AI law: the French EU presidency wants “proportional” fines and an extension of deadlines

The French Presidency of the Council of the EU has made a series of proposals regarding the application of EU law on artificial intelligence (AI), in a new compromise text seen by EURACTIV.

This new text is the latest in a series of compromises presented by France, at the head of the EU Council until the end of June. Before the end of its presidency, Paris aims to present a progress report summarizing the progress made on this file to the Telecom Council on June 3.

The new document makes significant changes to the sanctions regime, the timing of the regulation, the confidentiality requirements for oversight bodies and the delegated powers of the European Commission.

The text is to be reviewed by the working group “Telecommunications” of the Council of the EU on Thursday (5 May).


The article on sanctions has been amended to also take into account the size of companies, not only small companies and start-ups, but also medium-sized companies.

The highest fines were limited to illegal use of prohibited practices, such as social rating or manipulative algorithms, since the reference to obligations to return training datasets (training data sets) representative and unbiased has been removed.

For these more serious infringements, SMEs and start-ups could be fined up to 3% of their annual turnover or €30 million, whichever is higher. For all other companies, the maximum fine would reach 6% of annual turnover.

However, given the wording “highest amount”the lower cap would only apply to SMEs and start-ups with a market capitalization above €1 billion.

For all other infringements of the Regulation, the penalties for a company would be 4% of annual turnover, except for start-ups or SMEs, for which they would be 3%, or 20 million euros, the the highest amount being retained. Penalties for providing incomplete or misleading information have not been changed.

A new paragraph has been added indicating that sanctions imposed by the market surveillance authority must be subject to appropriate procedural safeguards, including judicial remedies.

Application deadline

The deadline for the application of the regulation has been extended from two to three years after its entry into force “to give Member States more time to prepare for effective implementation and businesses more time to adapt”.

The deadline for Member States to set up competent national authorities and notified bodies responsible for assessing conformity has also been extended from three to twelve months.


Confidentiality requirements for information and data obtained in the application of this regulation have been extended to the Commission, the council of national authorities and anyone involved in the implementation. Confidentiality must be ensured by technical and organizational measures.

Previously, the confidentiality rule only applied to notified bodies, the organizations responsible for verifying that certain AI systems comply with the regulation before they are placed on the market.

“The wording is based on a similar GDPR provision”explained the presidency in the accompanying note, referring to EU data protection law.

Delegated authorities and reviews

How much power to give to the European Commission in the form of secondary legislation, i.e. laws created by the executive, is a recurring point of contention between the co-legislators, with the Council of the EU normally doing pressure to give the Commission less independence.

The text now includes a “sunset clause” on the power of the Commission to adopt delegated acts, which is no longer indefinite but limited to five years from the entry into force of the regulation.

By this deadline, the Commission will have to provide a report on the use of its delegated powers, which would be automatically extended, unless the European Parliament or the Council objects.

France also proposes an extension of the deadline in terms of evaluation and revision of the annexes, which are critical parts of the regulation.

Annex I, which includes the definition of AI systems, and Annex III, which includes the list of high-risk AI systems, must be reviewed every two years until the delegation powers end .

In this part of the text, the French Presidency has not made any changes to the administrative fines that the European Data Protection Supervisor could impose on EU bodies for breaches of the Regulation, secondary legislation and amendments associated legislation.

We would like to say thanks to the author of this post for this outstanding material

AI law: the French EU presidency wants “proportional” fines and an extension of deadlines

Find here our social media profiles as well as other pages that are related to them.