Proposal Would Make Luxembourg Lead Privacy Watchdog for EU AI Act
Luxembourg's National Data Protection Commission (CNPD) and other sectoral regulators would oversee enforcing compliance with the EU AI Act under draft legislation pending in the country's parliament, Pinsent Mason lawyers reported. CNPD would be the lead authority.
Sign up for a free preview to unlock the rest of this article
Among other things, the privacy watchdog would supervise AI systems in cases where the systems aren't subject to existing sectoral regulation. The measure has Luxembourg's banking, insurance and medicine regulators, among others, playing important roles in supervising AI use by businesses where that use falls under their existing responsibilities.
The Luxembourg Regulatory Institute would supervise businesses that deploy "high risk" AI systems and that also operate essential or key services under the national law that adopts the EU's second Network and Information Security Directive.
The impetus for making CNPD the lead authority came from parliamentary discussions that made clear a large amount of data that AI systems process will be personal data, and that most AI practices covered by the AI Act involve the use of personal data, wrote technology attorney Aurelie Caillard.
The draft also discusses sanctions powers for the CNPD and the other national authorities to use in enforcing compliance. It proposes giving authorities power to set penalties of up to $36 million (35 million euros), or 7% of a company's total global annual revenue during the preceding financial year, for breaches of the rules governing banned AI practices; $15.5 million, or 3% of turnover, for other violations around AI use; and $7.7 million for providing authorities with incorrect information.