l  In an effort to address the emerging security risks posed by the use of Artificial Intelligence (AI), the European Union has been developing the “Artificial Intelligence Act” since 2021. The proposed act aims to regulate AI applications through a risk-based approach, featuring pre-market requirements and post-market surveillance for high-risk AI systems. Phase I of the present study presents an overview of the draft AI Act, followed by an impact assessment for the relevant domestic sector.

l  The results of the impact assessment indicate that the EU’s AI Act has a greater impact on businesses involved in high-risk AI applications. Accordingly, ensuring compliance with EU’s transparency requirements is necessary during the early stage of development. Additionally, the regulatory compliance requirements in the proposed regulation might hamper innovation and interrupt development and implementation efforts by AI system providers. However, the draft Act is also likely to generate a demand for AI regulation specialists. While details on implementation of the EU AI Act are still under discussion, it is important to monitor key regulatory development such as scope of application, transparency obligations, and their impact on SMEs.

l  The EU’s proposed new Machinery Regulation will classify software that provides a safety function and AI-integrated machinery as “potentially high-risk products,” which will require a third-party certification of conformity before entering the EU market. The new regulation also requires manufacturers to identify safety risks arising from the product’s learning and autonomous behavior. The new law adds new EHSR on cybersecurity, designed to enhance the cybersecurity features of control systems and prevent machinery safety being compromised by malicious third-party alterations or network attacks.

l  The impact assessment further suggests that the stricter third-party verification requirements, risk assessment and post-market safety data collection obligations imposed for AI and software products with a safety function under the new EU Machinery Regulation will increase the cost of robot products, management expenses, and delay the time of product launch. As a result, the EU should publish the texts early before the implementation and give businesses sufficient time to respond. Additionally, the new legislation promotes using electronic records of conformity declaration and validation information, with some businesses concerned that producing paperless validation information requires equipment and operational process adjustment by their upstream and downstream suppliers. They may also need to maintain both paper-based and digital workflows at the same time.

l  In phase II of this study, industry reports and expert interviews were analyzed, leading to the following conclusions: AI application providers’ primary concern is whether their AI systems under development and in use are classified as high-risk under the AI Act. Regarding the EU’s draft Machinery Regulation, key areas of industry concern include official determination of AI use in a product’s safety function, classification of high-risk machinery and pre-market third-party validation requirements, allocation of responsibilities between system providers and system integrators under the new legislation, and the capacity of EU notified bodies.

l  As Taiwan and EU gear up for an Industrial Policy Dialogue on robotics, phase II of the present study proposed the following recommendations for the Dialogue:

²  Include “ways the EU could assist businesses in clarifying the scope of regulatory applicability” as a discussion topic;

²  Conduct case studies to explore how the EU determines use of AI in a product’s safety function; inquire about the progress of discussions in the European Parliament (or internally) regarding the definition of safety functions.

²  Inquire about whether there have been discussions on actual cases of substantial modifications during the regulatory development process. If so, request the EU to provide relevant information to help clarify the regulatory responsibilities of system providers and system integrators.

²  Inquire whether the EU has initiated an evaluation of the progress and capacity of qualified notified bodies, and if there will be measures in place to ensure adequate capacity.