Human Oversight of Artificial Intelligence and Technical Standardisation

TL;DR

This paper examines the role of human oversight in AI regulation, focusing on legal and technical standards, especially within the European AI Act, and discusses its implications for AI governance.

Contribution

It analyzes the interplay between legal requirements and technical standards for human oversight in AI, highlighting their impact on regulatory governance and AI accountability.

Findings

European AI Act mandates human oversight for high-risk AI systems

Standardisation is called upon to specify implementation details

Different governance models emerge depending on legal or technical framing

Abstract

The adoption of human oversight measures makes it possible to regulate, to varying degrees and in different ways, the decision-making process of Artificial Intelligence (AI) systems, for example by placing a human being in charge of supervising the system and, upstream, by developing the AI system to enable such supervision. Within the global governance of AI, the requirement for human oversight is embodied in several regulatory formats, within a diversity of normative sources. On the one hand, it reinforces the accountability of AI systems' users (for example, by requiring them to carry out certain checks) and, on the other hand, it better protects the individuals affected by the AI-based decision (for example, by allowing them to request a review of the decision). In the European context, the AI Act imposes obligations on providers of high-risk AI systems (and to some extent also on professional users of these systems, known as deployers), including the introduction of human oversight tools throughout the life cycle of AI systems, including by design (and their implementation by deployers). The EU legislator is therefore going much further than in the past in "spelling out" the legal requirement for human oversight. But it does not intend to provide for all implementation details; it calls on standardisation to technically flesh out this requirement (and more broadly all the requirements of section 2 of chapter III) on the basis of article 40 of the AI Act. In this multi-level regulatory context, the question of the place of humans in the AI decision-making process should be given particular attention. Indeed, depending on whether it is the law or the technical standard that sets the contours of human oversight, the "regulatory governance" of AI is not the same: its nature, content and scope are different. This analysis is at the heart of the contribution made (or to be made) by legal experts to the central reflection on the most appropriate regulatory governance -- in terms of both its institutional format and its substance -- to ensure the effectiveness of human oversight and AI trustworthiness.