appropriately addressed. These individuals shall be provided with the necessary support to enable them to benefit from their rights. However, the notion of ‘necessary support’ yet remains undefined in the agreed text. It seems that it is mainly related to the special reception needs and the locations where the border procedures are implemented, assuming that border procedures are appropriate for applicants with special procedural needs unless ‘the necessary support cannot be provided in the locations referred to in Article 54’.

Failure to provide special procedural guarantees to asylum seekers who require them directly impacts the quality and effectiveness of the asylum procedure.

Finally, the right to appeal is modified in the APR. According to Article 68 APR, the appeal will not have suspensive effect when the case is examined under border procedures. Some guarantees should nevertheless be preserved in this case, such as the possibility for the applicant to request a right to remain within a time-limit of at least 5 days and the provision of interpretation, information and free legal assistance (Article 68 (3) a (ii) in conjunction with Article 68 (5) APR). Even though it is positive to at least ensure that these guarantees are applicable in border procedures, the time-limit of 5 days to prepare and lodge an appeal and an application to request the right to remain may not be enough to ensure an effective remedy in practice.

Concluding Observations

The extensive regulation of border procedures in the final APR underscores their role as a crucial ‘migration management tool’. The persistence, during negotiations, to uphold border procedures at any cost resulted in intricate and complex provisions, emphasising their importance in ensuring responsibility of first-entry states. However, by containing asylum seekers at external borders, the EU risks exacerbating existing deficiencies, leading to overcrowd reception and detention centres and consequently violation of human rights. This directly impacts both asylum seekers, that will have to navigate asylum procedures with limited safeguards, and states grappling with overburdened capacities.

As these rules take shape, a focus on rights-based interpretations and increased judicial oversight and monitoring are essential to safeguard the principles of fairness and respect for human rights at the borders.

The Council of Europe Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law: perhaps a global reach, but an absence of harmonisation for sure

by Michèle DUBROCARD (*)

On 15 March 2024, Ms Marija Pejčinović Burić, the Secretary General of the Council of Europe, made a statement, on the occasion of the finalisation of the Convention on Artificial Intelligence (AI), Human Rights, Democracy and the Rule of Law. She welcomed what she described as an ‘extraordinary achievement’, namely the setting out of a legal framework that covers AI systems throughout their lifecycles from start to end. She also stressed the global nature of the instrument, ‘open to the world’.

Is it really so? The analysis of the scope, as well as the obligations set forth in the Convention raise doubts about the connection between the stated intent and the finalised text. However, this text still needs to be formally adopted by the Ministers of Foreign Affairs of the Council of Europe Member States at the occasion of the 133rd Ministerial Session of the Committee of Ministers on 17 May 2024, after the issuing of the opinion of the Parliamentary Assembly of the Council of Europe (PACE)[1].

I- The scope of the Convention

It is no secret that the definition of the scope of the Convention created a lot of controversy among the negotiators[2]. In brief, a number of States, a majority of which are not members of the Council of Europe [3] but participated in the discussions as observers, essentially opposed the European Union, in order to limit the scope of the Convention to activities related to AI systems only undertaken by public authorities, and exclude the private sector.

Those observer States achieved their goal, presumably with the help of the Chair[4] and the Secretariat of the Committee on Artificial Intelligence (CAI), but they did it in a roundabout way, with an ambiguous wording. Indeed, the reading of both Article 1.1 and Article 3.1(a) of the Convention may lead to think prima facie that the scope of the Convention is really ‘transversal’[5], irrespective of whether activities linked to AI systems are undertaken by private or public actors:

– according to Article 1.1, ‘the provisions of this Convention aim to ensure that activities within the lifecycle of artificial intelligence systems are fully consistent with human rights, democracy and the rule of law.’

– according to Article 3.1(a),‘the scope of this Convention covers the activities within the lifecycle of artificial intelligence systems that have the potential to interfere with human rights, democracy and rule of law as follows’.

This impression is confirmed by the explanatory report, which states in par. 15 that ‘the Drafters aim to cover any and all activities from the design of an artificial intelligence system to its retirement, no matter which actor is involved in them’.

However, the rest of Article 3 annihilates such wishful thinking: as regards activities undertaken by private actors, the application of the Convention will depend on the goodwill of States. Better still, a Party may choose not to apply the principles and obligations set forth in the Convention to activities of private actors, and nevertheless be seen as compliant with the Convention, as long as it will take ‘appropriate measures’ to fulfil the obligation of addressing risks and impacts arising from those activities:

‘Each Party shall address risks and impacts arising from activities within the lifecycle of artificial intelligence systems by private actors to the extent not covered in subparagraph (a) in a manner conforming with the object and purpose of the Convention.

Each Party shall specify in a declaration submitted to the Secretary General of the Council of Europe at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession how it intends to implement this obligation, either by applying the principles and obligations set forth in Chapters II to VI of the Framework Convention to activities of private actors or by taking other appropriate measures to fulfil the obligation set out in this paragraph. Parties may, at any time and in the same manner, amend their declarations’.

How should one interpret such a provision? It seems to allow Parties to submit a reservation on the private sector but, at the same time, it is not worded as a reservation per se. On the contrary, it establishes a sort of equivalence between the principles and obligations laid down in the Convention and ‘other appropriate measures’ to be taken by the Parties when addressing risks and impacts arising from activities related to AI systems undertaken by private actors. In other words, the Convention organizes the modalities of circumvention of the principles and obligations that yet constitute the core of its very object.

The result of such a provision is not only a depreciation of the principles and obligations set forth in the Convention, since it is possible to derogate from them for activities of private actors without derogating from the Convention itself, but it also creates a fragmentation in the implementation of the instrument. The uncertainty stemming from these declarations is aggravated by the possibility, for each Party, to amend its declaration at any time. Since there is no other specification, one could even imagine a situation where a Party could, in the first instance, accept to apply the principles and obligations set forth in the Convention to the private sector, but then, at a later stage, reconsider its initial decision and limit such application to the public sector only.

Instead of establishing a level playing field among the Parties, the Convention legitimizes uncertainty as regards its implementation, in space and time.

On the other hand, Article 3.2 clearly authorizes an exemption, requested this time by the European Union[6], for activities within the lifecycle of AI systems related to the protection of national security interests of Parties. However, according to the provision, such activities should be ‘conducted in a manner consistent with applicable international law, including international human rights law obligations, and with respect for its democratic institutions and processes’. In the framework of the Council of Europe, such an exemption is particularly surprising in the light of the case-law of the European Court of Human Rights, which has clearly interpreted the concept of ‘national security’[7]. Exempting from the scope of the Convention activities of AI systems related to the protection of national security interests seems therefore at best useless, if not conflicting with the obligations stemming from the European Convention on Human Rights.

In addition to national security interests, Article 3 foresees two more exemptions, namely research and development activities and national defence. Concerning research and development activities regarding AI systems not yet made available for use, Article 3.3 also includes what seems to be a safeguard, since the Convention should nevertheless apply when ‘testing or similar activities are undertaken in such a way that they have the potential to interfere with human rights, democracy and the rule of law’. However, there is no indication of how and by whom this potential to interfere could be assessed. The explanatory report is of no help on this point, since it limits itself to paraphrasing the provision of the article[8].

As regards matters related to national defence, the explanatory report[9] refers to the Statute of the Council of Europe, which excludes them from the scope of the Council of Europe. One can however wonder whether the rules of the Statute of Europe are sufficient to justify such a blanket exemption, especially in the light of the ‘global reach’ that the Convention is supposed to have[10]. Moreover, contrary to the explanations related to ‘national security interests’, the explanatory report does not mention activities regarding ‘dual use’ AI systems, which should be under the scope of the Convention insofar as these activities are intended to be used for other purposes not related to national defence.

II- Principles and obligations set forth in the Convention

According to the explanatory report, the Convention ‘creates various obligations in relation to the activities within the lifecycle of artificial intelligence systems’[11].

When reading Chapters II to Chapter VI of the Convention, one can seriously doubt whether the Convention really ‘creates’ obligations or rather simply recalls principles and obligations already recognized by previous international instruments. Moreover, the binding character of such obligations seems quite questionable.

II-A Principles and obligations previously recognized

A number of principles and obligations enshrined in the Convention refer to human rights already protected as such by the European Convention on Human Rights, but also by other international human rights instruments. Apart from Article 4 that recalls the need to protect human rights in general, Article 5 is dedicated to integrity of democratic processes and respect of rule of law[12], Article 10 is about equality and non-discrimination[13], Article 11 refers to privacy and personal data protection[14], and Articles 14 and 15 recall the right to an effective remedy[15].

Other principles are more directly related to AI, such as individual autonomy in Article 7, transparency and oversight in Article 8, accountability and responsibility in Article 9, and reliability in Article 12, but once again these principles are not new. In particular, they were already identified in the Organisation for Economic Co-operation and Development (OECD) Recommendation on AI, adopted on 19 May 2019[16].

This feeling of déjà vu is reinforced by the wording of the Convention: in most articles, each Party shall ‘adopt or maintain measures’ to ensure the respect of those principles and obligations. As duly noted in the explanatory report, ‘in using “adopt or maintain”, the Drafters wished to provide flexibility for Parties to fulfil their obligations by adopting new measures or by applying existing measures such as legislation and mechanisms that existed prior to the entry into force of the Framework Convention’[17].

The question that inevitably comes to mind is what the added value of this new instrument can be, if it only recalls internationally recognized principles and obligations, some of them already constituting justiciable rights.

Indeed, the mere fact that this new instrument deals with the activities related to AI systems does not change the obligations imposed on States to protect human rights, as enshrined in applicable international law and domestic laws. The evolution of the case law of the European Court of Human Rights is very significant in this regard. As we know, the Court has considered, on many occasions, that the European Convention on Human Rights is to be seen as ‘a living instrument which must be interpreted in the light of present-day conditions’[18]. Without much risk one can predict that in the future the Court will have to deal with an increasing number of cases involving the use of AI systems[19].

II-B A declaratory approach

One could try to advocate for this new Convention by emphasizing the introduction of some principles and measures which haven’t been encapsulated in a binding instrument, yet. Such is the case, for instance, of the concepts of transparency and oversight, to be linked to those of accountability and responsibility, reliability, and of the measures to be taken to assess and mitigate the risks and adverse impacts of AI systems.

However, the way these principles and measures have been defined and, above all, how their implementation is foreseen, reveal a declaratory approach, rather than the intention to establish a real binding instrument, uniformly applicable to all.

Moreover, the successive versions of the Convention, from the zero draft, to the last version of March 2024, reveal a constant watering down of its content: the provisions on the need to protect health and environment have been moved to the Preamble, while those aiming at the protection of whistleblowers have been removed.

In the light of the EU Artificial Intelligence Act[20], the current situation is almost ironic, since the Convention does not create any new individual right, contrary to the EU regulation, which clearly recognizes, for instance, the human overview as well as the right to explanation of individual decision-making. And yet, the general economy of the AI Act is based on market surveillance and product conformity considerations, while the Council of Europe Convention on AI is supposed to focus on human rights, democracy, and the rule of law[21].

So, what is this Convention about? Essentially obligations of means and total flexibility as regards the means to fulfil them.

– obligations of means:

A number of obligations in principle imposed on Parties are in fact simple obligations of means, since each Party is requested to ‘seek to ensure’ that adequate measures are in place. It is the case in Article 5, dedicated to the ‘integrity of democratic processes and respect for rule of law’. It is also the case in Article 15 on procedural safeguards, when persons are interacting with an artificial intelligence system without knowing it, in Article 16.3 in relation to the need of ensuring that adverse impacts of AI systems are adequately addressed, and in Article 19 on public consultation.

On the same vein, other articles include formulations which leave States with considerable room for manoeuvre in applying the obligations: as regards reliability, each Party shall take ‘as appropriate’ measures to promote this principle[22]. As regards digital literacy and skills, each Party shall ‘encourage and promote’ them[23]. Similarly, Parties are ‘encouraged’ to strengthen cooperation to prevent and mitigate risks and adverse impacts in the contexts of AI systems[24].

More importantly, it will be up to Parties to ‘assess the need for a moratorium or ban’ AI systems posing unacceptable risks[25]. One can only deplore the removal of former Article 14 of the zero draft, which provided for the ban of the use of AI systems by public authorities using biometrics to identify, categorise or infer emotions of individuals, as well as for the use of those systems for social scoring to determine access to essential services. Here again, the Convention is under the standards defined by the AI Act[26].

– the choice of the measures to be adopted:

First, one should note that from the first article of the Convention, flexibility is offered to the Parties as regards the nature of the measures to be adopted, if appropriate. Article 1.2 provides the possibility for each Party ‘to adopt or maintain appropriate legislative, administrative or other measures to give effect to the provisions set out in this Convention’.

Consequently, Parties might consider that their domestic system is fully compliant with this Convention without any change in their regulations. They could even consider that simple recommendations to public or private actors might be sufficient to fulfil their obligations under the Convention.

The wide leeway given to the States also explains the constant reference to the ‘domestic law’ [27]or to the domestic legal system[28] throughout the Convention. In particular Article 6, which constitutes a chapeau for the whole Chapter III, states that principles included in this Chapter shall be implemented by Parties ‘in a manner appropriate to its domestic legal system and the other obligations of this Convention’. Such a wording is not free from a certain ambiguity, since it might be interpreted as requiring, as part of their implementation, an adaptation of the principles set forth in the Convention to the pre-existing domestic law, and not the opposite.

Here again, with this constant reference to domestic laws intrinsically linked to the ‘flexibility’ given to the Parties, one can only deplore the lack of harmonisation of the ‘measures’ which might be adopted in accordance with the Convention.

– the absence of an international oversight mechanism:

It is true that Article 26 of the Convention lays down the obligation for each Party to establish or designate one or more effective mechanisms to oversee compliance with the obligations of the Convention. However, once again, Parties are free to choose how they will implement such mechanisms, without any supervisory control at the international level. The Conference of Parties, composed of representatives of the Parties and established by Article 23 of the Convention, won’t have any monitoring powers. The only obligation foreseen is – in Article 24- a reporting obligation to the Conference of the Parties, within the first two years after the State concerned has become a Party. But after this first report, there is no indication on the periodicity of the reporting obligation.

Conclusion

Despite the continuous pressure from the civil society[29] and the interventions of the highest authorities in the field of human rights and data protection[30], the final outcome of the negotiations is a weak text, based on very general principles and obligations. Some of them are even under the level of the standards recognized in the framework of the Council of Europe, in the light of the European Convention on Human rights and the case law of the European Court of Human Rights, as well as of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. Moreover, their application won’t be consistent among the Parties, due to a variable-geometry scope and a considerable margin of manoeuvre left to the Parties to implement the Convention.

Why so many concessions, in the context of negotiations held under the umbrella of the Council of Europe, which presents itself as the ‘continent’s leading human rights organisation’? The answer of the Council of Europe representatives is: ‘global reach’. So, should the hope to see States which are not members of the Council of Europe ratify the Convention justify such a lack of ambition?

Yet it is not the first time that an international binding instrument negotiated in the framework of the Council of Europe allows for a fragmented application of its provisions: the Second Additional Protocol to the Convention on Cybercrime[31] already provided some sort of ‘pick and choose’ mechanism in several articles. However, what could be understood in the light of the fight against cybercrime, is more difficult to accept in the framework of a Convention aiming at protecting human rights, democracy and the rule of law in the context of artificial intelligence systems.

It is possible that the negotiators could not achieve a better result, in view of the positions expressed in particular by the United States, Canada, Japan and Israel. In that case, the Council of Europe would have been better advised either to be less ambitious and drop the aim of a ‘global reach’, or wait a few more years until the ripening of the maturation of all minds.

(*) EDPS official: This text is the sole responsibility of the author, and does not represent the official position of the EDPS

NOTES

[1] The Opinion adopted by the PACE on 18 April 2024 includes several proposals to improve the text. See https://pace.coe.int/en/files/33441/html

[2] See an article published in Euractiv on 31 Jan 2024 and updated on 15 Feb 2024:…(https://www.euractiv.com/section/artificial-intelligence/news/tug-of-war-continues-on-international-ai-treaty-as-text-gets-softened-further/ )

See also the open letter of the representatives of the civil society:

https://docs.google.com/document/d/19pwQg0r7g5Dm6_OlRvTAgBPGXaufZrNW/edit, and an article of M. Emilio de Capitani: The COE Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law. Is the Council of Europe losing its compass? https://free-group.eu/2024/03/04/the-coe-convention-on-artificial-intelligence-human-rights-democracy-and-the-rule-of-law-is-the-council-of-europe-losing-its-compass/

[3] USA, Canada, Japan, Israel.

[4] See an article issued in swissinfo.ch – https://www.swissinfo.ch/eng/foreign-affairs/ai-regulation-is-swiss-negotiator-a-us-stooge/73480128

[5] The terms of reference of the CAI explicitly refers to the establishment of a ‘binding legal instrument of a transversal character’.

[6] See, for instance, an article in Euractiv ‘EU prepares to push back on private sector carve-out from international AI treaty’ – https://www.euractiv.com/section/artificial-intelligence/news/eu-prepares-to-push-back-on-private-sector-carve-out-from-international-ai-treaty/

[7] National security and European case-law: Research Division of the European Court of Human Rights- https://rm.coe.int/168067d214

[8] Paragraph 33 of the explanatory report : ‘As regards paragraph 3, the wording reflects the intent of the Drafters to exempt research and development activities from the scope of the Framework Convention under certain conditions, namely that the artificial intelligence systems in question have not been made available for use, and that the testing and other similar activities do not pose a potential for interference with human rights, democracy and the rule of law. Such activities excluded from the scope of the Framework Convention should in any case be carried out in accordance with applicable human rights and domestic law as well as recognised ethical and professional standards for scientific research’.

[9] Paragraph 36 of the explanatory report.

[10] In its opinion of 18 April 2024 the PACE suggested to only envisage a restriction. See above note 1.

[11] Paragraph 14 of the explanatory report

[12] these principles are closely linked to freedom of expression and the right to free elections: see in particular Article 10 of the European Convention on Human Rights and Article 3 of Protocol 1

[13] See in particular Article 14 of the European Convention on Human Rights and Protocol 12,

[14] See in particular Article 8 of the European Convention on Human Rights and the case law of the European Court of Human Rights, as well as Article 1 of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.

[15] See in particular Article 13 of the European Convention on Human Rights.

[16] https://legalinstruments.oecd.org/en/instruments/oecd-legal-0449#mainText

[17] Paragraph 17 of the explanatory report.

[18] See Tyrer v United Kingdom 2 EHRR 1 at para. 31

[19] On 4 July 2023, the Third Section of the European Court of Human Rights delivered the first judgment on the compatibility of facial recognition technology with human rights in Glukhin v. Russia:

https://hudoc.echr.coe.int/eng#%22display%22:%5B2%5D,%22itemid%22:%5B%22001-225655%22%5D

[20] See Articles 14 and 86 of the AI Act – https://artificialintelligenceact.eu/the-act/

[21] ‘The Council of Europe’s road towards an AI Convention: taking stock’ by Peggy Valcke and Victoria Hendrickx, 9 February 2023: ‘Whereas the AI Act focuses on the digital single market and does not create new rights for individuals, the Convention might fill these gaps by being the first legally binding treaty on AI that focuses on democracy, human rights and the rule of law’. https://www.law.kuleuven.be/citip/blog/the-council-of-europes-road-towards-an-ai-convention-taking-stock/

[22] Article 12 of the Convention.

[23] Article 20 of the Convention.

[24] Article 25 of the Convention.

[25] Article 16.4 of the Convention.

[26] See Chapter II of the AI Act – https://artificialintelligenceact.eu/the-act/

[27] See Articles 4, 10, 11 et 15.

[28] See Articles 6 and 14.

[29] See in particular the open latter of 5 March 2024:

https://docs.google.com/document/d/19pwQg0r7g5Dm6_OlRvTAgBPGXaufZrNW/edit

[30] See the statement of the Council of Europe Commissioner for Human Rights:

https://www.coe.int/en/web/commissioner/-/ai-instrument-of-the-council-of-europe-should-be-firmly-based-on-human-rights

See also the EDPS statement in view of the 10th and last Plenary Meeting of the Committee on Artificial Intelligence (CAI) of the Council of Europe drafting the Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law: https://www.edps.europa.eu/press-publications/press-news/press-releases/2024/edps-statement-view-10th-and-last-plenary-meeting-committee-artificial-intelligence-cai-council-europe-drafting-framework-convention-artificial_en

[31] Second Additional Protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence- https://rm.coe.int/1680a49dab

The COE Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law. Is the Council of Europe losing its compass ?

by Emilio DE CAPITANI

When the Committee of Ministers of the Council of Europe decided at the end of 2021 to establish the Committee on Artificial Intelligence (CAI) with the mandate to elaborate a legally binding instrument of a transversal character in the field of artificial intelligence (AI), such initiative created a lot of hopes and expectations. For the first time, an international convention ‘based on the Council of Europe’s standards on human rights, democracy and the rule of law and other relevant international standards’ would regulate activities developed in the area of AI.

The mandate of the CAI was supposed to further build upon the work of the Ad Hoc Committee on Artificial Intelligence (CAHAI), which adopted its last report in December 2021, presenting ‘possible elements of a legal framework on artificial intelligence, based on the Council of Europe’s standards on human rights, democracy and the rule of law’. In this document, the CAHAI underlined the need for the future instrument to ‘focus on preventing and/or mitigating risks emanating from applications of AI systems with the potential to interfere with the enjoyment of human rights, the functioning of democracy and the observance of the rule of law, all the while promoting socially beneficial AI applications’. In particular, the CAHAI considered that the instrument should be applicable to the development, design and application of artificial intelligence (AI) systems, ‘irrespective of whether these activities are undertaken by public or private actors’, and that it should be underpinned by a risk-based approach. The risk classification should include ‘a number of categories (e.g., “low risk”, “high risk”, “unacceptable risk”), based on a risk assessment in relation to the enjoyment of human rights, the functioning of democracy and the observance of the rule of law’. According to the CAHAI, the instrument should also include ‘a provision aimed at ensuring the necessary level of human oversight over AI systems and their effects, throughout their lifecycles’.

So, a lot of hopes and expectations: some experts expressed the wish to see this new instrument as a way to complement, at least in the European Union, the future AI Act, seen as a regulation for the digital single market, setting aside the rights of the persons affected by the use of AI systems[1]. In its opinion of 20/2022 on the Recommendation for a Council Decision authorising the opening of negotiations on behalf of the European Union for this Council of Europe convention, the EDPS considered that it represented ‘an important opportunity to complement the proposed AI Act by strengthening the protection of fundamental rights of all persons affected by AI systems’. The EDPS advocated that the convention should provide ‘clear and strong safeguards for the persons affected by the use of AI systems’.

Alas, those hopes and expectations were quickly dampened by the way the negotiations were organised, and, above all, by the content of the future instrument itself.

1- the organisation of the negotiations: the non-member States leading, the civil society out

The objective to open the future instrument to States which are not members of the Council of Europe was with no doubt an excellent initiative, considering the borderless character of AI, and the need to regulate this technology worldwide. Indeed, as noted by the CAHAI in its above mentioned report ‘The various legal issues raised by the application of AI systems are not specific to the member States of the Council of Europe, but are, due to the many global actors involved and the global effects they engender, transnational in nature’. The CAHAI therefore recommended that the instrument, ‘though obviously based on Council of Europe standards, be drafted in such a way that it facilitates accession by States outside of the region that share the aforementioned standards’. So, yes on a global reach, but provided that the standards of the Council of Europe are fully respected.

However, the conditions under which those non-member States have participated in the negotiations need be looked at a little more: not only have they been part of the drafting group sessions unlike the representatives of the civil society, but it seems that from the start they have played a decisive role in the conduct of negotiations. According to a report published in Euractiv in January 2023[2], the US delegation opposed the publication of the first draft of the Convention (the ‘zero draft’), refusing to disclose its negotiating positions publicly to non-country representatives.

At the same time, the organisation of the negotiations has set aside the civil society groups, who were only allowed to intervene in the plenary sessions of the meetings, while the text was discussed and modified in the drafting sessions. The next and-in principle- last plenary meeting from the 11th to the 14th of March should start with a drafting session and will end with the plenary session, which implies that the civil society representatives will have less than 24 hours to have a look at the revised version of the convention -if they can receive it on time- and make their last comments, assuming that their voices were really heard during the negotiations.

Yet, representatives of the civil society and human rights institutions have done their utmost to play an active part in the negotiations. In an email to the participating States, they recalled that the decision to exclude them from the drafting group went ‘against the examples of good practice from the Council of Europe, the prior practice of the drafting of Convention 108+, and the CoE’s own standards on civil participation in political decision-making”[3]. During the 3rd Plenary meeting of 11-13 January 2023, they insisted on being part of the drafting sessions, but the Chair refused, as indicated in the list of decisions:

‘(…) –Take note of and consider the concerns raised by some Observers regarding the decision taken by the Committee at the occasion of its 2nd Plenary meeting to establish a Drafting Group to prepare the draft [Framework] Convention, composed of potential Parties to the [Framework] Convention and reporting to the Plenary.

– Not to revise the aforesaid decision, while underlining the need to ensure an inclusive and transparent negotiation process involving all Members, Participants and Observers and endorsing the Chair’s proposal for working methods in this regard’.[4]

Despite this commitment, the need of an ‘inclusive and transparent negotiation process’ has not been ensured in the light of the civil society statement of the 4th of July 2023, where again the authors ‘deeply regret(ted) that the negotiating States have chosen to exclude both civil society observers and Council of Europe member participants from the formal and informal meetings of the drafting group of the Convention. This undermines the transparency and accountability of the Council of Europe and is contrary to the established Council of Europe practice and the Committee on AI (CAI) own Terms of Reference which instructs the CAI to “contribute[…] to strengthening the role and meaningful participation of civil society in its work”.’[5]

The influence of non-member States has not been limited to the organisation of meetings. As detailed below, the American and Canadian delegations delegations, among others, threw their full weight behind the choice of systematically watering down the substance of the Convention.

2- A convention with no specific rights and very limited obligations

How should the mandate of the CAI be understood? According to the terms of reference, the Committee is instructed to ‘establish an international negotiation process and conduct work to finalise an appropriate legal framework on the development, design, use and decommissioning of artificial intelligence, based on the Council of Europe’s standards on human rights, democracy and the rule of law and other relevant international standards, and conducive to innovation, which can be composed of a binding legal instrument of a transversal character, including notably general common principles (…)’[6].

The objective of including in the convention ‘general common principles’ has been interpreted by the Chair literally, who considered that ‘the AI Convention will offer an underlying baseline of principles in how to handle the technology, on top of which individual governments can then build their own legislation to meet their own specific needs’[7]. Indeed, the last publicly available version -dated 18 December 2023- of the draft Convention only refers to ‘principles’ and not to specific rights[8], even those already existing in the framework of the Council of Europe and beyond. In the context of AI, though, one could have hoped the recognition of certain rights, as the right to human oversight and the right to explanation for AI based decisions.

Such a choice has been criticized by the civil society‘s representatives. In a public statement of the 4th of July 2023, they recalled that ‘while including general common principles for AI regulation as indicated in the CAI Terms of Reference, the Convention should respect the rights established by other Conventions and not reformulate them as mere principles’[9].

Unfortunately, the Convention, at least in the version of the 18th of December 2023, does not even expressly include the right to privacy and the right to the protection of personal data. Yet, if data are, as the Chair himself referred to, ‘the oil of the XX1st century’[10], the need to protect our rights in this area is critical.

If one compares the successive versions of the Convention which are publicly accessible, from the zero draft[11], to the version of the 18th of December, one can only deplore the constant watering down of its content. What about ‘prohibited artificial intelligence practices’ referred to in Article 14 of the zero draft? What about the definitions, which included in the zero draft the notion of ‘artificial intelligence subject’, defined as ‘any natural or legal person whose human rights and fundamental freedoms, legal rights or interests are impacted by decisions made or substantially informed by the application use of an artificial intelligence system’? What about a clear presentation of the risk-based approach, with a differentiation of measures to be applied in respect of artificial intelligence systems posing significant and unacceptable levels of risk (see articles 12 and 13 of the zero draft)?

Moreover, in the version of the 18th of December 2023, a number of obligations in principle imposed on Parties might become simple obligations of means, since the possible -or already accepted- wording would be that each party should ‘seek to ensure’ that adequate measures are in place. It is in particular the case in the article dedicated to the ‘integrity of democratic processes and respect for rule of law’, as well as in the article on ‘accountability and responsibility’ and even in the article on procedural safeguards, when persons are interacting with an artificial intelligence system without knowing it.

According to an article published in Euractiv on 31 Jan 2024 and updated on 15 Feb 2024, even the version of the 18th of December 2023 seems to have been watered down: ‘Entire provisions, such as protecting health and the environment, measures promoting trust in AI systems, and the requirement to provide human oversight for AI-driven decisions affecting people’s human rights, have been scrapped’[12].

3- The worse to come?

One crucial element of the Convention still needs to be discussed: its scope. Since the beginning of the negotiations, the USA and Canada, but also Japan and Israel, none of them members of the Council of Europe, have clearly indicated their wish to limit the scope of the instrument to activities within the lifecycle of artificial intelligence systems only undertaken by public authorities[13]. Moreover, national security and defence should also be out of the scope of the convention. The version of the 18th of December includes several wordings regarding the exemption of national security, which reflect different levels of exemption.

The issue of the scope has lead the representatives of the civil society to draft an open letter[14], signed by an impressive number of organisations calling on the EU and the State Parties negotiating the text of the Convention to equally cover the public and private sectors and to unequivocally reject blanket exemptions regarding national security and defence.

Today no one knows what the result of the last round of negotiations will be: it seems that the EU is determined to maintain its position in favour of the inclusion of the private sector in the scope of the Convention, while the Americans and Canadians might use the signature of the Convention as blackmail to ensure the exclusion of the private sector.

4- Who gains?

From the Council of Europe perspective, which is an organisation founded on the values of human rights, democracy and the rule of law. the first question that comes to mind is what are the expected results of the ongoing negotiations. Can the obsession to see the Americans sign the Convention justify such a weakened text, even with the private sector in its scope? What would be the gain for the Council of Europe and its member States, to accept a Convention which looks like a simple Declaration, not very far in fact from the Organisation for Economic Co-operation and Development’s Principles on AI[15]?

At this stage, it seems that neither the Americans nor the Canadians are ready to sign the Convention with the inclusion of the private sector, even if an opt-out clause were inserted in the text. The gamble of the Chair and the Secretariat to keep these two observer States on board at the price of excessive compromises might be lost at the end of the day. One should not forget that these States do not have voting rights in the Committee of Ministers.

The second question that comes to mind is why the Chair and the Secretariat of the CAI and, above them, those who lead the Council of Europe have made such a choice. Does it have a link with internal decisions to be taken in the next future, as regards the post of the General Secretary of the organisation, as well as the post of the Director General of Human Rights and Rule of Law? Does the nationality of the Chair have a role to play in this game? In any case, the future Convention might look like an empty shell, which might have more adverse effects than it seems prima facie, by legitimizing practices around the world which would be considered incompatible with the European standards.

NOTES

[1] See in particular ‘The Council of Europe’s road towards an AI Convention: taking stock’ by Peggy Valcke and Victoria Hendrickx, 9 February 2023: ‘Whereas the AI Act focuses on the digital single market and does not create new rights for individuals, the Convention might fill these gaps by being the first legally binding treaty on AI that focuses on democracy, human rights and the rule of law’. https://www.law.kuleuven.be/citip/blog/the-council-of-europes-road-towards-an-ai-convention-taking-stock/

[2] https://www.euractiv.com/section/digital/news/us-obtains-exclusion-of-ngos-from-drafting-ai-treaty/

[3] same article

[4] https://rm.coe.int/cai-2023-03-list-of-decisions/1680a9cc4f

[5] https://ecnl.org/sites/default/files/2023-07/CSO-COE-Statement_07042023_Website.pdf

[6] https://rm.coe.int/terms-of-reference-of-the-committee-on-artificial-intelligence-cai-/1680ade00f

[7] https://www.politico.eu/newsletter/digital-bridge/one-treaty-to-rule-ai-global-politico-transatlantic-data-deal/

[8] with the exception of ‘rights of persons with disabilities and of children’ in Article 18

[9] https://ecnl.org/sites/default/files/2023-07/CSO-COE-Statement_07042023_Website.pdf

[10] https://www.linkedin.com/pulse/data-oil-21st-century-ai-systems-engines-digital-thomas-schneider/

[11] https://www.statewatch.org/news/2023/january/council-of-europe-convention-on-artificial-intelligence-zero-draft-and-member-state-submissions/

[12] https://www.euractiv.com/section/artificial-intelligence/news/tug-of-war-continues-on-international-ai-treaty-as-text-gets-softened-further/

[13] same article