technology – European Area of Freedom Security & Justice

Why the European Parliament should reject (or substantially amend) the Commission’s proposal on EU Information Security (“INFOSEC”). (1) The issue of “classified information”

By Emilio De Capitani

1.Setting the scene of EU legal framework on access to documents and to confidential information before the Lisbon Treaty

To better understand why the Commission “INFOSEC” draft legislative proposal (2022/0084(COD) on information security shall be substantially amended, let’s recall what was before the Lisbon Treaty and of the Charter, the EU legal framework on access to documents, and notably of EU classified information. With the entry into force of the Amsterdam Treaty on May 1999 the EP and the Council have been under the obligation (art.255 TCE) of adopting in two years time new EU rules framing the individual right of access to documents by establishing at the same time “the general principles and limits of public interests” which may limit such right of access.(emphasis added).

Notwithstanding a rather prudent Commission’s legislative proposal the EP strongly advocated a stronger legal framework for access to documents, for legislative transparency and even for the treatment at EU level of information which, because of their content, should be treated confidentially (so called ,“sensitive” or “classified information”).

Needless to say “Sensitive” or “classified information” at Member States level, are deemed to protect “essential interests” of the State and, by law, are subject to a special parliamentary and judicial oversight regime.[1] As a consequence, at EU level, even after Lisbon, national classified information are considered an essential aspect of national security which “.. remains the sole responsibility of each Member State” (art. 4.2 TEU) and “..no Member State shall be obliged to supply information the disclosure of which it considers contrary to the essential interests of its security;”(art 346.1(a)TFEU.

However, if national classified information is shared at EU level as it is the case for EU internal or external security policies it shall be treated as for any other EU policy by complying with EU rules. Point is on what legal basis these rules should be founded. This issue came to the fore already in 2000 when the newly appointed Council Secretary General Xavier SOLANA negotiated with NATO a first interim agreement on the exchange of classified information. The agreement which mirrored at EU level the NATO Classification standards (“Confidential”, “Secret” and “Top Secret”) was founded on the Council internal organizational power but this “administrative” approach was immediately challenged before the Court of Justice by the a Member State (NL) [2]and by the European Parliament itself [3] which considered that the correct legal basis should had been the new legislation on access to documents foreseen by art 255 of TEC which was at the time under negotiation. The Council, at last, acknowledged that art.255 TEC on access to documents was right legal basis and a specific article (art.9[4]) was inserted in in Regulation 1049/01 implementing art.255 TEC and the EP and NL withdrew their applications before the CJEU[5].

Point is that Art.9 of Regulation 1049/01 still covers only the possible access by EU citizens and such access may be vetoed by the “originator” of the classified information. Unlike national legislation on classified information art.9 didn’t solved, unfortunately, for the lack of time, the issue of the democratic and judicial control by the European Parliament and by the Court of Justice to the EUCI. Art.9(7) of Regulation 1049/01 makes only a generic reference to the fact that “The Commission and the Council shall inform the European Parliament regarding sensitive documents in accordance with arrangements agreed between the institutions.” A transitional and partial solution has then been founded by negotiating Interinstitutional Agreements between the Council and the EP in 2002 [6]and in 2014 [7]and between the European Commission[8] in 2010.

Point is that interinstitutional agreements even if they may be binding (art.295 TFEU) they can only “facilitate” the implementation of EU law which, as described above, in the case of democratic and judicial control of classified information still does not exists. Not surprisingly, both the Council and the Commission Interinstitutional agreements consider that the “originator” principle should also be binding for the other EU institutions such as the European Parliament and the Court of Justice.

This situation is clearly unacceptable in an EU deemed to be democratic and bound by the rule of law as it create zones where not only the EU Citizens but also their Representatives may have no access because of “originator’s” veto. As result, in these situations the EU is no more governed by the rule of law but only by the “goodwill” of the former.

To make things even worse the Council established practice is to negotiate with third Countries and international organizations agreements [9]covering the exchange of confidential information by declaring that the other EU Institutions (such as the EP and the Court of Justice) should be considered “third parties” subject then to the “originator” principle.

Such situation has become kafkianesque with the entry into force of the Lisbon treaty which recognize now at primary law level the EP right to be “fully and timely” informed also on classified information exchanged during the negotiation of an international agreement[10]. Inexplicabily , fourtheen years since the entry into force of the Traty the European Parliament has not yet challenged before the Court of Justice these clearly unlawful agreements.

That Institutional problem kept apart, fact remains that until the presentation of the draft INFOSEC proposal none challenged the idea that in the EU the correct legal basis supporting the treatment also of classified information should be the same of access to documents which after the entry into force of the Lisbon treaty is now art.15.3 of the TFEU[11].

2 Why the Commission choice of art 298 TFEU as the legal basis for the INFOSEC proposal is highly questionable [12]

After the entry into force of the Lisbon Treaty and of the Charter the relation between the fundamental right of access to documents and the corresponding obligation of the EU administration of granting administrative transparency and disclose or not its information/documents has now been strengthened also because of art.52 of the EU Charter.

In an EU bound by the rule of law and by democratic principles, openness and the fundamental right of access should be the general rule and “limits” to such rights should be an exception framed only “by law”. As described above the correct legal basis for such “law” is art.15 of the TFEU which, as the former art.255 TEC, states that “General principles and limits on grounds of public or private interest..” may limit the right of access and the obligation of disclosing EU internal information / documents. Also from a systemic point of view “limits” to disclosure and to access are now covered by the same Treaty article which frames (in much stronger words than art 255 before Lisbon) the principles of “good governance”(par 1), of legislative transparency (par 2) and of administrative transparency (par 3).

Such general “Transparency” rule is worded as following: “1. In order to promote good governance and ensure the participation of civil society, the Union institutions, bodies, offices and agencies shall conduct their work as openly as possible.(..) Each institution, body, office or agency shall ensure that its proceedings are transparent and shall elaborate in its own Rules of Procedure specific provisions regarding access to its documents, in accordance with the regulations referred to in the second subparagraph.”

Bizarrely, the European Commission has chosen for the INFOSEC regulation art.298 TFEU on an open, independent and efficient EU administration by simply ignoring art.15 TFEU and by making an ambiguous reference to the fact that INFOSEC should be implemented “without prejudice” of the pre-Lisbon Regulation 1049/01 dealing with access to documents and administrative transparency. How a “prejudice” may not exist when both Regulations are overlapping and INFOSEC Regulation is upgrading the Council Internal Security rules at legislative level is a challenging question.

It is indeed self evident that both the INFOSEC Regulation and Regulation 1049/01 deal with the authorized/unauthorised “disclosure” of EU internal information/documents.

Such overlapping of the two Regulations is even more striking for the treatment EU Classified information (EUCI) as these information are covered both by art. 9 of Regulation 1049/01 and now by articles 18 to 58 and annexes II to VI of the INFOSEC Regulation.

As described above, Art 255 TCE has since Lisbon been replaced and strengthened by art 15 TFEU so that the Commission proposal of replacing it with art.298 TFEU looks like a “detournement de procedure” which may be challenged before the Court for almost the same reasons already raised in 2000 by the EP and by NL. It would then been sensible to relaunch the negotiations on the revision of Regulation 1049 in the new post-Lisbon perspective but the Commission has decided this year to withdraw the relevant legislative procedure. Submitting a legislative proposal such INFOSEC promoting overall confidentiality and withdrawing at the same time a legislative proposal promoting transparency seems a rather Commission’s strong message to the public.

3 Does the INFOSEC proposal grant a true security for EU internal information?

Point is that European administrative transparency is now a fundamental right of the individual enshrined in the Charter (Article 42).The protection of administrative data is one of the aspects of the “duty” of good administration enshrined in Article 41 of the Charter which stipulates that every person has the right of access to their file, “with due regard for the legitimate interests of confidentiality and professional and business secrecy.”

However Art.298 TFEU is not the legal basis framing professional secrecy. It is only a provision on the functioning of the institutions and bodies which, “in carrying out their tasks … [must be based] on an “open” European administration”[13] and is not an article intended to ensure the protection of administrative documents.

This objective is better served by other legal basis of the Treaties.

First of all, protecting the archives of EU institutions and bodies from outside interference is, even before being a legitimate interest, an imperative condition laid down by the Treatiesand the related 1965 Protocol on the Privileges and Immunities of the Union adopted on the basis of the current Article 343 TFEU. Articles 1 and 2 of that Protocol stipulate that the premises and buildings of the Union, as well as its archives, “shall be inviolable.”

Furthermore, in order to ensure that, in the performance of their duties, officials are obliged to protect the documents of their institutions, Article 17 of the Staff Regulations stipulates that

1. Officials shall refrain from any unauthorized disclosure of information coming to their knowledge in the course of their duties, unless such information has already been made public or is accessible to the public.

Again, (as for Regulation 1049/01), the INFOSEC regulation reinstate that it should be applied “without prejudice” of the Staff Regulation by so mirroring the second paragraph of art.298 TFEU which states that itself states that it should be implemented “in accordance with the Staff Regulations and the rules adopted on the basis of Article 336.” So, also from this second perspective, the correct legal basis for INFOSEC could be the Article 339 (on professional secrecy) and 336 TFEU, with the consequent amendment of the Staff Regulations by means of a legislative regulation of the Parliament and the Council.

By proposing a legislative regulation on the basis of Article 298, the Commission therefore circumvents both the obligation imposed by Article 336, art 339 (on professional secrecy) and, more importantly of Article 15(3) TFEU, according to which each institution or body “..shall ensure (i.e., must ensure) the transparency of its proceedings [and therefore also their protection from external interference] and shall lay down in its rules of procedure specific provisions concerning access to its documents [and therefore also concerning their protection], in accordance with the regulations referred to in the second subparagraph.”(NDR currently Regulation 1049/01)

The objectives set out in Article 298 cannot therefore override the requirements of protecting the fundamental right of access to documents, nor those of Article 15 TFEU which could be considered the “center of gravity”when several legal basis are competing [14].

The same applies to compliance with the regulation establishing the Statute and, in particular, compliance with Article 17 thereof, cited above.

Ultimately, the provisions on the legislative procedure for Union legislative acts are not at the disposal of the Commission, given that administrative transparency is a fundamental right and the protection of documents is a corollary thereof and not a means of functioning of the institutions. Administrative transparency is a fundamental right of every person; the protection of administrative data is a legitimate interest of every administration.

A ”public” interest that can certainly limit the right of access, but only under the conditions established by the legislator of art 15 TFEU and only by the latter.

4. Conclusions

If a recommendation may be made now to the co-legislators is to avoid illusionary shortcuts such as the current Commission proposal whose real impact on the EU administrative “bubble” is far to be clear[15] . The EU Legislator, since the entry into force of the Lisbon Treaty more than fourteen years ago is faced to much more pressing problems.

What is mostly needed is not inventing several layers of illusionary “protection” of the EU information but framing the administrative procedures by law as suggested several times by the European Parliament and by the multiannual endeavor of brilliant scholars focusing on the EU Administrative law[16].

What matters is that the management and the access to EU information should be framed by law and not depend from the goodwill of the administrative author or the receiver as proposed by the INFOSEC Regulation. Nor information security is strengthened transforming each one of the 64 EU “entities” covered by the INFOSEC Regulation [17] in sand-boxes where the information is shared only with the people who, according to the “originator” has a “need to know” and not a “right to know”.

Moreover the EU should limit and not generalize the power for each one of the 64 EU entities of create “classified” information (EUCI). In this perspective art.9 of Regulation 1049/01 needs indeed a true revision but in view of the new EU Constitutional framework and of the new institutional balance arising from the Lisbon treaty and of the Charter.

Fourtheen years after Lisbon the democratic oversight of the European Parliament and the judicial control of the Court of Justice on classified documents , shall be granted by EU law as it is the case in most of the EU Countriesand not by interinstitutional agreements which maintain the “Originator” against these institutions in violation of the rule of law principle as well as of the EU institutional balance.

Could still be acceptable fourteen years after the entry into force of the Lisbon Treaty that the European Parliament and the Court of justice are not taken in account in the dozens of international agreements by which the Council frame the exchange of EUCI with third countries and international organizations?

Instead of dealing with these fundamental issues the European Commission in its 67 pages proposal makes no reference to 24 years of experience in the treatment of classified information and prefer dragging the co-legislators in Kafkian debates dealing with “sensitive but not classified information” or on the strange idea by which documents should marked “public” by purpose and not by their nature (by so crossing the line separating public transparency from public propaganda).

But all that been said, it is not the Commission which will be responsible before the Citizens (and the European Court) for badly drafted legislation. It will be the European Parliament and the Council which shall now take their responsibility. They can’t hide behind the Commission unwillingness to deal with substantive issues (as well as with other aspects of legislative and administrative transparency) ; if the Council also prefer maintain the things as they were before Lisbon it is up to the European Parliament to take the lead and establish a frank discussion with the other co-legislator and verify if there is the will of fixing the real growing shortcomings in the EU administrative “Bubble”.

Continuing with the negotiations on the current version of the INFOSEC proposal notably on the complex issue of classified information paves the way to even bigger problems which (better soon than later) risk to be brought as in 2000 on the CJEU table.

[1] According to the Venice Commission “.. at International and national level access to classified documents is restricted by law to a particular group of persons. A formal security clearance is required to handle classified documents or access classified data. Such restrictions on the fundamental right of access to information are permissible only when disclosure will result in substantial harm to a protected interest and the resulting harm is greater than the public interest in disclosure. Danger is that if authorities engage in human rights violations and declare those activities state secrets and thus avoid any judicial oversight and accountability. Giving bureaucrats new powers to classify even more information will have a chilling effect on freedom of information – the touchstone freedom for all other rights and democracy – and it may also hinder the strive towards transparent and democratic governance as foreseen since Lisbon by art.15.1 of TFEU (emphasis added) The basic fear is that secrecy bills will be abused by authorities and that they lead to wide classification of information which ought to be publicly accessible for the sake of democratic accountability. Unreasonable secrecy is thus seen as acting against national security as “it shields incompetence and inaction, at a time that competence and action are both badly needed”. (…) Authorities must provide reasons for any refusal to provide access to information. The ways the laws are crafted and applied must be in a manner that conforms to the strict requirements provided for in the restriction clauses of the freedom of information provisions in the ECHR and the ICCPR.”

[2] Action brought on 9 October 2000 by the Kingdom of the Netherlands against the Council of the European Union (Case C-369/00) (2000/C 316/37)

[3] Action brought on 23 October 2000 by the European Parliament against the Council of the European Union (Case C-387/00) (2000/C 355/31) LINK chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:C2000/355/31

[4] Regulation 1049/01 Article 9”Treatment of sensitive documents

1. Sensitive documents are documents originating from the institutions or the agencies established by them, from Member States, third countries or International Organisations, classified as “TRÈS SECRET/TOP SECRET”, “SECRET” or “CONFIDENTIEL” in accordance with the rules of the institution concerned, which protect essential interests of the European Union or of one or more of its Member States in the areas covered by Article 4(1)(a), notably public security, defence and military matters.

2. Applications for access to sensitive documents under the procedures laid down in Articles 7 and 8 shall be handled only by those persons who have a right to acquaint themselves with those documents. These persons shall also, without prejudice to Article 11(2), assess which references to sensitive documents could be made in the public register.

3. Sensitive documents shall be recorded in the register or released only with the consent of the originator.

4. An institution which decides to refuse access to a sensitive document shall give the reasons for its decision in a manner which does not harm the interests protected in Article 4.

5. Member States shall take appropriate measures to ensure that when handling applications for sensitive documents the principles in this Article and Article 4 are respected.

6. The rules of the institutions concerning sensitive documents shall be made public.

7. The Commission and the Council shall inform the European Parliament regarding sensitive documents in accordance with arrangements agreed between the institutions.

[5] Notice for the OJ.Removal from the register of Case C-387/00¹By order of 22 March 2002 the President of the Court of Justice of the European Communities ordered the removal from the register of Case C-387/00: European Parliament v Council of the European Union. OJ C 355 of 09.12.2000.

[6] Interinstitutional Agreement of 20 November 2002 between the European Parliament and the Council concerning access by the European Parliament to sensitive information of the Council in the field of security and defence policy (OJ C 298, 30.11.2002, p. 1).

[7] According to the Interinstitutional Agreement of 12 March 2014 between the European Parliament and the Council concerning the forwarding to and handling by the European Parliament of classified information held by the Council on matters other than those in the area of the common foreign and security policy (OJ C 95, 1.4.2014, pp. 1–7) “4. The Council may grant the European Parliament access to classified information which originates in other Union institutions, bodies, offices or agencies, or in Member States, third States or international organisations only with the prior written consent of the originator.”

[8] According to annex III point 5 of the Framework Agreement on relations between the European Parliament and the European Commission (OJ L 304, 20.11.2010, pp. 47–62) In the case of international agreements the conclusion of which requires Parliament’s consent, the Commission shall provide to Parliament during the negotiation process all relevant information that it also provides to the Council (or to the special committee appointed by the Council). This shall include draft amendments to adopted negotiating directives, draft negotiating texts, agreed articles, the agreed date for initialling the agreement and the text of the agreement to be initialled. The Commission shall also transmit to Parliament, as it does to the Council (or to the special committee appointed by the Council), any relevant documents received from third parties, subject to the originator’s consent. The Commission shall keep the responsible parliamentary committee informed about developments in the negotiations and, in particular, explain how Parliament’s views have been taken into account.”

[9] SEE : Agreements on the security of classified information Link : https://eur-lex.europa.eu/EN/legal-content/summary/agreements-on-the-security-of-classified-information.html

[10] Article 218.10 TFUE states clearly that “The European Parliament shall be immediately and fully informed at all stages of the procedure” when the EU is negotiating international agreements even when the agreements “relates exclusively or principally to the common foreign and security policy,” (art.218.3 TFUE).

[11] Interestingly reference to art.15 of the TFEU is also made in the EP-Council 2014 Interinstitutional Agreement on access to classified information (not dealing with External Defence) See point 15 : This Agreement is without prejudice to existing and future rules on access to documents adopted in accordance with Article 15(3) TFEU; rules on the protection of personal data adopted in accordance with Article 16(2) TFEU; rules on the European Parliament’s right of inquiry adopted in accordance with third paragraph of Article 226 TFEU; and relevant provisions relating to the European Anti-Fraud Office (OLAF)

[12] However this legal basis was fit for another legislative proposal, of a more technical nature, which has now become EU Regulation 2023/2841 layng down measures for a high common level of cybersecurity for the institutions, bodies, offices and agencies of the Union. This Regulation apply at EU administrative level the principles established for the EU Member States by Directive (EU) 2022/2555 (²) improving the cyber resilience and incident response capacities of public and private entities. It created an Interinstitutional Cybersecurity Board ( IICB) and a Computer Emergency Response Team (CERT) which operationalizes the standards defined by the IICB and interact with the other EU Agencies (such as the EU Agency dealing with informatic security, Enisa), the corresponding structures in the EU Member States and even the NATO structures. It may be too early to evaluate if the Regulation is fit for its purpose ([12]) but the general impression is that its new common and cooperative system of alert and mutual support between the EU Institutions, Agencies and bodies may comply with the letter and spirit of art.298 of the TFEU

[13] Quite bizarrely this “open” attribute is not cited in the INFOSEC proposal and, even more strangely, none of the EU institutions has until now consulted the EU Ombudsman and/or the Fundamental Rights Agency.

[14] See Case C-338/01 Commission of the European Communities v Council of the European Union(Directive 2001/44/EC – Choice of legal basis)“The choice of the legal basis for a Community measure must rest on objective factors amenable to judicial review, which include in particular the aim and the content of the measure. If examination of a Community measure reveals that it pursues a twofold purpose or that it has a twofold component and if one of these is identifiable as the main or predominant purpose or component whereas the other is merely incidental, the act must be based on a single legal basis, namely that required by the main or predominant purpose or component. By way of exception, if it is established that the measure simultaneously pursues several objectives which are inseparably linked without one being secondary and indirect in relation to the other, the measure must be founded on the corresponding legal bases…”

[15] Suffice to cite the following legal disclaimer :”This Regulation is without prejudice to Regulation (Euratom) No 3/1958 17 , Regulation No 31 (EEC), 11 (EAEC), laying down the Staff Regulations of Officials and the Conditions of Employment of other servants of the European Economic Community and the European Atomic Energy Community 18 , Regulation (EC) 1049/2001 of the European Parliament and of the Council 19 , Regulation (EU) 2018/1725 of the European Parliament and of the Council 20 , Council Regulation (EEC, EURATOM) No 354/83 21 , Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council 22 , Regulation (EU) 2021/697 of the European Parliament and of the Council 23 , Regulation (EU) [2023/2841] of the European Parliament and of the Council 24 laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union.

[16] See ReNEUAL Model Rules on EU Administrative Procedure. ReNEUAL working groups have developed a set of model rules designed as a draft proposal for binding legislation identifying – on the basis of comparative research – best practices in different specific policies of the EU, in order to reinforce general principles of EU law

https://www.reneual.eu/projects-and-publications/reneual-1-0

[17] The Council has listed not less than 64 EU entities (EU Institutions Agencies and Bodies – EUIBAs) in document WK8535/2023

AI liability rules: a blocked horizon?

By Michèle Dubrocard[1]

February 2025

Today, no one challenges the potential benefits offered by AI for individuals and society in general, but also the existence of serious risks, some of them already identified, others likely to emerge. Let’s have in mind the conclusions of the first International AI Safety Report[2] which, focusing on general-purpose AI, recognizes that ‘there is a wide range of possible outcomes even in the near future, including both very positive and very negative ones, as well as anything in between’.

So, when the European Commission issued on 28 September 2022 its Proposal for a Directive on adapting non-contractual civil liability rules to artificial intelligence (AI Liability Directive- AILD), it raised a lot of hope among all those concerned about the potentially harmful consequences of the use of AI systems. These hopes were confirmed by the objective expressed in the explanatory memorandum of the Proposal, namely ‘ensuring victims of damage caused by AI obtain equivalent protection to victims of damage caused by products in general’[3].

More specifically, the Commission seemed determined to take into due consideration the imbalance between the providers and deployers on the one hand, and the affected persons on the other. Indeed, referring to Member States’ general fault-based liability rules, Recital 3 of the Proposal recognizes that ‘when AI is interposed between the act or omission of a person and the damage, the specific characteristics of certain AI systems, such as opacity, autonomous behaviour and complexity, may make it excessively difficult, if not impossible, for the injured person to meet this burden of proof’.

Alas, the rules proposed by the Commission did not meet the expectations raised by the announced objective (I). Even worse, the Commission seems to have definitively shelved its project (II), leaving the door open to what it itself had criticized: the co-existence within the EU of ‘27 different liability regimes, leading to different levels of protection and distorted competition among businesses from different Member States’[4].

I- A disappointing Proposal

The Proposal of the Commission did not challenge the choice of a fault-based regime, but instead mainly focused on two rules, aiming at alleviating the burden of proof, which remains on the victim. What are these two rules?

– The disclosure of evidence:

According to Article 3(1) of the Proposal, a court may order the disclosure of relevant evidence about specific high-risk AI systems that are suspected of having caused damage. However, the requests should be supported by ‘facts and evidence sufficient to establish the plausibility of the contemplated claim for damages’ and the requested evidence should be at the addressees’ disposal. Article 3(3) provides that the preservation of such evidence may also be ordered by the court.

However, the disclosure may be ordered by a court only to ‘that which is necessary and proportionate to support a potential claim or a claim for damages and the preservation to that which is necessary and proportionate to support such a claim for damages’. Article 3(4) specifies that ‘the legitimate interests of all parties’ must be considered by the court, when determining whether an order for the disclosure or preservation of evidence is proportionate. Moreover, the person who has been ordered to disclose or to preserve the evidence must benefit appropriate procedural remedies in response to such orders.

Article 3(5) introduces a presumption of non-compliance with a duty of care: when, in a claim for damages, the defendant fails to comply with an order by a national court to disclose or to preserve evidence at its disposal, the national court shall presume the defendant’s non-compliance with a relevant duty of care. That presumption remains rebuttable.

– The presumption of causal link in the case of fault:

Article 4 of the Proposal provides, under certain conditions, a presumption of a causal link between the fault of the defendant and the output produced by the AI system or the failure of the AI system to produce an output, that gave rise to the relevant damage.

However, the claimant has to prove the fault of the defendant, consisting in the non-compliance with a duty of care laid down in Union or national law directly intended to protect against the damage that occurred. He/she also has to prove that the AI system gave rise to the damage. There is another condition, related to the likelihood, based on the circumstances of the case, of the fault’s influence on the output produced by the AI system or the failure of the AI system to produce an output.

Moreover, the presumption shall not be applied if the defendant demonstrates that sufficient evidence and expertise is reasonably accessible for the claimant to prove the causal link. At last, in the case of a claim for damages concerning an AI system that is not a high-risk AI system, the presumption shall only apply where the national court considers it excessively difficult for the claimant to prove the causal link. Here also, the presumption is rebuttable.

– The limitations of the rules:

It follows from these provisions that the impact of the two rules laid down in the Proposal is limited by numerous conditions. In particular, the new mechanism of disclosure of evidence would be limited only to high-risk AI systems. Similarly, the presumption of causal link would mainly apply to high-risk AI systems, except where, according to the national judges, it would be excessively difficult for the claimant to prove the causal link.

In any case, the Proposal is based on a fault-based liability regime, which means that victims would still have to prove the fault or negligence of the AI system provider, or deployer. As noted by the EDPS in its own-initiative opinion[5] of 11 October 2023, ‘meeting such a requirement may be particularly difficult in the context of AI systems, where risks of manipulation, discrimination, and arbitrary decisions will be certainly occurring’, even when the providers and deployers have prima facie complied with their duty of care as defined by the AI Act.

In order to overcome these proof-related difficulties, several solutions have been proposed. BEUC, the European Consumer Organisation, has recommended introducing a reversal of the burden of proof[6], in order to allow the consumers to only have to prove the damage they suffered and the involvement of an AI system. A more nuanced approach has been suggested by an expert, aiming at differentiating between AI systems, whether they are high-risk or not, and general-purpose AI systems: providers and deployers of high-risk AI systems would be subjected to ‘truly strict liability’, while SMEs and non-high-risk AI systems should only be subjected to rebuttable presumptions of fault and causality[7]. In the same vein, the European Parliament considered in 2020 that it seemed ‘reasonable to set up a common strict liability regime for (…) high-risk autonomous AI-systems’. As regards other AI systems, the European Parliament also considered that ‘affected persons should nevertheless benefit from a presumption of fault on the part of the operator who should be able to exculpate itself by proving it has abided by its duty of care’[8].

The Commission itself has acknowledged, in its impact assessment report, that ‘the specific characteristics of the AI-system could make the victim’s burden of proof prohibitively difficult or even impossible to meet’, and has evoked different approaches, among which the reversal of the burden of proof. As a sign of its hesitation, the Commission has introduced in the Proposal the possibility to review the directive five years after the end of the transposition period, in particular in order to ‘evaluate the appropriateness of no-fault liability rules for claims against the operators of certain AI systems, as long as not already covered by other Union liability rules, and the need for insurance coverage, while taking into account the effect and impact on the roll-out and uptake of AI systems, especially for SMEs’[9].

II- The withdrawal of the Proposal

On 11 February 2025, the Commission decided to withdraw the Proposal, on the grounds that there was ‘no foreseeable agreement’, and that the Commission would ‘assess whether another proposal should be tabled or another type of approach should be chosen’[10].

This decision caught the European Parliament’s rapporteur on the Proposal, Axel Voss (PPE), by surprise, who stated that the scrapping of the rules would mean ‘legal uncertainty, corporate power imbalances, and a Wild West approach to AI liability that benefits only Big Tech’[11].

On the other hand, the decision of the Commission is reported to have satisfied both the Council and the private sector. In particular, France’s Permanent Representation would have indicated that it saw no reason to impose additional liability requirements on AI providers[12].

How can such a situation be explained?

It is true that the AI liability initiative launched by the Commission on 28 September 2022 was also composed of another Proposal, aiming at updating the Directive on liability for defective products (PLD). The new directive, which now includes software and digital manufacturing files within the definition of product, and expands the notion of compensable damage to include the destruction or corruption of data, came into force on 8 December 2024.

However, the scope of the revised PLD is limited: it only provides compensation for material losses resulting from death, personal injury, damages to property and loss or corruption of data (Article 6 PLD). In particular, damage stemming from a violation of a fundamental right without any material loss is not covered by this directive, but should have been covered by the AI liability directive. The draft AILD aimed at covering ‘national liability claims mainly based on the fault of any person with a view of compensating any type of damage and any type of victim’[13].

The loopholes of the PLD have also been underlined by the complementary impact assessment required by the JURI Committee, to which the file had been attributed in the European Parliament. The study[14], published on 19 September 2024, underlines: ‘However, the PLD presents notable gaps, especially in areas such as protection against discrimination, personality rights, and coverage for professionally used property. It also lacks measures for addressing pure economic loss and sustainability harms, as well as damage caused by consumers, which are contingent on Member State laws. These limitations underscore the necessity for adopting the AILD (…)’.

Thus, in the light of the complementary impact assessment, it appears that the recent adoption of the revised PLD cannot compensate the withdrawal of the proposed AILD. Moreover, as stressed by the first International AI Safety Report, the specific characteristics of general-purpose AI systems make legal liability hard to determine:

‘The fact that general-purpose AI systems can act in ways that were not explicitly programmed or intended by their developers or users raises questions about who should be held liable for resulting harm’[15] .

Conclusion:

Against this background, today the European citizens are left with a ‘fragmented patchwork of 27 different national legal systems’[16], most of them relying on a fault-based regime, which is not able to respond to all the challenges posed by AI systems, and in particular to general-purpose AI systems.

The withdrawal of the proposed AILD is only one element of the Commission’s plan aiming at ‘simplifying rules and effective implementation’[17], which enlists 37 withdrawn proposals in total.

The fact that the final 2025 work programme of the Commission -with the addition of the withdrawal of the AILD- was published just after the AI Act Summit, held in Paris on 10-11 February, may be a simple coincidence. However, it should be noted that the Statement[18] issued after the AI Summit does not refer to the issue of liability nor to the risks of AI systems, except in the context of information.

As observed by Anupriya Datta and Théophane Hartmann in Euractiv, ‘In this context, withdrawing the AI liability directive can be understood as a strategic manoeuvre by the EU to present an image of openness to capital and innovation, to show it prioritises competitiveness and show goodwill to the new US administration’[19].

The final word may not have been spoken, yet. On 18 February, the Members of the European Parliament’s Internal Market and Consumer Protection Committee (IMCO) voted to keep working on liability rules for artificial intelligence products, despite the European Commission’s intention to withdraw the proposal[20].

[1] The opinions expressed in this article are the author’s own and do not necessarily represent the views of the EDPS

[2] International Scientific Report on the Safety of Advanced AI January 2025

[3] COM(2022) 496 final, page 2

[4] COM(2022) 496 final, page 6

[5] EDPS Opinion 42/2023 on the Proposals for two Directives on AI liability rules, 11 October 2023, par. 33

[6] Proposal for an AI liability Directive, BEUC position paper, page 12.

[7] The European AI liability directives – Critique of a half-hearted approach and lessons for the future-Philipp Hacker, page 49.

[8] European Parliament resolution of 20 October 2020 with recommendations to the Commission on a civil liability regime for artificial intelligence (2020/2014(INL)), par. 14 and 20.

[9] Article 5 of the Proposal.

[10] Annexes to the Communication from the Commission to the European Parliament, the Council, the European, Economic and Social Committee and the Committee of the Regions- Commission work programme 2025, page 26.

[11] Euractiv ‘Commission plans to withdraw AI Liability Directive draw mixed reactions’, 12 February 2025.

[12] Ibidem.