Federated Learning and AI Regulation in the European Union: Who is Responsible? -- An Interdisciplinary Analysis

TL;DR

This paper examines the legal responsibilities of stakeholders in federated learning within the EU AI regulation framework, highlighting technical challenges and proposing strategies for responsibility allocation.

Contribution

It provides an interdisciplinary analysis clarifying stakeholder roles in federated learning under EU law and discusses technical challenges for practical implementation.

Findings

Federated Learning enables secure AI training across data siloes.

Clients and servers share legal responsibilities in FL.

Strategies for shifting responsibilities to server operators are discussed.

Abstract

The European Union Artificial Intelligence Act mandates clear stakeholder responsibilities in developing and deploying machine learning applications to avoid substantial fines, prioritizing private and secure data processing with data remaining at its origin. Federated Learning (FL) enables the training of generative AI Models across data siloes, sharing only model parameters while improving data security. Since FL is a cooperative learning paradigm, clients and servers naturally share legal responsibility in the FL pipeline. Our work contributes to clarifying the roles of both parties, explains strategies for shifting responsibilities to the server operator, and points out open technical challenges that we must solve to improve FL's practical applicability under the EU AI Act.