Official Journal
of the European Union
EN
Uradni list
Evropske unije
SL
REGULATION (EU) 2024/1689 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
UREDBA (EU) 2024/1689 EVROPSKEGA PARLAMENTA IN SVETA
laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act)
o določitvi harmoniziranih pravil o umetni inteligenci in spremembi uredb (ES) št. 300/2008, (EU) št. 167/2013, (EU) št. 168/2013, (EU) 2018/858, (EU) 2018/1139 in (EU) 2019/2144 ter direktiv 2014/90/EU, (EU) 2016/797 in (EU) 2020/1828 (Akt o umetni inteligenci)
(Text with EEA relevance)
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
EVROPSKI PARLAMENT IN SVET EVROPSKE UNIJE STA –
Having regard to the Treaty on the Functioning of the European Union, and in particular Articles 16 and 114 thereof,
ob upoštevanju Pogodbe o delovanju Evropske unije ter zlasti členov 16 in 114 Pogodbe,
Having regard to the proposal from the European Commission,
ob upoštevanju predloga Evropske komisije,
After transmission of the draft legislative act to the national parliaments,
po posredovanju osnutka zakonodajnega akta nacionalnim parlamentom,
Having regard to the opinion of the European Economic and Social Committee (1),
ob upoštevanju mnenja Evropskega ekonomsko-socialnega odbora (1),
Having regard to the opinion of the European Central Bank (2),
ob upoštevanju mnenja Evropske centralne banke (2),
Having regard to the opinion of the Committee of the Regions (3),
ob upoštevanju mnenja Odbora regij (3),
Acting in accordance with the ordinary legislative procedure (4),
v skladu z rednim zakonodajnim postopkom (4),
ob upoštevanju naslednjega:
(1)
The purpose of this Regulation is to improve the functioning of the internal market by laying down a uniform legal framework in particular for the development, the placing on the market, the putting into service and the use of artificial intelligence systems (AI systems) in the Union, in accordance with Union values, to promote the uptake of human centric and trustworthy artificial intelligence (AI) while ensuring a high level of protection of health, safety, fundamental rights as enshrined in the Charter of Fundamental Rights of the European Union (the ‘Charter’), including democracy, the rule of law and environmental protection, to protect against the harmful effects of AI systems in the Union, and to support innovation. This Regulation ensures the free movement, cross-border, of AI-based goods and services, thus preventing Member States from imposing restrictions on the development, marketing and use of AI systems, unless explicitly authorised by this Regulation.
(1)
Namen te uredbe je izboljšati delovanje notranjega trga z določitvijo enotnega pravnega okvira, predvsem za razvoj, dajanje na trg, dajanje v uporabo ter za uporabo umetnointeligenčnih sistemov (v nadaljnjem besedilu: sistemi UI) v Uniji, v skladu z vrednotami Unije, da bi spodbujali uvajanje na človeka osredotočene in zaupanja vredne umetne inteligence (UI) in hkrati zagotovili visoko raven varovanja zdravja, varnosti in temeljnih pravic, kot so določene v Listini Evropske unije o temeljnih pravicah (v nadaljnjem besedilu: Listina), vključno z demokracijo, pravno državo in varstvom okolja, za zaščito pred škodljivimi učinki sistemov UI v Uniji ter da bi podpirali inovacije. S to uredbo se zagotavlja prosti čezmejni pretok blaga in storitev, ki temeljijo na umetni inteligenci, s čimer se državam članicam preprečuje, da bi uvedle omejitve za razvoj, trženje in uporabo sistemov UI, razen če je to izrecno dovoljeno s to uredbo.
(2)
This Regulation should be applied in accordance with the values of the Union enshrined as in the Charter, facilitating the protection of natural persons, undertakings, democracy, the rule of law and environmental protection, while boosting innovation and employment and making the Union a leader in the uptake of trustworthy AI.
(2)
To uredbo bi bilo treba uporabljati v skladu z vrednotami Unije, zapisanimi v Listini, kar bi olajšalo varstvo fizičnih oseb, podjetij, demokracije, pravne države in varstva okolja, hkrati pa spodbujalo inovacije in zaposlovanje ter Uniji zagotovilo vodilno vlogo pri uvajanju zaupanja vredne UI.
(3)
AI systems can be easily deployed in a large variety of sectors of the economy and many parts of society, including across borders, and can easily circulate throughout the Union. Certain Member States have already explored the adoption of national rules to ensure that AI is trustworthy and safe and is developed and used in accordance with fundamental rights obligations. Diverging national rules may lead to the fragmentation of the internal market and may decrease legal certainty for operators that develop, import or use AI systems. A consistent and high level of protection throughout the Union should therefore be ensured in order to achieve trustworthy AI, while divergences hampering the free circulation, innovation, deployment and the uptake of AI systems and related products and services within the internal market should be prevented by laying down uniform obligations for operators and guaranteeing the uniform protection of overriding reasons of public interest and of rights of persons throughout the internal market on the basis of Article 114 of the Treaty on the Functioning of the European Union (TFEU). To the extent that this Regulation contains specific rules on the protection of individuals with regard to the processing of personal data concerning restrictions of the use of AI systems for remote biometric identification for the purpose of law enforcement, of the use of AI systems for risk assessments of natural persons for the purpose of law enforcement and of the use of AI systems of biometric categorisation for the purpose of law enforcement, it is appropriate to base this Regulation, in so far as those specific rules are concerned, on Article 16 TFEU. In light of those specific rules and the recourse to Article 16 TFEU, it is appropriate to consult the European Data Protection Board.
(3)
Sisteme UI je mogoče zlahka uporabljati v številnih različnih gospodarskih in družbenih sektorjih, tudi čezmejno, in lahko enostavno krožijo po vsej Uniji. Nekatere države članice so že preučile možnost sprejetja nacionalnih predpisov, s katerimi bi zagotovile, da je UI zaupanja vredna in varna ter da se razvija in uporablja v skladu z obveznostmi glede temeljnih pravic. Različna nacionalna pravila lahko povzročijo razdrobljenost notranjega trga in zmanjšajo pravno varnost za operaterje, ki razvijajo, uvažajo ali uporabljajo sisteme UI. Zato bi bilo treba zagotoviti dosledno in visoko raven varstva po vsej Uniji, da bi dosegli zaupanja vredno UI in hkrati preprečili razlike, ki ovirajo prosti pretok, inovacije, uvajanje in uporabo sistemov UI ter z njimi povezanih proizvodov in storitev na notranjem trgu, in sicer z določitvijo enotnih obveznosti za operaterje ter zagotovitvijo enotnega varstva prevladujočih razlogov javnega interesa in pravic oseb na notranjem trgu na podlagi člena 114 Pogodbe o delovanju Evropske unije (PDEU). Kolikor ta uredba vključuje posebna pravila o varstvu posameznikov pri obdelavi osebnih podatkov v zvezi z omejitvami uporabe sistemov UI za biometrično identifikacijo na daljavo za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, uporabe sistemov UI za ocene tveganja fizičnih oseb za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj ter uporabe sistemov UI za biometrično kategorizacijo za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, je primerno, da ta uredba, kar zadeva ta posebna pravila, temelji na členu 16 PDEU. Glede na ta posebna pravila in sklicevanje na člen 16 PDEU se je primerno posvetovati z Evropskim odborom za varstvo podatkov.
(4)
AI is a fast evolving family of technologies that contributes to a wide array of economic, environmental and societal benefits across the entire spectrum of industries and social activities. By improving prediction, optimising operations and resource allocation, and personalising digital solutions available for individuals and organisations, the use of AI can provide key competitive advantages to undertakings and support socially and environmentally beneficial outcomes, for example in healthcare, agriculture, food safety, education and training, media, sports, culture, infrastructure management, energy, transport and logistics, public services, security, justice, resource and energy efficiency, environmental monitoring, the conservation and restoration of biodiversity and ecosystems and climate change mitigation and adaptation.
(4)
UI je hitro razvijajoča se skupina tehnologij, ki prispeva k številnim gospodarskim, okoljskim in družbenim koristim v celotnem spektru panog in družbenih dejavnosti. Uporaba UI lahko z izboljšanjem napovedi, optimizacijo delovanja in dodeljevanja virov ter po meri prilagojenimi digitalnimi rešitvami, ki so na voljo posameznikom in organizacijam, zagotavlja ključne konkurenčne prednosti za podjetja ter podpira družbeno in okoljsko koristne rezultate, na primer na področju zdravstvenega varstva, kmetijstva, varnosti hrane, izobraževanja in usposabljanja, medijev, športa, kulture, upravljanja infrastrukture, energije, prometa in logistike, javnih storitev, varnosti, pravosodja, učinkovite rabe virov in energije, okoljskega spremljanja, ohranjanja in obnovitve biotske raznovrstnosti in ekosistemov ter blažitve podnebnih sprememb in prilagajanja nanje.
(5)
At the same time, depending on the circumstances regarding its specific application, use, and level of technological development, AI may generate risks and cause harm to public interests and fundamental rights that are protected by Union law. Such harm might be material or immaterial, including physical, psychological, societal or economic harm.
(5)
Hkrati lahko UI – odvisno od okoliščin v zvezi z njenim posebnim namenom, uporabo in ravnjo tehnološkega razvoja – povzroča tveganja ter škodi javnim interesom in temeljnim pravicam, ki jih varuje pravo Unije. Ta škoda je lahko premoženjska ali nepremoženjska, vključno s fizično, psihično, družbeno ali ekonomsko škodo.
(6)
Given the major impact that AI can have on society and the need to build trust, it is vital for AI and its regulatory framework to be developed in accordance with Union values as enshrined in Article 2 of the Treaty on European Union (TEU), the fundamental rights and freedoms enshrined in the Treaties and, pursuant to Article 6 TEU, the Charter. As a prerequisite, AI should be a human-centric technology. It should serve as a tool for people, with the ultimate aim of increasing human well-being.
(6)
Glede na velik vpliv, ki ga lahko ima UI na družbo, in potrebo po vzpostavitvi zaupanja je bistveno, da se UI in njen regulativni okvir razvijata v skladu z vrednotami Unije iz člena 2 Pogodbe o Evropski uniji (PEU), temeljnimi pravicami in svoboščinami, ki so zapisane v Pogodbah, in, na podlagi člena 6 PEU, v Listini. Osnovni pogoj za UI bi moral biti, da je to tehnologija, osredotočena na človeka. Morala bi biti orodje za ljudi, končni cilj pa bi moral biti povečanje njihove blaginje.
(7)
In order to ensure a consistent and high level of protection of public interests as regards health, safety and fundamental rights, common rules for high-risk AI systems should be established. Those rules should be consistent with the Charter, non-discriminatory and in line with the Union’s international trade commitments. They should also take into account the European Declaration on Digital Rights and Principles for the Digital Decade and the Ethics guidelines for trustworthy AI of the High-Level Expert Group on Artificial Intelligence (AI HLEG).
(7)
Da bi zagotovili dosledno in visoko raven zaščite javnih interesov v zvezi z zdravjem, varnostjo in temeljnimi pravicami, bi bilo treba določiti skupna pravila za visokotvegane sisteme UI. Ta pravila bi morala biti skladna z Listino, nediskriminatorna in v skladu z mednarodnimi trgovinskimi zavezami Unije. Treba bi bilo upoštevati tudi Evropsko deklaracijo o digitalnih pravicah in načelih za digitalno desetletje ter Etične smernice za zaupanja vredno umetno inteligenco strokovne skupine na visoki ravni za umetno inteligenco (AI HLEG).
(8)
A Union legal framework laying down harmonised rules on AI is therefore needed to foster the development, use and uptake of AI in the internal market that at the same time meets a high level of protection of public interests, such as health and safety and the protection of fundamental rights, including democracy, the rule of law and environmental protection as recognised and protected by Union law. To achieve that objective, rules regulating the placing on the market, the putting into service and the use of certain AI systems should be laid down, thus ensuring the smooth functioning of the internal market and allowing those systems to benefit from the principle of free movement of goods and services. Those rules should be clear and robust in protecting fundamental rights, supportive of new innovative solutions, enabling a European ecosystem of public and private actors creating AI systems in line with Union values and unlocking the potential of the digital transformation across all regions of the Union. By laying down those rules as well as measures in support of innovation with a particular focus on small and medium enterprises (SMEs), including startups, this Regulation supports the objective of promoting the European human-centric approach to AI and being a global leader in the development of secure, trustworthy and ethical AI as stated by the European Council (5), and it ensures the protection of ethical principles, as specifically requested by the European Parliament (6).
(8)
Da bi spodbujali razvoj, uporabo in uvajanje UI na notranjem trgu, je torej potreben pravni okvir Unije, v katerem bodo določena harmonizirana pravila o umetni inteligenci in bo hkrati zagotovljena visoka raven zaščite javnih interesov, kot so zdravje in varnost ter varstvo temeljnih pravic, vključno z demokracijo, pravno državo in varstvom okolja, kot je priznano in zaščiteno s pravom Unije. Za dosego tega cilja bi bilo treba določiti pravila, s katerimi bo urejeno dajanje nekaterih sistemov UI na trg in v uporabo ter njihova uporaba, s čimer bo zagotovljeno nemoteno delovanje notranjega trga in bo omogočeno, da se v okviru teh sistemov izkoristi načelo prostega pretoka blaga in storitev. Ta pravila bi morala biti jasna in robustna glede varstva temeljnih pravic, morala bi podpirati nove inovativne rešitve in omogočati delovanje evropskega ekosistema javnih in zasebnih akterjev, ki ustvarjajo sisteme UI v skladu z vrednotami Unije, ter uresničevati potencial digitalne preobrazbe v vseh regijah Unije. Z določitvijo teh pravil in ukrepov v podporo inovacijam s posebnim poudarkom na malih in srednjih podjetjih (MSP), vključno s zagonskimi podjetji, ta uredba podpira cilj spodbujanja evropskega na človeka osredotočenega pristopa k umetni inteligenci in vodilnega položaja v svetu pri razvoju varne, zaupanja vredne in etične UI, kot je navedeno v sklepih Evropskega sveta (5), in zagotavlja zaščito etičnih načel v skladu z izrecno zahtevo Evropskega parlamenta (6).
(9)
Harmonised rules applicable to the placing on the market, the putting into service and the use of high-risk AI systems should be laid down consistently with Regulation (EC) No 765/2008 of the European Parliament and of the Council (7), Decision No 768/2008/EC of the European Parliament and of the Council (8) and Regulation (EU) 2019/1020 of the European Parliament and of the Council (9) (New Legislative Framework). The harmonised rules laid down in this Regulation should apply across sectors and, in line with the New Legislative Framework, should be without prejudice to existing Union law, in particular on data protection, consumer protection, fundamental rights, employment, and protection of workers, and product safety, to which this Regulation is complementary. As a consequence, all rights and remedies provided for by such Union law to consumers, and other persons on whom AI systems may have a negative impact, including as regards the compensation of possible damages pursuant to Council Directive 85/374/EEC (10) remain unaffected and fully applicable. Furthermore, in the context of employment and protection of workers, this Regulation should therefore not affect Union law on social policy and national labour law, in compliance with Union law, concerning employment and working conditions, including health and safety at work and the relationship between employers and workers. This Regulation should also not affect the exercise of fundamental rights as recognised in the Member States and at Union level, including the right or freedom to strike or to take other action covered by the specific industrial relations systems in Member States as well as the right to negotiate, to conclude and enforce collective agreements or to take collective action in accordance with national law. This Regulation should not affect the provisions aiming to improve working conditions in platform work laid down in a Directive of the European Parliament and of the Council on improving working conditions in platform work. Moreover, this Regulation aims to strengthen the effectiveness of such existing rights and remedies by establishing specific requirements and obligations, including in respect of the transparency, technical documentation and record-keeping of AI systems. Furthermore, the obligations placed on various operators involved in the AI value chain under this Regulation should apply without prejudice to national law, in compliance with Union law, having the effect of limiting the use of certain AI systems where such law falls outside the scope of this Regulation or pursues legitimate public interest objectives other than those pursued by this Regulation. For example, national labour law and law on the protection of minors, namely persons below the age of 18, taking into account the UNCRC General Comment No 25 (2021) on children’s rights in relation to the digital environment, insofar as they are not specific to AI systems and pursue other legitimate public interest objectives, should not be affected by this Regulation.
(9)
Harmonizirana pravila, ki se uporabljajo za dajanje visokotveganih sistemov UI na trg ali v uporabo ter za njihovo uporabo, bi bilo treba določiti skladno z Uredbo (ES) št. 765/2008 Evropskega parlamenta in Sveta (7), Sklepom št. 768/2008/ES Evropskega parlamenta in Sveta (8) ter Uredbo (EU) 2019/1020 Evropskega parlamenta in Sveta (9) (v nadaljnjem besedilu: novi zakonodajni okvir). Harmonizirana pravila, določena v tej uredbi, bi bilo treba uporabljati v vseh sektorjih, hkrati pa v skladu z novim zakonodajnim okvirom ne bi smela posegati v veljavno pravo Unije, zlasti pravo o varstvu podatkov, varstvu potrošnikov, temeljnih pravicah, zaposlovanju in varstvu delavcev ter varnosti proizvodov, ki ga ta uredba dopolnjuje. Posledično ostanejo nespremenjeni in se v celoti uporabljajo vse pravice in pravna sredstva, ki jih takšno pravo Unije zagotavlja potrošnikom in drugim osebam, na katere bi lahko sistemi UI negativno vplivali, tudi v zvezi z nadomestilom morebitne škode na podlagi Direktive Sveta 85/374/EGS (10). Poleg tega ta uredba v okviru zaposlovanja in zaščite delavcev ne bi smela vplivati na pravo Unije o socialni politiki in nacionalno delovno pravo, ki je skladno s pravom Unije, v zvezi z zaposlovanjem in delovnimi pogoji, vključno z zdravjem in varnostjo pri delu ter razmerjem med delodajalci in delavci. Tudi ne bi smela vplivati na uveljavljanje temeljnih pravic, ki so priznane v državah članicah in na ravni Unije, vključno s pravico do stavke ali drugih ukrepov, zajetih v specifičnih sistemih odnosov med delodajalci in delojemalci v posameznih državah članicah, ter na pravico do pogajanj, sklepanja in izvrševanja kolektivnih pogodb ali do kolektivnih ukrepov v skladu z nacionalnim pravom. Ta uredba ne bi smela vplivati na določbe za izboljšanje delovnih pogojev pri platformnem delu iz direktive Evropskega parlamenta in Sveta o izboljšanju delovnih pogojev pri platformnem delu. Namen te uredbe je tudi okrepiti učinkovitost takih obstoječih pravic in pravnih sredstev z določitvijo posebnih zahtev in obveznosti, tudi glede preglednosti, tehnične dokumentacije in vodenja evidenc sistemov UI. Poleg tega bi bilo treba obveznosti, naložene različnim operaterjem, vključenim v verigo vrednosti UI na podlagi te uredbe, uporabljati brez poseganja v nacionalno pravo, ki je skladno s pravom Unije in katerega učinek je omejitev uporabe nekaterih sistemov UI, kadar tako pravo ne spada na področje uporabe te uredbe ali je namenjeno uresničevanju legitimnih ciljev v javnem interesu, ki niso cilji iz te uredbe. Ta uredba na primer ne bi smela vplivati na nacionalno delovno pravo in pravo o varstvu mladoletnikov, tj. oseb, mlajših od 18 let, ob upoštevanju Splošne pripombe št. 25 KZNOP (2021) o otrokovih pravicah v zvezi z digitalnim okoljem, če se to pravo ne nanaša posebej na sisteme UI in je namenjeno uresničevanju drugih legitimnih ciljev v javnem interesu.
(10)
The fundamental right to the protection of personal data is safeguarded in particular by Regulations (EU) 2016/679 (11) and (EU) 2018/1725 (12) of the European Parliament and of the Council and Directive (EU) 2016/680 of the European Parliament and of the Council (13). Directive 2002/58/EC of the European Parliament and of the Council (14) additionally protects private life and the confidentiality of communications, including by way of providing conditions for any storing of personal and non-personal data in, and access from, terminal equipment. Those Union legal acts provide the basis for sustainable and responsible data processing, including where data sets include a mix of personal and non-personal data. This Regulation does not seek to affect the application of existing Union law governing the processing of personal data, including the tasks and powers of the independent supervisory authorities competent to monitor compliance with those instruments. It also does not affect the obligations of providers and deployers of AI systems in their role as data controllers or processors stemming from Union or national law on the protection of personal data in so far as the design, the development or the use of AI systems involves the processing of personal data. It is also appropriate to clarify that data subjects continue to enjoy all the rights and guarantees awarded to them by such Union law, including the rights related to solely automated individual decision-making, including profiling. Harmonised rules for the placing on the market, the putting into service and the use of AI systems established under this Regulation should facilitate the effective implementation and enable the exercise of the data subjects’ rights and other remedies guaranteed under Union law on the protection of personal data and of other fundamental rights.
(10)
Temeljna pravica do varstva osebnih podatkov je zajamčena zlasti z uredbama (EU) 2016/679 (11) in (EU) 2018/1725 (12) Evropskega parlamenta in Sveta ter Direktivo (EU) 2016/680 Evropskega parlamenta in Sveta (13). Direktiva 2002/58/ES Evropskega parlamenta in Sveta (14) poleg tega varuje zasebno življenje in zaupnost komunikacij, vključno z zagotavljanjem pogojev za shranjevanje osebnih in neosebnih podatkov na terminalski opremi in za dostop do teh podatkov z nje. Navedeni pravni akti Unije so podlaga za vzdržno in odgovorno obdelavo podatkov, tudi kadar nabori podatkov vključujejo kombinacijo osebnih in neosebnih podatkov. Namen te uredbe ni vplivati na uporabo veljavnega prava Unije, ki ureja obdelavo osebnih podatkov, med drugim tudi ne na naloge in pooblastila neodvisnih nadzornih organov, pristojnih za spremljanje skladnosti s temi instrumenti. Uredba tudi ne vpliva na obveznosti ponudnikov in uvajalcev sistemov UI v njihovi vlogi upravljavcev ali obdelovalcev podatkov, ki izhaja iz prava Unije ali nacionalnega prava o varstvu osebnih podatkov, če zasnova, razvoj ali uporaba sistemov UI vključuje obdelavo osebnih podatkov. Prav tako je treba pojasniti, da posamezniki, na katere se nanašajo osebni podatki, še naprej uživajo vse pravice in jamstva, ki jim jih podeljuje tovrstno pravo Unije, tudi pravice, povezane izključno z avtomatiziranim sprejemanjem posameznih odločitev, vključno z oblikovanjem profilov. Harmonizirana pravila za dajanje sistemov UI na trg ali v uporabo ter za njihovo uporabo, ki so določena na podlagi te uredbe, bi morala olajšati učinkovito izvajanje in omogočiti uveljavljanje pravic posameznikov, na katere se nanašajo osebni podatki, in drugih pravnih sredstev, zagotovljenih na podlagi prava Unije o varstvu osebnih podatkov in drugih temeljnih pravic.
(11)
This Regulation should be without prejudice to the provisions regarding the liability of providers of intermediary services as set out in Regulation (EU) 2022/2065 of the European Parliament and of the Council (15).
(11)
Ta uredba ne bi smela posegati v določbe o odgovornosti ponudnikov posredniških storitev iz Uredbe (EU) 2022/2065 Evropskega parlamenta in Sveta (15).
(12)
The notion of ‘AI system’ in this Regulation should be clearly defined and should be closely aligned with the work of international organisations working on AI to ensure legal certainty, facilitate international convergence and wide acceptance, while providing the flexibility to accommodate the rapid technological developments in this field. Moreover, the definition should be based on key characteristics of AI systems that distinguish it from simpler traditional software systems or programming approaches and should not cover systems that are based on the rules defined solely by natural persons to automatically execute operations. A key characteristic of AI systems is their capability to infer. This capability to infer refers to the process of obtaining the outputs, such as predictions, content, recommendations, or decisions, which can influence physical and virtual environments, and to a capability of AI systems to derive models or algorithms, or both, from inputs or data. The techniques that enable inference while building an AI system include machine learning approaches that learn from data how to achieve certain objectives, and logic- and knowledge-based approaches that infer from encoded knowledge or symbolic representation of the task to be solved. The capacity of an AI system to infer transcends basic data processing by enabling learning, reasoning or modelling. The term ‘machine-based’ refers to the fact that AI systems run on machines. The reference to explicit or implicit objectives underscores that AI systems can operate according to explicit defined objectives or to implicit objectives. The objectives of the AI system may be different from the intended purpose of the AI system in a specific context. For the purposes of this Regulation, environments should be understood to be the contexts in which the AI systems operate, whereas outputs generated by the AI system reflect different functions performed by AI systems and include predictions, content, recommendations or decisions. AI systems are designed to operate with varying levels of autonomy, meaning that they have some degree of independence of actions from human involvement and of capabilities to operate without human intervention. The adaptiveness that an AI system could exhibit after deployment, refers to self-learning capabilities, allowing the system to change while in use. AI systems can be used on a stand-alone basis or as a component of a product, irrespective of whether the system is physically integrated into the product (embedded) or serves the functionality of the product without being integrated therein (non-embedded).
(12)
Pojem „sistem UI“ v tej uredbi bi moral biti jasno opredeljen in tesno usklajen z delom mednarodnih organizacij, ki se ukvarjajo z UI, da bi zagotovili pravno varnost, olajšali mednarodno zbliževanje in široko sprejemanje ter hkrati zagotovili prožnost, ki bo omogočala prilagajanje hitremu tehnološkemu razvoju na tem področju. Poleg tega bi morala opredelitev temeljiti na ključnih značilnostih sistemov UI, po katerih se razlikuje od enostavnejših tradicionalnih sistemov programske opreme ali programskih pristopov, in ne bi smela vključevati sistemov, ki temeljijo na pravilih, ki jih za samodejno izvajanje operacij opredelijo izključno fizične osebe. Ključna značilnost sistemov UI je njihova sposobnost sklepanja. Ta sposobnost sklepanja se nanaša na proces pridobivanja izhodnih podatkov, kot so napovedi, vsebina, priporočila ali odločitve, ki lahko vplivajo na fizično in virtualno okolje, ter na sposobnost sistemov UI, da izpeljejo modele ali algoritme ali oboje iz vhodnih vrednosti ali podatkov. Tehnike, ki omogočajo sklepanje pri vzpostavljanju sistema UI, vključujejo pristope strojnega učenja, ki se tega, kako doseči določene cilje, učijo iz podatkov, ter pristope, ki temeljijo na logiki in znanju ter izhajajo iz kodiranega znanja ali simbolične predstavitve naloge, ki jo je treba rešiti. Zmogljivost sistema UI za sklepanje presega osnovno obdelavo podatkov z omogočanjem učenja, prihajanja do zaključkov ali modeliranja. Izraz „temelječ na napravah“ se nanaša na dejstvo, da sisteme UI poganjajo stroji. Sklicevanje na eksplicitne ali implicitne cilje poudarja, da lahko sistemi UI delujejo v skladu z eksplicitnimi ali implicitnimi cilji. Cilji sistema UI se lahko v posebnih okoliščinah razlikujejo od predvidenega namena sistema UI. Za namene te uredbe bi bilo treba okolja razumeti kot kontekste, v katerih delujejo sistemi UI, medtem ko izhodni podatki, ki jih ustvari sistem UI, odražajo različne funkcije, ki jih opravljajo sistemi UI, in vključujejo napovedi, vsebine, priporočila ali odločitve. Sistemi UI so zasnovani tako, da delujejo z različnimi stopnjami avtonomije, kar pomeni, da so do neke mere neodvisni od človeškega sodelovanja in zmožni delovati brez človeškega posredovanja. Prilagodljivost, ki bi jo sistem UI lahko pokazal po uvedbi, se nanaša na sposobnosti samoučenja, ki omogočajo, da se sistem med uporabo spremeni. Sistemi UI se lahko uporabljajo samostojno ali kot komponenta določenega proizvoda, ne glede na to, ali je sistem fizično integriran v proizvod (vgrajen) ali služi funkcionalnosti proizvoda, ne da bi bil vanj integriran (nevgrajen).
(13)
The notion of ‘deployer’ referred to in this Regulation should be interpreted as any natural or legal person, including a public authority, agency or other body, using an AI system under its authority, except where the AI system is used in the course of a personal non-professional activity. Depending on the type of AI system, the use of the system may affect persons other than the deployer.
(13)
Pojem „uvajalec“ iz te uredbe bi bilo treba razlagati kot vsako fizično ali pravno osebo, vključno z javnim organom, agencijo ali drugim telesom, ki uporablja sistem UI pod svojo pristojnostjo, razen kadar se sistem UI uporablja v okviru osebne nepoklicne dejavnosti. Glede na vrsto sistema UI lahko uporaba sistema vpliva na osebe, ki niso uvajalec.
(14)
The notion of ‘biometric data’ used in this Regulation should be interpreted in light of the notion of biometric data as defined in Article 4, point (14) of Regulation (EU) 2016/679, Article 3, point (18) of Regulation (EU) 2018/1725 and Article 3, point (13) of Directive (EU) 2016/680. Biometric data can allow for the authentication, identification or categorisation of natural persons and for the recognition of emotions of natural persons.
(14)
Pojem „biometrični podatki“, ki se uporablja v tej uredbi, bi bilo treba razlagati glede na pojem biometričnih podatkov, kot je opredeljen v členu 4, točka 14, Uredbe (EU) 2016/679, členu 3, točka 18, Uredbe (EU) 2018/1725 in členu 3, točka 13, Direktive (EU) 2016/680. Biometrični podatki lahko omogočijo avtentikacijo, identifikacijo ali kategorizacijo fizičnih oseb in prepoznavanje njihovih čustev.
(15)
The notion of ‘biometric identification’ referred to in this Regulation should be defined as the automated recognition of physical, physiological and behavioural human features such as the face, eye movement, body shape, voice, prosody, gait, posture, heart rate, blood pressure, odour, keystrokes characteristics, for the purpose of establishing an individual’s identity by comparing biometric data of that individual to stored biometric data of individuals in a reference database, irrespective of whether the individual has given its consent or not. This excludes AI systems intended to be used for biometric verification, which includes authentication, whose sole purpose is to confirm that a specific natural person is the person he or she claims to be and to confirm the identity of a natural person for the sole purpose of having access to a service, unlocking a device or having security access to premises.
(15)
Pojem „biometrična identifikacija“ iz te uredbe bi bilo treba opredeliti kot avtomatizirano prepoznavanje fizičnih, fizioloških in vedenjskih človeških značilnosti, kot so obraz, gibanje oči, izrazi obraza, oblika telesa, glas, govor, hoja, drža, srčni utrip, krvni tlak, vonj in značilnosti tipkanja, za namene preverjanja identitete posameznika s primerjavo biometričnih podatkov tega posameznika s shranjenimi biometričnimi podatki posameznikov v referenčni podatkovni zbirki ne glede na to, ali je posameznik v to privolil ali ne. To izključuje sisteme UI za biometrično preverjanje, tudi avtentikacijo, katerih edini namen je potrditi, da je določena fizična oseba res ta, za katero se predstavlja, in potrditi identiteto fizične osebe izključno z namenom dostopa do storitve, odklepanja naprave ali varnostnega dostopa do prostorov.
(16)
The notion of ‘biometric categorisation’ referred to in this Regulation should be defined as assigning natural persons to specific categories on the basis of their biometric data. Such specific categories can relate to aspects such as sex, age, hair colour, eye colour, tattoos, behavioural or personality traits, language, religion, membership of a national minority, sexual or political orientation. This does not include biometric categorisation systems that are a purely ancillary feature intrinsically linked to another commercial service, meaning that the feature cannot, for objective technical reasons, be used without the principal service, and the integration of that feature or functionality is not a means to circumvent the applicability of the rules of this Regulation. For example, filters categorising facial or body features used on online marketplaces could constitute such an ancillary feature as they can be used only in relation to the principal service which consists in selling a product by allowing the consumer to preview the display of the product on him or herself and help the consumer to make a purchase decision. Filters used on online social network services which categorise facial or body features to allow users to add or modify pictures or videos could also be considered to be ancillary feature as such filter cannot be used without the principal service of the social network services consisting in the sharing of content online.
(16)
Pojem „biometrična kategorizacija“ iz te uredbe bi bilo treba opredeliti kot razvrstitev fizičnih oseb v posebne kategorije na podlagi njihovih biometričnih podatkov. Takšne posebne kategorije se lahko nanašajo na vidike, kot so spol, starost, barva las, barva oči, tetovaže, vedenjske ali osebnostne lastnosti, jezik, vera, pripadnost narodnostni manjšini, spolna ali politična usmerjenost. To ne vključuje sistemov za biometrično kategorizacijo, ki so izključno pomožni element, neločljivo povezan z drugo komercialno storitvijo, kar pomeni, da tega elementa iz objektivnih tehničnih razlogov ni mogoče uporabiti brez glavne storitve, njegova vključitev ali funkcionalnost pa ni sredstvo za izogibanje uporabi pravil iz te uredbe. Na primer, filtri za kategorizacijo obraznih ali telesnih značilnosti, ki se uporabljajo na spletnih tržnicah, bi lahko bili takšen pomožni element, saj se lahko uporabljajo le v zvezi z glavno storitvijo, ki je prodaja izdelka na način, da se potrošniku omogoči, da si ogleda prikaz izdelka sam, in se mu pomaga pri sprejemanju odločitve o nakupu. Filtre, ki se uporabljajo na spletnih storitvah družbenih omrežij in s katerimi se kategorizirajo obrazne funkcije ali funkcije telesa, da lahko uporabniki dodajajo ali spreminjajo slike ali videoposnetke, bi prav tako lahko šteli za pomožno funkcijo, saj takega filtra ni mogoče uporabljati brez glavne storitve, tj. storitev družbenih omrežij, ki vključuje izmenjavo vsebin na spletu.
(17)
The notion of ‘remote biometric identification system’ referred to in this Regulation should be defined functionally, as an AI system intended for the identification of natural persons without their active involvement, typically at a distance, through the comparison of a person’s biometric data with the biometric data contained in a reference database, irrespectively of the particular technology, processes or types of biometric data used. Such remote biometric identification systems are typically used to perceive multiple persons or their behaviour simultaneously in order to facilitate significantly the identification of natural persons without their active involvement. This excludes AI systems intended to be used for biometric verification, which includes authentication, the sole purpose of which is to confirm that a specific natural person is the person he or she claims to be and to confirm the identity of a natural person for the sole purpose of having access to a service, unlocking a device or having security access to premises. That exclusion is justified by the fact that such systems are likely to have a minor impact on fundamental rights of natural persons compared to the remote biometric identification systems which may be used for the processing of the biometric data of a large number of persons without their active involvement. In the case of ‘real-time’ systems, the capturing of the biometric data, the comparison and the identification occur all instantaneously, near-instantaneously or in any event without a significant delay. In this regard, there should be no scope for circumventing the rules of this Regulation on the ‘real-time’ use of the AI systems concerned by providing for minor delays. ‘Real-time’ systems involve the use of ‘live’ or ‘near-live’ material, such as video footage, generated by a camera or other device with similar functionality. In the case of ‘post’ systems, in contrast, the biometric data has already been captured and the comparison and identification occur only after a significant delay. This involves material, such as pictures or video footage generated by closed circuit television cameras or private devices, which has been generated before the use of the system in respect of the natural persons concerned.
(17)
Pojem „sistem za biometrično identifikacijo na daljavo“ iz te uredbe bi bilo treba opredeliti funkcionalno kot sistem UI, namenjen identifikaciji fizičnih oseb brez njihovega dejavnega sodelovanja, običajno na daljavo, s primerjavo biometričnih podatkov osebe z biometričnimi podatki iz referenčne podatkovne zbirke, ne glede na uporabljeno tehnologijo, procese ali vrste biometričnih podatkov. Takšni sistemi za biometrično identifikacijo na daljavo se običajno uporabljajo za hkratno zaznavanje več oseb ali njihovega vedenja, da se bistveno olajša identifikacija fizičnih oseb brez njihovega dejavnega sodelovanja. To izključuje sisteme UI za biometrično preverjanje, tudi avtentikacijo, katerih edini namen je potrditi, da je določena fizična oseba res ta, za katero se predstavlja, in potrditi identiteto fizične osebe izključno z namenom dostopa do storitve, odklepanja naprave ali varnostnega dostopa do prostorov. Ta izključitev je utemeljena z dejstvom, da bodo imeli taki sistemi verjetno manjši vpliv na temeljne pravice fizičnih oseb v primerjavi s sistemi za biometrično identifikacijo na daljavo, ki se lahko uporabljajo za obdelavo biometričnih podatkov velikega števila oseb brez njihovega dejavnega sodelovanja. Pri sistemih „v realnem času“ se zajemanje biometričnih podatkov, primerjava in identifikacija izvedejo takoj ali skoraj takoj, v vsakem primeru pa brez večje zamude. V zvezi s tem ne bi smelo biti prostora za izogibanje pravilom te uredbe o uporabi zadevnih sistemov UI „v realnem času“, saj je predvidena možnost manjših zamud. Sistemi „v realnem času“ vključujejo uporabo gradiva „v živo“ ali „skoraj v živo“, kot je videoposnetek, ki ga ustvari kamera ali druga naprava s podobno funkcionalnostjo. Pri „naknadnih“ sistemih so bili biometrični podatki že zajeti, primerjava in identifikacija pa se izvedeta šele po daljšem času. To vključuje gradivo, kot so slike ali videoposnetki, ki jih ustvarjajo kamere CCTV ali zasebne naprave, ki je bilo ustvarjeno pred uporabo sistema v zvezi z zadevnimi fizičnimi osebami.
(18)
The notion of ‘emotion recognition system’ referred to in this Regulation should be defined as an AI system for the purpose of identifying or inferring emotions or intentions of natural persons on the basis of their biometric data. The notion refers to emotions or intentions such as happiness, sadness, anger, surprise, disgust, embarrassment, excitement, shame, contempt, satisfaction and amusement. It does not include physical states, such as pain or fatigue, including, for example, systems used in detecting the state of fatigue of professional pilots or drivers for the purpose of preventing accidents. This does also not include the mere detection of readily apparent expressions, gestures or movements, unless they are used for identifying or inferring emotions. Those expressions can be basic facial expressions, such as a frown or a smile, or gestures such as the movement of hands, arms or head, or characteristics of a person’s voice, such as a raised voice or whispering.
(18)
Pojem „sistem za prepoznavanje čustev“ iz te uredbe bi bilo treba opredeliti kot sistem UI za prepoznavanje čustev ali namer ali za sklepanje o čustvih ali namerah fizičnih oseb na podlagi njihovih biometričnih podatkov. Pojem se nanaša na čustva ali namere, kot so sreča, žalost, jeza, presenečenje, ogorčenje, zadrega, navdušenje, osramočenost, zaničevanje, zadovoljstvo in zabavanje. Ne vključuje fizičnih stanj, kot sta bolečina ali utrujenost, na primer vključno s sistemi, ki se uporabljajo za odkrivanje stanja utrujenosti poklicnih pilotov ali voznikov za namene preprečevanja nesreč. To tudi ne vključuje zgolj odkrivanja lahko vidnih izrazov, gest ali gibov, razen če se uporabljajo za prepoznavanje čustev ali sklepanje o njih. Ti izrazi so lahko osnovni obrazni izrazi, kot je namrščenost ali nasmeh, ali geste, kot je premikanje dlani, rok ali glave, ali značilnosti glasu osebe, kot je povzdignjen glas ali šepetanje.
(19)
For the purposes of this Regulation the notion of ‘publicly accessible space’ should be understood as referring to any physical space that is accessible to an undetermined number of natural persons, and irrespective of whether the space in question is privately or publicly owned, irrespective of the activity for which the space may be used, such as for commerce, for example, shops, restaurants, cafés; for services, for example, banks, professional activities, hospitality; for sport, for example, swimming pools, gyms, stadiums; for transport, for example, bus, metro and railway stations, airports, means of transport; for entertainment, for example, cinemas, theatres, museums, concert and conference halls; or for leisure or otherwise, for example, public roads and squares, parks, forests, playgrounds. A space should also be classified as being publicly accessible if, regardless of potential capacity or security restrictions, access is subject to certain predetermined conditions which can be fulfilled by an undetermined number of persons, such as the purchase of a ticket or title of transport, prior registration or having a certain age. In contrast, a space should not be considered to be publicly accessible if access is limited to specific and defined natural persons through either Union or national law directly related to public safety or security or through the clear manifestation of will by the person having the relevant authority over the space. The factual possibility of access alone, such as an unlocked door or an open gate in a fence, does not imply that the space is publicly accessible in the presence of indications or circumstances suggesting the contrary, such as. signs prohibiting or restricting access. Company and factory premises, as well as offices and workplaces that are intended to be accessed only by relevant employees and service providers, are spaces that are not publicly accessible. Publicly accessible spaces should not include prisons or border control. Some other spaces may comprise both publicly accessible and non-publicly accessible spaces, such as the hallway of a private residential building necessary to access a doctor’s office or an airport. Online spaces are not covered, as they are not physical spaces. Whether a given space is accessible to the public should however be determined on a case-by-case basis, having regard to the specificities of the individual situation at hand.
(19)
Za namene te uredbe bi bilo treba pojem javno dostopnega prostora razumeti kot vsak fizični prostor, ki je dostopen nedoločenemu številu fizičnih oseb, ne glede na to, ali je ta prostor v zasebni ali javni lasti, in ne glede na dejavnost, za katero se ta prostor uporablja, denimo za komercialno, na primer trgovine, restavracije, kavarne; storitveno, na primer banke, poklicne dejavnosti, gostinske ali nastanitvene dejavnosti; športno, na primer bazeni, telovadnice, stadioni; prevozno, na primer avtobusne postaje, postaje podzemne železnice in železniške postaje, letališča, prevozna sredstva; razvedrilno, na primer kinematografi, gledališča, muzeji, koncertne in konferenčne dvorane; prostočasno ali drugo dejavnost, na primer javne ceste in trgi, parki, gozdovi, igrišča. Prostor bi bilo treba tudi razvrstiti kot javno dostopen, če za dostop ne glede na morebitne omejitve zmogljivosti ali varnostne omejitve veljajo nekateri vnaprej določeni pogoji, ki jih lahko izpolni nedoločeno število oseb, kot je nakup vstopnice ali vozovnice, predhodna registracija ali določena starost. Nasprotno pa se prostor ne bi smel šteti za javno dostopnega, če je dostop omejen na določene in opredeljene fizične osebe bodisi na podlagi prava Unije bodisi na podlagi nacionalnega prava, ki se neposredno nanaša na javno varnost ali varovanje, ali če se oseba, ki ima za ta prostor ustrezna pooblastila, glede tega jasno opredeli. Dejanska možnost samega dostopa, kot so odklenjena vrata, odprta vrata v ograji, ne pomeni, da je prostor javno dostopen, če obstajajo znaki ali okoliščine, ki kažejo na nasprotno, kot so znaki, ki prepovedujejo ali omejujejo dostop. Prostori podjetij in tovarn ter pisarne in delovni prostori, do katerih naj bi dostopali samo ustrezni zaposleni in ponudniki storitev, so prostori, ki niso javno dostopni. Javno dostopni prostori ne bi smeli vključevati zaporov ali območij mejne kontrole. Nekateri drugi prostori lahko zajemajo tako javno dostopne kot javno nedostopne prostore, kot je hodnik ali veža zasebne stanovanjske zgradbe, prek katere se dostopa do zdravniške pisarne, ali letališče. Spletni prostori niso zajeti, saj niso fizični prostori. Ali je določen prostor dostopen javnosti ali ne, pa je treba ugotoviti za vsak primer posebej, ob upoštevanju posebnosti posamezne dane situacije.
(20)
In order to obtain the greatest benefits from AI systems while protecting fundamental rights, health and safety and to enable democratic control, AI literacy should equip providers, deployers and affected persons with the necessary notions to make informed decisions regarding AI systems. Those notions may vary with regard to the relevant context and can include understanding the correct application of technical elements during the AI system’s development phase, the measures to be applied during its use, the suitable ways in which to interpret the AI system’s output, and, in the case of affected persons, the knowledge necessary to understand how decisions taken with the assistance of AI will have an impact on them. In the context of the application this Regulation, AI literacy should provide all relevant actors in the AI value chain with the insights required to ensure the appropriate compliance and its correct enforcement. Furthermore, the wide implementation of AI literacy measures and the introduction of appropriate follow-up actions could contribute to improving working conditions and ultimately sustain the consolidation, and innovation path of trustworthy AI in the Union. The European Artificial Intelligence Board (the ‘Board’) should support the Commission, to promote AI literacy tools, public awareness and understanding of the benefits, risks, safeguards, rights and obligations in relation to the use of AI systems. In cooperation with the relevant stakeholders, the Commission and the Member States should facilitate the drawing up of voluntary codes of conduct to advance AI literacy among persons dealing with the development, operation and use of AI.
(20)
Da bi dosegli največje koristi sistemov UI in hkrati zaščitili temeljne pravice, zdravje in varnost ter omogočili demokratični nadzor, bi morala pismenost na področju UI ponudnikom, uvajalcem in osebam, na katere vpliva sistem UI, omogočiti razumevanje potrebnih pojmov za sprejemanje informiranih odločitev v zvezi s sistemi UI. Ti pojmi se lahko razlikujejo glede na zadevni kontekst in lahko vključujejo razumevanje pravilne uporabe tehničnih elementov v razvojni fazi sistema UI, ukrepe, ki jih je treba uporabiti med njegovo uporabo, ustrezne načine za razlago izhodnih podatkov sistema UI in, v primeru oseb, na katere vpliva sistem UI, znanje, potrebno za razumevanje, kako bodo odločitve, sprejete s pomočjo UI vplivale nanje. V okviru uporabe te uredbe bi morala pismenost na področju UI vsem zadevnim akterjem v verigi vrednosti UI zagotoviti vpoglede, potrebne za zagotovitev ustrezne skladnosti s to uredbo in njenega pravilnega izvrševanja. Poleg tega bi lahko široko izvajanje ukrepov za pismenost na področju UI in uvedba ustreznih nadaljnjih ukrepov prispevala k izboljšanju delovnih pogojev ter nazadnje podprla konsolidacijo in inovacijsko pot zaupanja vredne UI v Uniji. Evropski odbor za umetno inteligenco (v nadaljnjem besedilu: Odbor) bi moral podpirati Komisijo pri spodbujanju orodij za pismenost na področju UI, ozaveščenosti javnosti in razumevanja koristi, tveganj, zaščitnih ukrepov, pravic in obveznosti v zvezi z uporabo sistemov UI. Komisija in države članice bi morale v sodelovanju z ustreznimi deležniki olajšati pripravo prostovoljnih kodeksov ravnanja za izboljšanje pismenosti na področju UI med osebami, ki se ukvarjajo z razvojem, delovanjem in uporabo UI.
(21)
In order to ensure a level playing field and an effective protection of rights and freedoms of individuals across the Union, the rules established by this Regulation should apply to providers of AI systems in a non-discriminatory manner, irrespective of whether they are established within the Union or in a third country, and to deployers of AI systems established within the Union.
(21)
Za zagotovitev enakih konkurenčnih pogojev ter učinkovitega varstva pravic in svoboščin posameznikov po vsej Uniji bi se morala pravila iz te uredbe nediskriminatorno uporabljati za ponudnike sistemov UI, ne glede na to, ali imajo sedež v Uniji ali v tretji državi, in za uvajalce sistemov UI s sedežem v Uniji.
(22)
In light of their digital nature, certain AI systems should fall within the scope of this Regulation even when they are not placed on the market, put into service, or used in the Union. This is the case, for example, where an operator established in the Union contracts certain services to an operator established in a third country in relation to an activity to be performed by an AI system that would qualify as high-risk. In those circumstances, the AI system used in a third country by the operator could process data lawfully collected in and transferred from the Union, and provide to the contracting operator in the Union the output of that AI system resulting from that processing, without that AI system being placed on the market, put into service or used in the Union. To prevent the circumvention of this Regulation and to ensure an effective protection of natural persons located in the Union, this Regulation should also apply to providers and deployers of AI systems that are established in a third country, to the extent the output produced by those systems is intended to be used in the Union. Nonetheless, to take into account existing arrangements and special needs for future cooperation with foreign partners with whom information and evidence is exchanged, this Regulation should not apply to public authorities of a third country and international organisations when acting in the framework of cooperation or international agreements concluded at Union or national level for law enforcement and judicial cooperation with the Union or the Member States, provided that the relevant third country or international organisation provides adequate safeguards with respect to the protection of fundamental rights and freedoms of individuals. Where relevant, this may cover activities of entities entrusted by the third countries to carry out specific tasks in support of such law enforcement and judicial cooperation. Such framework for cooperation or agreements have been established bilaterally between Member States and third countries or between the European Union, Europol and other Union agencies and third countries and international organisations. The authorities competent for supervision of the law enforcement and judicial authorities under this Regulation should assess whether those frameworks for cooperation or international agreements include adequate safeguards with respect to the protection of fundamental rights and freedoms of individuals. Recipient national authorities and Union institutions, bodies, offices and agencies making use of such outputs in the Union remain accountable to ensure their use complies with Union law. When those international agreements are revised or new ones are concluded in the future, the contracting parties should make utmost efforts to align those agreements with the requirements of this Regulation.
(22)
Zaradi svoje digitalne narave bi morali nekateri sistemi UI spadati na področje uporabe te uredbe, tudi če niso dani na trg ali v uporabo oziroma se ne uporabljajo v Uniji. To velja na primer za operaterja s sedežem v Uniji, ki določene storitve naroča pri operaterju s sedežem v tretji državi v zvezi z dejavnostjo, ki jo bo izvajal sistem UI, ki bi bil opredeljen kot visokotvegani sistem. V teh okoliščinah bi lahko sistem UI, ki ga operater uporablja v tretji državi, obdeloval podatke, ki se zakonito zbirajo v Uniji in prenašajo iz nje, ter naročniku v Uniji zagotovil izhodne podatke navedenega sistema UI, ki izhajajo iz te obdelave, ne da bi bil ta sistem UI dan na trg ali v uporabo oziroma bi se uporabljal v Uniji. Da bi preprečili izogibanje določbam te uredbe in zagotovili učinkovito varstvo fizičnih oseb v Uniji, bi se morala ta uredba uporabljati tudi za ponudnike in uvajalce sistemov UI s sedežem v tretji državi, če so izhodni podatki, ki jih ti sistemi ustvarijo, namenjeni uporabi v Uniji. Kljub temu pa se zaradi upoštevanja obstoječih ureditev in posebnih potreb po prihodnjem sodelovanju s tujimi partnerji, s katerimi se izmenjujejo informacije in dokazi, ta uredba ne bi smela uporabljati za javne organe tretje države in mednarodne organizacije, kadar delujejo v okviru sodelovanja ali mednarodnih sporazumov, sklenjenih na ravni Unije ali nacionalni ravni za sodelovanje na področju preprečevanja, odkrivanja in preiskovanja kaznivih dejanj ter pravosodnega sodelovanja z Unijo ali državami članicami, pod pogojem, da zadevna tretja država ali mednarodne organizacije zagotovijo ustrezne zaščitne ukrepe v zvezi z varstvom temeljnih pravic in svoboščin posameznikov. To lahko po potrebi zajema dejavnosti subjektov, ki so jim tretje države zaupale izvajanje posebnih nalog v podporo takemu sodelovanju na področju preprečevanja, odkrivanja in preiskovanja kaznivih dejanj ter pri pravosodnem sodelovanju. Takšni okviri za sodelovanje ali sporazumi so bili vzpostavljeni dvostransko med državami članicami in tretjimi državami ali med Evropsko unijo, Europolom in drugimi agencijami Unije ter tretjimi državami in mednarodnimi organizacijami. Organi, pristojni za nadzor organov za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj ter pravosodnih organov v skladu s to uredbo, bi morali oceniti, ali navedeni okviri za sodelovanje ali mednarodni sporazumi vključujejo ustrezne zaščitne ukrepe v zvezi z varstvom temeljnih pravic in svoboščin posameznikov. Nacionalni organi prejemniki ter institucije, organi, uradi in agencije Unije, ki uporabljajo take izhodne podatke v Uniji, so še naprej odgovorni za zagotavljanje, da je njihova uporaba skladna s pravom Unije. Ko se ti mednarodni sporazumi revidirajo ali se v prihodnosti sklenejo novi, bi si morale pogodbenice kar najbolj prizadevati za njihovo uskladitev z zahtevami iz te uredbe.
(23)
This Regulation should also apply to Union institutions, bodies, offices and agencies when acting as a provider or deployer of an AI system.
(23)
To uredbo bilo treba uporabljati tudi za institucije, organe, urade in agencije Unije, kadar delujejo kot ponudniki ali uvajalci sistema UI.
(24)
If, and insofar as, AI systems are placed on the market, put into service, or used with or without modification of such systems for military, defence or national security purposes, those should be excluded from the scope of this Regulation regardless of which type of entity is carrying out those activities, such as whether it is a public or private entity. As regards military and defence purposes, such exclusion is justified both by Article 4(2) TEU and by the specificities of the Member States’ and the common Union defence policy covered by Chapter 2 of Title V TEU that are subject to public international law, which is therefore the more appropriate legal framework for the regulation of AI systems in the context of the use of lethal force and other AI systems in the context of military and defence activities. As regards national security purposes, the exclusion is justified both by the fact that national security remains the sole responsibility of Member States in accordance with Article 4(2) TEU and by the specific nature and operational needs of national security activities and specific national rules applicable to those activities. Nonetheless, if an AI system developed, placed on the market, put into service or used for military, defence or national security purposes is used outside those temporarily or permanently for other purposes, for example, civilian or humanitarian purposes, law enforcement or public security purposes, such a system would fall within the scope of this Regulation. In that case, the entity using the AI system for other than military, defence or national security purposes should ensure the compliance of the AI system with this Regulation, unless the system is already compliant with this Regulation. AI systems placed on the market or put into service for an excluded purpose, namely military, defence or national security, and one or more non-excluded purposes, such as civilian purposes or law enforcement, fall within the scope of this Regulation and providers of those systems should ensure compliance with this Regulation. In those cases, the fact that an AI system may fall within the scope of this Regulation should not affect the possibility of entities carrying out national security, defence and military activities, regardless of the type of entity carrying out those activities, to use AI systems for national security, military and defence purposes, the use of which is excluded from the scope of this Regulation. An AI system placed on the market for civilian or law enforcement purposes which is used with or without modification for military, defence or national security purposes should not fall within the scope of this Regulation, regardless of the type of entity carrying out those activities.
(24)
Če in kolikor so sistemi UI s spremembami ali brez njih dani na trg ali v uporabo oziroma se uporabljajo za vojaške ali obrambne namene ali namene nacionalne varnostni, bi morali biti izključeni iz področja uporabe te uredbe ne glede na to, katera vrsta subjekta izvaja te dejavnosti, tj. ali gre za javni ali zasebni subjekt. Kar zadeva vojaške in obrambne namene, je taka izključitev utemeljena tako s členom 4(2) PEU kot tudi s posebnostmi obrambne politike držav članic in skupne obrambne politike Unije iz naslova V, poglavje 2, PEU, za katere velja mednarodno javno pravo, ki je zato ustreznejši pravni okvir za ureditev sistemov UI v kontekstu uporabe smrtonosne sile in drugih sistemov UI v kontekstu vojaških in obrambnih dejavnosti. Kar zadeva namene nacionalne varnosti, izključitev upravičuje tako dejstvo, da nacionalna varnost ostaja v izključni pristojnosti držav članic v skladu s členom 4(2) PEU, kot tudi posebna narava in operativne potrebe dejavnosti nacionalne varnosti ter posebna nacionalna pravila, ki se za te dejavnosti uporabljajo. Če pa se sistem UI, ki je bil razvit, dan na trg ali v uporabo oziroma se uporablja v vojaške ali obrambne namene ali namene nacionalne varnosti, začasno ali stalno uporablja za druge namene (na primer civilne ali humanitarne namene, namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj ali namene javne varnosti), bi tak sistem spadal na področje uporabe te uredbe. V tem primeru bi moral subjekt, ki sistem UI uporablja za namene, ki niso vojaški ali obrambni nameni ali nameni nacionalne varnosti, zagotoviti skladnost sistema UI s to uredbo, razen če je sistem že skladen s to uredbo. Sistemi UI, ki so dani na trg ali v uporabo za izključene namene, tj. vojaške, obrambne namene ali namene nacionalne varnosti, in enega ali več neizključenih namenov, kot so civilni nameni ali nameni preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, spadajo na področje uporabe te uredbe, njihovi ponudniki pa bi morali zagotoviti skladnost s to uredbo. V teh primerih dejstvo, da sistem UI lahko spada na področje uporabe te uredbe, ne bi smelo vplivati na možnost subjektov, ki izvajajo nacionalne varnostne, obrambne in vojaške dejavnosti (ne glede na vrsto teh subjektov), da uporabljajo sisteme UI za namene nacionalne varnosti, vojaške in obrambne namene, katerih uporaba je izključena iz področja uporabe te uredbe. Sistem UI, dan na trg za civilne namene ali namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, ki se uporablja s spremembami ali brez njih za vojaške in obrambne namene ali namene nacionalne varnosti, ne bi smel spadati na področje uporabe te uredbe, ne glede na vrsto subjekta, ki izvaja te dejavnosti.
(25)
This Regulation should support innovation, should respect freedom of science, and should not undermine research and development activity. It is therefore necessary to exclude from its scope AI systems and models specifically developed and put into service for the sole purpose of scientific research and development. Moreover, it is necessary to ensure that this Regulation does not otherwise affect scientific research and development activity on AI systems or models prior to being placed on the market or put into service. As regards product-oriented research, testing and development activity regarding AI systems or models, the provisions of this Regulation should also not apply prior to those systems and models being put into service or placed on the market. That exclusion is without prejudice to the obligation to comply with this Regulation where an AI system falling into the scope of this Regulation is placed on the market or put into service as a result of such research and development activity and to the application of provisions on AI regulatory sandboxes and testing in real world conditions. Furthermore, without prejudice to the exclusion of AI systems specifically developed and put into service for the sole purpose of scientific research and development, any other AI system that may be used for the conduct of any research and development activity should remain subject to the provisions of this Regulation. In any event, any research and development activity should be carried out in accordance with recognised ethical and professional standards for scientific research and should be conducted in accordance with applicable Union law.
(25)
S to uredbo bi bilo treba podpirati inovacije in spoštovati svobodo znanosti ter z njo ne bi smeli ogrožati raziskovalnih in razvojnih dejavnosti. Zato je treba iz njenega področja uporabe izključiti sisteme in modele UI, ki so bili posebej razviti in dani v uporabo izključno za znanstvene raziskave in razvoj. Poleg tega je treba zagotoviti, da ta uredba ne vpliva kako drugače na znanstvene raziskave in razvoj sistemov ali modelov UI, preden se dajo na trg ali v uporabo. Tudi kar zadeva v proizvode usmerjene raziskave, testiranje in razvoj sistemov ali modelov UI, se določbe te uredbe ne bi smele uporabljati pred dajanjem teh sistemov in modelov v uporabo ali na trg. Ta izključitev pa ne posega v obveznost skladnosti s to uredbo, če je sistem UI, ki spada na področje uporabe te uredbe, dan na trg ali v uporabo kot rezultat take raziskovalne in razvojne dejavnosti, ter v uporabo določb o regulativnih peskovnikih za UI in testiranju v realnih razmerah. Poleg tega bi morale brez poseganja v izključitev sistemov UI, ki so posebej razviti in dani v uporabo izključno za namene znanstvenih raziskav in razvoja, za vse druge sisteme UI, ki se lahko uporabljajo za izvajanje kakršnih koli raziskovalnih in razvojnih dejavnosti, še naprej veljati določbe te uredbe. V vsakem primeru bi bilo treba vsakršno raziskovalno in razvojno dejavnost izvajati v skladu s priznanimi etičnimi in strokovnimi standardi za znanstvene raziskave ter v skladu z veljavnim pravom Unije.
(26)
In order to introduce a proportionate and effective set of binding rules for AI systems, a clearly defined risk-based approach should be followed. That approach should tailor the type and content of such rules to the intensity and scope of the risks that AI systems can generate. It is therefore necessary to prohibit certain unacceptable AI practices, to lay down requirements for high-risk AI systems and obligations for the relevant operators, and to lay down transparency obligations for certain AI systems.
(26)
Za uvedbo sorazmernega in učinkovitega sklopa zavezujočih pravil za sisteme UI bi bilo treba upoštevati jasno opredeljen pristop, ki temelji na tveganju. Ta pristop bi moral vrsto in vsebino takih pravil prilagoditi intenzivnosti in obsegu tveganj, ki jih lahko ustvarijo sistemi UI. Zato je treba prepovedati nekatere nesprejemljive prakse UI, določiti zahteve za visokotvegane sisteme UI in obveznosti za zadevne operaterje ter določiti obveznosti glede preglednosti za nekatere sisteme UI.
(27)
While the risk-based approach is the basis for a proportionate and effective set of binding rules, it is important to recall the 2019 Ethics guidelines for trustworthy AI developed by the independent AI HLEG appointed by the Commission. In those guidelines, the AI HLEG developed seven non-binding ethical principles for AI which are intended to help ensure that AI is trustworthy and ethically sound. The seven principles include human agency and oversight; technical robustness and safety; privacy and data governance; transparency; diversity, non-discrimination and fairness; societal and environmental well-being and accountability. Without prejudice to the legally binding requirements of this Regulation and any other applicable Union law, those guidelines contribute to the design of coherent, trustworthy and human-centric AI, in line with the Charter and with the values on which the Union is founded. According to the guidelines of the AI HLEG, human agency and oversight means that AI systems are developed and used as a tool that serves people, respects human dignity and personal autonomy, and that is functioning in a way that can be appropriately controlled and overseen by humans. Technical robustness and safety means that AI systems are developed and used in a way that allows robustness in the case of problems and resilience against attempts to alter the use or performance of the AI system so as to allow unlawful use by third parties, and minimise unintended harm. Privacy and data governance means that AI systems are developed and used in accordance with privacy and data protection rules, while processing data that meets high standards in terms of quality and integrity. Transparency means that AI systems are developed and used in a way that allows appropriate traceability and explainability, while making humans aware that they communicate or interact with an AI system, as well as duly informing deployers of the capabilities and limitations of that AI system and affected persons about their rights. Diversity, non-discrimination and fairness means that AI systems are developed and used in a way that includes diverse actors and promotes equal access, gender equality and cultural diversity, while avoiding discriminatory impacts and unfair biases that are prohibited by Union or national law. Social and environmental well-being means that AI systems are developed and used in a sustainable and environmentally friendly manner as well as in a way to benefit all human beings, while monitoring and assessing the long-term impacts on the individual, society and democracy. The application of those principles should be translated, when possible, in the design and use of AI models. They should in any case serve as a basis for the drafting of codes of conduct under this Regulation. All stakeholders, including industry, academia, civil society and standardisation organisations, are encouraged to take into account, as appropriate, the ethical principles for the development of voluntary best practices and standards.
(27)
Čeprav je pristop, ki temelji na tveganju, podlaga za sorazmeren in učinkovit sklop zavezujočih pravil, je pomembno opozoriti na Etične smernice za zaupanja vredno umetno inteligenco iz leta 2019, ki jih je razvila neodvisna strokovna skupina na visoki ravni za umetno inteligenco (AI HLEG), ki jo je imenovala Komisija. V teh smernicah je AI HLEG razvila sedem nezavezujočih etičnih načel za UI, ki naj bi pomagala zagotoviti, da je UI zaupanja vredna in etično zanesljiva. Teh sedem načel vključuje človeško delovanje in nadzor, tehnično robustnost in varnost, zasebnost in upravljanje podatkov, preglednost, raznolikost, nediskriminacijo in pravičnost ter družbeno in okoljsko blaginjo in odgovornost. Brez poseganja v pravno zavezujoče zahteve te uredbe in katerega koli drugega veljavnega prava Unije te smernice prispevajo k oblikovanju skladne, zaupanja vredne in na človeka osredotočene UI v skladu z Listino in vrednotami, na katerih temelji Unija. V skladu s smernicami AI HLEG človeško delovanje in nadzor pomeni, da se sistemi UI razvijajo in uporabljajo kot orodje, ki služi ljudem, spoštuje človeško dostojanstvo in osebno avtonomijo ter deluje tako, da ga ljudje lahko ustrezno upravljajo in nadzorujejo. Tehnična robustnost in varnost pomeni, da se sistemi UI razvijajo in uporabljajo na način, ki omogoča robustnost v primeru težav in odpornost proti poskusom spremembe uporabe ali učinkovitosti sistema UI, ki bi lahko tretjim osebam omogočila nezakonito uporabo, in čim bolj zmanjša nenamerno škodo. Zasebnost in upravljanje podatkov pomeni, da se sistemi UI razvijajo in uporabljajo v skladu s pravili o zasebnosti in varstvu podatkov, hkrati pa obdelujejo podatke, ki izpolnjujejo visoke standarde v smislu kakovosti in celovitosti. Preglednost pomeni, da se sistemi UI razvijajo in uporabljajo na način, ki omogoča ustrezno sledljivost in razložljivost, obenem pa so ljudje seznanjeni s tem, da komunicirajo ali da so v stiku s sistemom UI, uvajalci so ustrezno obveščeni o zmogljivostih in omejitvah zadevnega sistema UI, osebe, na katere vpliva sistem UI, pa o svojih pravicah. Raznolikost, nediskriminacija in pravičnost pomeni, da se sistemi UI razvijajo in uporabljajo na način, ki vključuje različne akterje in spodbuja enakopraven dostop, enakost spolov in kulturno raznolikost, hkrati pa se preprečujejo diskriminatorni učinki in nepravični predsodki, ki jih pravo Unije ali držav članic prepoveduje. Družbena in okoljska blaginja pomeni, da se sistemi UI razvijajo in uporabljajo na trajnosten in okolju prijazen način ter v korist vseh ljudi, hkrati pa se spremljajo in ocenjujejo dolgoročni vplivi na posameznika, družbo in demokracijo. Ta načela bi bilo treba uporabljati tudi pri zasnovi in uporabi modelov UI, kadar je mogoče. V vsakem primeru bi morala biti podlaga za pripravo kodeksov ravnanja na podlagi te uredbe. Vsi deležniki, vključno z industrijo, akademskimi krogi, civilno družbo in organizacijami za standardizacijo, naj ustrezno upoštevajo etična načela za razvoj prostovoljnih najboljših praks in standardov.
(28)
Aside from the many beneficial uses of AI, it can also be misused and provide novel and powerful tools for manipulative, exploitative and social control practices. Such practices are particularly harmful and abusive and should be prohibited because they contradict Union values of respect for human dignity, freedom, equality, democracy and the rule of law and fundamental rights enshrined in the Charter, including the right to non-discrimination, to data protection and to privacy and the rights of the child.
(28)
Poleg številnih koristnih uporab UI jo je mogoče tudi zlorabiti, tako da bi nastala nova in močna orodja za prakse manipulacije, izkoriščanja in družbenega nadzora. Take prakse so še posebej škodljive in zlonamerne in bi jih bilo treba prepovedati, ker so v nasprotju z vrednotami Unije glede spoštovanja človekovega dostojanstva, svobode, enakosti, demokracije in pravne države ter temeljnimi pravicami, določenimi v Listini, vključno s pravico do nediskriminacije, varstva podatkov in zasebnosti ter pravicami otroka.
(29)
AI-enabled manipulative techniques can be used to persuade persons to engage in unwanted behaviours, or to deceive them by nudging them into decisions in a way that subverts and impairs their autonomy, decision-making and free choices. The placing on the market, the putting into service or the use of certain AI systems with the objective to or the effect of materially distorting human behaviour, whereby significant harms, in particular having sufficiently important adverse impacts on physical, psychological health or financial interests are likely to occur, are particularly dangerous and should therefore be prohibited. Such AI systems deploy subliminal components such as audio, image, video stimuli that persons cannot perceive, as those stimuli are beyond human perception, or other manipulative or deceptive techniques that subvert or impair person’s autonomy, decision-making or free choice in ways that people are not consciously aware of those techniques or, where they are aware of them, can still be deceived or are not able to control or resist them. This could be facilitated, for example, by machine-brain interfaces or virtual reality as they allow for a higher degree of control of what stimuli are presented to persons, insofar as they may materially distort their behaviour in a significantly harmful manner. In addition, AI systems may also otherwise exploit the vulnerabilities of a person or a specific group of persons due to their age, disability within the meaning of Directive (EU) 2019/882 of the European Parliament and of the Council (16), or a specific social or economic situation that is likely to make those persons more vulnerable to exploitation such as persons living in extreme poverty, ethnic or religious minorities. Such AI systems can be placed on the market, put into service or used with the objective to or the effect of materially distorting the behaviour of a person and in a manner that causes or is reasonably likely to cause significant harm to that or another person or groups of persons, including harms that may be accumulated over time and should therefore be prohibited. It may not be possible to assume that there is an intention to distort behaviour where the distortion results from factors external to the AI system which are outside the control of the provider or the deployer, namely factors that may not be reasonably foreseeable and therefore not possible for the provider or the deployer of the AI system to mitigate. In any case, it is not necessary for the provider or the deployer to have the intention to cause significant harm, provided that such harm results from the manipulative or exploitative AI-enabled practices. The prohibitions for such AI practices are complementary to the provisions contained in Directive 2005/29/EC of the European Parliament and of the Council (17), in particular unfair commercial practices leading to economic or financial harms to consumers are prohibited under all circumstances, irrespective of whether they are put in place through AI systems or otherwise. The prohibitions of manipulative and exploitative practices in this Regulation should not affect lawful practices in the context of medical treatment such as psychological treatment of a mental disease or physical rehabilitation, when those practices are carried out in accordance with the applicable law and medical standards, for example explicit consent of the individuals or their legal representatives. In addition, common and legitimate commercial practices, for example in the field of advertising, that comply with the applicable law should not, in themselves, be regarded as constituting harmful manipulative AI-enabled practices.
(29)
Z UI omogočene manipulativne tehnike se lahko uporabljajo za napeljevanje oseb k neželenemu vedenju ali za njihovo zavajanje, tako da se jih spodbuja k odločitvam na način, ki spodkopava in ovira njihovo avtonomijo, odločanje in svobodno izbiro. Dajanje na trg, dajanje v uporabo ali uporaba nekaterih sistemov UI s ciljem ali učinkom bistvenega izkrivljanja človeškega vedenja, pri čemer je verjetno, da bo nastala znatna škoda, zlasti z dovolj pomembnimi škodljivimi učinki na telesno ali duševno zdravje ali finančne interese, je še posebej nevarno oziroma nevarna in bi ga oziroma jo bilo zato treba prepovedati. Takšni sistemi UI uporabljajo subliminalne komponente, kot so zvočni, slikovni ali video dražljaji, ki jih osebe ne morejo zaznati, ker ti dražljaji presegajo človekovo dojemanje, ali druge manipulativne ali zavajajoče tehnike, ki spodkopavajo ali ovirajo posameznikovo avtonomijo, odločanje ali svobodno izbiro na načine, da se ljudje ne zavedajo teh tehnik ali pa, kadar se jih zavedajo, so kljub temu lahko zavedeni ali jih ne morejo nadzorovati ali se jim upreti. To bi bilo na primer mogoče olajšati z vmesniki stroj-možgani ali virtualno resničnostjo, saj omogočajo višjo stopnjo nadzora nad tem, kateri dražljaji so predstavljeni osebam, če lahko bistveno izkrivljajo njihovo vedenje na znatno škodljiv način. Sistemi UI lahko tudi sicer izkoriščajo šibke točke določene osebe ali skupine oseb zaradi njihove starosti, invalidnosti v smislu Direktive (EU) 2019/882 Evropskega parlamenta in Sveta (16) ali posebnih socialnih ali gospodarskih razmer, zaradi katerih so te osebe verjetno bolj izpostavljene izkoriščanju, na primer osebe, ki živijo v skrajni revščini, ter etnične ali verske manjšine. Takšni sistemi UI se lahko dajo na trg ali v uporabo oziroma se uporabljajo s ciljem ali učinkom bistvenega izkrivljanja vedenja osebe, in sicer na način, ki tej ali drugi osebi ali skupinam oseb povzroči znatno škodo, vključno s škodo, ki se lahko sčasoma nakopiči, ali za katerega obstaja razumna verjetnost, da jo bo povzročil, zato bi morali biti prepovedani. Morda ni mogoče domnevati, da obstaja namen izkrivljanja vedenja, kadar je izkrivljanje posledica dejavnikov zunaj sistema UI, na katere ponudnik ali uvajalec ne more vplivati, in sicer dejavnikov, ki jih ni mogoče razumno predvideti in jih zato ponudnik ali uvajalec sistema UI ne more zmanjšati. V vsakem primeru ni potrebno, da ima ponudnik ali uvajalec namen povzročiti znatno škodo, če takšna škoda izhaja iz manipulativnih ali izkoriščevalskih praks, ki jih omogoča UI. Prepovedi takih praks UI dopolnjujejo določbe Direktive 2005/29/ES Evropskega parlamenta in Sveta (17), zlasti v smislu, da so nepoštene poslovne prakse, ki potrošnikom povzročajo gospodarsko ali finančno škodo, prepovedane v vseh okoliščinah, ne glede na to, ali se izvajajo prek sistemov UI ali kako drugače. Prepoved manipulativnih in izkoriščevalskih praks iz te uredbe ne bi smela vplivati na zakonite prakse v okviru zdravljenja, kot je psihološko zdravljenje duševne bolezni ali telesna rehabilitacija, kadar se te prakse izvajajo v skladu z veljavnimi pravnimi medicinskimi standardi in zakonodajo, kot na primer izrecna privolitev posameznikov ali njihovih zakonitih zastopnikov. Poleg tega se običajne in zakonite poslovne prakse, na primer na področju oglaševanja, ki so v skladu z veljavnim pravom, same po sebi ne bi smele šteti za škodljive manipulativne z UI omogočene prakse.
(30)
Biometric categorisation systems that are based on natural persons’ biometric data, such as an individual person’s face or fingerprint, to deduce or infer an individuals’ political opinions, trade union membership, religious or philosophical beliefs, race, sex life or sexual orientation should be prohibited. That prohibition should not cover the lawful labelling, filtering or categorisation of biometric data sets acquired in line with Union or national law according to biometric data, such as the sorting of images according to hair colour or eye colour, which can for example be used in the area of law enforcement.
(30)
Prepovedati bi bilo treba sisteme za biometrično kategorizacijo, ki temeljijo na biometričnih podatkih fizičnih oseb, kot so obraz ali prstni odtisi posameznika, za sklepanje ali ugotavljanje o političnem prepričanju posameznika, članstvu v sindikatu, verskem ali filozofskem prepričanju, rasi, spolnem življenju ali spolni usmerjenosti. Ta prepoved ne bi smela zajemati zakonitega označevanja, filtriranja ali kategorizacije naborov biometričnih podatkov, pridobljenih v skladu s pravom Unije ali nacionalnim pravom na podlagi biometričnih podatkov, kot je razvrščanje slik glede na barvo las ali oči, ki se lahko na primer uporabljajo na področju preprečevanja, odkrivanja in preiskovanja kaznivih dejanj.
(31)
AI systems providing social scoring of natural persons by public or private actors may lead to discriminatory outcomes and the exclusion of certain groups. They may violate the right to dignity and non-discrimination and the values of equality and justice. Such AI systems evaluate or classify natural persons or groups thereof on the basis of multiple data points related to their social behaviour in multiple contexts or known, inferred or predicted personal or personality characteristics over certain periods of time. The social score obtained from such AI systems may lead to the detrimental or unfavourable treatment of natural persons or whole groups thereof in social contexts, which are unrelated to the context in which the data was originally generated or collected or to a detrimental treatment that is disproportionate or unjustified to the gravity of their social behaviour. AI systems entailing such unacceptable scoring practices and leading to such detrimental or unfavourable outcomes should therefore be prohibited. That prohibition should not affect lawful evaluation practices of natural persons that are carried out for a specific purpose in accordance with Union and national law.
(31)
Sistemi UI, ki zagotavljajo družbeno točkovanje fizičnih oseb s strani javnih ali zasebnih akterjev, lahko vodijo do diskriminatornih rezultatov in izključitve nekaterih skupin. Lahko kršijo pravico do dostojanstva in nediskriminacije ter vrednote enakosti in pravičnosti. Takšni sistemi UI ocenjujejo ali razvrščajo fizične osebe ali skupine fizičnih oseb na podlagi več podatkovnih točk, povezanih z njihovim družbenim vedenjem v več kontekstih ali znanih, predpostavljenih ali predvidenih osebnih ali osebnostnih značilnostih v določenih časovnih obdobjih. Število družbenih točk, dodeljenih s strani takih sistemov UI, lahko vodi do škodljivega ali neugodnega obravnavanja fizičnih oseb ali celotnih skupin le-teh v družbenih kontekstih, ki niso povezani s kontekstom, v katerem so bili podatki prvotno ustvarjeni ali zbrani, ali do škodljivega obravnavanja, ki je nesorazmerno ali neupravičeno glede na resnost njihovega družbenega vedenja. Sisteme UI, ki vključujejo take nesprejemljive prakse točkovanja in povzročajo takšne škodljive ali neugodne rezultate, bi bilo zato treba prepovedati. Ta prepoved ne bi smela vplivati na zakonite prakse ocenjevanja fizičnih oseb, ki se izvajajo za poseben namen v skladu s pravom Unije in nacionalnim pravom.
(32)
The use of AI systems for ‘real-time’ remote biometric identification of natural persons in publicly accessible spaces for the purpose of law enforcement is particularly intrusive to the rights and freedoms of the concerned persons, to the extent that it may affect the private life of a large part of the population, evoke a feeling of constant surveillance and indirectly dissuade the exercise of the freedom of assembly and other fundamental rights. Technical inaccuracies of AI systems intended for the remote biometric identification of natural persons can lead to biased results and entail discriminatory effects. Such possible biased results and discriminatory effects are particularly relevant with regard to age, ethnicity, race, sex or disabilities. In addition, the immediacy of the impact and the limited opportunities for further checks or corrections in relation to the use of such systems operating in real-time carry heightened risks for the rights and freedoms of the persons concerned in the context of, or impacted by, law enforcement activities.
(32)
Uporaba sistemov UI za biometrično identifikacijo fizičnih oseb na daljavo v realnem času v javno dostopnih prostorih za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj je posebej hudo poseganje v pravice in svoboščine zadevnih oseb, kolikor lahko vpliva na zasebno življenje velikega dela prebivalstva, vzbuja občutek stalnega nadzora ter posredno odvrača od uresničevanja svobode zbiranja in drugih temeljnih pravic. Tehnične netočnosti sistemov UI, namenjenih za biometrično identifikacijo fizičnih oseb na daljavo, lahko vodijo do pristranskih rezultatov in diskriminatornih učinkov. Takšni možni pristranski rezultati in diskriminatorni učinki so zlasti pomembni glede na starost, etnično pripadnost, raso, spol ali invalidnost. Poleg tega se zaradi takojšnjega učinka in omejenih možnosti za nadaljnja preverjanja ali popravke v zvezi z uporabo takih sistemov, ki delujejo v realnem času, povečujejo tveganja za pravice in svoboščine zadevnih oseb v okviru dejavnosti preprečevanja, odkrivanja in preiskovanja kaznivih dejanj ali zaradi vpliva teh dejavnosti nanje.
(33)
The use of those systems for the purpose of law enforcement should therefore be prohibited, except in exhaustively listed and narrowly defined situations, where the use is strictly necessary to achieve a substantial public interest, the importance of which outweighs the risks. Those situations involve the search for certain victims of crime including missing persons; certain threats to the life or to the physical safety of natural persons or of a terrorist attack; and the localisation or identification of perpetrators or suspects of the criminal offences listed in an annex to this Regulation, where those criminal offences are punishable in the Member State concerned by a custodial sentence or a detention order for a maximum period of at least four years and as they are defined in the law of that Member State. Such a threshold for the custodial sentence or detention order in accordance with national law contributes to ensuring that the offence should be serious enough to potentially justify the use of ‘real-time’ remote biometric identification systems. Moreover, the list of criminal offences provided in an annex to this Regulation is based on the 32 criminal offences listed in the Council Framework Decision 2002/584/JHA (18), taking into account that some of those offences are, in practice, likely to be more relevant than others, in that the recourse to ‘real-time’ remote biometric identification could, foreseeably, be necessary and proportionate to highly varying degrees for the practical pursuit of the localisation or identification of a perpetrator or suspect of the different criminal offences listed and having regard to the likely differences in the seriousness, probability and scale of the harm or possible negative consequences. An imminent threat to life or the physical safety of natural persons could also result from a serious disruption of critical infrastructure, as defined in Article 2, point (4) of Directive (EU) 2022/2557 of the European Parliament and of the Council (19), where the disruption or destruction of such critical infrastructure would result in an imminent threat to life or the physical safety of a person, including through serious harm to the provision of basic supplies to the population or to the exercise of the core function of the State. In addition, this Regulation should preserve the ability for law enforcement, border control, immigration or asylum authorities to carry out identity checks in the presence of the person concerned in accordance with the conditions set out in Union and national law for such checks. In particular, law enforcement, border control, immigration or asylum authorities should be able to use information systems, in accordance with Union or national law, to identify persons who, during an identity check, either refuse to be identified or are unable to state or prove their identity, without being required by this Regulation to obtain prior authorisation. This could be, for example, a person involved in a crime, being unwilling, or unable due to an accident or a medical condition, to disclose their identity to law enforcement authorities.
(33)
Zato bi bilo treba prepovedati uporabo teh sistemov za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, razen v izrecno naštetih in ozko opredeljenih primerih, ko je uporaba nujno potrebna za dosego pomembnega javnega interesa, katerega pomen prevlada nad tveganji. Gre na primer za iskanje nekaterih žrtev kaznivih dejanj, vključno s pogrešanimi osebami, nekatere nevarnosti za življenje ali fizično varnost oseb ali varnost pred terorističnim napadom ter lokalizacijo ali identifikacijo storilcev ali osumljencev kaznivih dejanj, navedenih v prilogi k tej uredbi, kadar je za ta kazniva dejanja v zadevni državi članici predpisana zgornja meja zaporne kazni ali ukrepa, vezanega na odvzem prostosti, najmanj štiri leta in so v pravu te države članice opredeljena. Tak prag za zaporno kazen ali ukrep, vezan na odvzem prostosti, v skladu z nacionalnim pravom prispeva k zagotavljanju, da je kaznivo dejanje dovolj hudo, da bi lahko upravičilo uporabo sistemov za biometrično identifikacijo na daljavo v realnem času. Poleg tega seznam kaznivih dejanj iz priloge k tej uredbi temelji na 32 kaznivih dejanjih, naštetih v Okvirnem sklepu Sveta 2002/584/PNZ (18), ob upoštevanju, da so nekatera od teh kaznivih dejanj v praksi verjetno pomembnejša od drugih, saj bi bila lahko uporaba biometrične identifikacije na daljavo v realnem času predvidoma potrebna in sorazmerna v zelo različnem obsegu za praktično izvajanje lokalizacije ali identifikacije storilca ali osumljenca različnih navedenih kaznivih dejanj ter ob upoštevanju verjetnih razlik v resnosti, verjetnosti in obsegu škode ali morebitnih negativnih posledic. Neposredna grožnja za življenje ali fizično varnost fizičnih oseb bi tudi lahko bila posledica resne motnje v kritični infrastrukturi, kot je opredeljena v členu 2, točka 4, Direktive (EU) 2022/2557 Evropskega parlamenta in Sveta (19), kadar bi okvara ali uničenje take kritične infrastrukture povzročilo neposredno grožnjo za življenje ali fizično varnost osebe, med drugim tako, da bi močno škodilo zagotavljanju osnovne oskrbe prebivalstvu ali izvajanju temeljne funkcije države. Poleg tega bi morala ta uredba organom za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj, organom mejne kontrole, organom, pristojnim za priseljevanje, ali azilnim organom še naprej omogočati izvajanje ugotavljanja identitete v prisotnosti zadevne osebe v skladu s pogoji, ki so za tako ugotavljanje določeni v pravu Unije in nacionalnem pravu. Predvsem bi morali imeti organi za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj, organi mejne kontrole, organi, pristojni za priseljevanje, ali azilni organi možnost, da za identifikacijo oseb, ki med ugotavljanjem identitete tako ugotavljanje zavrnejo ali ne morejo navesti ali dokazati svoje identitete, uporabijo informacijske sisteme v skladu s pravom Unije ali nacionalnim pravom, ne da bi morali v skladu s to uredbo pridobiti predhodno dovoljenje. To bi bila lahko na primer oseba, vpletena v kaznivo dejanje, ki organom za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj ni pripravljena ali zaradi nesreče ali zdravstvenega stanja ne more razkriti svoje identitete.
(34)
In order to ensure that those systems are used in a responsible and proportionate manner, it is also important to establish that, in each of those exhaustively listed and narrowly defined situations, certain elements should be taken into account, in particular as regards the nature of the situation giving rise to the request and the consequences of the use for the rights and freedoms of all persons concerned and the safeguards and conditions provided for with the use. In addition, the use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for the purpose of law enforcement should be deployed only to confirm the specifically targeted individual’s identity and should be limited to what is strictly necessary concerning the period of time, as well as the geographic and personal scope, having regard in particular to the evidence or indications regarding the threats, the victims or perpetrator. The use of the real-time remote biometric identification system in publicly accessible spaces should be authorised only if the relevant law enforcement authority has completed a fundamental rights impact assessment and, unless provided otherwise in this Regulation, has registered the system in the database as set out in this Regulation. The reference database of persons should be appropriate for each use case in each of the situations mentioned above.
(34)
Za zagotovitev odgovorne in sorazmerne uporabe teh sistemov je pomembno tudi določiti, da bi bilo treba v vsakem od teh izrecno naštetih in ozko opredeljenih primerov upoštevati nekatere elemente, predvsem glede narave razmer, zaradi katerih je bila zahteva vložena, ter posledic uporabe za pravice in svoboščine vseh zadevnih oseb ter zaščitnih ukrepov in pogojev, predvidenih z uporabo. Poleg tega bi bilo treba uporabo sistemov za biometrično identifikacijo na daljavo v realnem času v javno dostopnih prostorih za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj uporabljati le za potrditev identitete specifično ciljnega posameznika in bi morala biti omejena na to, kar je nujno potrebno za časovno obdobje ter geografsko in osebno področje uporabe, pri čemer je treba upoštevati zlasti dokaze ali znake v zvezi z grožnjami, žrtvami ali storilcem. Uporaba sistema za biometrično identifikacijo na daljavo v realnem času v javno dostopnih prostorih se dovoli le, če je ustrezni organ za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj opravil oceno učinka na temeljne pravice in, če v tej uredbi ni določeno drugače, sistem registriral v podatkovni zbirki, kot je določeno v tej uredbi. Referenčna podatkovna zbirka o osebah bi morala biti primerna za vsak primer uporabe v vsakem od navedenih primerov.
(35)
Each use of a ‘real-time’ remote biometric identification system in publicly accessible spaces for the purpose of law enforcement should be subject to an express and specific authorisation by a judicial authority or by an independent administrative authority of a Member State whose decision is binding. Such authorisation should, in principle, be obtained prior to the use of the AI system with a view to identifying a person or persons. Exceptions to that rule should be allowed in duly justified situations on grounds of urgency, namely in situations where the need to use the systems concerned is such as to make it effectively and objectively impossible to obtain an authorisation before commencing the use of the AI system. In such situations of urgency, the use of the AI system should be restricted to the absolute minimum necessary and should be subject to appropriate safeguards and conditions, as determined in national law and specified in the context of each individual urgent use case by the law enforcement authority itself. In addition, the law enforcement authority should in such situations request such authorisation while providing the reasons for not having been able to request it earlier, without undue delay and at the latest within 24 hours. If such an authorisation is rejected, the use of real-time biometric identification systems linked to that authorisation should cease with immediate effect and all the data related to such use should be discarded and deleted. Such data includes input data directly acquired by an AI system in the course of the use of such system as well as the results and outputs of the use linked to that authorisation. It should not include input that is legally acquired in accordance with another Union or national law. In any case, no decision producing an adverse legal effect on a person should be taken based solely on the output of the remote biometric identification system.
(35)
Za vsako uporabo sistema za biometrično identifikacijo na daljavo v realnem času v javno dostopnih prostorih za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj bi bilo treba pridobiti izrecno in posebno dovoljenje sodnega organa ali neodvisnega upravnega organa države članice, katerega odločitev je zavezujoča. Tako dovoljenje bi bilo treba načeloma pridobiti pred uporabo sistema UI za identifikacijo osebe ali oseb. Izjeme od tega pravila bi morale biti dovoljene v ustrezno utemeljenih nujnih primerih iz nujnih razlogov, tj. v primerih, ko je uporaba zadevnih sistemov potrebna do te mere, da je dejansko in objektivno nemogoče pridobiti dovoljenje pred začetkom uporabe sistema UI. V takih nujnih primerih bi bilo treba uporabo sistema UI omejiti na absolutni minimum, zanjo pa bi morali veljati ustrezni zaščitni ukrepi in pogoji, kot jih določa nacionalno pravo ter kot jih v okviru vsakega posameznega primera nujne uporabe določi organ za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj. Poleg tega bi moral organ za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj v takšnih primerih zaprositi za tako dovoljenje, hkrati pa navesti razloge, zakaj ga ni mogel zahtevati prej, brez nepotrebnega odlašanja in najpozneje v 24 urah. Če se tako dovoljenje zavrne, bi bilo treba takoj prenehati uporabljati sisteme za biometrično identifikacijo v realnem času, povezane s tem dovoljenjem, vse podatke, povezane s tako uporabo, pa bi bilo treba zavreči in izbrisati. Takšni podatki vključujejo vhodne podatke, ki jih sistem UI pridobi neposredno med uporabo takega sistema, ter rezultate in izhodne podatke uporabe, povezane s tem dovoljenjem. Ne bi smeli vključevati vhodnih podatkov, ki so zakonito pridobljeni v skladu z drugim pravom Unije ali nacionalnim pravom. V nobenem primeru odločitve, ki bi imela škodljiv pravni učinek na osebo, ne bi smeli sprejeti izključno na podlagi izhodnih podatkov sistema za biometrično identifikacijo na daljavo.
(36)
In order to carry out their tasks in accordance with the requirements set out in this Regulation as well as in national rules, the relevant market surveillance authority and the national data protection authority should be notified of each use of the real-time biometric identification system. Market surveillance authorities and the national data protection authorities that have been notified should submit to the Commission an annual report on the use of real-time biometric identification systems.
(36)
Da bi lahko ustrezni organ za nadzor trga in nacionalni organ za varstvo podatkov izvajala svoje naloge v skladu z zahtevami iz te uredbe in nacionalnih pravil, bi ju bilo treba obvestiti o vsaki uporabi sistema za biometrično identifikacijo v realnem času. Organi za nadzor trga in nacionalni organi za varstvo podatkov, ki so bili obveščeni, bi morali Komisiji predložiti letno poročilo o uporabi sistemov za biometrično identifikacijo v realnem času.
(37)
Furthermore, it is appropriate to provide, within the exhaustive framework set by this Regulation that such use in the territory of a Member State in accordance with this Regulation should only be possible where and in as far as the Member State concerned has decided to expressly provide for the possibility to authorise such use in its detailed rules of national law. Consequently, Member States remain free under this Regulation not to provide for such a possibility at all or to only provide for such a possibility in respect of some of the objectives capable of justifying authorised use identified in this Regulation. Such national rules should be notified to the Commission within 30 days of their adoption.
(37)
Poleg tega je v izčrpnem okviru, določenem s to uredbo, primerno določiti, da bi morala biti taka uporaba na ozemlju države članice v skladu s to uredbo mogoča le, kadar in kolikor se je zadevna država članica odločila izrecno predvideti možnost odobritve take uporabe v svojih podrobnih pravilih nacionalnega prava. Zato imajo države članice na podlagi te uredbe še naprej pravico, da take možnosti sploh ne predvidijo ali da jo predvidijo le za nekatere cilje, ki lahko upravičijo dovoljeno uporabo, opredeljeno v tej uredbi. O takih nacionalnih predpisih bi bilo treba uradno obvestiti Komisijo v 30 dneh po njihovem sprejetju.
(38)
The use of AI systems for real-time remote biometric identification of natural persons in publicly accessible spaces for the purpose of law enforcement necessarily involves the processing of biometric data. The rules of this Regulation that prohibit, subject to certain exceptions, such use, which are based on Article 16 TFEU, should apply as lex specialis in respect of the rules on the processing of biometric data contained in Article 10 of Directive (EU) 2016/680, thus regulating such use and the processing of biometric data involved in an exhaustive manner. Therefore, such use and processing should be possible only in as far as it is compatible with the framework set by this Regulation, without there being scope, outside that framework, for the competent authorities, where they act for purpose of law enforcement, to use such systems and process such data in connection thereto on the grounds listed in Article 10 of Directive (EU) 2016/680. In that context, this Regulation is not intended to provide the legal basis for the processing of personal data under Article 8 of Directive (EU) 2016/680. However, the use of real-time remote biometric identification systems in publicly accessible spaces for purposes other than law enforcement, including by competent authorities, should not be covered by the specific framework regarding such use for the purpose of law enforcement set by this Regulation. Such use for purposes other than law enforcement should therefore not be subject to the requirement of an authorisation under this Regulation and the applicable detailed rules of national law that may give effect to that authorisation.
(38)
Uporaba sistemov UI za biometrično identifikacijo fizičnih oseb na daljavo v realnem času v javno dostopnih prostorih za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj nujno vključuje obdelavo biometričnih podatkov. Pravila te uredbe, ki ob upoštevanju nekaterih izjem prepovedujejo tako uporabo, ki temelji na členu 16 PDEU, bi se morala uporabljati kot lex specialis v zvezi s pravili o obdelavi biometričnih podatkov iz člena 10 Direktive (EU) 2016/680, tako da bi izčrpno urejala tako uporabo in obdelavo zadevnih biometričnih podatkov. Zato bi morali biti taki uporaba in obdelava mogoči le, če sta združljivi z okvirom iz te uredbe, ne da bi zunaj tega okvira obstajalo področje uporabe za pristojne organe, kadar delujejo za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, za uporabo takih sistemov in obdelavo takih podatkov v zvezi z njimi na podlagi razlogov iz člena 10 Direktive (EU) 2016/680. V tem smislu ta uredba ni namenjena zagotavljanju pravne podlage za obdelavo osebnih podatkov na podlagi člena 8 Direktive (EU) 2016/680. Vendar uporaba sistemov za biometrično identifikacijo na daljavo v realnem času v javno dostopnih prostorih za namene, ki niso preprečevanje, odkrivanje in preiskovanje kaznivih dejanj, tudi s strani pristojnih organov, ne bi smela biti zajeta v posebni okvir v zvezi s tako uporabo za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, določene s to uredbo. Za tako uporabo za namene, ki niso preprečevanje, odkrivanje in preiskovanje kaznivih dejanj, zato ne bi smela veljati zahteva po dovoljenju na podlagi te uredbe in veljavnimi podrobnimi pravili nacionalnega prava, na podlagi katerih se lahko to dovoljenje uveljavi.
(39)
Any processing of biometric data and other personal data involved in the use of AI systems for biometric identification, other than in connection to the use of real-time remote biometric identification systems in publicly accessible spaces for the purpose of law enforcement as regulated by this Regulation, should continue to comply with all requirements resulting from Article 10 of Directive (EU) 2016/680. For purposes other than law enforcement, Article 9(1) of Regulation (EU) 2016/679 and Article 10(1) of Regulation (EU) 2018/1725 prohibit the processing of biometric data subject to limited exceptions as provided in those Articles. In the application of Article 9(1) of Regulation (EU) 2016/679, the use of remote biometric identification for purposes other than law enforcement has already been subject to prohibition decisions by national data protection authorities.
(39)
Pri vsaki obdelavi biometričnih podatkov in drugih osebnih podatkov, vključenih v uporabo sistemov UI za biometrično identifikacijo, razen v povezavi z uporabo sistemov za biometrično identifikacijo na daljavo v realnem času v javno dostopnih prostorih za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, kot jo ureja ta uredba, bi morale biti še naprej izpolnjene vse zahteve, ki izhajajo iz člena 10 Direktive (EU) 2016/680. Za namene, ki niso preprečevanje, odkrivanje in preiskovanje kaznivih dejanj, člen 9(1) Uredbe (EU) 2016/679 in člen 10(1) Uredbe (EU) 2018/1725 prepovedujeta obdelavo biometričnih podatkov, za katere veljajo omejene izjeme, kot so določene v navedenih členih. Pri uporabi člena 9(1) Uredbe (EU) 2016/679 za uporabo biometrične identifikacije na daljavo za namene, ki niso preprečevanje, odkrivanje in preiskovanje kaznivih dejanj, že veljajo odločitve o prepovedi s strani nacionalnih organov za varstvo podatkov.
(40)
In accordance with Article 6a of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, as annexed to the TEU and to the TFEU, Ireland is not bound by the rules laid down in Article 5(1), first subparagraph, point (g), to the extent it applies to the use of biometric categorisation systems for activities in the field of police cooperation and judicial cooperation in criminal matters, Article 5(1), first subparagraph, point (d), to the extent it applies to the use of AI systems covered by that provision, Article 5(1), first subparagraph, point (h), Article 5(2) to (6) and Article 26(10) of this Regulation adopted on the basis of Article 16 TFEU which relate to the processing of personal data by the Member States when carrying out activities falling within the scope of Chapter 4 or Chapter 5 of Title V of Part Three of the TFEU, where Ireland is not bound by the rules governing the forms of judicial cooperation in criminal matters or police cooperation which require compliance with the provisions laid down on the basis of Article 16 TFEU.
(40)
V skladu s členom 6a Protokola št. 21 o stališču Združenega kraljestva in Irske v zvezi z območjem svobode, varnosti in pravice, ki je priložen PEU in PDEU, pravila iz člena 5(1), prvi pododstavek, točka (g), kolikor se uporabljajo za uporabo sistemov biometrične kategorizacije za dejavnosti na področju policijskega in pravosodnega sodelovanja v kazenskih zadevah, iz člena 5(1), prvi pododstavek, točka (d), v obsegu, v katerem se uporablja za uporabo sistemov UI, zajetih v navedeni določbi, iz člena 5(1), prvi pododstavek, točka (h), 5(2) do (6) in iz člena 26(10) te uredbe, sprejeta na podlagi člena 16 PDEU, ki se nanašajo na obdelavo osebnih podatkov s strani držav članic, kadar izvajajo dejavnosti, ki spadajo na področje uporabe poglavja 4 ali 5 naslova V tretjega dela PDEU, za Irsko niso zavezujoča, če je ne zavezujejo pravila, ki urejajo oblike pravosodnega sodelovanja v kazenskih zadevah ali policijskega sodelovanja, v okviru katerih je treba upoštevati določbe predpisov, sprejetih na podlagi člena 16 PDEU.
(41)
In accordance with Articles 2 and 2a of Protocol No 22 on the position of Denmark, annexed to the TEU and to the TFEU, Denmark is not bound by rules laid down in Article 5(1), first subparagraph, point (g), to the extent it applies to the use of biometric categorisation systems for activities in the field of police cooperation and judicial cooperation in criminal matters, Article 5(1), first subparagraph, point (d), to the extent it applies to the use of AI systems covered by that provision, Article 5(1), first subparagraph, point (h), (2) to (6) and Article 26(10) of this Regulation adopted on the basis of Article 16 TFEU, or subject to their application, which relate to the processing of personal data by the Member States when carrying out activities falling within the scope of Chapter 4 or Chapter 5 of Title V of Part Three of the TFEU.
(41)
V skladu s členoma 2 in 2a Protokola št. 22 o stališču Danske, ki je priložen PEU in PDEU, Danske ne zavezujejo in se zanjo ne uporabljajo pravila iz člena 5(1), prvi pododstavek, točka (g), kolikor se uporabljajo za uporabo sistemov biometrične kategorizacije za dejavnosti na področju policijskega in pravosodnega sodelovanja v kazenskih zadevah, iz člena 5(1), prvi pododstavek, točka (d), v obsegu, v katerem se uporabljata za uporabo sistemov UI, zajetih v navedeni določbi, iz člena 5(1), prvi pododstavek, točka (h), člena 5(2) do (6) in iz člena 26(10) te uredbe, sprejeta na podlagi člena 16 PDEU, ki se nanašajo na obdelavo osebnih podatkov s strani držav članic, kadar izvajajo dejavnosti, ki spadajo na področje uporabe poglavja 4 ali 5 naslova V tretjega dela PDEU.
(42)
In line with the presumption of innocence, natural persons in the Union should always be judged on their actual behaviour. Natural persons should never be judged on AI-predicted behaviour based solely on their profiling, personality traits or characteristics, such as nationality, place of birth, place of residence, number of children, level of debt or type of car, without a reasonable suspicion of that person being involved in a criminal activity based on objective verifiable facts and without human assessment thereof. Therefore, risk assessments carried out with regard to natural persons in order to assess the likelihood of their offending or to predict the occurrence of an actual or potential criminal offence based solely on profiling them or on assessing their personality traits and characteristics should be prohibited. In any case, that prohibition does not refer to or touch upon risk analytics that are not based on the profiling of individuals or on the personality traits and characteristics of individuals, such as AI systems using risk analytics to assess the likelihood of financial fraud by undertakings on the basis of suspicious transactions or risk analytic tools to predict the likelihood of the localisation of narcotics or illicit goods by customs authorities, for example on the basis of known trafficking routes.
(42)
V skladu z domnevo nedolžnosti bi bilo treba fizične osebe v Uniji zmeraj presojati glede na njihovo dejansko ravnanje. Nikoli jih ne bi smeli presojati na podlagi ravnanja, ki ga predvideva UI zgolj na podlagi njihovega oblikovanja profilov, osebnostnih lastnosti ali značilnosti, kot so državljanstvo, kraj rojstva, kraj prebivališča, število otrok, stopnja zadolženosti ali vrsta avtomobila, brez utemeljenih razlogov za sum, da je bila ta oseba vpletena v kriminalno dejavnost na podlagi objektivnih preverljivih dejstev in brez človeške ocene. Zato bi bilo treba prepovedati ocene tveganja, ki se izvajajo v zvezi s fizičnimi osebami, da se oceni verjetnost, da bodo te osebe storile kaznivo dejanje, ali da se predvidi dejansko ali potencialno kaznivo dejanje samo na podlagi oblikovanja profilov teh fizičnih oseb ali ocene njihovih osebnostnih lastnosti in značilnosti. V nobenem primeru ta prepoved ne vključuje ali se ne nanaša na analizo tveganja, ki ne temelji na oblikovanju profilov oseb ali na osebnostnih lastnostih in značilnostih posameznikov, kot so sistemi UI, ki uporabljajo analizo tveganja za oceno verjetnosti finančnih goljufij s strani podjetij na podlagi sumljivih transakcij ali orodij za analizo tveganja, ki omogočajo napovedovanje verjetnosti lokalizacije prepovedanih drog ali nezakonitega blaga s strani carinskih organov, na primer na podlagi znanih trgovskih poti.
(43)
The placing on the market, the putting into service for that specific purpose, or the use of AI systems that create or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage, should be prohibited because that practice adds to the feeling of mass surveillance and can lead to gross violations of fundamental rights, including the right to privacy.
(43)
Treba bi bilo prepovedati dajanje na trg, dajanje v uporabo za ta posebni namen ali uporabo sistemov UI, ki ustvarjajo ali širijo podatkovne zbirke za prepoznavanje obrazov z neciljnim odvzemom podob obraza z interneta ali posnetkov sistema CCTV, saj ta praksa prispeva k občutku množičnega nadzora in lahko povzroči hude kršitve temeljnih pravic, vključno s pravico do zasebnosti.
(44)
There are serious concerns about the scientific basis of AI systems aiming to identify or infer emotions, particularly as expression of emotions vary considerably across cultures and situations, and even within a single individual. Among the key shortcomings of such systems are the limited reliability, the lack of specificity and the limited generalisability. Therefore, AI systems identifying or inferring emotions or intentions of natural persons on the basis of their biometric data may lead to discriminatory outcomes and can be intrusive to the rights and freedoms of the concerned persons. Considering the imbalance of power in the context of work or education, combined with the intrusive nature of these systems, such systems could lead to detrimental or unfavourable treatment of certain natural persons or whole groups thereof. Therefore, the placing on the market, the putting into service, or the use of AI systems intended to be used to detect the emotional state of individuals in situations related to the workplace and education should be prohibited. That prohibition should not cover AI systems placed on the market strictly for medical or safety reasons, such as systems intended for therapeutical use.
(44)
Obstajajo resni pomisleki glede znanstvene podlage sistemov UI, katerih namen je prepoznavanje čustev ali sklepanje o njih, zlasti zato, ker se izražanje čustev med kulturami in okoliščinami ter celo pri enem samem posamezniku zelo razlikuje. Med ključnimi pomanjkljivostmi takšnih sistemov so omejena zanesljivost, premajhna specifičnost in omejena možnost posplošitve. Zato lahko sistemi UI, ki prepoznavajo čustva ali namere fizičnih oseb na podlagi svojih biometričnih podatkov ali ki iz njih sklepajo, vodijo do diskriminatornih rezultatov ter posegajo v pravice in svoboščine zadevnih oseb. Glede na neravnovesje moči v kontekstu dela ali izobraževanja ter intruzivne narave teh sistemov bi lahko takšni sistemi povzročili škodljivo ali neugodno obravnavo nekaterih fizičnih oseb ali celotnih skupin fizičnih oseb. Zato bi bilo treba prepovedati dajanje na trg, dajanje v uporabo ali uporabo sistemov UI, namenjenih odkrivanju čustvenega stanja posameznikov v situacijah, povezanih z delovnim mestom in izobraževanjem. Ta prepoved ne bi smela zajemati sistemov UI, danih na trg izključno iz zdravstvenih ali varnostnih razlogov, kot so sistemi za terapevtsko uporabo.
(45)
Practices that are prohibited by Union law, including data protection law, non-discrimination law, consumer protection law, and competition law, should not be affected by this Regulation.
(45)
Ta uredba ne bi smela vplivati na prakse, ki jih prepoveduje pravo Unije, vključno s pravom o varstvu podatkov, pravom o nediskriminaciji, pravom o varstvu potrošnikov in konkurenčnim pravom.
(46)
High-risk AI systems should only be placed on the Union market, put into service or used if they comply with certain mandatory requirements. Those requirements should ensure that high-risk AI systems available in the Union or whose output is otherwise used in the Union do not pose unacceptable risks to important Union public interests as recognised and protected by Union law. On the basis of the New Legislative Framework, as clarified in the Commission notice ‘The “Blue Guide” on the implementation of EU product rules 2022’ (20), the general rule is that more than one legal act of Union harmonisation legislation, such as Regulations (EU) 2017/745 (21) and (EU) 2017/746 (22) of the European Parliament and of the Council or Directive 2006/42/EC of the European Parliament and of the Council (23), may be applicable to one product, since the making available or putting into service can take place only when the product complies with all applicable Union harmonisation legislation. To ensure consistency and avoid unnecessary administrative burdens or costs, providers of a product that contains one or more high-risk AI systems, to which the requirements of this Regulation and of the Union harmonisation legislation listed in an annex to this Regulation apply, should have flexibility with regard to operational decisions on how to ensure compliance of a product that contains one or more AI systems with all applicable requirements of the Union harmonisation legislation in an optimal manner. AI systems identified as high-risk should be limited to those that have a significant harmful impact on the health, safety and fundamental rights of persons in the Union and such limitation should minimise any potential restriction to international trade.
(46)
Visokotvegane sisteme UI bi bilo treba dati na trg Unije ali v uporabo ali jih uporabiti le, če izpolnjujejo nekatere obvezne zahteve. Navedene zahteve bi morale zagotoviti, da visokotvegani sistemi UI, ki so na voljo v Uniji ali katerih izhodni podatki se drugače uporabljajo v Uniji, ne predstavljajo nesprejemljivega tveganja za pomembne javne interese Unije, kot jih priznava in varuje pravo Unije. Kot je pojasnjeno v obvestilu Komisije „Modri vodnik“ o izvajanju pravil EU o proizvodih iz leta 2022 (20), je na podlagi novega zakonodajnega okvira splošno pravilo, da se več kot en pravni akt harmonizacijske zakonodaje Unije, kot sta uredbi (EU) 2017/745 (21) in (EU) 2017/746 (22) Evropskega parlamenta in Sveta ter Direktiva 2006/42/ES Evropskega parlamenta in Sveta (23), lahko uporablja za en proizvod, saj se lahko omogočanje dostopnosti ali dajanje v uporabo izvede le, če je proizvod skladen z vso veljavno harmonizacijsko zakonodajo Unije. Da bi zagotovili doslednost in preprečili nepotrebna upravna bremena ali stroške, bi morali ponudnikom proizvoda, ki vsebuje enega ali več visokotveganih sistemov UI, za katere se uporabljajo zahteve iz te uredbe in harmonizacijske zakonodaje Unije iz priloge k tej uredbi, omogočiti prožnost glede operativnih odločitev o tem, kako na optimalen način zagotoviti skladnost proizvoda, ki vsebuje enega ali več sistemov UI, z vsemi veljavnimi zahtevami harmonizacijske zakonodaje Unije. Sistemi UI, opredeljeni kot visokotvegani, bi morali biti omejeni na tiste, ki imajo znaten škodljiv vpliv na zdravje, varnost in temeljne pravice oseb v Uniji, taka omejitev pa bi morala čim bolj zmanjšati morebitno omejevanje mednarodne trgovine.
(47)
AI systems could have an adverse impact on the health and safety of persons, in particular when such systems operate as safety components of products. Consistent with the objectives of Union harmonisation legislation to facilitate the free movement of products in the internal market and to ensure that only safe and otherwise compliant products find their way into the market, it is important that the safety risks that may be generated by a product as a whole due to its digital components, including AI systems, are duly prevented and mitigated. For instance, increasingly autonomous robots, whether in the context of manufacturing or personal assistance and care should be able to safely operate and performs their functions in complex environments. Similarly, in the health sector where the stakes for life and health are particularly high, increasingly sophisticated diagnostics systems and systems supporting human decisions should be reliable and accurate.
(47)
Sistemi UI bi lahko imeli škodljiv učinek na zdravje in varnost ljudi, zlasti kadar taki sistemi delujejo kot varnostne komponente proizvodov. V skladu s cilji harmonizacijske zakonodaje Unije, da se olajša prosti pretok proizvodov na notranjem trgu ter zagotovi, da na trg pridejo le varni in skladni proizvodi, je pomembno, da se ustrezno preprečijo in zmanjšajo varnostna tveganja, ki jih lahko povzroči proizvod kot celota zaradi svojih digitalnih komponent, vključno s sistemi UI. Vse bolj avtonomni roboti, ki se uporabljajo v proizvodnji ali za osebno pomoč in oskrbo, bi morali biti na primer sposobni varno delovati in opravljati svoje funkcije v kompleksnih okoljih. Podobno bi morali biti v zdravstvenem sektorju, v katerem je tveganje za življenje in zdravje še posebej veliko, vse bolj izpopolnjeni diagnostični sistemi in sistemi, ki podpirajo človeške odločitve, zanesljivi in točni.
(48)
The extent of the adverse impact caused by the AI system on the fundamental rights protected by the Charter is of particular relevance when classifying an AI system as high risk. Those rights include the right to human dignity, respect for private and family life, protection of personal data, freedom of expression and information, freedom of assembly and of association, the right to non-discrimination, the right to education, consumer protection, workers’ rights, the rights of persons with disabilities, gender equality, intellectual property rights, the right to an effective remedy and to a fair trial, the right of defence and the presumption of innocence, and the right to good administration. In addition to those rights, it is important to highlight the fact that children have specific rights as enshrined in Article 24 of the Charter and in the United Nations Convention on the Rights of the Child, further developed in the UNCRC General Comment No 25 as regards the digital environment, both of which require consideration of the children’s vulnerabilities and provision of such protection and care as necessary for their well-being. The fundamental right to a high level of environmental protection enshrined in the Charter and implemented in Union policies should also be considered when assessing the severity of the harm that an AI system can cause, including in relation to the health and safety of persons.
(48)
Pri razvrstitvi sistema UI med sisteme visokega tveganja je zlasti pomemben obseg škodljivega vpliva sistema UI na temeljne pravice, varovane z Listino. Te pravice vključujejo pravico do človekovega dostojanstva, spoštovanja zasebnega in družinskega življenja, varstvo osebnih podatkov, svobodo izražanja in obveščanja, svobodo zbiranja in združevanja, pravico do nediskriminacije, pravico do izobraževanja, varstvo potrošnikov, pravice delavcev, pravice invalidov, enakost spolov, pravice intelektualne lastnine, pravico do učinkovitega pravnega sredstva in nepristranskega sodišča, pravico do obrambe in domneve nedolžnosti ter pravico do dobrega upravljanja. Poleg teh pravic je treba poudariti tudi dejstvo, da imajo otroci posebne pravice, zapisane v členu 24 Listine in v Konvenciji Združenih narodov o otrokovih pravicah (v zvezi z digitalnim okoljem ter podrobneje opredeljene v splošni pripombi št. 25 KZNOP), ki zahtevata upoštevanje šibkih točk otrok ter zagotavljanje zaščite in varstva, ki sta potrebna za njihovo dobro počutje. Pri ocenjevanju resnosti škode, ki jo lahko povzroči sistem UI, je treba upoštevati tudi temeljno pravico do visoke ravni varstva okolja, ki je zapisana v Listini in se izvaja v politikah Unije, tudi v zvezi z zdravjem in varnostjo oseb.
(49)
As regards high-risk AI systems that are safety components of products or systems, or which are themselves products or systems falling within the scope of Regulation (EC) No 300/2008 of the European Parliament and of the Council (24), Regulation (EU) No 167/2013 of the European Parliament and of the Council (25), Regulation (EU) No 168/2013 of the European Parliament and of the Council (26), Directive 2014/90/EU of the European Parliament and of the Council (27), Directive (EU) 2016/797 of the European Parliament and of the Council (28), Regulation (EU) 2018/858 of the European Parliament and of the Council (29), Regulation (EU) 2018/1139 of the European Parliament and of the Council (30), and Regulation (EU) 2019/2144 of the European Parliament and of the Council (31), it is appropriate to amend those acts to ensure that the Commission takes into account, on the basis of the technical and regulatory specificities of each sector, and without interfering with existing governance, conformity assessment and enforcement mechanisms and authorities established therein, the mandatory requirements for high-risk AI systems laid down in this Regulation when adopting any relevant delegated or implementing acts on the basis of those acts.
(49)
Kar zadeva visokotvegane sisteme UI, ki so varnostne komponente proizvodov ali sistemov ali so sami proizvodi ali sistemi, ki spadajo na področje uporabe Uredbe (ES) št. 300/2008 Evropskega parlamenta in Sveta (24), Uredbe (EU) št. 167/2013 Evropskega parlamenta in Sveta (25), Uredbe (EU) št. 168/2013 Evropskega parlamenta in Sveta (26), Direktive 2014/90/EU Evropskega parlamenta in Sveta (27), Direktive (EU) 2016/797 Evropskega parlamenta in Sveta (28), Uredbe (EU) 2018/858 Evropskega parlamenta in Sveta (29), Uredbe (EU) 2018/1139 Evropskega parlamenta in Sveta (30) ter Uredbe (EU) 2019/2144 Evropskega parlamenta in Sveta (31), je primerno spremeniti navedene akte, da bi zagotovili, da Komisija na podlagi tehničnih in regulativnih posebnosti vsakega sektorja ter brez poseganja v obstoječe mehanizme upravljanja, ugotavljanja skladnosti in izvrševanja ter delo organov, določenih v njih, pri sprejemanju ustreznih delegiranih ali izvedbenih aktov v skladu z navedenimi akti upošteva obvezne zahteve za visokotvegane sisteme UI iz te uredbe.
(50)
As regards AI systems that are safety components of products, or which are themselves products, falling within the scope of certain Union harmonisation legislation listed in an annex to this Regulation, it is appropriate to classify them as high-risk under this Regulation if the product concerned undergoes the conformity assessment procedure with a third-party conformity assessment body pursuant to that relevant Union harmonisation legislation. In particular, such products are machinery, toys, lifts, equipment and protective systems intended for use in potentially explosive atmospheres, radio equipment, pressure equipment, recreational craft equipment, cableway installations, appliances burning gaseous fuels, medical devices, in vitro diagnostic medical devices, automotive and aviation.
(50)
Kar zadeva sisteme UI, ki so varnostne komponente proizvodov ali so sami proizvodi s področja uporabe določene harmonizacijske zakonodaje Unije, navedene v prilogi k tej uredbi, jih je primerno na podlagi te uredbe razvrstiti med sisteme visokega tveganja, če je zadevni proizvod v postopku ugotavljanja skladnosti pri organu, ki izvaja ugotavljanje skladnosti s strani tretjih oseb na podlagi ustrezne harmonizacijske zakonodaje Unije. Taki proizvodi so zlasti stroji, igrače, dvigala, oprema in zaščitni sistemi za uporabo v potencialno eksplozivnih atmosferah, radijska oprema, tlačna oprema, oprema za plovila za rekreacijo, žičniške naprave, naprave, v katerih zgoreva plinasto gorivo, medicinski pripomočki in vitro diagnostični medicinski pripomočki, avtomobili in letala.
(51)
The classification of an AI system as high-risk pursuant to this Regulation should not necessarily mean that the product whose safety component is the AI system, or the AI system itself as a product, is considered to be high-risk under the criteria established in the relevant Union harmonisation legislation that applies to the product. This is, in particular, the case for Regulations (EU) 2017/745 and (EU) 2017/746, where a third-party conformity assessment is provided for medium-risk and high-risk products.
(51)
Razvrstitev sistema UI kot visokotveganega na podlagi te uredbe ne bi smela nujno pomeniti, da se proizvod, katerega varnostna komponenta je sistem UI, ali sam sistem UI kot proizvod šteje za visokotvegan na podlagi meril iz ustrezne harmonizacijske zakonodaje Unije, ki se uporablja za proizvod. To zlasti velja za uredbi (EU) 2017/745 in (EU) 2017/746, pri katerih je ugotavljanje skladnosti, ki ga opravi tretja oseba, zagotovljeno za izdelke srednjega in visokega tveganja.
(52)
As regards stand-alone AI systems, namely high-risk AI systems other than those that are safety components of products, or that are themselves products, it is appropriate to classify them as high-risk if, in light of their intended purpose, they pose a high risk of harm to the health and safety or the fundamental rights of persons, taking into account both the severity of the possible harm and its probability of occurrence and they are used in a number of specifically pre-defined areas specified in this Regulation. The identification of those systems is based on the same methodology and criteria envisaged also for any future amendments of the list of high-risk AI systems that the Commission should be empowered to adopt, via delegated acts, to take into account the rapid pace of technological development, as well as the potential changes in the use of AI systems.
(52)
Kar zadeva samostojne sisteme UI in zlasti visokotvegane sisteme UI, razen tistih, ki so varnostne komponente proizvodov ali ki so sami proizvodi, jih je primerno razvrstiti kot sisteme visokega tveganja, če glede na svoj predvideni namen predstavljajo visoko tveganje škode za zdravje in varnost ali temeljne pravice oseb, ob upoštevanju resnosti možne škode in verjetnosti njenega nastanka, ter se uporabljajo na več posebej vnaprej opredeljenih področjih, določenih v Uredbi. Opredelitev teh sistemov temelji na isti metodologiji in merilih, kot so predvideni tudi za morebitne prihodnje spremembe seznama visokotveganih sistemov UI, za katere bi bilo treba Komisijo pooblastiti, da jih sprejme z delegiranimi akti, da bi upoštevali hiter tehnološki razvoj in morebitne spremembe v uporabi sistemov UI.
(53)
It is also important to clarify that there may be specific cases in which AI systems referred to in pre-defined areas specified in this Regulation do not lead to a significant risk of harm to the legal interests protected under those areas because they do not materially influence the decision-making or do not harm those interests substantially. For the purposes of this Regulation, an AI system that does not materially influence the outcome of decision-making should be understood to be an AI system that does not have an impact on the substance, and thereby the outcome, of decision-making, whether human or automated. An AI system that does not materially influence the outcome of decision-making could include situations in which one or more of the following conditions are fulfilled. The first such condition should be that the AI system is intended to perform a narrow procedural task, such as an AI system that transforms unstructured data into structured data, an AI system that classifies incoming documents into categories or an AI system that is used to detect duplicates among a large number of applications. Those tasks are of such narrow and limited nature that they pose only limited risks which are not increased through the use of an AI system in a context that is listed as a high-risk use in an annex to this Regulation. The second condition should be that the task performed by the AI system is intended to improve the result of a previously completed human activity that may be relevant for the purposes of the high-risk uses listed in an annex to this Regulation. Considering those characteristics, the AI system provides only an additional layer to a human activity with consequently lowered risk. That condition would, for example, apply to AI systems that are intended to improve the language used in previously drafted documents, for example in relation to professional tone, academic style of language or by aligning text to a certain brand messaging. The third condition should be that the AI system is intended to detect decision-making patterns or deviations from prior decision-making patterns. The risk would be lowered because the use of the AI system follows a previously completed human assessment which it is not meant to replace or influence, without proper human review. Such AI systems include for instance those that, given a certain grading pattern of a teacher, can be used to check ex post whether the teacher may have deviated from the grading pattern so as to flag potential inconsistencies or anomalies. The fourth condition should be that the AI system is intended to perform a task that is only preparatory to an assessment relevant for the purposes of the AI systems listed in an annex to this Regulation, thus making the possible impact of the output of the system very low in terms of representing a risk for the assessment to follow. That condition covers, inter alia, smart solutions for file handling, which include various functions from indexing, searching, text and speech processing or linking data to other data sources, or AI systems used for translation of initial documents. In any case, AI systems used in high-risk use-cases listed in an annex to this Regulation should be considered to pose significant risks of harm to the health, safety or fundamental rights if the AI system implies profiling within the meaning of Article 4, point (4) of Regulation (EU) 2016/679 or Article 3, point (4) of Directive (EU) 2016/680 or Article 3, point (5) of Regulation (EU) 2018/1725. To ensure traceability and transparency, a provider who considers that an AI system is not high-risk on the basis of the conditions referred to above should draw up documentation of the assessment before that system is placed on the market or put into service and should provide that documentation to national competent authorities upon request. Such a provider should be obliged to register the AI system in the EU database established under this Regulation. With a view to providing further guidance for the practical implementation of the conditions under which the AI systems listed in an annex to this Regulation are, on an exceptional basis, non-high-risk, the Commission should, after consulting the Board, provide guidelines specifying that practical implementation, completed by a comprehensive list of practical examples of use cases of AI systems that are high-risk and use cases that are not.
(53)
Treba je tudi pojasniti, da lahko obstajajo posebni primeri, v katerih sistemi UI, ki se nanašajo na vnaprej določena področja, navedena v tej uredbi, ne povzročajo znatnega tveganja škode za pravne interese, zaščitene na teh področjih, ker ne vplivajo bistveno na odločanje ali ne škodujejo bistveno tem interesom. Za namene te uredbe bi bilo treba sistem UI, ki ne vpliva bistveno na izid odločanja, razumeti kot sistem UI, ki ne vpliva na vsebino in s tem na rezultat odločanja, bodisi človeškega ali avtomatiziranega. Sistem UI, ki ne vpliva bistveno na izid odločanja, bi lahko vključeval primere, v katerih je izpolnjen eden ali več naslednjih pogojev. Prvi tak pogoj bi moral biti, da je sistem UI namenjen opravljanju ozke postopkovne naloge, kot je sistem UI, ki nestrukturirane podatke pretvori v strukturirane podatke, sistem UI, ki prejete dokumente razvršča v kategorije, ali sistem UI, ki se uporablja za odkrivanje duplikatov v številnih aplikacijah. Te naloge so tako ozke in omejene, da predstavljajo le omejena tveganja, ki se z uporabo sistema UI v okviru, ki je v prilogi k tej uredbi naveden kot uporaba, povezana z visokim tveganjem, ne povečajo. Drugi pogoj bi moral biti, da je namen naloge, ki jo opravlja sistem UI, izboljšati rezultat predhodno zaključene človeške dejavnosti, ki bi lahko bila pomembna za namene visokotvegane uporabe, navedene v prilogi k tej uredbi. Glede na te značilnosti sistem UI zagotavlja le dodatno plast človeške dejavnosti s posledično manjšim tveganjem. Ta pogoj bi se na primer uporabljal za sisteme UI, katerih namen je izboljšati jezik, ki se uporablja v predhodno pripravljenih dokumentih, na primer v zvezi s poklicnim tonom, akademskim slogom jezika ali uskladitvijo besedila s sporočili določene blagovne znamke. Tretji pogoj bi moral biti, da je sistem UI namenjen odkrivanju vzorcev odločanja ali odstopanj od vzorcev predhodnega odločanja. Tveganje bi se zmanjšalo, ker uporaba sistema UI sledi predhodno opravljeni človeški oceni in ni namenjena temu, da bi jo nadomestila ali nanjo vplivala brez ustreznega človeškega pregleda. Takšni sistemi UI vključujejo na primer sisteme, ki se lahko glede na določen vzorec, po katerem neki učitelj ocenjuje, uporabijo za naknadno preverjanje, ali je učitelj morda odstopal od tega vzorca, da bi opozorili na morebitne nedoslednosti ali nepravilnosti. Četrti pogoj bi moral biti, da je sistem UI namenjen opravljanju naloge, ki je le pripravljalna za oceno, relevantno za namene sistemov UI, navedenih v prilogi k tej uredbi, s čimer bi bil morebitni učinek izhodnih podatkov sistema zelo majhen v smislu tveganja, ki ga je treba upoštevati pri oceni. Ta pogoj med drugim zajema pametne rešitve za ravnanje z datotekami, ki vključujejo različne funkcije, kot so indeksiranje, iskanje, obdelava besedil in govora ali povezovanje podatkov z drugimi viri podatkov, ali sisteme UI, ki se uporabljajo za prevajanje prvotnih dokumentov. V vsakem primeru bi bilo treba šteti, da sistemi UI, ki se uporabljajo v primerih uporabe visokega tveganja, navedeni v prilogi k tej uredbi, predstavljajo znatno tveganje škode za zdravje, varnost ali temeljne pravice, če sistem UI vključuje oblikovanje profilov v smislu člena 4, točka 4, Uredbe (EU) 2016/679 ali člena 3, točka 4, Direktive (EU) 2016/680 ali člena 3, točka 5, Uredbe (EU) 2018/1725. Da bi zagotovili sledljivosti in preglednost, bi moral ponudnik, ki meni, da sistem UI na podlagi zgoraj navedenih pogojev ne predstavlja visokega tveganja, pripraviti dokumentacijo o oceni, preden se ta sistem da na trg ali v uporabo, in bi moral to dokumentacijo na zahtevo predložiti pristojnim nacionalnim organom. Takšen ponudnik bi moral sistem UI registrirati v podatkovni zbirki EU, vzpostavljeni s to uredbo. Da bi zagotovili dodatne smernice za praktično izvajanje pogojev, pod katerimi sistemi UI navedeni v prilogi k tej uredbi, izjemoma ne predstavljajo visokega tveganja, bi morala Komisija po posvetovanju z Odborom zagotoviti smernice, v katerih bi bilo določeno, da se praktično izvajanje dopolni s celovitim seznamom praktičnih primerov uporabe visoko tveganih sistemov UI in sistemov UI, ki to niso.
(54)
As biometric data constitutes a special category of personal data, it is appropriate to classify as high-risk several critical-use cases of biometric systems, insofar as their use is permitted under relevant Union and national law. Technical inaccuracies of AI systems intended for the remote biometric identification of natural persons can lead to biased results and entail discriminatory effects. The risk of such biased results and discriminatory effects is particularly relevant with regard to age, ethnicity, race, sex or disabilities. Remote biometric identification systems should therefore be classified as high-risk in view of the risks that they pose. Such a classification excludes AI systems intended to be used for biometric verification, including authentication, the sole purpose of which is to confirm that a specific natural person is who that person claims to be and to confirm the identity of a natural person for the sole purpose of having access to a service, unlocking a device or having secure access to premises. In addition, AI systems intended to be used for biometric categorisation according to sensitive attributes or characteristics protected under Article 9(1) of Regulation (EU) 2016/679 on the basis of biometric data, in so far as these are not prohibited under this Regulation, and emotion recognition systems that are not prohibited under this Regulation, should be classified as high-risk. Biometric systems which are intended to be used solely for the purpose of enabling cybersecurity and personal data protection measures should not be considered to be high-risk AI systems.
(54)
Ker so biometrični podatki posebna kategorija osebnih podatkov, je primerno, da se več kritičnih primerov uporabe biometričnih sistemov razvrsti kot visokotvegane, če je njihova uporaba dovoljena na podlagi ustreznega prava Unije in nacionalnega prava. Tehnične netočnosti sistemov UI, namenjenih za biometrično identifikacijo fizičnih oseb na daljavo, lahko vodijo do pristranskih rezultatov in diskriminatornih učinkov. Tveganje takšnih pristranskih rezultatov in diskriminatornih učinkov je zlasti pomembno v zvezi s starostjo, etnično pripadnostjo, raso, spolom ali invalidnostjo. Glede na tveganja, ki jih predstavljajo sistemi za biometrično identifikacijo na daljavo, bi jih bilo treba razvrstiti kot sisteme visokega tveganja. Takšna razvrstitev izključuje sisteme UI za biometrično preverjanje, tudi avtentikacijo, katerih edini namen je potrditi, da je določena fizična oseba res ta, za katero se predstavlja, in potrditi identiteto fizične osebe izključno zaradi dostopa do storitve, odklepanja naprave ali varnega dostopa do prostorov. Poleg tega bi bilo kot sisteme visokega tveganja treba razvrstiti sisteme UI, namenjene uporabi za biometrično kategorizacijo v skladu z občutljivimi lastnostmi ali značilnostmi, zaščitenimi na podlagi člena 9(1) Uredbe (EU) 2016/679 na podlagi biometričnih podatkov, če ti niso prepovedani s to uredbo, in sisteme za prepoznavanje čustev, ki niso prepovedani s to uredbo. Biometrični sistemi, ki naj bi se uporabljali izključno za omogočanje ukrepov za kibernetsko varnost in varstvo osebnih podatkov, ne bi smeli šteti za visokotvegane sisteme UI.
(55)
As regards the management and operation of critical infrastructure, it is appropriate to classify as high-risk the AI systems intended to be used as safety components in the management and operation of critical digital infrastructure as listed in point (8) of the Annex to Directive (EU) 2022/2557, road traffic and the supply of water, gas, heating and electricity, since their failure or malfunctioning may put at risk the life and health of persons at large scale and lead to appreciable disruptions in the ordinary conduct of social and economic activities. Safety components of critical infrastructure, including critical digital infrastructure, are systems used to directly protect the physical integrity of critical infrastructure or the health and safety of persons and property but which are not necessary in order for the system to function. The failure or malfunctioning of such components might directly lead to risks to the physical integrity of critical infrastructure and thus to risks to health and safety of persons and property. Components intended to be used solely for cybersecurity purposes should not qualify as safety components. Examples of safety components of such critical infrastructure may include systems for monitoring water pressure or fire alarm controlling systems in cloud computing centres.
(55)
V zvezi z upravljanjem in delovanjem kritične infrastrukture je primerno, da se sistemi UI, namenjeni uporabi kot varnostne komponente pri upravljanju in delovanju kritične digitalne infrastrukture, navedene v točki 8 iz Priloge k Direktivi (EU) 2022/2557, cestnega prometa ter oskrbi z vodo, plinom, ogrevanjem in električno energijo, razvrstijo kot sistemi visokega tveganja, saj lahko njihovo nedelovanje ali okvara delovanja ogrožajo življenje in zdravje ljudi v velikem obsegu ter povzročijo občutne motnje v rednem izvajanju družbenih in gospodarskih dejavnosti. Varnostne komponente kritične infrastrukture, vključno s kritično digitalno infrastrukturo, so sistemi, ki se uporabljajo za neposredno zaščito fizične celovitosti kritične infrastrukture ali zdravja in varnosti oseb in premoženja, vendar niso potrebne za delovanje sistema. Nedelovanje ali okvara takih komponent bi lahko povzročila neposredno tveganje za fizično celovitost kritične infrastrukture ter posledično tveganje za zdravje in varnost oseb in premoženja. Komponente, namenjene izključno za uporabo v namene kibernetske varnosti, ne bi smele šteti za varnostne komponente. Primeri varnostnih komponent takšne kritične infrastrukture lahko vključujejo sisteme za spremljanje vodnega tlaka ali sisteme za upravljanje požarnega alarma v okviru centrov računalništva v oblaku.
(56)
The deployment of AI systems in education is important to promote high-quality digital education and training and to allow all learners and teachers to acquire and share the necessary digital skills and competences, including media literacy, and critical thinking, to take an active part in the economy, society, and in democratic processes. However, AI systems used in education or vocational training, in particular for determining access or admission, for assigning persons to educational and vocational training institutions or programmes at all levels, for evaluating learning outcomes of persons, for assessing the appropriate level of education for an individual and materially influencing the level of education and training that individuals will receive or will be able to access or for monitoring and detecting prohibited behaviour of students during tests should be classified as high-risk AI systems, since they may determine the educational and professional course of a person’s life and therefore may affect that person’s ability to secure a livelihood. When improperly designed and used, such systems may be particularly intrusive and may violate the right to education and training as well as the right not to be discriminated against and perpetuate historical patterns of discrimination, for example against women, certain age groups, persons with disabilities, or persons of certain racial or ethnic origins or sexual orientation.
(56)
Uvajanje sistemov UI v izobraževanju je pomembno za spodbujanje visokokakovostnega digitalnega izobraževanja in usposabljanja, da bi vsem učencem in učiteljem omogočili pridobivanje in deljenje potrebnih digitalnih spretnosti in kompetenc, vključno z medijsko pismenostjo in kritičnim razmišljanjem ter s tem dejavno sodelovanje v gospodarstvu, družbi in demokratičnih procesih. Vendar bi bilo treba sisteme UI, ki se uporabljajo v izobraževanju ali poklicnem usposabljanju, zlasti za določanje dostopa ali sprejema ali za razvrščanje fizičnih oseb v izobraževalne ustanove ali programe in ustanove ali programe za poklicno usposabljanje na vseh ravneh za ocenjevanje učnih izidov oseb, ustrezne ravni izobrazbe posameznika in materialno vplivanje na raven izobraževanja in usposabljanja, ki jo bodo posamezniki prejeli ali bodo lahko dostopali do nje ali za spremljanje in odkrivanje prepovedanega vedenja študentov med testi, razvrstiti kot visokotvegane sisteme UI, saj lahko določajo izobraževalni in poklicni potek življenja osebe in lahko zato vplivajo na zmožnost te osebe, da si zagotovi preživljanje. Če so takšni sistemi neustrezno zasnovani in uporabljeni, lahko zlasti hudo posegajo v pravico do izobraževanja in usposabljanja ter pravico do nediskriminacije in ju lahko kršijo ter ohranjajo vzorce diskriminacije iz preteklosti, na primer žensk, nekaterih starostnih skupin, invalidov ali oseb določenega rasnega ali etničnega porekla ali spolne usmerjenosti.
(57)
AI systems used in employment, workers management and access to self-employment, in particular for the recruitment and selection of persons, for making decisions affecting terms of the work-related relationship, promotion and termination of work-related contractual relationships, for allocating tasks on the basis of individual behaviour, personal traits or characteristics and for monitoring or evaluation of persons in work-related contractual relationships, should also be classified as high-risk, since those systems may have an appreciable impact on future career prospects, livelihoods of those persons and workers’ rights. Relevant work-related contractual relationships should, in a meaningful manner, involve employees and persons providing services through platforms as referred to in the Commission Work Programme 2021. Throughout the recruitment process and in the evaluation, promotion, or retention of persons in work-related contractual relationships, such systems may perpetuate historical patterns of discrimination, for example against women, certain age groups, persons with disabilities, or persons of certain racial or ethnic origins or sexual orientation. AI systems used to monitor the performance and behaviour of such persons may also undermine their fundamental rights to data protection and privacy.
(57)
Sisteme UI, ki se uporabljajo pri zaposlovanju, upravljanju delavcev in dostopu do samozaposlitve, zlasti za zaposlovanje in izbor oseb, za sprejemanje odločitev, ki vplivajo na delovne pogoje, napredovanje ali prenehanje pogodbenih delovnih razmerij, za dodeljevanje nalog na podlagi individualnega vedenja, osebnih lastnosti ali značilnosti ter za spremljanje ali ocenjevanje oseb v z delom povezanih pogodbenih razmerjih, bi bilo treba prav tako razvrstiti med sisteme visokega tveganja, saj lahko ti sistemi občutno vplivajo na prihodnje poklicne možnosti, možnosti preživljanja teh oseb in pravice delavcev. Ustrezna pogodbena delovna razmerja bi morala smiselno vključevati zaposlene in osebe, ki zagotavljajo storitve preko platform, ki so navedene v delovnem programu Komisije za leto 2021. V celotnem postopku zaposlovanja in pri ocenjevanju, napredovanju ali ohranjanju oseb v pogodbenih delovnih razmerjih lahko taki sistemi ohranjajo vzorce diskriminacije iz preteklosti, na primer nad ženskami, določenimi starostnimi skupinami, invalidi ali osebami določenega rasnega ali etničnega porekla ali spolne usmerjenosti. Tudi sistemi UI, ki se uporabljajo za spremljanje učinkovitost in vedenja teh oseb, lahko ogrožajo njihove temeljne pravice do varstva podatkov in zasebnosti.
(58)
Another area in which the use of AI systems deserves special consideration is the access to and enjoyment of certain essential private and public services and benefits necessary for people to fully participate in society or to improve one’s standard of living. In particular, natural persons applying for or receiving essential public assistance benefits and services from public authorities namely healthcare services, social security benefits, social services providing protection in cases such as maternity, illness, industrial accidents, dependency or old age and loss of employment and social and housing assistance, are typically dependent on those benefits and services and in a vulnerable position in relation to the responsible authorities. If AI systems are used for determining whether such benefits and services should be granted, denied, reduced, revoked or reclaimed by authorities, including whether beneficiaries are legitimately entitled to such benefits or services, those systems may have a significant impact on persons’ livelihood and may infringe their fundamental rights, such as the right to social protection, non-discrimination, human dignity or an effective remedy and should therefore be classified as high-risk. Nonetheless, this Regulation should not hamper the development and use of innovative approaches in the public administration, which would stand to benefit from a wider use of compliant and safe AI systems, provided that those systems do not entail a high risk to legal and natural persons. In addition, AI systems used to evaluate the credit score or creditworthiness of natural persons should be classified as high-risk AI systems, since they determine those persons’ access to financial resources or essential services such as housing, electricity, and telecommunication services. AI systems used for those purposes may lead to discrimination between persons or groups and may perpetuate historical patterns of discrimination, such as that based on racial or ethnic origins, gender, disabilities, age or sexual orientation, or may create new forms of discriminatory impacts. However, AI systems provided for by Union law for the purpose of detecting fraud in the offering of financial services and for prudential purposes to calculate credit institutions’ and insurance undertakings’ capital requirements should not be considered to be high-risk under this Regulation. Moreover, AI systems intended to be used for risk assessment and pricing in relation to natural persons for health and life insurance can also have a significant impact on persons’ livelihood and if not duly designed, developed and used, can infringe their fundamental rights and can lead to serious consequences for people’s life and health, including financial exclusion and discrimination. Finally, AI systems used to evaluate and classify emergency calls by natural persons or to dispatch or establish priority in the dispatching of emergency first response services, including by police, firefighters and medical aid, as well as of emergency healthcare patient triage systems, should also be classified as high-risk since they make decisions in very critical situations for the life and health of persons and their property.
(58)
Drugo področje, na katerem je treba posebno pozornost nameniti uporabi sistemov UI, je dostop do nekaterih bistvenih zasebnih in javnih storitev ter koristi, ki jih ljudje potrebujejo za polno udeležbo v družbi ali izboljšanje življenjskega standarda. Zlasti fizične osebe, ki zaprosijo za ali od javnih organov prejemajo bistvene ugodnosti in storitve javne pomoči, in sicer zdravstvene storitve, dajatve socialne varnosti, socialne storitve, ki zagotavljajo zaščito v primerih, kot so materinstvo, bolezen, nesreče pri delu, odvisnost ali starost ter izguba zaposlitve ter socialna in stanovanjska pomoč, so običajno odvisne od teh ugodnosti in storitev ter so v ranljivem položaju v odnosu do odgovornih organov. Če se sistemi UI uporabljajo za določanje, ali naj organi take ugodnosti in storitve odobrijo, zavrnejo, zmanjšajo, prekličejo ali zahtevajo povračilo, vključno s tem, ali so upravičenci legitimno upravičeni do takih ugodnosti ali storitev, lahko ti sistemi pomembno vplivajo na preživljanje oseb in kršijo njihove temeljne pravice, kot so pravica do socialne zaščite, nediskriminacije, človekovega dostojanstva ali učinkovitega pravnega sredstva, in bi zato morali biti opredeljeni kot visokotvegani sistemi UI. Kljub temu ta uredba ne bi smela ovirati razvoja in uporabe inovativnih pristopov v javni upravi, ki bi imela koristi od širše uporabe skladnih in varnih sistemov UI, če ti sistemi ne pomenijo visokega tveganja za pravne in fizične osebe. Poleg tega bi bilo treba sisteme UI, ki se uporabljajo za ocenjevanje kreditne ocene ali kreditne sposobnosti fizičnih oseb, razvrstiti kot visokotvegane sisteme UI, saj določajo dostop teh oseb do finančnih sredstev ali bistvenih storitev, kot so stanovanja, električna energija in telekomunikacijske storitve. Sistemi UI, ki se uporabljajo v te namene, lahko povzročijo diskriminacijo oseb ali skupin in ohranijo vzorce diskriminacije iz preteklosti, na primer na podlagi rasnega ali etničnega porekla, spola, invalidnosti, starosti ali spolne usmerjenosti, ali ustvarijo nove oblike diskriminatornih vplivov. Vendar sistemi UI, ki so v pravu Unije določeni za namene odkrivanja goljufij pri ponujanju finančnih storitev ter za bonitetne namene za izračun kapitalskih zahtev kreditnih institucij in zavarovalnic, na podlagi te uredbe ne bi smeli šteti za sisteme visokega tveganja. Poleg tega lahko sistemi UI, namenjeni za oceno tveganja in oblikovanje cen v zvezi s fizičnimi osebami za zdravstveno in življenjsko zavarovanje, tudi pomembno vplivajo na preživetje oseb in lahko, če niso ustrezno zasnovani, razviti in uporabljeni, kršijo njihove temeljne pravice in povzročijo resne posledice za življenje in zdravje ljudi, vključno s finančno izključenostjo in diskriminacijo. Poleg tega bi bilo treba sisteme UI, ki se uporabljajo za ocenjevanje in razvrščanje klicev v sili fizičnih oseb ali za pošiljanje ali določanje prednosti pri napotitvi služb za ukrepanje ob nesrečah, vključno s policijo, gasilci in medicinsko pomočjo, ter sistemih triaže pacientov v nujnem zdravstvenem varstvu, razvrstiti med sisteme visokega tveganja, saj sprejemajo odločitve v zelo kritičnih razmerah za življenje in zdravje oseb ter njihovo premoženje.
(59)
Given their role and responsibility, actions by law enforcement authorities involving certain uses of AI systems are characterised by a significant degree of power imbalance and may lead to surveillance, arrest or deprivation of a natural person’s liberty as well as other adverse impacts on fundamental rights guaranteed in the Charter. In particular, if the AI system is not trained with high-quality data, does not meet adequate requirements in terms of its performance, its accuracy or robustness, or is not properly designed and tested before being put on the market or otherwise put into service, it may single out people in a discriminatory or otherwise incorrect or unjust manner. Furthermore, the exercise of important procedural fundamental rights, such as the right to an effective remedy and to a fair trial as well as the right of defence and the presumption of innocence, could be hampered, in particular, where such AI systems are not sufficiently transparent, explainable and documented. It is therefore appropriate to classify as high-risk, insofar as their use is permitted under relevant Union and national law, a number of AI systems intended to be used in the law enforcement context where accuracy, reliability and transparency is particularly important to avoid adverse impacts, retain public trust and ensure accountability and effective redress. In view of the nature of the activities and the risks relating thereto, those high-risk AI systems should include in particular AI systems intended to be used by or on behalf of law enforcement authorities or by Union institutions, bodies, offices, or agencies in support of law enforcement authorities for assessing the risk of a natural person to become a victim of criminal offences, as polygraphs and similar tools, for the evaluation of the reliability of evidence in in the course of investigation or prosecution of criminal offences, and, insofar as not prohibited under this Regulation, for assessing the risk of a natural person offending or reoffending not solely on the basis of the profiling of natural persons or the assessment of personality traits and characteristics or the past criminal behaviour of natural persons or groups, for profiling in the course of detection, investigation or prosecution of criminal offences. AI systems specifically intended to be used for administrative proceedings by tax and customs authorities as well as by financial intelligence units carrying out administrative tasks analysing information pursuant to Union anti-money laundering law should not be classified as high-risk AI systems used by law enforcement authorities for the purpose of prevention, detection, investigation and prosecution of criminal offences. The use of AI tools by law enforcement and other relevant authorities should not become a factor of inequality, or exclusion. The impact of the use of AI tools on the defence rights of suspects should not be ignored, in particular the difficulty in obtaining meaningful information on the functioning of those systems and the resulting difficulty in challenging their results in court, in particular by natural persons under investigation.
(59)
Glede na vlogo in odgovornost organov za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj, je za njihove ukrepe, ki vključujejo nekatere uporabe sistemov UI, značilna precejšnja stopnja neravnovesja moči, kar lahko vodi do nadzora, prijetja ali odvzema prostosti fizične osebe ter drugih škodljivih vplivov na temeljne pravice, ki jih zagotavlja Listina. Zlasti če se sistem UI ne uči z visokokakovostnimi podatki, ne izpolnjuje ustreznih zahtev glede zmogljivosti, točnosti ali robustnosti ali ni ustrezno zasnovan in testiran, preden je dan na trg ali na kakšen drug način v uporabo, lahko ljudi izpostavil na diskriminatoren ali kako drugače napačen ali nepravičen način. Poleg tega bi lahko bilo ovirano uveljavljanje pomembnih procesnih temeljnih pravic, kot so pravica do učinkovitega pravnega sredstva in nepristranskega sodišča ter pravica do obrambe in domneve nedolžnosti, zlasti kadar taki sistemi UI niso dovolj pregledni, obrazložljivi in dokumentirani. Zato je primerno, da se številni sistemi UI, kolikor je njihova uporaba dovoljena na podlagi zadevnega prava Unije in nacionalnega prava, namenjeni uporabi v okviru preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, razvrstijo med sisteme visokega tveganja, kjer so točnost, zanesljivost in preglednost še posebej pomembni, da se preprečijo škodljivi vplivi, ohrani zaupanje javnosti ter zagotovita odgovornost in učinkovito sodno varstvo. Glede na naravo dejavnosti in s tem povezana tveganja bi morali ti visokotvegani sistemi UI vključevati zlasti sisteme UI, ki so namenjeni uporabi s strani ali v imenu organov preprečevanja, odkrivanja in preiskovanja kaznivih dejanj ali institucij, organov, uradov ali agencij Unije v podporo tem organom pri ocenjevanju tveganja, da fizična oseba postane žrtev kaznivih dejanj, kot so poligrafi in podobna orodja, za ocenjevanje zanesljivosti dokazov med preiskovanjem ali pregonom kaznivih dejanj in, če to ni prepovedano na podlagi te uredbe, za ocenjevanje tveganja, da fizična oseba stori ali ponovi kaznivo dejanje, ne izključno na podlagi oblikovanja profilov fizičnih oseb ali ocene osebnostnih lastnosti in značilnosti ali preteklega kaznivega ravnanja fizičnih oseb ali skupin, za oblikovanje profilov med odkrivanjem, preiskovanjem ali pregonom kaznivih dejanj. Sistemi UI, posebej namenjeni uporabi v upravnih postopkih s strani davčnih in carinskih organov ter finančnoobveščevalnih enot, ki izvajajo upravne naloge analiziranja informacij na podlagi prava Unije o preprečevanju pranja denarja, ne bi smeli biti opredeljeni kot visokotvegani sistemi UI, ki jih uporabljajo organi za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj za namen preprečevanja, odkrivanja, preiskovanja in pregona kaznivih dejanj. Organi preprečevanja, odkrivanja in preiskovanja kaznivih dejanj in drugi ustrezni organi orodij UI ne bi smeli uporabljati tako, da bi postala dejavnik pri neenakosti ali izključenosti. Ne bi smeli zanemariti vpliva uporabe orodij UI na pravice osumljencev do obrambe, zlasti težav pri pridobivanju smiselnih informacij o delovanju teh sistemov in posledičnih težav pri izpodbijanju njihovih rezultatov na sodišču, zlasti s strani fizičnih oseb, ki so predmet preiskave.
(60)
AI systems used in migration, asylum and border control management affect persons who are often in particularly vulnerable position and who are dependent on the outcome of the actions of the competent public authorities. The accuracy, non-discriminatory nature and transparency of the AI systems used in those contexts are therefore particularly important to guarantee respect for the fundamental rights of the affected persons, in particular their rights to free movement, non-discrimination, protection of private life and personal data, international protection and good administration. It is therefore appropriate to classify as high-risk, insofar as their use is permitted under relevant Union and national law, AI systems intended to be used by or on behalf of competent public authorities or by Union institutions, bodies, offices or agencies charged with tasks in the fields of migration, asylum and border control management as polygraphs and similar tools, for assessing certain risks posed by natural persons entering the territory of a Member State or applying for visa or asylum, for assisting competent public authorities for the examination, including related assessment of the reliability of evidence, of applications for asylum, visa and residence permits and associated complaints with regard to the objective to establish the eligibility of the natural persons applying for a status, for the purpose of detecting, recognising or identifying natural persons in the context of migration, asylum and border control management, with the exception of verification of travel documents. AI systems in the area of migration, asylum and border control management covered by this Regulation should comply with the relevant procedural requirements set by the Regulation (EC) No 810/2009 of the European Parliament and of the Council (32), the Directive 2013/32/EU of the European Parliament and of the Council (33), and other relevant Union law. The use of AI systems in migration, asylum and border control management should, in no circumstances, be used by Member States or Union institutions, bodies, offices or agencies as a means to circumvent their international obligations under the UN Convention relating to the Status of Refugees done at Geneva on 28 July 1951 as amended by the Protocol of 31 January 1967. Nor should they be used to in any way infringe on the principle of non-refoulement, or to deny safe and effective legal avenues into the territory of the Union, including the right to international protection.
(60)
Sistemi UI, ki se uporabljajo pri upravljanju migracij, azila in nadzora meje, vplivajo na osebe, ki so pogosto v posebej ranljivem položaju ter so odvisne od izida ukrepov pristojnih javnih organov. Točnost, nediskriminatornost in preglednost sistemov UI, ki se uporabljajo v teh kontekstih, so zato zlasti pomembni za zagotavljanje spoštovanja temeljnih pravic zadevnih oseb, zlasti njihovih pravic do prostega gibanja, nediskriminacije, varstva zasebnega življenja in osebnih podatkov, mednarodnega varstva in dobrega upravljanja. Zato je primerno, da se med sisteme visokega tveganja razvrstijo sistemi UI, ki so na podlagi ustreznega prava Unije in nacionalnega prava dovoljeni za uporabo s strani ali v imenu pristojnih javnih organov ali institucij, organov, uradov ali agencij Unije, zadolženih za naloge na področju migracij, azila in upravljanja nadzora meja, kot so poligrafi in podobna orodja, za ocenjevanje nekaterih tveganj, ki jih predstavljajo fizične osebe, ki vstopajo na ozemlje države članice ali zaprosijo za vizum ali azil, za pomoč pristojnim javnim organom pri obravnavi, vključno s povezano oceno zanesljivosti dokazov, prošenj za azil, vizumov in dovoljenj za prebivanje ter s tem povezanih pritožb zaradi ugotavljanja upravičenosti fizičnih oseb, ki zaprosijo za status, za namene odkrivanja, priznavanja ali identifikacije fizičnih oseb v okviru upravljanja migracij, azila in nadzora meja, z izjemo preverjanja potnih listin. Sistemi UI na področju migracij, azila in upravljanja nadzora meja, ki jih zajema ta uredba, bi morali biti skladni z ustreznimi postopkovnimi zahtevami iz Uredbe (ES) št. 810/2009 Evropskega parlamenta in Sveta (32), Direktive 2013/32/EU Evropskega parlamenta in Sveta (33) ter drugega ustreznega prava Unije. Države članice ali institucije, organi, uradi ali agencije Unije v nobenem primeru ne bi smeli uporabljati sistemov UI na področju migracij, azila in upravljanja nadzora meja kot sredstvo za izogibanje svojim mednarodnim obveznostim iz Konvencije ZN o statusu beguncev, podpisane v Ženevi 28. julija 1951, kakor je bila spremenjena s Protokolom z dne 31. januarja 1967. Prav tako se ne smejo uporabljati za kakršno koli kršitev načela nevračanja ali za odrekanje varnih in učinkovitih zakonitih poti na ozemlje Unije, vključno s pravico do mednarodne zaščite.
(61)
Certain AI systems intended for the administration of justice and democratic processes should be classified as high-risk, considering their potentially significant impact on democracy, the rule of law, individual freedoms as well as the right to an effective remedy and to a fair trial. In particular, to address the risks of potential biases, errors and opacity, it is appropriate to qualify as high-risk AI systems intended to be used by a judicial authority or on its behalf to assist judicial authorities in researching and interpreting facts and the law and in applying the law to a concrete set of facts. AI systems intended to be used by alternative dispute resolution bodies for those purposes should also be considered to be high-risk when the outcomes of the alternative dispute resolution proceedings produce legal effects for the parties. The use of AI tools can support the decision-making power of judges or judicial independence, but should not replace it: the final decision-making must remain a human-driven activity. The classification of AI systems as high-risk should not, however, extend to AI systems intended for purely ancillary administrative activities that do not affect the actual administration of justice in individual cases, such as anonymisation or pseudonymisation of judicial decisions, documents or data, communication between personnel, administrative tasks.
(61)
Nekatere sisteme UI, namenjene razsojanju in demokratičnim procesom, bi bilo treba razvrstiti med sisteme visokega tveganja zaradi njihovega potencialno pomembnega vpliva na demokracijo, pravno državo, osebne svoboščine ter pravico do učinkovitega pravnega sredstva in nepristranskega sodišča. Zlasti zato, da bi zmanjšali tveganja morebitnih pristranskosti, napak in nepreglednosti, je primerno, da se visokotvegani sistemi UI, namenjeni uporabi s strani sodnega organa ali v njegovem imenu za pomoč sodnim organom pri raziskovanju in razlagi dejstev in prava ter pri uporabi prava za konkreten sklop dejstev, opredelijo kot sistemi visokega tveganja. Tudi sisteme UI, ki naj bi jih za te namene uporabljali organi za alternativno reševanje sporov, bi bilo treba šteti za sisteme visokega tveganja, če imajo rezultati postopkov alternativnega reševanja sporov pravne učinke za stranke. Orodja UI se lahko uporabljajo kot pomoč sodnikom pri odločanju ali podpora neodvisnosti sodstva, vendar jih ne bi smela nadomeščati: končno odločanje mora ostati dejavnost, ki jo vodi človek. Razvrščanje sistemov UI kot sistemov visokega tveganja pa se ne bi smelo uporabljati tudi za sisteme UI, namenjene izključno pomožnim upravnim dejavnostim, ki ne vplivajo na dejansko razsojanje v posameznih primerih, kot so anonimizacija ali psevdonimizacija sodnih odločb, dokumentov ali podatkov, komunikacije med osebjem ali upravnih nalog.
(62)
Without prejudice to the rules provided for in Regulation (EU) 2024/900 of the European Parliament and of the Council (34), and in order to address the risks of undue external interference with the right to vote enshrined in Article 39 of the Charter, and of adverse effects on democracy and the rule of law, AI systems intended to be used to influence the outcome of an election or referendum or the voting behaviour of natural persons in the exercise of their vote in elections or referenda should be classified as high-risk AI systems with the exception of AI systems whose output natural persons are not directly exposed to, such as tools used to organise, optimise and structure political campaigns from an administrative and logistical point of view.
(62)
Brez poseganja v pravila iz Uredbe (EU) 2024/900 Evropskega parlamenta in Sveta (34) ter za obravnavanje tveganj neupravičenega zunanjega poseganja v volilno pravico iz člena 39 Listine in nesorazmernih učinkov na demokracijo in pravno državo bi bilo treba sisteme UI, namenjene vplivanju na izid volitev ali referenduma ali na volilno vedenje fizičnih oseb pri glasovanju na volitvah ali referendumih, razvrstiti kot visokotvegane sisteme UI, razen kadar gre za sisteme UI, pri katerih fizične osebe niso neposredno izpostavljene njihovim izhodnim podatkom, kot so orodja, ki se uporabljajo za organizacijo, optimizacijo in strukturiranje političnih kampanj z upravnega in logističnega vidika.
(63)
The fact that an AI system is classified as a high-risk AI system under this Regulation should not be interpreted as indicating that the use of the system is lawful under other acts of Union law or under national law compatible with Union law, such as on the protection of personal data, on the use of polygraphs and similar tools or other systems to detect the emotional state of natural persons. Any such use should continue to occur solely in accordance with the applicable requirements resulting from the Charter and from the applicable acts of secondary Union law and national law. This Regulation should not be understood as providing for the legal ground for processing of personal data, including special categories of personal data, where relevant, unless it is specifically otherwise provided for in this Regulation.
(63)
Dejstva, da je sistem UI na podlagi te uredbe razvrščen kot visokotvegani sistem UI, se ne bi smelo razlagati tako, da pomeni, da je njegova uporaba zakonita na podlagi drugih aktov prava Unije ali na podlagi nacionalnega prava, združljivim s pravom Unije, kot so varstvo osebnih podatkov, uporaba poligrafov in podobnih orodij ali drugih sistemov za zaznavanje čustvenega stanja fizičnih oseb. Vsaka taka uporaba bi se morala še naprej izvajati izključno v skladu z veljavnimi zahtevami, ki izhajajo iz Listine ter veljavnih aktov sekundarnega prava Unije in nacionalnega prava. Te uredbe ne bi smeli razumeti kot pravne podlage za obdelavo osebnih podatkov, vključno s posebnimi vrstami osebnih podatkov, kadar je to ustrezno, razen če je v tej uredbi izrecno določeno drugače.
(64)
To mitigate the risks from high-risk AI systems placed on the market or put into service and to ensure a high level of trustworthiness, certain mandatory requirements should apply to high-risk AI systems, taking into account the intended purpose and the context of use of the AI system and according to the risk-management system to be established by the provider. The measures adopted by the providers to comply with the mandatory requirements of this Regulation should take into account the generally acknowledged state of the art on AI, be proportionate and effective to meet the objectives of this Regulation. Based on the New Legislative Framework, as clarified in Commission notice ‘The “Blue Guide” on the implementation of EU product rules 2022’, the general rule is that more than one legal act of Union harmonisation legislation may be applicable to one product, since the making available or putting into service can take place only when the product complies with all applicable Union harmonisation legislation. The hazards of AI systems covered by the requirements of this Regulation concern different aspects than the existing Union harmonisation legislation and therefore the requirements of this Regulation would complement the existing body of the Union harmonisation legislation. For example, machinery or medical devices products incorporating an AI system might present risks not addressed by the essential health and safety requirements set out in the relevant Union harmonised legislation, as that sectoral law does not deal with risks specific to AI systems. This calls for a simultaneous and complementary application of the various legislative acts. To ensure consistency and to avoid an unnecessary administrative burden and unnecessary costs, providers of a product that contains one or more high-risk AI system, to which the requirements of this Regulation and of the Union harmonisation legislation based on the New Legislative Framework and listed in an annex to this Regulation apply, should have flexibility with regard to operational decisions on how to ensure compliance of a product that contains one or more AI systems with all the applicable requirements of that Union harmonised legislation in an optimal manner. That flexibility could mean, for example a decision by the provider to integrate a part of the necessary testing and reporting processes, information and documentation required under this Regulation into already existing documentation and procedures required under existing Union harmonisation legislation based on the New Legislative Framework and listed in an annex to this Regulation. This should not, in any way, undermine the obligation of the provider to comply with all the applicable requirements.
(64)
Da bi zmanjšali tveganja iz visokotveganih sistemov UI, ki so dani na trg ali v uporabo, in zagotovili visoko raven zanesljivosti, bi bilo treba za visokotvegane sisteme UI uporabljati nekatere obvezne zahteve in pri tem upoštevati predvideni namen in kontekst uporabe sistema UI ter sistem obvladovanja tveganja, ki ga vzpostavi ponudnik. Ponudniki bi pri ukrepih, ki jih sprejmejo za izpolnjevanje obveznih zahtev iz te uredbe, morali upoštevati splošno priznane najsodobnejše tehnološke dosežke na področju UI; ti ukrepi bi morali biti sorazmerni in učinkoviti za doseganje ciljev te uredbe. Kot je pojasnjeno v obvestilu Komisije „Modri vodnik“ o izvajanju pravil EU o proizvodih iz leta 2022, je na podlagi novega zakonodajnega okvira splošno pravilo, da se več kot en pravni akt harmonizacijske zakonodaje Unije lahko uporablja za en proizvod, saj se lahko dostopnost ali dajanje v uporabo izvede le, če je proizvod skladen z vso veljavno harmonizacijsko zakonodajo Unije. Nevarnosti sistemov UI, za katere veljajo zahteve iz te uredbe, se nanašajo na vidike, ki se razlikujejo od obstoječe harmonizacijske zakonodaje Unije, zato naj bi zahteve iz te uredbe dopolnjevale obstoječi del harmonizacijske zakonodaje Unije. Na primer stroji ali medicinski pripomočki, ki vključujejo sistem UI, lahko pomenijo tveganja, ki v bistvenih zdravstvenih in varnostnih zahtevah iz ustrezne harmonizirane zakonodaje Unije niso zajeta, saj navedeno sektorsko pravo ne obravnava tveganj, značilnih za sisteme UI. To zahteva hkratno in dopolnjevalno uporabo različnih zakonodajnih aktov. Da bi zagotovili doslednost in preprečili nepotrebno upravno breme ali nepotrebne stroške, bi morali ponudnikom proizvoda, ki vsebuje enega ali več visokotveganih sistemov UI, za katere se uporabljajo zahteve iz te uredbe in harmonizacijske zakonodaje Unije, ki temelji na novem zakonodajnem okviru in je navedena v prilogi k tej uredbi, omogočiti prožnost glede operativnih odločitev o tem, kako na optimalen način zagotoviti skladnost proizvoda, ki vsebuje enega ali več sistemov UI, z vsemi veljavnimi zahtevami harmonizirane zakonodaje Unije. Ta prožnost bi lahko na primer pomenila odločitev ponudnika, da del potrebnih postopkov testiranja in poročanja, informacij in dokumentacije, ki se zahtevajo na podlagi te uredbe, vključi v dokumentacijo in postopke, ki že obstajajo in se zahtevajo na podlagi harmonizacijske zakonodaje Unije, ki temelji na novem zakonodajnem okviru in je navedena v prilogi k tej uredbi. To nikakor ne bi smelo ogroziti obveznosti ponudnika, da izpolnjuje vse veljavne zahteve.
(65)
The risk-management system should consist of a continuous, iterative process that is planned and run throughout the entire lifecycle of a high-risk AI system. That process should be aimed at identifying and mitigating the relevant risks of AI systems on health, safety and fundamental rights. The risk-management system should be regularly reviewed and updated to ensure its continuing effectiveness, as well as justification and documentation of any significant decisions and actions taken subject to this Regulation. This process should ensure that the provider identifies risks or adverse impacts and implements mitigation measures for the known and reasonably foreseeable risks of AI systems to the health, safety and fundamental rights in light of their intended purpose and reasonably foreseeable misuse, including the possible risks arising from the interaction between the AI system and the environment within which it operates. The risk-management system should adopt the most appropriate risk-management measures in light of the state of the art in AI. When identifying the most appropriate risk-management measures, the provider should document and explain the choices made and, when relevant, involve experts and external stakeholders. In identifying the reasonably foreseeable misuse of high-risk AI systems, the provider should cover uses of AI systems which, while not directly covered by the intended purpose and provided for in the instruction for use may nevertheless be reasonably expected to result from readily predictable human behaviour in the context of the specific characteristics and use of a particular AI system. Any known or foreseeable circumstances related to the use of the high-risk AI system in accordance with its intended purpose or under conditions of reasonably foreseeable misuse, which may lead to risks to the health and safety or fundamental rights should be included in the instructions for use that are provided by the provider. This is to ensure that the deployer is aware and takes them into account when using the high-risk AI system. Identifying and implementing risk mitigation measures for foreseeable misuse under this Regulation should not require specific additional training for the high-risk AI system by the provider to address foreseeable misuse. The providers however are encouraged to consider such additional training measures to mitigate reasonable foreseeable misuses as necessary and appropriate.
(65)
Sestavni del sistema obvladovanja tveganja bi moral biti neprekinjen ponavljajoč se proces, ki se načrtuje in izvaja v celotnem življenjskem ciklu visokotveganega sistema UI. Ta proces bi moral biti usmerjen v prepoznavanje in zmanjšanje relevantnih tveganj sistemov UI za zdravje, varnost in temeljne pravice. Sistem obvladovanja tveganj bi bilo treba redno pregledovati in posodabljati, da bi zagotovili njegovo stalno učinkovitost ter utemeljitev in dokumentiranje vseh pomembnih odločitev in ukrepov, sprejetih v skladu s to uredbo. S tem postopkom bi bilo treba zagotoviti, da ponudnik opredeli tveganja ali škodljive vplive ter izvaja ukrepe za zmanjšanje znanih in razumno predvidljivih tveganj sistemov UI za zdravje, varnost in temeljne pravice glede na njihov predvideni namen in razumno predvidljivo napačno uporabo, vključno z morebitnimi tveganji, ki izhajajo iz interakcije med sistemom UI in okoljem, v katerem deluje. V okviru sistema obvladovanja tveganj bi bilo treba sprejeti najprimernejše ukrepe za obvladovanje tveganja glede na najsodobnejše tehnološke dosežke na področju UI. Ponudnik bi moral pri opredeljevanju najustreznejših ukrepov za obvladovanje tveganja dokumentirati in pojasniti sprejete odločitve ter po potrebi vključiti strokovnjake in zunanje deležnike. Pri identifikaciji razumno predvidljive napačne uporabe visoko tveganih sistemov UI bi moral ponudnik zajeti uporabe sistemov UI, za katere se kljub temu, da niso neposredno zajete s predvidenim namenom in določene v navodilih za uporabo, lahko razumno pričakuje, da bodo posledica enostavno predvidljivega človeškega vedenja v okviru posebnih značilnosti in uporabe določenega sistema UI. Vse znane ali predvidljive okoliščine, povezane z uporabo visokotveganega sistema UI v skladu s predvidenim namenom ali v razmerah razumno predvidljive napačne uporabe, ki lahko povzročijo tveganja za zdravje in varnost ali temeljne pravice, bi morale biti vključene v navodila za uporabo, ki jih zagotovi ponudnik. S tem se zagotovi, da je uvajalec seznanjen z njimi in jih upošteva pri uporabi visokotveganega sistema UI. Pri opredeljevanju in izvajanju ukrepov za zmanjšanje tveganja za predvidljivo napačno uporabo na podlagi te uredbe ponudnik v okviru obravnavanja predvidljive napačne uporabe ne bi smel zahtevati posebnega dodatnega učenja za visokotvegani sistem UI. Vendar se ponudnike spodbuja, naj po potrebi in če je to ustrezno razmislijo o takih dodatnih ukrepih za učenje, da bi ublažili razumno predvidljive napačne uporabe.
(66)
Requirements should apply to high-risk AI systems as regards risk management, the quality and relevance of data sets used, technical documentation and record-keeping, transparency and the provision of information to deployers, human oversight, and robustness, accuracy and cybersecurity. Those requirements are necessary to effectively mitigate the risks for health, safety and fundamental rights. As no other less trade restrictive measures are reasonably available those requirements are not unjustified restrictions to trade.
(66)
Za visokotvegane sisteme UI bi morale veljati zahteve glede obvladovanja tveganja, kakovosti in relevantnosti uporabljenih naborov podatkov, tehnične dokumentacije in vodenja evidenc, preglednosti in zagotavljanja informacij uvajalcem, človekovega nadzora ter robustnosti, točnosti in varnosti. Te zahteve so potrebne za učinkovito zmanjšanje tveganj za zdravje, varnost in temeljne pravice. Ker ni v razumni meri na voljo drugih manj omejevalnih ukrepov za trgovino, te zahteve ne predstavljajo neupravičene omejitve trgovine.
(67)
High-quality data and access to high-quality data plays a vital role in providing structure and in ensuring the performance of many AI systems, especially when techniques involving the training of models are used, with a view to ensure that the high-risk AI system performs as intended and safely and it does not become a source of discrimination prohibited by Union law. High-quality data sets for training, validation and testing require the implementation of appropriate data governance and management practices. Data sets for training, validation and testing, including the labels, should be relevant, sufficiently representative, and to the best extent possible free of errors and complete in view of the intended purpose of the system. In order to facilitate compliance with Union data protection law, such as Regulation (EU) 2016/679, data governance and management practices should include, in the case of personal data, transparency about the original purpose of the data collection. The data sets should also have the appropriate statistical properties, including as regards the persons or groups of persons in relation to whom the high-risk AI system is intended to be used, with specific attention to the mitigation of possible biases in the data sets, that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations (feedback loops). Biases can for example be inherent in underlying data sets, especially when historical data is being used, or generated when the systems are implemented in real world settings. Results provided by AI systems could be influenced by such inherent biases that are inclined to gradually increase and thereby perpetuate and amplify existing discrimination, in particular for persons belonging to certain vulnerable groups, including racial or ethnic groups. The requirement for the data sets to be to the best extent possible complete and free of errors should not affect the use of privacy-preserving techniques in the context of the development and testing of AI systems. In particular, data sets should take into account, to the extent required by their intended purpose, the features, characteristics or elements that are particular to the specific geographical, contextual, behavioural or functional setting which the AI system is intended to be used. The requirements related to data governance can be complied with by having recourse to third parties that offer certified compliance services including verification of data governance, data set integrity, and data training, validation and testing practices, as far as compliance with the data requirements of this Regulation are ensured.
(67)
Visokokakovostni podatki in dostop do njih imajo ključno vlogo pri zagotavljanju strukture in zmogljivosti številnih sistemov UI, zlasti kadar se uporabljajo tehnike, ki vključujejo učenje modelov, s katerim bi zagotovili, da bo visokotvegani sistem UI deloval, kot je predvideno, in varno ter da ne bo postal vir diskriminacije, ki je prepovedana s pravom Unije. Visokokakovostni nabori učnih, testnih in validacijskih podatkov zahtevajo izvajanje ustreznih prakse vodenja in upravljanja podatkov. Nabori učnih, testnih in validacijskih podatkov, vključno z oznakami, bi morali biti ustrezni, dovolj reprezentativni in v največji možni meri brez napak in popolni glede na predvideni namen. Da bi olajšali skladnost s pravom Unije o varstvu podatkov, kot je Uredba (EU) 2016/679, bi morale prakse vodenja in upravljanja podatkov v primeru osebnih podatkov vključevati preglednost prvotnega namena zbiranja podatkov. Nabori podatkov bi morali imeti tudi ustrezne statistične lastnosti, tudi kar zadeva osebe ali skupine oseb, v zvezi s katerimi naj bi se uporabljal visokotvegani sistem UI, s posebnim poudarkom na zmanjševanju morebitnih pristranskosti v naborih podatkov, ki bi lahko vplivale na zdravje in varnost oseb, negativno vplivale na temeljne pravice ali povzročile diskriminacijo, prepovedano na podlagi prava Unije, zlasti kadar izhodni podatki vplivajo na vhodne podatke za prihodnje operacije (povratne zanke). Na primer, pristranskost je lahko inherentno prisotna v osnovnih naborih podatkov, zlasti kadar se uporabljajo pretekli podatki, ali se ustvari, ko se sistemi izvajajo v realnih razmerah. Takšna inherentna pristranskost bi lahko vplivala na rezultate sistemov UI in se tudi običajno postopoma povečuje, zaradi česar se ohranja in povečuje tudi obstoječa diskriminacija, zlasti za osebe, ki pripadajo določenim ranljivim skupinam, vključno z rasnimi ali etničnimi skupinami. Zahteva, da morajo biti nabori podatkov čim bolj popolni in brez napak, ne bi smela vplivati na uporabo tehnik za ohranjanje zasebnosti v okviru razvoja in testiranja sistemov UI. Nabori podatkov morali zlasti v obsegu, ki ga zahteva njihov predvideni namen, upoštevati lastnosti, značilnosti ali elemente, ki so značilni za določeno geografsko, kontekstualno, vedenjsko ali funkcionalno okolje, v katerem naj bi se uporabljal sistem UI. Zahteve v zvezi z upravljanjem podatkov se lahko izpolnijo s pomočjo tretjih oseb, ki ponujajo certificirane storitve zagotavljanja skladnosti s predpisi, vključno s preverjanjem upravljanja podatkov, celovitosti nabora podatkov, praks učenja, validacije in testiranja podatkov, če je zagotovljena skladnost z zahtevami glede podatkov iz te uredbe.
(68)
For the development and assessment of high-risk AI systems, certain actors, such as providers, notified bodies and other relevant entities, such as European Digital Innovation Hubs, testing experimentation facilities and researchers, should be able to access and use high-quality data sets within the fields of activities of those actors which are related to this Regulation. European common data spaces established by the Commission and the facilitation of data sharing between businesses and with government in the public interest will be instrumental to provide trustful, accountable and non-discriminatory access to high-quality data for the training, validation and testing of AI systems. For example, in health, the European health data space will facilitate non-discriminatory access to health data and the training of AI algorithms on those data sets, in a privacy-preserving, secure, timely, transparent and trustworthy manner, and with an appropriate institutional governance. Relevant competent authorities, including sectoral ones, providing or supporting the access to data may also support the provision of high-quality data for the training, validation and testing of AI systems.
(68)
Za razvoj in ocenjevanje visokotveganih sistemov UI bi morali imeti nekateri akterji, kot so ponudniki, priglašeni organi in drugi ustrezni subjekti, kot evropska vozlišča za digitalne inovacije, centri za testiranje in eksperimentiranje ter raziskovalci, možnost dostopa do visokokakovostnih naborov podatkov in njihove uporabe na ustreznih področjih dejavnosti, povezanih s to uredbo. Evropski skupni podatkovni prostori, ki jih je vzpostavila Komisija, ter olajšanje souporabe podatkov med podjetji in z vlado v javnem interesu bodo bistveni za zagotavljanje zaupanja vrednega, odgovornega in nediskriminatornega dostopa do visokokakovostnih podatkov za učenje, potrjevanje in testiranje sistemov UI. Evropski zdravstveni podatkovni prostor bo na področju zdravja na primer olajšal nediskriminatoren dostop do zdravstvenih podatkov in učenje algoritmov UI na teh naborih podatkov na varen, pravočasen, pregleden in zaupanja vreden način ter z ustreznim institucionalnim upravljanjem. Ustrezni pristojni organi, vključno s sektorskimi, ki zagotavljajo ali podpirajo dostop do podatkov, lahko podpirajo tudi zagotavljanje visokokakovostnih podatkov za učenje, validacijo in testiranje sistemov UI.
(69)
The right to privacy and to protection of personal data must be guaranteed throughout the entire lifecycle of the AI system. In this regard, the principles of data minimisation and data protection by design and by default, as set out in Union data protection law, are applicable when personal data are processed. Measures taken by providers to ensure compliance with those principles may include not only anonymisation and encryption, but also the use of technology that permits algorithms to be brought to the data and allows training of AI systems without the transmission between parties or copying of the raw or structured data themselves, without prejudice to the requirements on data governance provided for in this Regulation.
(69)
Pravica do zasebnosti in varstva osebnih podatkov mora biti zagotovljena v celotni življenjski dobi sistema UI. V zvezi s tem se pri obdelavi osebnih podatkov uporabljata načeli najmanjšega obsega podatkov ter vgrajenega in privzetega varstva podatkov, kot sta določeni v pravu Unije o varstvu podatkov. Ukrepi, ki jih ponudniki sprejmejo za zagotovitev skladnosti s temi načeli, lahko vključujejo ne le anonimizacijo in šifriranje, temveč tudi uporabo tehnologije, ki omogoča vnos algoritmov v podatke in učenje sistemov UI brez prenosa med stranmi ali kopiranja samih neobdelanih ali strukturiranih podatkov in brez poseganja v zahteve glede upravljanja podatkov iz te uredbe.
(70)
In order to protect the right of others from the discrimination that might result from the bias in AI systems, the providers should, exceptionally, to the extent that it is strictly necessary for the purpose of ensuring bias detection and correction in relation to the high-risk AI systems, subject to appropriate safeguards for the fundamental rights and freedoms of natural persons and following the application of all applicable conditions laid down under this Regulation in addition to the conditions laid down in Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive (EU) 2016/680, be able to process also special categories of personal data, as a matter of substantial public interest within the meaning of Article 9(2), point (g) of Regulation (EU) 2016/679 and Article 10(2), point (g) of Regulation (EU) 2018/1725.
(70)
Da bi zaščitili pravico drugih pred diskriminacijo, ki bi lahko nastala zaradi pristranskosti v sistemih UI, bi morali imeti ponudniki možnost, da izjemoma, če je to nujno potrebno za zagotavljanje odkrivanja in popravljanja pristranskosti v zvezi z visokotveganimi sistemi UI, ob upoštevanju ustreznih zaščitnih ukrepov za temeljne pravice in svoboščine fizičnih oseb ter ob uporabi vseh veljavnih pogojev iz te uredbe ter pogojev iz uredb (EU) 2016/679 in (EU) 2018/1725 ter Direktive (EU) 2016/680, obdelujejo tudi posebne kategorije osebnih podatkov kot zadevo bistvenega javnega interesa v smislu člena 9(2), točka (g), Uredbe (EU) 2016/679 in člena 10(2), točka (g), Uredbe (EU) 2018/1725.
(71)
Having comprehensible information on how high-risk AI systems have been developed and how they perform throughout their lifetime is essential to enable traceability of those systems, verify compliance with the requirements under this Regulation, as well as monitoring of their operations and post market monitoring. This requires keeping records and the availability of technical documentation, containing information which is necessary to assess the compliance of the AI system with the relevant requirements and facilitate post market monitoring. Such information should include the general characteristics, capabilities and limitations of the system, algorithms, data, training, testing and validation processes used as well as documentation on the relevant risk-management system and drawn in a clear and comprehensive form. The technical documentation should be kept up to date, appropriately throughout the lifetime of the AI system. Furthermore, high-risk AI systems should technically allow for the automatic recording of events, by means of logs, over the duration of the lifetime of the system.
(71)
Razumljive informacije o tem, kako so bili visokotvegani sistemi UI razviti in kako delujejo skozi celotno življenjsko dobo, so bistvene za omogočanje sledljivosti teh sistemov, preverjanje skladnosti z zahtevami iz te uredbe ter spremljanje njihovega delovanja in spremljanje po dajanju na trg. To zahteva vodenje evidenc in razpoložljivost tehnične dokumentacije, ki vsebuje informacije, potrebne za oceno skladnosti sistema UI z ustreznimi zahtevami in olajšanje spremljanja po dajanju na trg. Takšne informacije bi morale vključevati splošne značilnosti, zmogljivosti in omejitve sistema, uporabljene algoritme, podatke, postopke učenja, testiranja in potrjevanja ter dokumentacijo o ustreznem sistemu obvladovanja tveganja in biti pripravljene v jasni in celoviti obliki. Tehnično dokumentacijo bi bilo treba ustrezno posodabljati v celotni življenjski dobi sistema UI. Poleg tega bi morali visokotvegani sistemi UI tehnično omogočati samodejno beleženje dogodkov z dnevniki v celotni življenjski dobi sistema.
(72)
To address concerns related to opacity and complexity of certain AI systems and help deployers to fulfil their obligations under this Regulation, transparency should be required for high-risk AI systems before they are placed on the market or put it into service. High-risk AI systems should be designed in a manner to enable deployers to understand how the AI system works, evaluate its functionality, and comprehend its strengths and limitations. High-risk AI systems should be accompanied by appropriate information in the form of instructions of use. Such information should include the characteristics, capabilities and limitations of performance of the AI system. Those would cover information on possible known and foreseeable circumstances related to the use of the high-risk AI system, including deployer action that may influence system behaviour and performance, under which the AI system can lead to risks to health, safety, and fundamental rights, on the changes that have been pre-determined and assessed for conformity by the provider and on the relevant human oversight measures, including the measures to facilitate the interpretation of the outputs of the AI system by the deployers. Transparency, including the accompanying instructions for use, should assist deployers in the use of the system and support informed decision making by them. Deployers should, inter alia, be in a better position to make the correct choice of the system that they intend to use in light of the obligations applicable to them, be educated about the intended and precluded uses, and use the AI system correctly and as appropriate. In order to enhance legibility and accessibility of the information included in the instructions of use, where appropriate, illustrative examples, for instance on the limitations and on the intended and precluded uses of the AI system, should be included. Providers should ensure that all documentation, including the instructions for use, contains meaningful, comprehensive, accessible and understandable information, taking into account the needs and foreseeable knowledge of the target deployers. Instructions for use should be made available in a language which can be easily understood by target deployers, as determined by the Member State concerned.
(72)
Pri reševanju problemov v zvezi z nepreglednostjo in kompleksnostjo nekaterih sistemov UI ter za pomoč uvajalcem pri izpolnjevanju njihovih obveznosti iz te uredbe bi bilo treba za visokotvegane sisteme UI zahtevati preglednost, preden se dajo na trg ali v uporabo. Visokotvegani sistemi UI bi morali biti zasnovani tako, da bi uvajalci lahko razumeli, kako sistem UI deluje, ocenili njegovo funkcionalnost ter razumeli njegove prednosti in omejitve. Visokotveganim sistemom UI bi morale biti priložene ustrezne informacije v obliki navodil za uporabo. Takšne informacije bi morale vključevati značilnosti, zmogljivosti in omejitve zmogljivosti sistema UI. Ti naj bi zajemali informacije o morebitnih znanih in predvidljivih okoliščinah, povezanih z uporabo visokotveganega sistema UI, vključno z ukrepi uvajalcev, ki lahko vplivajo na vedenje in zmogljivost sistema, v katerih lahko sistem UI povzroči tveganja za zdravje, varnost in temeljne pravice, o spremembah, ki jih je ponudnik vnaprej določil in ocenil glede skladnosti, ter o ustreznih ukrepih za človeški nadzor, vključno z ukrepi za lažjo razlago izhodnih podatkov sistema UI s strani uvajalcev. Preglednost, vključno s priloženimi navodili za uporabo, bi morala pomagati uvajalcem pri uporabi sistema in sprejemanju informiranih odločitev. Uvajalci bi morali biti med drugim v boljšem položaju za pravilno izbiro sistema, ki ga nameravajo uporabljati glede na obveznosti, ki veljajo zanje, biti poučeni o nameravani in izključeni uporabi ter pravilno in ustrezno uporabljati sistem UI. Da bi izboljšali čitljivost in dostopnost informacij, vključenih v navodila za uporabo, bi bilo treba, kadar je ustrezno vključiti ponazoritvene primere, na primer glede omejitev ter predvidene in izključene uporabe sistema UI. Ponudniki bi morali zagotoviti, da vsa dokumentacija, vključno z navodili za uporabo, vsebuje smiselne, celovite, dostopne in razumljive informacije, ob upoštevanju potreb in predvidljivega znanja ciljnih uvajalcev. Navodila za uporabo bi morala biti na voljo v jeziku, ki ga določi zadevna država članica in ga ciljni uvajalci brez težav razumejo.
(73)
High-risk AI systems should be designed and developed in such a way that natural persons can oversee their functioning, ensure that they are used as intended and that their impacts are addressed over the system’s lifecycle. To that end, appropriate human oversight measures should be identified by the provider of the system before its placing on the market or putting into service. In particular, where appropriate, such measures should guarantee that the system is subject to in-built operational constraints that cannot be overridden by the system itself and is responsive to the human operator, and that the natural persons to whom human oversight has been assigned have the necessary competence, training and authority to carry out that role. It is also essential, as appropriate, to ensure that high-risk AI systems include mechanisms to guide and inform a natural person to whom human oversight has been assigned to make informed decisions if, when and how to intervene in order to avoid negative consequences or risks, or stop the system if it does not perform as intended. Considering the significant consequences for persons in the case of an incorrect match by certain biometric identification systems, it is appropriate to provide for an enhanced human oversight requirement for those systems so that no action or decision may be taken by the deployer on the basis of the identification resulting from the system unless this has been separately verified and confirmed by at least two natural persons. Those persons could be from one or more entities and include the person operating or using the system. This requirement should not pose unnecessary burden or delays and it could be sufficient that the separate verifications by the different persons are automatically recorded in the logs generated by the system. Given the specificities of the areas of law enforcement, migration, border control and asylum, this requirement should not apply where Union or national law considers the application of that requirement to be disproportionate.
(73)
Visokotvegani sistemi UI bi morali biti zasnovani in razviti tako, da lahko fizične osebe nadzorujejo njihovo delovanje, zagotavljajo, da se uporabljajo, kot je bilo predvideno, in da se njihovi vplivi obravnavajo v celotnem življenjskem ciklu sistema. V ta namen bi moral ponudnik sistema pred dajanjem sistema na trg ali v uporabo določiti ustrezne ukrepe za človeški nadzor. Zlasti bi morali taki ukrepi, kadar je primerno, zagotavljati, da za sistem veljajo vgrajene operativne omejitve, ki jih sistem sam ne more razveljaviti, da se sistem odziva na človeškega operaterja ter da imajo fizične osebe, ki jim je bil dodeljen človekov nadzor, potrebne kompetence, usposobljenost in pooblastila za opravljanje te vloge. Prav tako je bistveno po potrebi zagotoviti, da visokotvegani sistemi UI vključujejo mehanizme za usmerjanje in obveščanje fizične osebe, ki ji je bil dodeljen človeški nadzor, za sprejemanje informiranih odločitev o tem, ali, kdaj in kako posredovati, da bi se izognili negativnim posledicam ali tveganjem, ali ustaviti sistem, če ne deluje, kot je bilo predvideno. Glede na pomembne posledice, ki jih napačno ujemanje v nekaterih sistemih za biometrično identifikacijo ljudi pomeni za osebe, je za te sisteme ustrezno določiti okrepljeno zahtevo po človekovem nadzoru, tako da uvajalec ne more sprejeti ukrepa ali odločitve na podlagi identifikacije, ki izhaja iz sistema, če tega nista ločeno preverili in potrdili vsaj dve fizični osebi. Ti osebi sta lahko iz enega ali več subjektov in vključujeta osebo, ki upravlja ali uporablja sistem. Ta zahteva ne bi smela ustvariti nepotrebnega bremena ali zamud, in lahko bi zadoščalo, da bi se ločena preverjanja različnih oseb samodejno zabeležila v dnevnikih, ki jih ustvari sistem. Glede na posebnosti področij preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, migracij, nadzora meje in azila se ta zahteva ne bi smela uporabljati, kadar je v skladu s pravom Unije ali nacionalnim pravom uporaba te zahteve nesorazmerna.
(74)
High-risk AI systems should perform consistently throughout their lifecycle and meet an appropriate level of accuracy, robustness and cybersecurity, in light of their intended purpose and in accordance with the generally acknowledged state of the art. The Commission and relevant organisations and stakeholders are encouraged to take due consideration of the mitigation of risks and the negative impacts of the AI system. The expected level of performance metrics should be declared in the accompanying instructions of use. Providers are urged to communicate that information to deployers in a clear and easily understandable way, free of misunderstandings or misleading statements. Union law on legal metrology, including Directives 2014/31/EU (35) and 2014/32/EU (36) of the European Parliament and of the Council, aims to ensure the accuracy of measurements and to help the transparency and fairness of commercial transactions. In that context, in cooperation with relevant stakeholders and organisation, such as metrology and benchmarking authorities, the Commission should encourage, as appropriate, the development of benchmarks and measurement methodologies for AI systems. In doing so, the Commission should take note and collaborate with international partners working on metrology and relevant measurement indicators relating to AI.
(74)
Visokotvegani sistemi UI bi morali v celotni življenjski dobi delovati dosledno ter izpolnjevati ustrezno raven točnosti, robustnosti in kibernetske varnosti glede na njihov predvideni namen in v skladu s splošno priznanimi najsodobnejšimi tehnološkimi dosežki. Komisijo ter ustrezne organizacije in deležnike se spodbuja, naj ustrezno upoštevajo zmanjšanje tveganj in negativne učinke sistema UI. Pričakovano raven metrik zmogljivosti bi bilo treba navesti v priloženih navodilih za uporabo. Ponudniki so pozvani, naj te informacije sporočijo uvajalcem na jasen in lahko razumljiv način, brez nesporazumov ali zavajajočih izjav. Namen prava Unije o zakonskem meroslovju, vključno z direktivama 2014/31/EU (35) in 2014/32/EU (36) Evropskega parlamenta in Sveta, je zagotoviti točnost meritev ter prispevati k preglednosti in poštenosti trgovinskih poslov. V zvezi s tem bi morala Komisija v sodelovanju z ustreznimi deležniki in organizacijami, kot so organi za meroslovje in primerjalno analizo, po potrebi spodbujati razvoj referenčnih vrednosti in metodologij merjenja za sisteme UI. Pri tem bi se morala Komisija seznaniti z mednarodnimi partnerji, ki se ukvarjajo z meroslovjem in ustreznimi kazalniki merjenja v zvezi z UI, ter z njimi sodelovati.
(75)
Technical robustness is a key requirement for high-risk AI systems. They should be resilient in relation to harmful or otherwise undesirable behaviour that may result from limitations within the systems or the environment in which the systems operate (e.g. errors, faults, inconsistencies, unexpected situations). Therefore, technical and organisational measures should be taken to ensure robustness of high-risk AI systems, for example by designing and developing appropriate technical solutions to prevent or minimise harmful or otherwise undesirable behaviour. Those technical solution may include for instance mechanisms enabling the system to safely interrupt its operation (fail-safe plans) in the presence of certain anomalies or when operation takes place outside certain predetermined boundaries. Failure to protect against these risks could lead to safety impacts or negatively affect the fundamental rights, for example due to erroneous decisions or wrong or biased outputs generated by the AI system.
(75)
Tehnična robustnost je ključna zahteva za visokotvegane sisteme UI. Morali bi biti odporni na škodljivo ali kako drugače nezaželeno ravnanje, ki je lahko posledica omejitev znotraj sistema ali okolja, v katerem sistem deluje (npr. napake, okvare, nedoslednosti, nepričakovane situacije). Zato bi bilo treba sprejeti tehnične in organizacijske ukrepe za zagotovitev odpornosti visokotveganih sistemov UI, na primer z zasnovo in razvojem ustreznih tehničnih rešitev za preprečevanje ali zmanjšanje škodljivega ali drugače nezaželenega vedenja. Takšne tehnične rešitve lahko na primer vključujejo mehanizme, ki sistemu omogočajo varno prekinitev delovanja (načrti varne odpovedi), če so prisotne določene nepravilnosti ali delovanje poteka zunaj določenih vnaprej določenih meja. Neuspešna zaščita pred temi tveganji bi lahko imela varnostne posledice ali negativno vplivala na temeljne pravice, na primer zaradi napačnih odločitev ali napačnih ali pristranskih izhodnih podatkov, ki jih ustvari sistem UI.
(76)
Cybersecurity plays a crucial role in ensuring that AI systems are resilient against attempts to alter their use, behaviour, performance or compromise their security properties by malicious third parties exploiting the system’s vulnerabilities. Cyberattacks against AI systems can leverage AI specific assets, such as training data sets (e.g. data poisoning) or trained models (e.g. adversarial attacks or membership inference), or exploit vulnerabilities in the AI system’s digital assets or the underlying ICT infrastructure. To ensure a level of cybersecurity appropriate to the risks, suitable measures, such as security controls, should therefore be taken by the providers of high-risk AI systems, also taking into account as appropriate the underlying ICT infrastructure.
(76)
Kibernetska varnost ima ključno vlogo pri zagotavljanju odpornosti sistemov UI proti poskusom spreminjanja njihove uporabe, vedenja, zmogljivosti ali ogrožanja njihovih varnostnih lastnosti s strani zlonamernih tretjih oseb, ki izkoriščajo šibke točke sistema. Kibernetski napadi na sisteme UI lahko izkoristijo posebna sredstva UI, kot so nabori učnih podatkov (npr. zastrupitev podatkov) ali naučeni modeli (npr. nasprotovalni napadi ali sklepanje o članstvu), ali pa šibke točke digitalnih sredstev sistema UI ali osnovne infrastrukture IKT. Da bi zagotovili raven kibernetske varnosti, ki ustreza tveganjem, bi morali ponudniki visokotveganih sistemov UI sprejeti ustrezne ukrepe, kot je varnostni nadzor, in pri tem po potrebi tudi upoštevati osnovne infrastrukture IKT.
(77)
Without prejudice to the requirements related to robustness and accuracy set out in this Regulation, high-risk AI systems which fall within the scope of a regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements, in accordance with that regulation may demonstrate compliance with the cybersecurity requirements of this Regulation by fulfilling the essential cybersecurity requirements set out in that regulation. When high-risk AI systems fulfil the essential requirements of a regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements, they should be deemed compliant with the cybersecurity requirements set out in this Regulation in so far as the achievement of those requirements is demonstrated in the EU declaration of conformity or parts thereof issued under that regulation. To that end, the assessment of the cybersecurity risks, associated to a product with digital elements classified as high-risk AI system according to this Regulation, carried out under a regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements, should consider risks to the cyber resilience of an AI system as regards attempts by unauthorised third parties to alter its use, behaviour or performance, including AI specific vulnerabilities such as data poisoning or adversarial attacks, as well as, as relevant, risks to fundamental rights as required by this Regulation.
(77)
Brez poseganja v zahteve v zvezi z robustnostjo in natančnostjo iz te uredbe se lahko skladnost visokotveganih sistemov UI, ki spadajo na področje uporabe uredbe Evropskega parlamenta in Sveta o horizontalnih zahtevah glede kibernetske varnosti za izdelke z digitalnimi elementi, v skladu z navedeno uredbo, z zahtevami glede kibernetske varnosti iz te uredbe dokaže z izpolnjevanjem bistvenih zahtev glede kibernetske varnosti iz navedene uredbe. Če visokotvegani sistemi UI izpolnjujejo bistvene zahteve iz uredbe o horizontalnih zahtevah glede kibernetske varnosti za izdelke z digitalnimi elementi, štejejo za skladne z zahtevami glede kibernetske varnosti iz te uredbe, če je izpolnjevanje navedenih zahtev dokazano v EU izjavi o skladnosti ali delih izjave, izdane na podlagi navedene uredbe. V ta namen bi bilo treba pri oceni tveganj za kibernetsko varnost, povezanih s proizvodom z digitalnimi elementi, razvrščenimi kot visokotvegani sistem UI v skladu s to uredbo, ki se izvede na podlagi uredbe o horizontalnih zahtevah glede kibernetske varnosti za izdelke z digitalnimi elementi, upoštevati tveganja za kibernetsko odpornost sistema UI na poskuse nepooblaščenih tretjih oseb, da z izkoriščanjem šibkih točk sistema spremenijo njegovo uporabo, vedenje ali zmogljivost, vključno s šibkimi točkami, ki so specifične za UI, kot so zastrupitev podatkov ali nasprotovalni napadi, ter v zvezi s tveganji za temeljne pravice, kot je zahtevano v tej uredbi.
(78)
The conformity assessment procedure provided by this Regulation should apply in relation to the essential cybersecurity requirements of a product with digital elements covered by a regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and classified as a high-risk AI system under this Regulation. However, this rule should not result in reducing the necessary level of assurance for critical products with digital elements covered by a regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements. Therefore, by way of derogation from this rule, high-risk AI systems that fall within the scope of this Regulation and are also qualified as important and critical products with digital elements pursuant to a regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and to which the conformity assessment procedure based on internal control set out in an annex to this Regulation applies, are subject to the conformity assessment provisions of a regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements insofar as the essential cybersecurity requirements of that regulation are concerned. In this case, for all the other aspects covered by this Regulation the respective provisions on conformity assessment based on internal control set out in an annex to this Regulation should apply. Building on the knowledge and expertise of ENISA on the cybersecurity policy and tasks assigned to ENISA under the Regulation (EU) 2019/881 of the European Parliament and of the Council (37), the Commission should cooperate with ENISA on issues related to cybersecurity of AI systems.
(78)
Postopek ugotavljanja skladnosti iz te uredbe bi bilo treba uporabljati v zvezi z bistvenimi zahtevami glede kibernetske varnosti proizvoda z digitalnimi elementi, ki jih zajema uredba o horizontalnih zahtevah glede kibernetske varnosti za izdelke z digitalnimi elementi in je razvrščen kot visokotvegani sistem UI na podlagi te uredbe. Vendar to pravilo ne bi smelo povzročiti znižanja potrebne ravni zanesljivosti za kritične proizvode z digitalnimi elementi, ki jih zajema uredba o horizontalnih zahtevah glede kibernetske varnosti za izdelke z digitalnimi elementi. Zato z odstopanjem od tega pravila za visokotvegane sisteme UI, ki spadajo na področje uporabe te uredbe in so opredeljeni tudi kot pomembni in kritični proizvodi z digitalnimi elementi na podlagi uredbe o horizontalnih zahtevah glede kibernetske varnosti za izdelke z digitalnimi elementi ter se zanje uporablja postopek ugotavljanja skladnosti na podlagi notranjega nadzora iz ene od prilog k tej uredbi, veljajo določbe o ugotavljanju skladnosti iz uredbe o horizontalnih zahtevah glede kibernetske varnosti za izdelke z digitalnimi elementi, kar zadeva bistvene zahteve glede kibernetske varnosti iz navedene uredbe. V tem primeru bi bilo treba za vse druge vidike, ki jih zajema ta uredba, uporabljati ustrezne določbe o ugotavljanju skladnosti na podlagi notranjega nadzora iz ene od prilog k tej uredbi. Komisija bi morala na podlagi poznavanja področja in strokovnega znanja agencije ENISA o politiki kibernetske varnosti in nalogah, dodeljenih agenciji ENISA na podlagi Uredbe (EU) 2019/881 Evropskega parlamenta in Sveta (37), sodelovati z agencijo ENISA pri vprašanjih, povezanih s kibernetsko varnostjo sistemov UI.
(79)
It is appropriate that a specific natural or legal person, defined as the provider, takes responsibility for the placing on the market or the putting into service of a high-risk AI system, regardless of whether that natural or legal person is the person who designed or developed the system.
(79)
Primerno je, da določena fizična ali pravna oseba, opredeljena kot ponudnik, prevzame odgovornost za dajanje visokotveganega sistema UI na trg ali v uporabo, ne glede na to, ali je ta oseba tista, ki je zasnovala ali razvila sistem.
(80)
As signatories to the United Nations Convention on the Rights of Persons with Disabilities, the Union and the Member States are legally obliged to protect persons with disabilities from discrimination and promote their equality, to ensure that persons with disabilities have access, on an equal basis with others, to information and communications technologies and systems, and to ensure respect for privacy for persons with disabilities. Given the growing importance and use of AI systems, the application of universal design principles to all new technologies and services should ensure full and equal access for everyone potentially affected by or using AI technologies, including persons with disabilities, in a way that takes full account of their inherent dignity and diversity. It is therefore essential that providers ensure full compliance with accessibility requirements, including Directive (EU) 2016/2102 of the European Parliament and of the Council (38) and Directive (EU) 2019/882. Providers should ensure compliance with these requirements by design. Therefore, the necessary measures should be integrated as much as possible into the design of the high-risk AI system.
(80)
Kot podpisnice Konvencije Organizacije združenih narodov o pravicah invalidov so Unija in države članice pravno zavezane, da ščitijo invalide pred diskriminacijo in spodbujajo njihovo enakost, jim zagotovijo, da imajo enako kot drugi dostop do informacijskih in komunikacijskih tehnologij in sistemov, ter da se spoštuje njihova zasebnost. Ob vse večjem pomenu in uporabi sistemov UI bi morala uporaba načel univerzalnega oblikovanja pri vseh novih tehnologijah in storitvah zagotoviti popoln in enakopraven dostop vsem, ki so lahko izpostavljeni tehnologijam UI ali te tehnologije uporabljajo, tudi invalidom, na način, ki v celoti upošteva njihovo prirojeno dostojanstvo in raznolikost. Zato je bistvenega pomena, da ponudniki zagotavljajo popolno skladnost z zahtevami glede dostopnosti, tudi z Direktivo (EU) 2016/2102 Evropskega parlamenta in Sveta (38) in Direktivo (EU) 2019/882. Ponudniki bi morali zagotoviti skladnost s temi zahtevami že pri zasnovi. Zato bi bilo treba potrebne ukrepe v čim večji meri vključiti v zasnovo visokotveganega sistema UI.
(81)
The provider should establish a sound quality management system, ensure the accomplishment of the required conformity assessment procedure, draw up the relevant documentation and establish a robust post-market monitoring system. Providers of high-risk AI systems that are subject to obligations regarding quality management systems under relevant sectoral Union law should have the possibility to include the elements of the quality management system provided for in this Regulation as part of the existing quality management system provided for in that other sectoral Union law. The complementarity between this Regulation and existing sectoral Union law should also be taken into account in future standardisation activities or guidance adopted by the Commission. Public authorities which put into service high-risk AI systems for their own use may adopt and implement the rules for the quality management system as part of the quality management system adopted at a national or regional level, as appropriate, taking into account the specificities of the sector and the competences and organisation of the public authority concerned.
(81)
Ponudnik bi moral vzpostaviti zanesljiv sistem upravljanja kakovosti, zagotoviti izvedbo zahtevanega postopka ugotavljanja skladnosti, pripraviti ustrezno dokumentacijo in vzpostaviti robusten sistem spremljanja po dajanju na trg. Ponudniki visokotveganih sistemov UI, za katere veljajo obveznosti v zvezi s sistemi upravljanja kakovosti na podlagi ustreznega sektorskega prava Unije, bi morali imeti možnost, da elemente sistema upravljanja kakovosti iz te uredbe vključijo v obstoječi sistem upravljanja kakovosti, določen v navedenem drugem sektorskem pravu Unije. Pri prihodnjih dejavnostih standardizacije ali smernicah, ki jih sprejme Komisija, bi bilo treba upoštevati tudi dopolnjevanje med to uredbo in obstoječim sektorskim pravom Unije. Javni organi, ki visokotvegane sisteme UI dajo v uporabo za lastno uporabo, lahko sprejmejo in izvajajo pravila za sistem upravljanja kakovosti kot del sistema upravljanja kakovosti, sprejetega bodisi na nacionalni ali na regionalni ravni, ob upoštevanju posebnosti sektorja ter pristojnosti in organizacije zadevnega javnega organa.
(82)
To enable enforcement of this Regulation and create a level playing field for operators, and, taking into account the different forms of making available of digital products, it is important to ensure that, under all circumstances, a person established in the Union can provide authorities with all the necessary information on the compliance of an AI system. Therefore, prior to making their AI systems available in the Union, providers established in third countries should, by written mandate, appoint an authorised representative established in the Union. This authorised representative plays a pivotal role in ensuring the compliance of the high-risk AI systems placed on the market or put into service in the Union by those providers who are not established in the Union and in serving as their contact person established in the Union.
(82)
Da se omogoči izvajanje te uredbe in ustvarijo enaki konkurenčni pogoji za operaterje ter ob upoštevanju različnih oblik omogočanja dostopnosti digitalnih proizvodov, je pomembno zagotoviti, da lahko oseba s sedežem v Uniji v vseh okoliščinah organom zagotovi vse potrebne informacije o skladnosti sistema UI. Zato bi morali ponudniki s sedežem v tretjih državah pred dajanjem svojih sistemov UI na voljo v Uniji, s pisnim pooblastilom imenovati pooblaščenega zastopnika s sedežem v Uniji. Ta pooblaščeni zastopnik ima ključno vlogo pri zagotavljanju skladnosti visokotveganih sistemov UI, ki jih ti ponudniki, ki nimajo sedeža v Uniji, dajejo na trg ali v uporabo v Uniji, in je njihova kontaktna oseba s sedežem v Uniji.
(83)
In light of the nature and complexity of the value chain for AI systems and in line with the New Legislative Framework, it is essential to ensure legal certainty and facilitate the compliance with this Regulation. Therefore, it is necessary to clarify the role and the specific obligations of relevant operators along that value chain, such as importers and distributors who may contribute to the development of AI systems. In certain situations those operators could act in more than one role at the same time and should therefore fulfil cumulatively all relevant obligations associated with those roles. For example, an operator could act as a distributor and an importer at the same time.
(83)
Glede na naravo in kompleksnost verige vrednosti za sisteme UI ter v skladu z novim zakonodajnim okvirom je bistveno zagotoviti pravno varnost in olajšati skladnost s to uredbo. Zato je treba pojasniti vlogo in posebne obveznosti zadevnih operaterjev v tej verigi vrednosti, kot so uvozniki in distributerji, ki lahko prispevajo k razvoju sistemov UI. V nekaterih situacijah bi lahko ti operaterji imeli več kot eno vlogo hkrati in bi morali zato kumulativno izpolnjevati vse zadevne obveznosti, povezane s temi vlogami. Tako bi na primer operater lahko hkrati bil distributer in uvoznik.
(84)
To ensure legal certainty, it is necessary to clarify that, under certain specific conditions, any distributor, importer, deployer or other third-party should be considered to be a provider of a high-risk AI system and therefore assume all the relevant obligations. This would be the case if that party puts its name or trademark on a high-risk AI system already placed on the market or put into service, without prejudice to contractual arrangements stipulating that the obligations are allocated otherwise. This would also be the case if that party makes a substantial modification to a high-risk AI system that has already been placed on the market or has already been put into service in a way that it remains a high-risk AI system in accordance with this Regulation, or if it modifies the intended purpose of an AI system, including a general-purpose AI system, which has not been classified as high-risk and has already been placed on the market or put into service, in a way that the AI system becomes a high-risk AI system in accordance with this Regulation. Those provisions should apply without prejudice to more specific provisions established in certain Union harmonisation legislation based on the New Legislative Framework, together with which this Regulation should apply. For example, Article 16(2) of Regulation (EU) 2017/745, establishing that certain changes should not be considered to be modifications of a device that could affect its compliance with the applicable requirements, should continue to apply to high-risk AI systems that are medical devices within the meaning of that Regulation.
(84)
Za zagotovitev pravne varnosti je treba pojasniti, da bi bilo treba pod določenimi pogoji vsakega distributerja, uvoznika, uvajalca ali druge tretje osebe šteti za ponudnika visokotveganega sistema UI in bi zato moral prevzeti vse zadevne obveznosti. To bi veljalo, če ta stranka svoje ime ali znamko vnese v visokotvegani sistem UI, ki je že dan na trg ali v uporabo, brez poseganja v pogodbene dogovore, ki določajo, da se obveznosti dodelijo drugače. To bi veljalo tudi, če ta stranka bistveno spremeni visokotvegani sistem UI, ki je že bil dan na trg ali v uporabo, na način, da ostane visokotvegani sistem UI v skladu s to uredbo, ali če spremeni predvideni namen sistema UI, vključno z sistemom UI za splošne namene, ki ni bil razvrščen kot sistem visokega tveganja in je že bil dan na trg ali v uporabo, na način, da sistem UI postane sistem visokega tveganja v skladu s to uredbo. Te določbe bi bilo treba uporabljati brez poseganja v bolj specifične določbe v okviru določene harmonizacijske zakonodaje, temelječe na novem zakonodajnem okviru, ki naj bi se uporabljala skupaj s to uredbo. Na primer člen 16(2) Uredbe (EU) 2017/745, v katerem je določeno, da nekatere spremembe ne bi smele šteti kot spremembe pripomočka, ki bi lahko vplivale na skladnost z veljavnimi zahtevami, bi bilo treba še naprej uporabljati za visokotvegane sisteme UI, ki so medicinski pripomočki v smislu navedene uredbe.
(85)
General-purpose AI systems may be used as high-risk AI systems by themselves or be components of other high-risk AI systems. Therefore, due to their particular nature and in order to ensure a fair sharing of responsibilities along the AI value chain, the providers of such systems should, irrespective of whether they may be used as high-risk AI systems as such by other providers or as components of high-risk AI systems and unless provided otherwise under this Regulation, closely cooperate with the providers of the relevant high-risk AI systems to enable their compliance with the relevant obligations under this Regulation and with the competent authorities established under this Regulation.
(85)
Sistemi UI za splošne namene se lahko uporabljajo kot samostojni visokotvegani sistemi UI ali pa so komponente drugih visokotveganih sistemov UI. Zato bi morali ponudniki takih sistemov zaradi njihove posebne narave in za zagotovitev pravične delitve odgovornosti v verigi vrednosti UI ne glede na to, ali lahko drugi ponudniki te sisteme uporabljajo kot samostojne visokotvegane sisteme UI ali kot komponente visokotveganih sistemov UI in če v tej uredbi ni določeno drugače, tesno sodelovati s ponudniki zadevnih visokotveganih sistemov UI, da bi jim omogočili izpolnjevanje obveznosti iz te uredbe, in s pristojnimi organi, ustanovljenimi na podlagi te uredbe.
(86)
Where, under the conditions laid down in this Regulation, the provider that initially placed the AI system on the market or put it into service should no longer be considered to be the provider for the purposes of this Regulation, and when that provider has not expressly excluded the change of the AI system into a high-risk AI system, the former provider should nonetheless closely cooperate and make available the necessary information and provide the reasonably expected technical access and other assistance that are required for the fulfilment of the obligations set out in this Regulation, in particular regarding the compliance with the conformity assessment of high-risk AI systems.
(86)
Kadar na podlagi pogojev iz te uredbe ponudnik, ki je sistem UI prvotno dal na trg ali v uporabo, za namene te uredbe ne bi smel več šteti za ponudnika in če ta ponudnik ni izrecno izključil spremembe sistema UI v visokotvegani sistem UI, bi moral nekdanji ponudnik kljub temu tesno sodelovati in dati na voljo potrebne informacije ter zagotoviti razumno pričakovani tehnični dostop in drugo pomoč, ki so potrebni za izpolnjevanje obveznosti iz te uredbe, zlasti v zvezi s skladnostjo visokotveganih sistemov UI z ugotavljanjem skladnosti.
(87)
In addition, where a high-risk AI system that is a safety component of a product which falls within the scope of Union harmonisation legislation based on the New Legislative Framework is not placed on the market or put into service independently from the product, the product manufacturer defined in that legislation should comply with the obligations of the provider established in this Regulation and should, in particular, ensure that the AI system embedded in the final product complies with the requirements of this Regulation.
(87)
Poleg tega, kadar visokotvegani sistem UI, ki je varnostna komponenta proizvoda, ki spada na področje uporabe harmonizacijske zakonodaje Unije na podlagi novega zakonodajnega okvira, ni dan na trg ali v uporabo neodvisno od proizvoda, bi moral proizvajalec proizvoda, opredeljen v navedeni zakonodaji, izpolnjevati obveznosti ponudnika iz te uredbe in zlasti zagotoviti, da sistem UI, vgrajen v končni proizvod, izpolnjuje zahteve iz te uredbe.
(88)
Along the AI value chain multiple parties often supply AI systems, tools and services but also components or processes that are incorporated by the provider into the AI system with various objectives, including the model training, model retraining, model testing and evaluation, integration into software, or other aspects of model development. Those parties have an important role to play in the value chain towards the provider of the high-risk AI system into which their AI systems, tools, services, components or processes are integrated, and should provide by written agreement this provider with the necessary information, capabilities, technical access and other assistance based on the generally acknowledged state of the art, in order to enable the provider to fully comply with the obligations set out in this Regulation, without compromising their own intellectual property rights or trade secrets.
(88)
V verigi vrednosti UI sisteme UI, orodja in storitve, pa tudi komponente ali procese, ki jih ponudnik vključi v sistem UI z različnimi cilji, vključno z učenjem modelov, ponovnim učenjem modelov, testiranjem in ocenjevanjem modelov, vključevanjem v programsko opremo ali drugimi vidiki razvoja modela, pogosto dobavlja več strani. Te strani imajo pomembno vlogo v verigi vrednosti v odnosu do ponudnika visokotveganega sistema UI, v katerega so vključeni njihovi sistemi UI, orodja, storitve, komponente ali procesi, in bi morale temu ponudniku v pisni obliki zagotoviti potrebne informacije, zmogljivosti, tehnični dostop in drugo pomoč na podlagi splošno priznanih najsodobnejših tehnoloških dosežkov, da bi lahko ponudnik v celoti izpolnjeval obveznosti iz te uredbe, ne da bi bile pri tem ogrožene njegove pravice intelektualne lastnine ali poslovne skrivnosti.
(89)
Third parties making accessible to the public tools, services, processes, or AI components other than general-purpose AI models, should not be mandated to comply with requirements targeting the responsibilities along the AI value chain, in particular towards the provider that has used or integrated them, when those tools, services, processes, or AI components are made accessible under a free and open-source licence. Developers of free and open-source tools, services, processes, or AI components other than general-purpose AI models should be encouraged to implement widely adopted documentation practices, such as model cards and data sheets, as a way to accelerate information sharing along the AI value chain, allowing the promotion of trustworthy AI systems in the Union.
(89)
Za tretje osebe, ki javnosti omogočajo dostop do orodij, storitev, postopkov ali komponent UI, ki niso modeli UI za splošne namene, ne bi smela veljati obveznost glede izpolnjevanja zahtev, ki se nanašajo na odgovornosti v verigi vrednosti UI, zlasti do ponudnika, ki jih je uporabil ali vključil, če so ta orodja, storitve, postopki ali komponente UI dostopni na podlagi proste in odprtokodne licence. Razvijalce brezplačnih in odprtokodnih orodij, storitev, postopkov ali komponent UI, ki niso modeli UI za splošne namene, pa bi bilo treba spodbujati k izvajanju splošno sprejetih dokumentacijskih praks, kot so vzorčne kartice in podatkovni listi, da bi pospešili izmenjavo informacij v verigi vrednosti UI, kar bi omogočilo spodbujanje zaupanja vrednih sistemov UI v Uniji.
(90)
The Commission could develop and recommend voluntary model contractual terms between providers of high-risk AI systems and third parties that supply tools, services, components or processes that are used or integrated in high-risk AI systems, to facilitate the cooperation along the value chain. When developing voluntary model contractual terms, the Commission should also take into account possible contractual requirements applicable in specific sectors or business cases.
(90)
Komisija bi lahko razvila in priporočila prostovoljne vzorčne pogodbene pogoje med ponudniki visokotveganih sistemov UI in tretjimi osebami, ki zagotavljajo orodja, storitve, komponente ali procese, ki se uporabljajo ali vključujejo v visokotvegane sisteme UI, da bi olajšali sodelovanje v verigi vrednosti. Komisija bi morala pri oblikovanju prostovoljnih vzorčnih pogodbenih pogojev upoštevati morebitne pogodbene zahteve, ki se uporabljajo v posameznih sektorjih ali poslovnih primerih.
(91)
Given the nature of AI systems and the risks to safety and fundamental rights possibly associated with their use, including as regards the need to ensure proper monitoring of the performance of an AI system in a real-life setting, it is appropriate to set specific responsibilities for deployers. Deployers should in particular take appropriate technical and organisational measures to ensure they use high-risk AI systems in accordance with the instructions of use and certain other obligations should be provided for with regard to monitoring of the functioning of the AI systems and with regard to record-keeping, as appropriate. Furthermore, deployers should ensure that the persons assigned to implement the instructions for use and human oversight as set out in this Regulation have the necessary competence, in particular an adequate level of AI literacy, training and authority to properly fulfil those tasks. Those obligations should be without prejudice to other deployer obligations in relation to high-risk AI systems under Union or national law.
(91)
Glede na naravo sistemov UI ter tveganja za varnost in temeljne pravice, ki so morda povezana z njihovo uporabo, tudi kar zadeva potrebo po zagotovitvi ustreznega spremljanja zmogljivosti sistema UI v realnem življenju, je primerno določiti posebne odgovornosti za uvajalce. Uvajalci bi morali zlasti sprejeti ustrezne tehnične in organizacijske ukrepe za zagotovitev, da uporabljajo visokotvegane sisteme UI v skladu z navodili za uporabo, pri čemer bi bilo treba določiti nekatere druge obveznosti v zvezi s spremljanjem delovanja sistemov UI in v zvezi z vodenjem evidenc, če je to primerno. Poleg tega bi morali uvajalci zagotoviti, da imajo osebe, dodeljene za izvajanje navodil za uporabo in človeški nadzor, kot je določeno v tej uredbi, potrebne kompetence, zlasti ustrezno raven pismenosti, usposobljenosti in pooblastil na področju UI za pravilno izpolnjevanje teh nalog. Te obveznosti ne bi smele posegati v druge obveznosti uvajalcev v zvezi z visokotveganimi sistemi UI na podlagi prava Unije ali nacionalnega prava.
(92)
This Regulation is without prejudice to obligations for employers to inform or to inform and consult workers or their representatives under Union or national law and practice, including Directive 2002/14/EC of the European Parliament and of the Council (39), on decisions to put into service or use AI systems. It remains necessary to ensure information of workers and their representatives on the planned deployment of high-risk AI systems at the workplace where the conditions for those information or information and consultation obligations in other legal instruments are not fulfilled. Moreover, such information right is ancillary and necessary to the objective of protecting fundamental rights that underlies this Regulation. Therefore, an information requirement to that effect should be laid down in this Regulation, without affecting any existing rights of workers.
(92)
Ta uredba ne posega v obveznosti delodajalcev, da delavce ali njihove predstavnike obveščajo ali se z njimi posvetujejo na podlagi prava Unije ali nacionalnega prava in prakse, vključno z Direktivo 2002/14/ES Evropskega parlamenta in Sveta (39) o odločitvah o dajanju v uporabo ali uporabi sistemov UI. Še naprej je treba zagotavljati informacije delavcem in njihovim predstavnikom o načrtovani uvedbi visokotveganih sistemov UI na delovnem mestu, kadar niso izpolnjeni pogoji za te obveznosti glede obveščanja ali obveščanja in posvetovanja iz drugih pravnih instrumentov. Poleg tega je taka pravica do obveščenosti pomožna in potrebna za cilj varstva temeljnih pravic, na katerem temelji ta uredba. Zato bi bilo treba v tej uredbi določiti zahtevo po informacijah v ta namen, ne da bi to vplivalo na obstoječe pravice delavcev.
(93)
Whilst risks related to AI systems can result from the way such systems are designed, risks can as well stem from how such AI systems are used. Deployers of high-risk AI system therefore play a critical role in ensuring that fundamental rights are protected, complementing the obligations of the provider when developing the AI system. Deployers are best placed to understand how the high-risk AI system will be used concretely and can therefore identify potential significant risks that were not foreseen in the development phase, due to a more precise knowledge of the context of use, the persons or groups of persons likely to be affected, including vulnerable groups. Deployers of high-risk AI systems listed in an annex to this Regulation also play a critical role in informing natural persons and should, when they make decisions or assist in making decisions related to natural persons, where applicable, inform the natural persons that they are subject to the use of the high-risk AI system. This information should include the intended purpose and the type of decisions it makes. The deployer should also inform the natural persons about their right to an explanation provided under this Regulation. With regard to high-risk AI systems used for law enforcement purposes, that obligation should be implemented in accordance with Article 13 of Directive (EU) 2016/680.
(93)
Poleg tega, da lahko tveganja, povezana s sistemi UI, nastanejo zaradi načina zasnove takih sistemov, lahko tveganja izvirajo tudi iz tega, kako se taki sistemi uporabljajo. Uvajalci visokotveganega sistema UI imajo zato ključno vlogo pri skrbi za zaščito temeljnih pravic, kar dopolnjuje obveznosti ponudnika pri razvoju sistema UI. Uvajalci najbolje razumejo, kako se bo visokotvegani sistem UI dejansko uporabljal, in lahko tako opredelijo potencialna velika tveganja, ki niso bila predvidena v fazi razvoja, saj natančneje poznajo okoliščine uporabe, osebe ali skupine oseb, ki bodo verjetno izpostavljene, vključno z ranljivimi skupinami. Uvajalci visokotveganih sistemov UI, navedeni v eni od prilog k tej uredbi, imajo tudi ključno vlogo pri obveščanju fizičnih oseb in bi morali pri sprejemanju odločitev ali pomoči pri sprejemanju odločitev v zvezi s fizičnimi osebami po potrebi obvestiti fizične osebe, da se zanje uporablja visokotvegani sistem UI. Te informacije bi morale vključevati njegov predvideni namen in vrsto odločitev, ki jih sprejema. Uvajalec bi moral fizične osebe obvestiti tudi o njihovi pravici do obrazložitve iz te uredbe. Kar zadeva visokotvegane sisteme UI, ki se uporabljajo za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, bi bilo treba to obveznost izvajati v skladu s členom 13 Direktive (EU) 2016/680.
(94)
Any processing of biometric data involved in the use of AI systems for biometric identification for the purpose of law enforcement needs to comply with Article 10 of Directive (EU) 2016/680, that allows such processing only where strictly necessary, subject to appropriate safeguards for the rights and freedoms of the data subject, and where authorised by Union or Member State law. Such use, when authorised, also needs to respect the principles laid down in Article 4 (1) of Directive (EU) 2016/680 including lawfulness, fairness and transparency, purpose limitation, accuracy and storage limitation.
(94)
Vsaka obdelava biometričnih podatkov, vključena v uporabo sistemov UI za biometrično identifikacijo za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, mora biti skladna s členom 10 Direktive (EU) 2016/680, ki omogoča tako obdelavo le, kadar je to nujno potrebno, ob upoštevanju ustreznih zaščitnih ukrepov za pravice in svoboščine posameznika, na katerega se nanašajo osebni podatki, in kadar je to dovoljeno v skladu s pravom Unije ali pravom države članice. Kadar je taka uporaba odobrena, je treba spoštovati tudi načela iz člena 4(1) Direktive (EU) 2016/680, vključno z zakonitostjo, pravičnostjo in preglednostjo, omejitvijo namena, točnostjo in omejitvijo shranjevanja.
(95)
Without prejudice to applicable Union law, in particular Regulation (EU) 2016/679 and Directive (EU) 2016/680, considering the intrusive nature of post-remote biometric identification systems, the use of post-remote biometric identification systems should be subject to safeguards. Post-remote biometric identification systems should always be used in a way that is proportionate, legitimate and strictly necessary, and thus targeted, in terms of the individuals to be identified, the location, temporal scope and based on a closed data set of legally acquired video footage. In any case, post-remote biometric identification systems should not be used in the framework of law enforcement to lead to indiscriminate surveillance. The conditions for post-remote biometric identification should in any case not provide a basis to circumvent the conditions of the prohibition and strict exceptions for real time remote biometric identification.
(95)
Brez poseganja v veljavno pravo Unije, zlasti v Uredbo (EU) 2016/679 in Direktivo (EU) 2016/680, in ob upoštevanju intruzivne narave sistemov za naknadno biometrično identifikacijo na daljavo, bi bilo treba za uporabo sistemov za naknadno biometrično identifikacijo na daljavo uporabljati zaščitne ukrepe. Sisteme za naknadno biometrično identifikacijo na daljavo bi bilo treba vedno uporabljati na način, ki je sorazmeren, zakonit in nujno potreben ter tako ciljno usmerjen v smislu posameznikov, ki jih je treba identificirati, lokacije, časovnega obsega in na podlagi zaprtega nabora podatkov iz zakonito pridobljenih videoposnetkov. V nobenem primeru sistemov za naknadno biometrično identifikacijo na daljavo ne bi smeli uporabljati v okviru preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, da ne bi povzročili neselektivnega nadzora. Pogoji za naknadno biometrično identifikacijo na daljavo v nobenem primeru ne bi smeli biti podlaga za izogibanje pogojem prepovedi in strogim izjemam za biometrično identifikacijo na daljavo v realnem času.
(96)
In order to efficiently ensure that fundamental rights are protected, deployers of high-risk AI systems that are bodies governed by public law, or private entities providing public services and deployers of certain high-risk AI systems listed in an annex to this Regulation, such as banking or insurance entities, should carry out a fundamental rights impact assessment prior to putting it into use. Services important for individuals that are of public nature may also be provided by private entities. Private entities providing such public services are linked to tasks in the public interest such as in the areas of education, healthcare, social services, housing, administration of justice. The aim of the fundamental rights impact assessment is for the deployer to identify the specific risks to the rights of individuals or groups of individuals likely to be affected, identify measures to be taken in the case of a materialisation of those risks. The impact assessment should be performed prior to deploying the high-risk AI system, and should be updated when the deployer considers that any of the relevant factors have changed. The impact assessment should identify the deployer’s relevant processes in which the high-risk AI system will be used in line with its intended purpose, and should include a description of the period of time and frequency in which the system is intended to be used as well as of specific categories of natural persons and groups who are likely to be affected in the specific context of use. The assessment should also include the identification of specific risks of harm likely to have an impact on the fundamental rights of those persons or groups. While performing this assessment, the deployer should take into account information relevant to a proper assessment of the impact, including but not limited to the information given by the provider of the high-risk AI system in the instructions for use. In light of the risks identified, deployers should determine measures to be taken in the case of a materialisation of those risks, including for example governance arrangements in that specific context of use, such as arrangements for human oversight according to the instructions of use or, complaint handling and redress procedures, as they could be instrumental in mitigating risks to fundamental rights in concrete use-cases. After performing that impact assessment, the deployer should notify the relevant market surveillance authority. Where appropriate, to collect relevant information necessary to perform the impact assessment, deployers of high-risk AI system, in particular when AI systems are used in the public sector, could involve relevant stakeholders, including the representatives of groups of persons likely to be affected by the AI system, independent experts, and civil society organisations in conducting such impact assessments and designing measures to be taken in the case of materialisation of the risks. The European Artificial Intelligence Office (AI Office) should develop a template for a questionnaire in order to facilitate compliance and reduce the administrative burden for deployers.
(96)
Da bi učinkovito zagotovili varstvo temeljnih pravic, bi morali uvajalci visokotveganih sistemov UI, ki so osebe javnega prava, ali zasebni subjekti, ki zagotavljajo javne storitve, in uvajalci, ki uporabljajo nekatere visokotvegane sisteme UI, navedene v eni od prilog k tej uredbi, kot so bančni ali zavarovalniški subjekti, pred začetkom uporabe izvesti oceno učinka na temeljne pravice. Storitve, pomembne za posameznike, ki so javne narave, lahko zagotavljajo tudi zasebni subjekti. Zasebni subjekti, ki zagotavljajo takšne javne storitve, so povezani z nalogami v javnem interesu, na primer na področjih izobraževanja, zdravstvenega varstva, socialnih storitev, stanovanj in razsojanja. Cilj ocene učinka na temeljne pravice je, da uvajalec opredeli posebna tveganja za pravice posameznikov ali skupin posameznikov, ki bodo verjetno izpostavljene, in ukrepe, ki jih je treba sprejeti v primeru uresničitve teh tveganj. Oceno učinka bi bilo treba opraviti pred uvedbo visokotveganega sistema UI in bi jo bilo treba posodobiti, kadar uvajalec meni, da se je spremenil kateri od pomembnih dejavnikov. V oceni učinka bi bilo treba opredeliti ustrezne procese uvajalca, v katerih se bo visokotvegani sistem UI uporabljal v skladu s predvidenim namenom, ter opis obdobja in pogostosti uporabe sistema ter posebnih kategorij fizičnih oseb in skupin, ki bodo verjetno izpostavljene v posebnih okoliščinah uporabe. Ocena bi morala vključevati tudi opredelitev posebnih tveganj škode, ki bi lahko vplivala na temeljne pravice teh oseb ali skupin. Da bi zagotovili pravilno izvedbo te ocene učinka, bi moral uvajalec pri njenem izvajanju upoštevati ustrezne informacije, med drugim tudi tiste, ki jih ponudnik visokotveganega sistema UI navede v navodilih za uporabo. Glede na ugotovljena tveganja bi morali uvajalci določiti ukrepe, ki jih je treba sprejeti v primeru uresničitve teh tveganj, vključno na primer z ureditvami upravljanja v tem posebnem okviru uporabe, kot so ureditve za človeški nadzor v skladu z navodili za uporabo ali obravnavanje pritožb in postopki pravnega varstva, saj bi lahko bili ključni za zmanjšanje tveganj za temeljne pravice v konkretnih primerih uporabe. Po izvedbi te ocene učinka bi moral uvajalec o tem obvestiti ustrezni organ za nadzor trga. Za zbiranje ustreznih informacij, potrebnih za izvedbo ocene učinka, bi lahko uvajalci visokotveganega sistema UI, zlasti kadar se sistemi UI uporabljajo v javnem sektorju, v izvajanje takih ocen učinka in oblikovanje ukrepov, ki jih je treba sprejeti v primeru uresničitve tveganj, po potrebi vključili ustrezne deležnike, vključno s predstavniki skupin oseb, na katere bo sistem UI verjetno vplival, neodvisne strokovnjake in organizacije civilne družbe. Evropski urad za umetno inteligenco (v nadaljnjem besedilu: Urad za UI) bi moral pripraviti predlogo vprašalnika, da bi olajšali skladnost in zmanjšali upravno breme za uvajalce.
(97)
The notion of general-purpose AI models should be clearly defined and set apart from the notion of AI systems to enable legal certainty. The definition should be based on the key functional characteristics of a general-purpose AI model, in particular the generality and the capability to competently perform a wide range of distinct tasks. These models are typically trained on large amounts of data, through various methods, such as self-supervised, unsupervised or reinforcement learning. General-purpose AI models may be placed on the market in various ways, including through libraries, application programming interfaces (APIs), as direct download, or as physical copy. These models may be further modified or fine-tuned into new models. Although AI models are essential components of AI systems, they do not constitute AI systems on their own. AI models require the addition of further components, such as for example a user interface, to become AI systems. AI models are typically integrated into and form part of AI systems. This Regulation provides specific rules for general-purpose AI models and for general-purpose AI models that pose systemic risks, which should apply also when these models are integrated or form part of an AI system. It should be understood that the obligations for the providers of general-purpose AI models should apply once the general-purpose AI models are placed on the market. When the provider of a general-purpose AI model integrates an own model into its own AI system that is made available on the market or put into service, that model should be considered to be placed on the market and, therefore, the obligations in this Regulation for models should continue to apply in addition to those for AI systems. The obligations laid down for models should in any case not apply when an own model is used for purely internal processes that are not essential for providing a product or a service to third parties and the rights of natural persons are not affected. Considering their potential significantly negative effects, the general-purpose AI models with systemic risk should always be subject to the relevant obligations under this Regulation. The definition should not cover AI models used before their placing on the market for the sole purpose of research, development and prototyping activities. This is without prejudice to the obligation to comply with this Regulation when, following such activities, a model is placed on the market.
(97)
Da bi omogočili pravno varnost, bi moral biti pojem modelov UI za splošne namene jasno opredeljen in ločen od pojma sistemov UI. Opredelitev bi morala temeljiti na ključnih funkcionalnih značilnostih modela UI za splošne namene, zlasti na splošnosti in sposobnosti opravljanja širokega nabora različnih nalog. Ti modeli se običajno učijo s pomočjo velikih količin podatkov z različnimi metodami, kot so samonadzorovano, nenadzorovano ali okrepljeno učenje. Modeli UI za splošne namene se lahko dajo na trg na različne načine, tudi prek knjižnic, vmesnikov za aplikacijsko programiranje (API), kot neposredni prenos ali kot fizična kopija. Ti modeli se lahko dodatno spremenijo ali prilagodijo novim modelom. Čeprav so modeli UI bistvene komponente sistemov UI, sami po sebi niso sistemi UI. Da bi modeli UI postali sistemi UI, jim je treba dodati dodatne komponente, kot je na primer uporabniški vmesnik. Modeli UI so običajno vključeni v sisteme UI in so njihov sestavni del. V tej uredbi so določena posebna pravila za modele UI za splošne namene in modele UI za splošne namene, ki predstavljajo sistemska tveganja, ki bi jih bilo treba uporabljati tudi, kadar so ti modeli vključeni v sistem UI ali tvorijo del sistema UI. Razumeti bi bilo treba, da bi bilo treba obveznosti ponudnikov modelov UI za splošne namene uporabljati, ko bodo ti modeli dani na trg. Če ponudnik modela UI za splošne namene vključi lastni model v svoj sistem UI, ki je dostopen na trgu ali je v uporabi, bi bilo treba šteti, da je ta model dan na trg, zato bi bilo treba še naprej uporabljati obveznosti iz te uredbe za modele, poleg tistih za sisteme UI. Obveznosti, ki so določene za modele, se v nobenem primeru ne bi smeli uporabljati, če se lastni model uporablja za izključno notranje postopke, ki niso bistveni za zagotavljanje proizvoda ali storitve tretjim osebam, in to ne vpliva na pravice fizičnih oseb. Glede na njihove morebitne znatne negativne učinke bi morale za modele UI za splošne namene s sistemskim tveganjem vedno veljati ustrezne obveznosti iz te uredbe. Opredelitev ne bi smela zajemati modelov UI, ki se uporabljajo pred dajanjem na trg izključno za namene raziskav, razvoja in izdelave prototipov. To ne posega v obveznost skladnosti s to uredbo, kadar se po takšnih dejavnostih model da na trg.
(98)
Whereas the generality of a model could, inter alia, also be determined by a number of parameters, models with at least a billion of parameters and trained with a large amount of data using self-supervision at scale should be considered to display significant generality and to competently perform a wide range of distinctive tasks.
(98)
Medtem ko bi bilo mogoče splošnost modela med drugim določiti tudi s številnimi parametri, bi bilo treba šteti, da modeli z vsaj milijardo parametrov in naučeni z veliko količino podatkov, ki uporabljajo samonadzor v velikem obsegu, kažejo znatno splošnost in so sposobni kompetentno opravljati širok nabor različnih nalog.
(99)
Large generative AI models are a typical example for a general-purpose AI model, given that they allow for flexible generation of content, such as in the form of text, audio, images or video, that can readily accommodate a wide range of distinctive tasks.
(99)
Veliki generativni modeli UI so tipičen primer modela UI za splošne namene, saj omogočajo prilagodljivo ustvarjanje vsebin, kot so besedilo, zvočni zapisi, slike ali videoposnetki, ki se lahko zlahka prilagodijo širokemu spektru različnih nalog.
(100)
When a general-purpose AI model is integrated into or forms part of an AI system, this system should be considered to be general-purpose AI system when, due to this integration, this system has the capability to serve a variety of purposes. A general-purpose AI system can be used directly, or it may be integrated into other AI systems.
(100)
Kadar je model UI za splošne namene vključen v sistem UI ali je del sistema UI, bi bilo treba ta sistem šteti za sistem UI za splošne namene, če se lahko zaradi te vključitve ta sistem uporablja za različne namene. Sistem UI za splošne namene se lahko uporablja neposredno ali pa se lahko vključi v druge sisteme UI.
(101)
Providers of general-purpose AI models have a particular role and responsibility along the AI value chain, as the models they provide may form the basis for a range of downstream systems, often provided by downstream providers that necessitate a good understanding of the models and their capabilities, both to enable the integration of such models into their products, and to fulfil their obligations under this or other regulations. Therefore, proportionate transparency measures should be laid down, including the drawing up and keeping up to date of documentation, and the provision of information on the general-purpose AI model for its usage by the downstream providers. Technical documentation should be prepared and kept up to date by the general-purpose AI model provider for the purpose of making it available, upon request, to the AI Office and the national competent authorities. The minimal set of elements to be included in such documentation should be set out in specific annexes to this Regulation. The Commission should be empowered to amend those annexes by means of delegated acts in light of evolving technological developments.
(101)
Ponudniki modelov UI za splošne namene imajo posebno vlogo in odgovornost vzdolž verige vrednosti UI, saj so lahko modeli, ki jih zagotavljajo, podlaga za vrsto sistemov nižje v verigi, ki jih pogosto zagotavljajo ponudniki nižje v verigi, ki potrebujejo dobro razumevanje modelov in njihovih zmogljivosti, da bi omogočili vključitev takih modelov v njihove proizvode in izpolnili svoje obveznosti iz te uredbe ali drugih predpisov. Zato bi bilo treba določiti sorazmerne ukrepe za preglednost, vključno s pripravo in posodabljanjem dokumentacije ter zagotavljanjem informacij o modelu UI za splošne namene, ki ga lahko uporabljajo ponudniki nižje v verigi. Ponudnik modela UI za splošne namene bi moral pripraviti in posodabljati tehnično dokumentacijo, da bi jo na zahtevo dal na voljo Uradu za UI in pristojnim nacionalnim organom. Minimalni sklop elementov, ki jih je treba vključiti v tako dokumentacijo, bi bilo treba določiti v posebnih prilogah k tej uredbi. Na Komisijo bi bilo treba prenesti pooblastilo za spreminjanje navedenih prilog z delegiranimi akti glede na hiter tehnološki razvoj.
(102)
Software and data, including models, released under a free and open-source licence that allows them to be openly shared and where users can freely access, use, modify and redistribute them or modified versions thereof, can contribute to research and innovation in the market and can provide significant growth opportunities for the Union economy. General-purpose AI models released under free and open-source licences should be considered to ensure high levels of transparency and openness if their parameters, including the weights, the information on the model architecture, and the information on model usage are made publicly available. The licence should be considered to be free and open-source also when it allows users to run, copy, distribute, study, change and improve software and data, including models under the condition that the original provider of the model is credited, the identical or comparable terms of distribution are respected.
(102)
Programska oprema in podatki, vključno z modeli, objavljenimi na podlagi proste in odprtokodne licence, ki omogoča njihovo prosto izmenjavo in če uporabniki lahko prosto dostopajo do njih ali njihovih spremenjenih različic, jih uporabljajo, spreminjajo in ponovno distribuirajo, lahko prispevajo k raziskavam in inovacijam na trgu ter gospodarstvu Unije zagotovijo znatne priložnosti za rast. Razmisliti bi bilo treba o modelih UI za splošne namene, objavljenih na podlagi prostih in odprtokodnih licenc, da bi zagotovili visoko raven preglednosti in odprtosti, če so njihovi parametri, vključno z utežmi, informacijami o arhitekturi modela in informacijami o uporabi modela, javno dostopni. Licenca bi morala šteti za prosto in odprtokodno, tudi kadar uporabnikom omogoča uporabo, kopiranje, distribucijo, preučevanje, spreminjanje in izboljševanje programske opreme in podatkov, vključno z modeli, pod pogojem, da se navede originalni ponudnik modela in da se upoštevajo enaki ali primerljivi pogoji distribucije.
(103)
Free and open-source AI components covers the software and data, including models and general-purpose AI models, tools, services or processes of an AI system. Free and open-source AI components can be provided through different channels, including their development on open repositories. For the purposes of this Regulation, AI components that are provided against a price or otherwise monetised, including through the provision of technical support or other services, including through a software platform, related to the AI component, or the use of personal data for reasons other than exclusively for improving the security, compatibility or interoperability of the software, with the exception of transactions between microenterprises, should not benefit from the exceptions provided to free and open-source AI components. The fact of making AI components available through open repositories should not, in itself, constitute a monetisation.
(103)
Brezplačne in odprtokodne komponente UI zajemajo programsko opremo in podatke, vključno z modeli in modeli UI za splošne namene, orodji, storitvami ali procesi sistema UI. Brezplačne in odprtokodne komponente UI se lahko zagotovijo prek različnih kanalov, vključno z njihovim razvojem v odprtih odložiščih. Za namene te uredbe komponente UI, ki se zagotavljajo proti plačilu ali so kako drugače monetizirane, med drugim z zagotavljanjem tehnične podpore ali drugih storitev, tudi prek platforme programske opreme, povezane s komponento UI, ali z uporabo osebnih podatkov iz razlogov, ki niso izključno namenjeni izboljšanju varnosti, združljivosti ali interoperabilnosti programske opreme, z izjemo transakcij med mikropodjetji, ne bi smele biti upravičene do izjem, določenih za brezplačne in odprtokodne komponente UI. Dejstvo, da so komponente UI na voljo prek odprtih odložišč, samo po sebi ne bi smelo pomeniti monetizacije.
(104)
The providers of general-purpose AI models that are released under a free and open-source licence, and whose parameters, including the weights, the information on the model architecture, and the information on model usage, are made publicly available should be subject to exceptions as regards the transparency-related requirements imposed on general-purpose AI models, unless they can be considered to present a systemic risk, in which case the circumstance that the model is transparent and accompanied by an open-source license should not be considered to be a sufficient reason to exclude compliance with the obligations under this Regulation. In any case, given that the release of general-purpose AI models under free and open-source licence does not necessarily reveal substantial information on the data set used for the training or fine-tuning of the model and on how compliance of copyright law was thereby ensured, the exception provided for general-purpose AI models from compliance with the transparency-related requirements should not concern the obligation to produce a summary about the content used for model training and the obligation to put in place a policy to comply with Union copyright law, in particular to identify and comply with the reservation of rights pursuant to Article 4(3) of Directive (EU) 2019/790 of the European Parliament and of the Council (40).
(104)
Za ponudnike modelov UI za splošne namene, ki se objavijo na podlagi proste in odprtokodne licence ter katerih parametri, vključno z utežmi, informacijami o arhitekturi modela in informacijami o uporabi modela, so javno dostopni, bi morale veljati izjeme v zvezi z zahtevami glede preglednosti, ki veljajo za modele UI za splošne namene, razen če lahko šteje, da predstavljajo sistemsko tveganje; v tem primeru okoliščina, da je model pregleden in ga spremlja odprtokodna licenca, ne bi smela šteti za zadosten razlog za izključitev izpolnjevanja obveznosti iz te uredbe. V vsakem primeru pa glede na to, da objava modelov UI za splošne namene v okviru proste in odprtokodne licence ne razkrije nujno bistvenih informacij o naboru podatkov, ki se uporablja za učenje ali izpopolnjevanje modela, in o tem, kako je bila s tem zagotovljena skladnost z avtorskim pravom, se izjema, določena za modele UI za splošne namene, od skladnosti z zahtevami, povezanimi s preglednostjo, ne bi smela nanašati na obveznost priprave povzetka vsebine, ki se uporablja za učenje modelov, in obveznost vzpostavitve politike za skladnost z avtorskim pravom Unije, zlasti za opredelitev in skladnost s pridržkom pravic na podlagi člena 4(3) Direktive (EU) 2019/790 Evropskega parlamenta in Sveta (40).
(105)
General-purpose AI models, in particular large generative AI models, capable of generating text, images, and other content, present unique innovation opportunities but also challenges to artists, authors, and other creators and the way their creative content is created, distributed, used and consumed. The development and training of such models require access to vast amounts of text, images, videos and other data. Text and data mining techniques may be used extensively in this context for the retrieval and analysis of such content, which may be protected by copyright and related rights. Any use of copyright protected content requires the authorisation of the rightsholder concerned unless relevant copyright exceptions and limitations apply. Directive (EU) 2019/790 introduced exceptions and limitations allowing reproductions and extractions of works or other subject matter, for the purpose of text and data mining, under certain conditions. Under these rules, rightsholders may choose to reserve their rights over their works or other subject matter to prevent text and data mining, unless this is done for the purposes of scientific research. Where the rights to opt out has been expressly reserved in an appropriate manner, providers of general-purpose AI models need to obtain an authorisation from rightsholders if they want to carry out text and data mining over such works.
(105)
Modeli UI za splošne namene, zlasti veliki generativni modeli UI, ki lahko ustvarijo besedilo, slike in druge vsebine, predstavljajo edinstvene priložnosti za inovacije, pa tudi izzive za umetnike, avtorje in druge ustvarjalce ter njihov način ustvarjanja, razširjanja, uporabe in koriščenja njihovih ustvarjalnih vsebin. Za razvoj in učenje takih modelov je potreben dostop do velikih količin besedil, slik, videoposnetkov in drugih podatkov. Za pridobivanje in analizo takih vsebin, ki so lahko zaščitene z avtorskimi in sorodnimi pravicami, se lahko v tem kontekstu obsežno uporabljajo tehnike besedilnega in podatkovnega rudarjenja. Za vsako uporabo avtorsko zaščitenih vsebin je potrebno dovoljenje zadevnega imetnika pravic, razen če se uporabljajo ustrezne izjeme in omejitve avtorskih pravic. Z Direktivo (EU) 2019/790 so bile uvedene izjeme in omejitve, ki pod določenimi pogoji omogočajo reprodukcije in izvlečke del ali drugih zaščitenih predmetov za namene besedilnega in podatkovnega rudarjenja. Na podlagi teh pravil se lahko imetniki pravic odločijo, da bodo svoje pravice pridržali za svoja dela ali druge zaščitene predmete, da bi preprečili besedilno in podatkovno rudarjenje, razen če se to izvaja za namene znanstvenega raziskovanja. Kadar so pravice do izvzetja izrecno in na ustrezen način pridržane, morajo ponudniki modelov UI za splošne namene pridobiti dovoljenje imetnikov pravic, če želijo v zvezi s takimi deli izvajati besedilno in podatkovno rudarjenje.
(106)
Providers that place general-purpose AI models on the Union market should ensure compliance with the relevant obligations in this Regulation. To that end, providers of general-purpose AI models should put in place a policy to comply with Union law on copyright and related rights, in particular to identify and comply with the reservation of rights expressed by rightsholders pursuant to Article 4(3) of Directive (EU) 2019/790. Any provider placing a general-purpose AI model on the Union market should comply with this obligation, regardless of the jurisdiction in which the copyright-relevant acts underpinning the training of those general-purpose AI models take place. This is necessary to ensure a level playing field among providers of general-purpose AI models where no provider should be able to gain a competitive advantage in the Union market by applying lower copyright standards than those provided in the Union.
(106)
Ponudniki, ki dajejo modele UI za splošne namene na trg Unije, bi morali zagotoviti skladnost z ustreznimi obveznostmi iz te uredbe. V ta namen bi morali ponudniki modelov UI za splošne namene vzpostaviti politiko za skladnost s pravom Unije o avtorskih in sorodnih pravicah, zlasti za opredelitev pridržka pravic, ki jih izrazijo imetniki pravic na podlagi člena 4(3) Direktive (EU) 2019/790, in skladnost z njim. Vsak ponudnik, ki daje model UI za splošne namene na trg Unije, bi moral to obveznost izpolnjevati ne glede na jurisdikcijo, v kateri se izvajajo dejanja, povezana z avtorskimi pravicami, na katerih temelji učenje teh modelov UI za splošno rabo. To je potrebno za zagotovitev enakih konkurenčnih pogojev med ponudniki modelov UI za splošne namene, pri čemer noben ponudnik ne bi smel imeti konkurenčne prednosti na trgu Unije z uporabo standardov avtorskih pravic, ki so nižji od standardov, določenih v Uniji.
(107)
In order to increase transparency on the data that is used in the pre-training and training of general-purpose AI models, including text and data protected by copyright law, it is adequate that providers of such models draw up and make publicly available a sufficiently detailed summary of the content used for training the general-purpose AI model. While taking into due account the need to protect trade secrets and confidential business information, this summary should be generally comprehensive in its scope instead of technically detailed to facilitate parties with legitimate interests, including copyright holders, to exercise and enforce their rights under Union law, for example by listing the main data collections or sets that went into training the model, such as large private or public databases or data archives, and by providing a narrative explanation about other data sources used. It is appropriate for the AI Office to provide a template for the summary, which should be simple, effective, and allow the provider to provide the required summary in narrative form.
(107)
Da bi izboljšali preglednost podatkov, ki se uporabljajo pri predhodnem učenju in učenju modelov UI za splošne namene, vključno z besedilom in podatki, zaščitenimi z avtorskim pravom, je ustrezno, da ponudniki takih modelov pripravijo in objavijo dovolj podroben povzetek vsebine, ki se uporablja za učenje modela UI za splošne namene. Upoštevajoč potrebo po varovanju poslovnih skrivnosti in zaupnih poslovnih informacij bi moral biti ta povzetek v svojem področju uporabe na splošno izčrpen in ne tehnično podroben, da bi strankam z zakonitimi interesi, vključno z imetniki avtorskih pravic, olajšali uveljavljanje in izvajanje njihovih pravic na podlagi prava Unije, na primer z navedbo glavnih zbirk podatkov ali naborov podatkov, ki so bili uporabljeni pri učenju, kot so velike zasebne ali javne podatkovne zbirke ali podatkovni arhivi, ter z opisno razlago drugih uporabljenih virov podatkov. Primerno je, da Urad za UI zagotovi predlogo za povzetek, ki bi moral biti preprost in učinkovit ter ponudniku omogočiti, da zagotovi zahtevani povzetek v opisni obliki.
(108)
With regard to the obligations imposed on providers of general-purpose AI models to put in place a policy to comply with Union copyright law and make publicly available a summary of the content used for the training, the AI Office should monitor whether the provider has fulfilled those obligations without verifying or proceeding to a work-by-work assessment of the training data in terms of copyright compliance. This Regulation does not affect the enforcement of copyright rules as provided for under Union law.
(108)
Kar zadeva obveznosti ponudnikov modelov UI za splošne namene, da vzpostavijo politiko za skladnost z avtorskim pravom Unije in javno objavijo povzetek vsebine, uporabljene za učenje, bi moral Urad za UI spremljati, ali je ponudnik izpolnil te obveznosti brez preverjanja ali ocene učnih podatkov za vsak posamezen primer posebej z vidika njihove skladnosti z avtorskimi pravicami. Ta uredba ne vpliva na izvrševanje pravil o avtorskih pravicah, kot je določeno na podlagi prava Unije.
(109)
Compliance with the obligations applicable to the providers of general-purpose AI models should be commensurate and proportionate to the type of model provider, excluding the need for compliance for persons who develop or use models for non-professional or scientific research purposes, who should nevertheless be encouraged to voluntarily comply with these requirements. Without prejudice to Union copyright law, compliance with those obligations should take due account of the size of the provider and allow simplified ways of compliance for SMEs, including start-ups, that should not represent an excessive cost and not discourage the use of such models. In the case of a modification or fine-tuning of a model, the obligations for providers of general-purpose AI models should be limited to that modification or fine-tuning, for example by complementing the already existing technical documentation with information on the modifications, including new training data sources, as a means to comply with the value chain obligations provided in this Regulation.
(109)
Izpolnjevanje obveznosti, ki veljajo za ponudnike modelov UI za splošne namene, bi moralo biti sorazmerno in primerno vrsti ponudnika modela, pri čemer bi bilo treba izključiti potrebo glede izpolnjevanja teh obveznosti za osebe, ki razvijajo ali uporabljajo modele za nepoklicne ali znanstvenoraziskovalne namene, vendar bi jih bilo treba kljub temu spodbujati k prostovoljnemu izpolnjevanju teh obveznosti. Brez poseganja v avtorsko pravo Unije bi bilo treba pri izpolnjevanju teh obveznosti ustrezno upoštevati velikost ponudnika in omogočiti poenostavljene načine izpolnjevanja obveznosti za MSP, vključno z zagonskimi podjetji, ki ne bi smeli predstavljati pretiranih stroškov in ne bi smeli odvračati od uporabe takih modelov. V primeru spremembe ali izpopolnjevanja modela bi morale biti obveznosti ponudnikov modelov UI za splošne namene omejene na to spremembo ali izpopolnitev, na primer z dopolnitvijo že obstoječe tehnične dokumentacije z informacijami o spremembah, vključno z novimi viri učnih podatkov, da bi izpolnili obveznosti glede verige vrednosti iz te uredbe.
(110)
General-purpose AI models could pose systemic risks which include, but are not limited to, any actual or reasonably foreseeable negative effects in relation to major accidents, disruptions of critical sectors and serious consequences to public health and safety; any actual or reasonably foreseeable negative effects on democratic processes, public and economic security; the dissemination of illegal, false, or discriminatory content. Systemic risks should be understood to increase with model capabilities and model reach, can arise along the entire lifecycle of the model, and are influenced by conditions of misuse, model reliability, model fairness and model security, the level of autonomy of the model, its access to tools, novel or combined modalities, release and distribution strategies, the potential to remove guardrails and other factors. In particular, international approaches have so far identified the need to pay attention to risks from potential intentional misuse or unintended issues of control relating to alignment with human intent; chemical, biological, radiological, and nuclear risks, such as the ways in which barriers to entry can be lowered, including for weapons development, design acquisition, or use; offensive cyber capabilities, such as the ways in vulnerability discovery, exploitation, or operational use can be enabled; the effects of interaction and tool use, including for example the capacity to control physical systems and interfere with critical infrastructure; risks from models of making copies of themselves or ‘self-replicating’ or training other models; the ways in which models can give rise to harmful bias and discrimination with risks to individuals, communities or societies; the facilitation of disinformation or harming privacy with threats to democratic values and human rights; risk that a particular event could lead to a chain reaction with considerable negative effects that could affect up to an entire city, an entire domain activity or an entire community.
(110)
Modeli UI za splošne namene bi lahko predstavljali sistemska tveganja, ki med drugim vključujejo vse dejanske ali razumno predvidljive negativne učinke v zvezi z večjimi nesrečami, motnjami v kritičnih sektorjih ter resnimi posledicami za javno zdravje in varnost, vse dejanske ali razumno predvidljive negativne učinke na demokratične procese ter javno in gospodarsko varnost ter razširjanje nezakonitih, lažnih ali diskriminatornih vsebin. Sistemska tveganja bi bilo treba razumeti tako, da se povečujejo z zmogljivostmi in dosegom modela, da se lahko pojavijo v celotnem življenjskem ciklu modela in da nanje vplivajo pogoji napačne uporabe, zanesljivost modela, pravičnost modela in varnost modela, stopnja avtonomije modela, njegov dostop do orodij, novi ali kombinirani načini, strategije objave in distribucije, možnost odstranitve varovalnih mehanizmov in drugi dejavniki. V mednarodnih pristopih je bilo do zdaj zlasti ugotovljeno, da je treba pozornost nameniti tveganjem, ki izhajajo iz morebitne namerne napačne uporabe ali nenamernih problemov pri nadzoru v zvezi z usklajevanjem s človeškim namenom; kemičnim, biološkim, radiološkim in jedrskim tveganjem, kot so načini, kako zmanjšati vstopne ovire, vključno z razvojem orožja, nabavo njegove zasnove ali njegove uporabo; ofenzivnim kibernetskim zmogljivostim, kot so načini, ki omogočajo odkrivanje, izkoriščanje ali operativno uporabo šibkih točk; učinkom interakcije in uporabe orodij, vključno na primer z zmogljivostjo za nadzor fizičnih sistemov in motenj v kritični infrastrukturi; tveganjem, povezanimi z modeli, ki izdelujejo kopije ali se „samoreplicirajo“ ali učijo druge modele; načinom, kako lahko modeli povzročijo škodljivo pristranskost in diskriminacijo, ker ustvarjajo tveganja za posameznike, skupnosti ali družbe; omogočanju dezinformacij ali ogrožanju zasebnosti z grožnjami demokratičnim vrednotam in človekovim pravicam; tveganju, da bi določen dogodek lahko povzročil verižno reakcijo z znatnimi negativnimi učinki, ki bi lahko vplivali na celo mesto, celotno domeno dejavnosti ali celotno skupnost.
(111)
It is appropriate to establish a methodology for the classification of general-purpose AI models as general-purpose AI model with systemic risks. Since systemic risks result from particularly high capabilities, a general-purpose AI model should be considered to present systemic risks if it has high-impact capabilities, evaluated on the basis of appropriate technical tools and methodologies, or significant impact on the internal market due to its reach. High-impact capabilities in general-purpose AI models means capabilities that match or exceed the capabilities recorded in the most advanced general-purpose AI models. The full range of capabilities in a model could be better understood after its placing on the market or when deployers interact with the model. According to the state of the art at the time of entry into force of this Regulation, the cumulative amount of computation used for the training of the general-purpose AI model measured in floating point operations is one of the relevant approximations for model capabilities. The cumulative amount of computation used for training includes the computation used across the activities and methods that are intended to enhance the capabilities of the model prior to deployment, such as pre-training, synthetic data generation and fine-tuning. Therefore, an initial threshold of floating point operations should be set, which, if met by a general-purpose AI model, leads to a presumption that the model is a general-purpose AI model with systemic risks. This threshold should be adjusted over time to reflect technological and industrial changes, such as algorithmic improvements or increased hardware efficiency, and should be supplemented with benchmarks and indicators for model capability. To inform this, the AI Office should engage with the scientific community, industry, civil society and other experts. Thresholds, as well as tools and benchmarks for the assessment of high-impact capabilities, should be strong predictors of generality, its capabilities and associated systemic risk of general-purpose AI models, and could take into account the way the model will be placed on the market or the number of users it may affect. To complement this system, there should be a possibility for the Commission to take individual decisions designating a general-purpose AI model as a general-purpose AI model with systemic risk if it is found that such model has capabilities or an impact equivalent to those captured by the set threshold. That decision should be taken on the basis of an overall assessment of the criteria for the designation of a general-purpose AI model with systemic risk set out in an annex to this Regulation, such as quality or size of the training data set, number of business and end users, its input and output modalities, its level of autonomy and scalability, or the tools it has access to. Upon a reasoned request of a provider whose model has been designated as a general-purpose AI model with systemic risk, the Commission should take the request into account and may decide to reassess whether the general-purpose AI model can still be considered to present systemic risks.
(111)
Treba bi bilo določiti metodologijo za razvrstitev modelov UI za splošne namene kot modelov UI za splošne namene s sistemskimi tveganji. Ker sistemska tveganja izhajajo iz posebno visokih zmogljivosti, bi bilo treba za model UI za splošne namene šteti, da predstavlja sistemska tveganja, če ima zmogljivosti z visoko učinkovitostjo, ocenjene na podlagi ustreznih tehničnih orodij in metodologij, ali znaten vpliv na notranji trg zaradi svojega dosega. Zmogljivosti z visoko učinkovitostjo v modelih UI za splošne namene pomenijo zmogljivosti, ki so enake zmogljivostim, zabeleženim v najbolj naprednih modelih UI za splošne namene, ali jih presegajo. Celoten nabor zmogljivosti modela bi bilo mogoče bolje razumeti po tem, ko se da na trg ali ko so uvajalci v interakciji z modelom. V skladu z najsodobnejšimi tehnološkimi dosežki v času začetka veljavnosti te uredbe je kumulativni znesek izračuna, ki se uporablja za učenje modela UI za splošne namene, merjen z operacijami s plavajočo vejico, eden od ustreznih približkov za zmogljivosti modela. Kumulativni znesek izračuna, ki se uporablja za učenje, vključuje izračun, ki se uporablja za dejavnosti in metode, namenjene povečanju zmogljivosti modela pred uvedbo, kot so predhodno učenje, sintetično ustvarjanje podatkov in izpopolnjevanje. Zato bi bilo treba določiti začetni prag operacij s plavajočo vejico, ki, če ga doseže model UI za splošne namene, privede do domneve, da model šteje za model UI za splošne namene s sistemskimi tveganji. Ta prag bi bilo treba sčasoma prilagoditi, da bi odražal tehnološke in industrijske spremembe, kot so algoritemske izboljšave ali večja učinkovitost strojne opreme, dopolniti pa bi ga bilo treba z referenčnimi vrednostmi in kazalniki za zmogljivost modela. Za to bi moral Urad za UI sodelovati z znanstveno skupnostjo, industrijo, civilno družbo in drugimi strokovnjaki. Pragovi ter orodja in merila za ocenjevanje zmogljivosti z visoko učinkovitostjo bi morali v veliki meri predvideti splošno naravo, zmogljivosti in povezano sistemsko tveganje modelov UI za splošne namene ter bi lahko upoštevali način dajanja modela na trg ali število uporabnikov, na katere bi lahko vplival. Za dopolnitev tega sistema bi morala Komisija imeti možnost, da sprejme posamezne odločitve, s katerimi model UI za splošne namene določi kot model UI za splošne namene s sistemskim tveganjem, če se ugotovi, da ima tak model zmogljivosti ali učinek, enakovreden tistim, zajetim z določenim pragom. To odločitev bi bilo treba sprejeti na podlagi splošne ocene meril za določitev modela UI za splošne namene s sistemskim tveganjem iz ene od prilog k tej uredbi, kot so kakovost ali velikost nabora učnih podatkov, število poslovnih in končnih uporabnikov, načini njihovega vnosa in izhoda, stopnja avtonomije in nadgradljivosti ali orodja, do katerih ima dostop. Komisija bi morala na obrazloženo zahtevo ponudnika, katerega model je bil označen za model UI za splošne namene s sistemskim tveganjem, upoštevati zahtevo in se lahko odloči, da ponovno oceni, ali lahko za model UI za splošne namene še vedno šteje, da predstavlja sistemska tveganja.
(112)
It is also necessary to clarify a procedure for the classification of a general-purpose AI model with systemic risks. A general-purpose AI model that meets the applicable threshold for high-impact capabilities should be presumed to be a general-purpose AI models with systemic risk. The provider should notify the AI Office at the latest two weeks after the requirements are met or it becomes known that a general-purpose AI model will meet the requirements that lead to the presumption. This is especially relevant in relation to the threshold of floating point operations because training of general-purpose AI models takes considerable planning which includes the upfront allocation of compute resources and, therefore, providers of general-purpose AI models are able to know if their model would meet the threshold before the training is completed. In the context of that notification, the provider should be able to demonstrate that, because of its specific characteristics, a general-purpose AI model exceptionally does not present systemic risks, and that it thus should not be classified as a general-purpose AI model with systemic risks. That information is valuable for the AI Office to anticipate the placing on the market of general-purpose AI models with systemic risks and the providers can start to engage with the AI Office early on. That information is especially important with regard to general-purpose AI models that are planned to be released as open-source, given that, after the open-source model release, necessary measures to ensure compliance with the obligations under this Regulation may be more difficult to implement.
(112)
Pojasniti je treba tudi postopek za razvrstitev modela UI za splošne namene s sistemskimi tveganji. Za model UI za splošne namene, ki izpolnjuje veljavni prag za zmogljivosti z visoko učinkovitostjo, bi bilo treba domnevati, da je splošni model UI s sistemskim tveganjem. Ponudnik bi moral Urad za UI obvestiti najpozneje dva tedna po tem, ko so zahteve izpolnjene ali ko je znano, da bo model UI za splošne namene izpolnjeval zahteve, ki vodijo do te domneve. To je zlasti pomembno v zvezi s pragom operacij s plavajočo vejico, saj je pri učenju modelov UI za splošne namene potrebno precejšnje načrtovanje, ki vključuje vnaprejšnjo dodelitev računalniških virov, zato lahko ponudniki modelov UI za splošne namene vedo, ali bi njihov model dosegel prag pred zaključkom učenja. V okviru tega obvestila bi moral biti ponudnik sposoben dokazati, da model UI za splošne namene zaradi svojih posebnih značilnosti izjemoma ne predstavlja sistemskih tveganj in ga zato ne bi smeli razvrstiti kot model UI za splošne namene s sistemskimi tveganji. Te informacije so dragocene za Urad za UI pri predvidevanju dajanja modelov UI za splošne namene s sistemskimi tveganji na trg, ponudniki pa lahko začnejo zgodaj sodelovati z Uradom za UI. Te informacije so zlasti pomembne v zvezi z modeli UI za splošne namene, za katere se načrtuje, da bodo objavljeni kot odprtokodni, saj bo po objavi odprtokodnega modela morda težje izvajati potrebne ukrepe za zagotovitev skladnosti z obveznostmi iz te uredbe.
(113)
If the Commission becomes aware of the fact that a general-purpose AI model meets the requirements to classify as a general-purpose AI model with systemic risk, which previously had either not been known or of which the relevant provider has failed to notify the Commission, the Commission should be empowered to designate it so. A system of qualified alerts should ensure that the AI Office is made aware by the scientific panel of general-purpose AI models that should possibly be classified as general-purpose AI models with systemic risk, in addition to the monitoring activities of the AI Office.
(113)
Če Komisija ugotovi, da model UI za splošne namene izpolnjuje zahteve za razvrstitev kot model UI za splošne namene s sistemskim tveganjem, ki pred tem ni bil znan ali o njem zadevni ponudnik ni obvestil Komisije, bi morala biti Komisija pooblaščena, da ga tako označi. Sistem kvalificiranih opozoril bi moral zagotavljati, da znanstveni odbor obvešča Urad za UI o modelih UI za splošne namene, ki bi jih morebiti bilo treba razvrstiti kot modele UI za splošne namene s sistemskim tveganjem, ter da ima Urad pregled nad lastnimi dejavnostmi spremljanja.
(114)
The providers of general-purpose AI models presenting systemic risks should be subject, in addition to the obligations provided for providers of general-purpose AI models, to obligations aimed at identifying and mitigating those risks and ensuring an adequate level of cybersecurity protection, regardless of whether it is provided as a standalone model or embedded in an AI system or a product. To achieve those objectives, this Regulation should require providers to perform the necessary model evaluations, in particular prior to its first placing on the market, including conducting and documenting adversarial testing of models, also, as appropriate, through internal or independent external testing. In addition, providers of general-purpose AI models with systemic risks should continuously assess and mitigate systemic risks, including for example by putting in place risk-management policies, such as accountability and governance processes, implementing post-market monitoring, taking appropriate measures along the entire model’s lifecycle and cooperating with relevant actors along the AI value chain.
(114)
Za ponudnike modelov UI za splošne namene s sistemskimi tveganji bi morale poleg obveznosti, ki veljajo za ponudnike modelov UI za splošne namene, veljati tudi obveznosti, namenjene prepoznavanju in zmanjšanju teh tveganj ter zagotavljanju ustrezne ravni kibernetske varnosti, ne glede na to, ali se zagotavljajo kot samostojni modeli ali so vgrajeni v sistem UI ali proizvod. Za doseganje teh ciljev bi morala ta uredba od ponudnikov zahtevati, da izvedejo potrebne ocene modelov, zlasti pred prvim dajanjem na trg, vključno z izvajanjem in dokumentiranjem testiranja modelov po načelu kontradiktornosti, po potrebi tudi z notranjim ali neodvisnim zunanjim testiranjem. Poleg tega bi morali ponudniki modelov UI za splošne namene s sistemskimi tveganji redno ocenjevati in zmanjševati sistemska tveganja, med drugim na primer z uvedbo politik za obvladovanje tveganj, kot so postopki za zagotavljanje odgovornosti in upravljanja, spremljanjem po dajanju na trg, sprejetjem ustreznih ukrepov v celotnem življenjskem ciklu modela in sodelovanjem z ustreznimi akterji v celotni verigi vrednosti UI.
(115)
Providers of general-purpose AI models with systemic risks should assess and mitigate possible systemic risks. If, despite efforts to identify and prevent risks related to a general-purpose AI model that may present systemic risks, the development or use of the model causes a serious incident, the general-purpose AI model provider should without undue delay keep track of the incident and report any relevant information and possible corrective measures to the Commission and national competent authorities. Furthermore, providers should ensure an adequate level of cybersecurity protection for the model and its physical infrastructure, if appropriate, along the entire model lifecycle. Cybersecurity protection related to systemic risks associated with malicious use or attacks should duly consider accidental model leakage, unauthorised releases, circumvention of safety measures, and defence against cyberattacks, unauthorised access or model theft. That protection could be facilitated by securing model weights, algorithms, servers, and data sets, such as through operational security measures for information security, specific cybersecurity policies, adequate technical and established solutions, and cyber and physical access controls, appropriate to the relevant circumstances and the risks involved.
(115)
Ponudniki modelov UI za splošne namene s sistemskimi tveganji bi morali oceniti in zmanjšati morebitna sistemska tveganja. Če razvoj ali uporaba modela kljub prizadevanjem za prepoznavanje in preprečevanje tveganj, povezanih z modelom UI za splošne namene, ki lahko predstavlja sistemska tveganja, povzroči resen incident, bi ga moral ponudnik modela UI za splošne namene brez nepotrebnega odlašanja spremljati ter Komisiji in pristojnim nacionalnim organom poročati o vseh ustreznih informacijah in možnih popravnih ukrepih. Poleg tega bi morali ponudniki po potrebi zagotoviti ustrezno raven kibernetske varnosti modela in njegove fizične infrastrukture v celotnem življenjskem ciklu modela. Pri kibernetski varnosti zaradi sistemskih tveganj, povezanih z zlonamerno uporabo ali napadi, bi bilo treba ustrezno upoštevati naključno uhajanje iz modelov, nedovoljene različice, izogibanje varnostnim ukrepom in obrambo pred kibernetskimi napadi, nepooblaščenim dostopom ali krajo modela. Tovrstno varnost bi bilo mogoče olajšati z zaščito uteži modelov, algoritmov, strežnikov in naborov podatkov, na primer z operativnimi varnostnimi ukrepi za informacijsko varnost, posebnimi politikami na področju kibernetske varnosti, ustreznimi tehničnimi in uveljavljenimi rešitvami ter kibernetskim in fizičnim nadzorom dostopa, ki bi bili prilagojeni zadevnim okoliščinam in povezanim tveganjem.
(116)
The AI Office should encourage and facilitate the drawing up, review and adaptation of codes of practice, taking into account international approaches. All providers of general-purpose AI models could be invited to participate. To ensure that the codes of practice reflect the state of the art and duly take into account a diverse set of perspectives, the AI Office should collaborate with relevant national competent authorities, and could, where appropriate, consult with civil society organisations and other relevant stakeholders and experts, including the Scientific Panel, for the drawing up of such codes. Codes of practice should cover obligations for providers of general-purpose AI models and of general-purpose AI models presenting systemic risks. In addition, as regards systemic risks, codes of practice should help to establish a risk taxonomy of the type and nature of the systemic risks at Union level, including their sources. Codes of practice should also be focused on specific risk assessment and mitigation measures.
(116)
Urad za UI bi moral spodbujati in olajšati pripravo, pregled in prilagoditev kodeksov prakse in pri tem upoštevati mednarodne pristope. K sodelovanju bi lahko bili povabljeni vsi ponudniki modelov UI za splošne namene. Za zagotovitev, da se v kodeksih prakse odrazijo najsodobnejši tehnološki dosežki in ustrezno upoštevajo različni vidiki, bi moral Urad za UI pri pripravi teh kodeksov sodelovati z ustreznimi pristojnimi nacionalnimi organi, po potrebi pa bi se lahko posvetoval z organizacijami civilne družbe ter drugimi ustreznimi deležniki in strokovnjaki, vključno z znanstvenim odborom. V teh kodeksih prakse bi morale biti določene obveznosti za ponudnike modelov UI za splošne namene in modelov UI za splošne namene s sistemskimi tveganji. Kar zadeva sistemska tveganja, bi morali kodeksi prakse poleg tega prispevati k vzpostavitvi taksonomije tveganja za vrsto in naravo sistemskih tveganj na ravni Unije, vključno z njihovimi viri. Kodeksi prakse bi morali biti osredotočeni tudi na specifične ocene tveganja in ukrepe za zmanjšanje tveganj.
(117)
The codes of practice should represent a central tool for the proper compliance with the obligations provided for under this Regulation for providers of general-purpose AI models. Providers should be able to rely on codes of practice to demonstrate compliance with the obligations. By means of implementing acts, the Commission may decide to approve a code of practice and give it a general validity within the Union, or, alternatively, to provide common rules for the implementation of the relevant obligations, if, by the time this Regulation becomes applicable, a code of practice cannot be finalised or is not deemed adequate by the AI Office. Once a harmonised standard is published and assessed as suitable to cover the relevant obligations by the AI Office, compliance with a European harmonised standard should grant providers the presumption of conformity. Providers of general-purpose AI models should furthermore be able to demonstrate compliance using alternative adequate means, if codes of practice or harmonised standards are not available, or they choose not to rely on those.
(117)
Kodeksi prakse bi morali biti osrednje orodje za pravilno izpolnjevanje obveznosti za ponudnike modelov UI za splošne namene, ki so določene v tej uredbi. Ponudniki bi morali imeti možnost, da se pri dokazovanju izpolnjevanja obveznosti oprejo na kodekse prakse. Komisija se lahko odloči, da z izvedbenimi akti odobri kodeks prakse in mu podeli splošno veljavnost v Uniji oziroma, kot nadomestno možnost, določi skupna pravila za izvajanje ustreznih obveznosti, če kodeksa prakse do začetka uporabe te uredbe ni mogoče dokončati ali če ga Urad za UI ne šteje za ustreznega. Ko je harmonizirani standard objavljen in ko ga Urad za UI oceni kot primernega za izpolnjevanje ustreznih obveznosti, bi morala za ponudnike veljati domneva o skladnosti, kadar ti izpolnjujejo evropski harmonizirani standard. Ponudniki modelov UI za splošne namene bi morali biti poleg tega sposobni z nadomestnimi ustreznimi sredstvi dokazati skladnost, če kodeksi prakse ali harmonizirani standardi niso na voljo ali če se odločijo, da se nanje ne bodo zanašali.
(118)
This Regulation regulates AI systems and AI models by imposing certain requirements and obligations for relevant market actors that are placing them on the market, putting into service or use in the Union, thereby complementing obligations for providers of intermediary services that embed such systems or models into their services regulated by Regulation (EU) 2022/2065. To the extent that such systems or models are embedded into designated very large online platforms or very large online search engines, they are subject to the risk-management framework provided for in Regulation (EU) 2022/2065. Consequently, the corresponding obligations of this Regulation should be presumed to be fulfilled, unless significant systemic risks not covered by Regulation (EU) 2022/2065 emerge and are identified in such models. Within this framework, providers of very large online platforms and very large online search engines are obliged to assess potential systemic risks stemming from the design, functioning and use of their services, including how the design of algorithmic systems used in the service may contribute to such risks, as well as systemic risks stemming from potential misuses. Those providers are also obliged to take appropriate mitigating measures in observance of fundamental rights.
(118)
Ta uredba ureja sisteme UI in modele UI, saj za zadevne udeležence na trgu, ki te sisteme in modele dajejo na trg, v uporabo ali jih uporabljajo v Uniji, določa nekatere zahteve in obveznosti, s tem pa dopolnjuje obveznosti za ponudnike posredniških storitev, ki take sisteme ali modele vgrajujejo v svoje storitve, ki jih ureja Uredba (EU) 2022/2065. Kolikor so taki sistemi ali modeli vgrajeni v zelo velike spletne platforme ali zelo velike spletne iskalnike, zanje velja okvir za obvladovanje tveganj iz Uredbe (EU) 2022/2065. Zato bi bilo treba domnevati, da so ustrezne obveznosti iz te uredbe izpolnjene, razen če se v takih modelih pojavijo in prepoznajo pomembna sistemska tveganja, ki niso zajeta v Uredbi (EU) 2022/2065. V tem okviru morajo ponudniki zelo velikih spletnih platform in zelo velikih spletnih iskalnikov oceniti morebitna sistemska tveganja, ki izhajajo iz zasnove, delovanja in uporabe njihovih storitev, vključno s tem, kako zasnova algoritemskih sistemov, ki se uporabljajo v storitvi, lahko prispeva k takim tveganjem, pa tudi sistemska tveganja, ki izhajajo iz morebitne napačne uporabe. Ti ponudniki morajo ob spoštovanju temeljnih pravic sprejeti tudi ustrezne ukrepe za zmanjšanje tveganj.
(119)
Considering the quick pace of innovation and the technological evolution of digital services in scope of different instruments of Union law in particular having in mind the usage and the perception of their recipients, the AI systems subject to this Regulation may be provided as intermediary services or parts thereof within the meaning of Regulation (EU) 2022/2065, which should be interpreted in a technology-neutral manner. For example, AI systems may be used to provide online search engines, in particular, to the extent that an AI system such as an online chatbot performs searches of, in principle, all websites, then incorporates the results into its existing knowledge and uses the updated knowledge to generate a single output that combines different sources of information.
(119)
Glede na hiter tempo inovacij in tehnološkega razvoja digitalnih storitev, ki spadajo na področje uporabe različnih instrumentov prava Unije, zlasti glede na uporabo in dojemanje oseb, ki so jim namenjeni, se lahko sistemi UI, za katere se uporablja ta uredba, zagotavljajo kot posredniške storitve ali kot deli posredniških storitev v smislu Uredbe (EU) 2022/2065, ki bi jo bilo treba razlagati na tehnološko nevtralen način. Sistemi UI se lahko na primer uporabljajo za zagotavljanje spletnih iskalnikov, zlasti če sistem UI, kot je spletni klepetalni robot, načeloma izvaja poizvedbe na vseh spletiščih, nato pa rezultate vključi v svoje obstoječe znanje in posodobljeno znanje uporabi za ustvarjanje enega samega izhodnega podatka, v katerem so združeni različni viri informacij.
(120)
Furthermore, obligations placed on providers and deployers of certain AI systems in this Regulation to enable the detection and disclosure that the outputs of those systems are artificially generated or manipulated are particularly relevant to facilitate the effective implementation of Regulation (EU) 2022/2065. This applies in particular as regards the obligations of providers of very large online platforms or very large online search engines to identify and mitigate systemic risks that may arise from the dissemination of content that has been artificially generated or manipulated, in particular risk of the actual or foreseeable negative effects on democratic processes, civic discourse and electoral processes, including through disinformation.
(120)
Poleg tega so obveznosti za ponudnike in uvajalce nekaterih sistemov UI iz te uredbe, ki omogočajo odkrivanje in razkrivanje dejstva, da so izhodni podatki teh sistemov umetno ustvarjeni ali prirejeni, še zlasti pomembne zato, da se olajša učinkovito izvajanje Uredbe (EU) 2022/2065. To velja zlasti za obveznosti za ponudnike zelo velikih spletnih platform ali zelo velikih spletnih iskalnikov, da prepoznajo in zmanjšajo sistemska tveganja, ki lahko izhajajo iz razširjanja umetno ustvarjenih ali prirejenih vsebin, zlasti tveganje dejanskih ali predvidljivih negativnih učinkov na demokratične procese, državljansko razpravo in volilne procese, tudi z dezinformacijami.
(121)
Standardisation should play a key role to provide technical solutions to providers to ensure compliance with this Regulation, in line with the state of the art, to promote innovation as well as competitiveness and growth in the single market. Compliance with harmonised standards as defined in Article 2, point (1)(c), of Regulation (EU) No 1025/2012 of the European Parliament and of the Council (41), which are normally expected to reflect the state of the art, should be a means for providers to demonstrate conformity with the requirements of this Regulation. A balanced representation of interests involving all relevant stakeholders in the development of standards, in particular SMEs, consumer organisations and environmental and social stakeholders in accordance with Articles 5 and 6 of Regulation (EU) No 1025/2012 should therefore be encouraged. In order to facilitate compliance, the standardisation requests should be issued by the Commission without undue delay. When preparing the standardisation request, the Commission should consult the advisory forum and the Board in order to collect relevant expertise. However, in the absence of relevant references to harmonised standards, the Commission should be able to establish, via implementing acts, and after consultation of the advisory forum, common specifications for certain requirements under this Regulation. The common specification should be an exceptional fall back solution to facilitate the provider’s obligation to comply with the requirements of this Regulation, when the standardisation request has not been accepted by any of the European standardisation organisations, or when the relevant harmonised standards insufficiently address fundamental rights concerns, or when the harmonised standards do not comply with the request, or when there are delays in the adoption of an appropriate harmonised standard. Where such a delay in the adoption of a harmonised standard is due to the technical complexity of that standard, this should be considered by the Commission before contemplating the establishment of common specifications. When developing common specifications, the Commission is encouraged to cooperate with international partners and international standardisation bodies.
(121)
Standardizacija bi morala imeti ključno vlogo pri zagotavljanju tehničnih rešitev ponudnikom, da se zagotovi skladnost s to uredbo, ob upoštevanju najsodobnejših tehnoloških dosežkov, ter pri spodbujanju inovacij, konkurenčnosti in rasti na enotnem trgu. Skladnost s harmoniziranimi standardi, kot so opredeljeni v členu 2, točka 1(c), Uredbe (EU) št. 1025/2012 Evropskega parlamenta in Sveta (41) in od katerih se običajno pričakuje, da odražajo najsodobnejše tehnološke dosežke, bi morala predstavljati sredstvo, s katerim ponudniki dokažejo skladnost z zahtevami iz te uredbe. Zato bi bilo treba spodbujati uravnoteženo zastopanost interesov z vključitvijo vseh ustreznih deležnikov v razvoj standardov, zlasti MSP, potrošniških organizacij ter okoljskih in socialnih deležnikov v skladu s členoma 5 in 6 Uredbe (EU) št. 1025/2012. Da bi lažje dosegli skladnost, bi morala Komisija brez nepotrebnega odlašanja izdati zahteve za standardizacijo. Pri pripravi zahteve za standardizacijo se Komisija posvetuje s svetovalnim forumom in Odborom, da zbere ustrezno strokovno znanje. Ker pa ustrezni sklici na harmonizirane standarde še ne obstajajo, bi morala imeti Komisija možnost, da z izvedbenimi akti in po posvetovanju s svetovalnim forumom določi skupne specifikacije za nekatere zahteve iz te uredbe. Skupna specifikacija bi morala biti izjemna nadomestna rešitev, da se ponudniku olajša izpolnjevanje obveznosti glede skladnosti z zahtevami iz te uredbe, kadar nobena od evropskih organizacij za standardizacijo ne sprejme zahteve za standardizacijo ali kadar ustrezni harmonizirani standardi nezadostno obravnavajo pomisleke glede temeljnih pravic ali kadar harmonizirani standardi niso skladni z zahtevo ali kadar pride do zamud pri sprejetju ustreznega harmoniziranega standarda. Kadar je vzrok za takšno zamudo pri sprejetju harmoniziranega standarda tehnična kompleksnost zadevnega standarda, bi morala Komisija to upoštevati preden se odloči za določitev skupnih specifikacij. Komisija naj pri pripravi skupnih specifikacij sodeluje z mednarodnimi partnerji in mednarodnimi organi za standardizacijo.
(122)
It is appropriate that, without prejudice to the use of harmonised standards and common specifications, providers of a high-risk AI system that has been trained and tested on data reflecting the specific geographical, behavioural, contextual or functional setting within which the AI system is intended to be used, should be presumed to comply with the relevant measure provided for under the requirement on data governance set out in this Regulation. Without prejudice to the requirements related to robustness and accuracy set out in this Regulation, in accordance with Article 54(3) of Regulation (EU) 2019/881, high-risk AI systems that have been certified or for which a statement of conformity has been issued under a cybersecurity scheme pursuant to that Regulation and the references of which have been published in the Official Journal of the European Union should be presumed to comply with the cybersecurity requirement of this Regulation in so far as the cybersecurity certificate or statement of conformity or parts thereof cover the cybersecurity requirement of this Regulation. This remains without prejudice to the voluntary nature of that cybersecurity scheme.
(122)
Brez poseganja v uporabo harmoniziranih standardov in skupnih specifikacij je primerno, da se za ponudnike visokotveganega sistema UI, ki je bil naučen in testiran na podlagi podatkov, ki odražajo specifično geografsko, vedenjsko, vsebinsko ali funkcionalno okolje, v katerem naj bi se ta sistem uporabljal, domneva, da delujejo skladno z ustreznim ukrepom, določenim na podlagi zahteve glede upravljanja podatkov iz te uredbe. Brez poseganja v zahteve glede robustnosti in točnosti iz te uredbe bi bilo treba v skladu s členom 54(3) Uredbe (EU) 2019/881 domnevati, da so visokotvegani sistemi UI, ki so bili certificirani ali za katere je bila izdana izjava o skladnosti v okviru sheme za kibernetsko varnost na podlagi navedene uredbe, ob tem pa so bili sklici na zadevno shemo objavljeni v Uradnem listu Evropske unije, skladni z zahtevo glede kibernetske varnosti iz te uredbe, če certifikat kibernetske varnosti ali izjava o skladnosti ali njen del vključuje zahtevo glede kibernetske varnosti iz te uredbe. To ne posega v prostovoljno naravo navedene sheme za kibernetsko varnost.
(123)
In order to ensure a high level of trustworthiness of high-risk AI systems, those systems should be subject to a conformity assessment prior to their placing on the market or putting into service.
(123)
Da bi zagotovili visoko raven zaupanja v visokotvegane sisteme UI, bi bilo treba za te sisteme pred dajanjem na trg ali v uporabo opraviti ugotavljanje skladnosti.
(124)
It is appropriate that, in order to minimise the burden on operators and avoid any possible duplication, for high-risk AI systems related to products which are covered by existing Union harmonisation legislation based on the New Legislative Framework, the compliance of those AI systems with the requirements of this Regulation should be assessed as part of the conformity assessment already provided for in that law. The applicability of the requirements of this Regulation should thus not affect the specific logic, methodology or general structure of conformity assessment under the relevant Union harmonisation legislation.
(124)
Da bi čim bolj zmanjšali breme za operaterje in se izognili morebitnemu podvajanju, je primerno, da bi skladnost visokotveganih sistemov UI, povezanih s proizvodi, za katere velja obstoječa harmonizacijska zakonodaja Unije, ki temelji na novem zakonodajnem okviru, z zahtevami te uredbe ocenili v okviru ugotavljanja skladnosti, kot je že določeno navedena zakonodaja. Uporaba zahtev iz te uredbe torej ne bi smela vplivati na posebno logiko, metodologijo ali splošno strukturo ugotavljanja skladnosti na podlagi ustrezne harmonizacijske zakonodaje Unije.
(125)
Given the complexity of high-risk AI systems and the risks that are associated with them, it is important to develop an adequate conformity assessment procedure for high-risk AI systems involving notified bodies, so-called third party conformity assessment. However, given the current experience of professional pre-market certifiers in the field of product safety and the different nature of risks involved, it is appropriate to limit, at least in an initial phase of application of this Regulation, the scope of application of third-party conformity assessment for high-risk AI systems other than those related to products. Therefore, the conformity assessment of such systems should be carried out as a general rule by the provider under its own responsibility, with the only exception of AI systems intended to be used for biometrics.
(125)
Zaradi kompleksnosti visokotveganih sistemov UI in z njimi povezanih tveganj je pomembno razviti ustrezen postopek ugotavljanja skladnosti visokotveganih sistemov UI, ki vključuje priglašene organe, tako imenovano ugotavljanje skladnosti s strani tretjih oseb. Glede na sedanje izkušnje poklicnih izdajateljev potrdil pred dajanjem na trg na področju varnosti proizvodov in glede na različno naravo zadevnih tveganj, pa je primerno, da se vsaj v začetni fazi uporabe te uredbe omeji področje uporabe ugotavljanja skladnosti s strani tretjih oseb na visokotvegane sisteme UI, ki niso povezani s proizvodi. Zato bi moral ugotavljanje skladnosti takih sistemov praviloma opraviti ponudnik na lastno odgovornost, z edino izjemo sistemov UI, namenjenih uporabi za biometriko.
(126)
In order to carry out third-party conformity assessments when so required, notified bodies should be notified under this Regulation by the national competent authorities, provided that they comply with a set of requirements, in particular on independence, competence, absence of conflicts of interests and suitable cybersecurity requirements. Notification of those bodies should be sent by national competent authorities to the Commission and the other Member States by means of the electronic notification tool developed and managed by the Commission pursuant to Article R23 of Annex I to Decision No 768/2008/EC.
(126)
Za izvedbo ugotavljanja skladnosti s strani tretjih oseb, kadar je potrebno, bi morali pristojni nacionalni organi na podlagi te uredbe priglasiti priglašene organe, pod pogojem, da izpolnjujejo vrsto zahtev, zlasti glede neodvisnosti, kompetenc, neobstoja navzkrižja interesov, pa tudi zahtev glede kibernetske varnosti. Pristojni nacionalni organi bi morali priglasitev teh organov poslati Komisiji in drugim državam članicam prek elektronskega orodja za priglasitev, ki ga razvije in upravlja Komisija na podlagi člena R23 Priloge I k Sklepu št. 768/2008/ES.
(127)
In line with Union commitments under the World Trade Organization Agreement on Technical Barriers to Trade, it is adequate to facilitate the mutual recognition of conformity assessment results produced by competent conformity assessment bodies, independent of the territory in which they are established, provided that those conformity assessment bodies established under the law of a third country meet the applicable requirements of this Regulation and the Union has concluded an agreement to that extent. In this context, the Commission should actively explore possible international instruments for that purpose and in particular pursue the conclusion of mutual recognition agreements with third countries.
(127)
V skladu z zavezami Unije iz Sporazuma Svetovne trgovinske organizacije o tehničnih ovirah v trgovini je ustrezno olajšati vzajemno priznavanje rezultatov ugotavljanja skladnosti, ki jih pridobijo pristojni organi za ugotavljanje skladnosti ne glede na to, kje imajo sedež, pod pogojem, da navedeni organi za ugotavljanje skladnosti, ustanovljeni na podlagi prava tretje države, izpolnjujejo veljavne zahteve iz te uredbe in če je Unija v ta namen sklenila sporazum. V zvezi s tem bi morala Komisija v ta namen dejavno preučiti morebitne mednarodne instrumente in si zlasti prizadevati za sklenitev sporazumov s tretjimi državami o vzajemnem priznavanju.
(128)
In line with the commonly established notion of substantial modification for products regulated by Union harmonisation legislation, it is appropriate that whenever a change occurs which may affect the compliance of a high-risk AI system with this Regulation (e.g. change of operating system or software architecture), or when the intended purpose of the system changes, that AI system should be considered to be a new AI system which should undergo a new conformity assessment. However, changes occurring to the algorithm and the performance of AI systems which continue to ‘learn’ after being placed on the market or put into service, namely automatically adapting how functions are carried out, should not constitute a substantial modification, provided that those changes have been pre-determined by the provider and assessed at the moment of the conformity assessment.
(128)
V skladu s skupno uveljavljenim pojmom bistvene spremembe za proizvode, ki jih ureja harmonizacijska zakonodaja Unije, je primerno, da ob vsaki spremembi, ki bi lahko vplivala na skladnost visokotveganega sistema UI s to uredbo (npr. spremembi arhitekture operacijskega sistema ali programske opreme), ali kadar se spremeni predvideni namen sistema, ta sistem UI šteje za nov sistem UI, za katerega bi bilo treba opraviti novo ugotavljanje skladnosti. Vendar spremembe algoritma in zmogljivosti sistemov UI, ki se po tem, ko so dani na trg ali v uporabo, še naprej „učijo“, tj. samodejno prilagajajo način izvajanja funkcij, ne bi smele pomeniti bistvene spremembe, če jih je ponudnik določil vnaprej in ocenil v okviru ugotavljanja skladnosti.
(129)
High-risk AI systems should bear the CE marking to indicate their conformity with this Regulation so that they can move freely within the internal market. For high-risk AI systems embedded in a product, a physical CE marking should be affixed, and may be complemented by a digital CE marking. For high-risk AI systems only provided digitally, a digital CE marking should be used. Member States should not create unjustified obstacles to the placing on the market or the putting into service of high-risk AI systems that comply with the requirements laid down in this Regulation and bear the CE marking.
(129)
Visokotvegani sistemi UI bi morali imeti oznako CE, ki označuje njihovo skladnost s to uredbo, da se lahko prosto gibljejo na notranjem trgu. Visokotvegani sistemi UI, ki so vgrajeni v proizvod, bi morali biti označeni s fizično oznako CE, ki jo lahko dopolnjuje digitalna oznaka CE. Za visokotvegane sisteme UI, ki se zagotavljajo samo digitalno, bi bilo treba uporabljati digitalno oznako CE. Države članice ne bi smele neupravičeno ovirati dajanja na trg ali v uporabo visokotveganih sistemov UI, ki izpolnjujejo zahteve iz te uredbe in nosijo oznako CE.
(130)
Under certain conditions, rapid availability of innovative technologies may be crucial for health and safety of persons, the protection of the environment and climate change and for society as a whole. It is thus appropriate that under exceptional reasons of public security or protection of life and health of natural persons, environmental protection and the protection of key industrial and infrastructural assets, market surveillance authorities could authorise the placing on the market or the putting into service of AI systems which have not undergone a conformity assessment. In duly justified situations, as provided for in this Regulation, law enforcement authorities or civil protection authorities may put a specific high-risk AI system into service without the authorisation of the market surveillance authority, provided that such authorisation is requested during or after the use without undue delay.
(130)
V določenih okoliščinah je lahko hitra razpoložljivost inovativnih tehnologij ključnega pomena za zdravje in varnost ljudi, varstvo okolja in podnebne spremembe ter za družbo kot celoto. Zato je primerno, da bi iz izjemnih razlogov javne varnosti ali varstva življenja in zdravja fizičnih oseb, varstva okolja ter zaščite ključne industrijskih in infrastrukturnih sredstev organi za nadzor trga lahko dovolili dajanje na trg ali v uporabo sistemov UI, za katere ugotavljanje skladnosti ni bilo opravljeno. V ustrezno utemeljenih primerih, kot je določeno v tej uredbi, lahko organi za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj ali organi civilne zaščite dajo določen visokotvegani sistem UI v uporabo brez dovoljenja organa za nadzor trga, če se za tako dovoljenje brez nepotrebnega odlašanja zaprosi med uporabo ali po njej.
(131)
In order to facilitate the work of the Commission and the Member States in the AI field as well as to increase the transparency towards the public, providers of high-risk AI systems other than those related to products falling within the scope of relevant existing Union harmonisation legislation, as well as providers who consider that an AI system listed in the high-risk use cases in an annex to this Regulation is not high-risk on the basis of a derogation, should be required to register themselves and information about their AI system in an EU database, to be established and managed by the Commission. Before using an AI system listed in the high-risk use cases in an annex to this Regulation, deployers of high-risk AI systems that are public authorities, agencies or bodies, should register themselves in such database and select the system that they envisage to use. Other deployers should be entitled to do so voluntarily. This section of the EU database should be publicly accessible, free of charge, the information should be easily navigable, understandable and machine-readable. The EU database should also be user-friendly, for example by providing search functionalities, including through keywords, allowing the general public to find relevant information to be submitted upon the registration of high-risk AI systems and on the use case of high-risk AI systems, set out in an annex to this Regulation, to which the high-risk AI systems correspond. Any substantial modification of high-risk AI systems should also be registered in the EU database. For high-risk AI systems in the area of law enforcement, migration, asylum and border control management, the registration obligations should be fulfilled in a secure non-public section of the EU database. Access to the secure non-public section should be strictly limited to the Commission as well as to market surveillance authorities with regard to their national section of that database. High-risk AI systems in the area of critical infrastructure should only be registered at national level. The Commission should be the controller of the EU database, in accordance with Regulation (EU) 2018/1725. In order to ensure the full functionality of the EU database, when deployed, the procedure for setting the database should include the development of functional specifications by the Commission and an independent audit report. The Commission should take into account cybersecurity risks when carrying out its tasks as data controller on the EU database. In order to maximise the availability and use of the EU database by the public, the EU database, including the information made available through it, should comply with requirements under the Directive (EU) 2019/882.
(131)
Da bi olajšali delo Komisije in držav članic na področju UI ter povečanje preglednosti za javnost, bi bilo treba od ponudnikov visokotveganih sistemov UI, razen tistih, povezanih s proizvodi, ki spadajo na področje uporabe ustrezne obstoječe harmonizacijske zakonodaje Unije, ter ponudnikov, ki menijo, da sistem UI s seznama visokotveganih primerov uporabe iz priloge k tej uredbi, ni visokotvegan na podlagi odstopanja, zahtevati, da se registrirajo v podatkovni zbirki EU, ki jo vzpostavi in upravlja Komisija, in da v tej zbirki beležijo tudi informacije o svojih sistemih UI. Pred uporabo sistema UI s seznama visokotveganih primerov uporabe iz priloge k tej uredbi bi se morali uvajalci visokotveganih sistemov UI, ki so javni organi, agencije ali telesa, registrirati v taki zbirki in izbrati sistem, ki ga nameravajo uporabljati. Drugi uvajalci bi morali imeti pravico do prostovoljne registracije. Ta del podatkovne zbirke EU bi moral biti javno dostopen in brezplačen, informacije pa bi morale biti zlahka dostopne, razumljive in strojno berljive. Podatkovna zbirka EU bi prav tako morala biti prilagojena uporabnikom, na primer z zagotavljanjem funkcije iskanja, tudi s ključnimi besedami, da bi širša javnost lahko našla ustrezne informacije, ki se predložijo ob registraciji visokotveganih sistemov UI in o primeru uporabe visokotveganih sistemov UI iz priloge k tej uredbi za zadevne visokotvegane sisteme UI. V podatkovni zbirki EU bi bilo treba registrirati tudi bistvene spremembe visokotveganih sistemov UI. Za visokotvegane sisteme UI na področju preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, migracij, azila in upravljanja nadzora meja bi bilo treba obveznosti registracije izpolniti v varnem, nejavnem delu podatkovne zbirke EU. Dostop do varnega dela, ki ni dostopen javnosti, bi moral biti strogo omejen na Komisijo in organe za nadzor trga, kar zadeva njihov nacionalni del te podatkovne zbirke. Visokotvegani sistemi UI na področju kritične infrastrukture bi morali biti registrirani le na nacionalni ravni. Komisija bi morala biti upravljavec podatkovne zbirke EU v skladu z Uredbo (EU) 2018/1725. Za zagotovitev polne funkcionalnosti podatkovne zbirke ob njeni uvedbi bi moral postopek za njeno vzpostavitev vključevati razvoj funkcionalnih specifikacij s strani Komisije in neodvisno revizijsko poročilo. Komisija bi morala pri opravljanju nalog upravljavca podatkov v podatkovni zbirki EU upoštevati tveganja, povezana s kibernetsko varnostjo. Podatkovna zbirka EU, vključno z informacijami, ki so prek nje na voljo, bi morala izpolnjevati zahteve iz Direktive (EU) 2019/882, da bi bila javnosti čim bolj dostopna in uporabna.
(132)
Certain AI systems intended to interact with natural persons or to generate content may pose specific risks of impersonation or deception irrespective of whether they qualify as high-risk or not. In certain circumstances, the use of these systems should therefore be subject to specific transparency obligations without prejudice to the requirements and obligations for high-risk AI systems and subject to targeted exceptions to take into account the special need of law enforcement. In particular, natural persons should be notified that they are interacting with an AI system, unless this is obvious from the point of view of a natural person who is reasonably well-informed, observant and circumspect taking into account the circumstances and the context of use. When implementing that obligation, the characteristics of natural persons belonging to vulnerable groups due to their age or disability should be taken into account to the extent the AI system is intended to interact with those groups as well. Moreover, natural persons should be notified when they are exposed to AI systems that, by processing their biometric data, can identify or infer the emotions or intentions of those persons or assign them to specific categories. Such specific categories can relate to aspects such as sex, age, hair colour, eye colour, tattoos, personal traits, ethnic origin, personal preferences and interests. Such information and notifications should be provided in accessible formats for persons with disabilities.
(132)
Nekateri sistemi UI, namenjeni stikom s fizičnimi osebami ali ustvarjanju vsebine, lahko predstavljajo posebna tveganja izdajanja za drugo osebo ali zavajanja, ne glede na to, ali se uvrščajo med sisteme visokega tveganja ali ne. V določenih okoliščinah bi zato za uporabo teh sistemov morale veljati posebne obveznosti glede preglednosti, brez poseganja v zahteve in obveznosti za visokotvegane sisteme UI, in ciljne izjeme, da bi upoštevali posebne potrebe na področju preprečevanja, odkrivanja in preiskovanja kaznivih dejanj. Zlasti bi bilo treba fizične osebe obvestiti, da so v interakciji s sistemom UI, razen če je to očitno z vidika fizične osebe, ki je razmeroma dobro obveščena, pozorna in preudarna, ob upoštevanju okoliščin in okvira uporabe. Pri izvajanju te obveznosti bi bilo treba upoštevati značilnosti fizičnih oseb, ki zaradi svoje starosti ali invalidnosti pripadajo ranljivim skupinam, kolikor je namen sistema UI tudi interakcija s temi skupinami. Poleg tega bi bilo treba fizične osebe obvestiti, kadar so izpostavljene sistemom UI, ki lahko z obdelavo njihovih biometričnih podatkov prepoznajo čustva ali namere teh oseb ali sklepajo o njih oziroma te osebe razvrstijo v posebne kategorije. Tovrstne posebne kategorije se lahko nanašajo na značilnosti, kot so spol, starost, barva las, barva oči, tetovaže, osebne lastnosti, etnično poreklo, osebne želje in interesi. Take informacije in obvestila bi bilo treba zagotoviti v invalidom dostopnih oblikah.
(133)
A variety of AI systems can generate large quantities of synthetic content that becomes increasingly hard for humans to distinguish from human-generated and authentic content. The wide availability and increasing capabilities of those systems have a significant impact on the integrity and trust in the information ecosystem, raising new risks of misinformation and manipulation at scale, fraud, impersonation and consumer deception. In light of those impacts, the fast technological pace and the need for new methods and techniques to trace origin of information, it is appropriate to require providers of those systems to embed technical solutions that enable marking in a machine readable format and detection that the output has been generated or manipulated by an AI system and not a human. Such techniques and methods should be sufficiently reliable, interoperable, effective and robust as far as this is technically feasible, taking into account available techniques or a combination of such techniques, such as watermarks, metadata identifications, cryptographic methods for proving provenance and authenticity of content, logging methods, fingerprints or other techniques, as may be appropriate. When implementing this obligation, providers should also take into account the specificities and the limitations of the different types of content and the relevant technological and market developments in the field, as reflected in the generally acknowledged state of the art. Such techniques and methods can be implemented at the level of the AI system or at the level of the AI model, including general-purpose AI models generating content, thereby facilitating fulfilment of this obligation by the downstream provider of the AI system. To remain proportionate, it is appropriate to envisage that this marking obligation should not cover AI systems performing primarily an assistive function for standard editing or AI systems not substantially altering the input data provided by the deployer or the semantics thereof.
(133)
Različni sistemi UI lahko ustvarijo velike količine sintetičnih vsebin, ki jih ljudje vse težje razlikujejo od vsebin, ki jih ustvari človek, in verodostojnih vsebin. Široka razpoložljivost in večje zmogljivosti teh sistemov pomembno vplivajo na integriteto informacijskega ekosistema in zaupanje vanj, saj se pojavljajo nova tveganja dezinformacij in obsežnega prirejanja, goljufij, izdajanja za drugo osebo in zavajanja potrošnikov. Glede na navedene vplive, hiter tempo tehnološkega razvoja ter potrebo po novih metodah in tehnikah za sledenje izvoru informacij je primerno od ponudnikov navedenih sistemov zahtevati, da vključijo tehnične rešitve, ki v strojno berljivi obliki omogočajo označevanje in zaznavanje, da je izhodne podatke ustvaril ali priredil sistem UI in ne človek. Take tehnike in metode bi morale biti dovolj zanesljive, interoperabilne, učinkovite in robustne, kolikor je to tehnično izvedljivo, ob upoštevanju razpoložljivih tehnik ali kombinacije takih tehnik, kot so vodni žigi, prepoznavanje metapodatkov, kriptografske metode za dokazovanje izvora in pristnosti vsebine, metode beleženja, prstni odtisi ali druge tehnike, kot je ustrezno. Ponudniki bi morali pri izvajanju te obveznosti upoštevati tudi posebnosti in omejitve različnih vrst vsebin ter zadevni tehnološki in tržni razvoj na tem področju, pokazatelj katerega so splošno priznani najsodobnejši tehnološki dosežki. Takšne tehnike in metode se lahko izvajajo na ravni sistema UI ali na ravni modela UI, vključno z modeli UI za splošne namene, ki ustvarjajo vsebino, da se ponudniku sistema UI nižje v verigi omogoči lažje izpolnjevanje te obveznosti. Da bi ta obveznost označevanja ostala sorazmerna, je primerno predvideti, da ne bi smela zajemati sistemov UI, ki zagotavljajo predvsem podporno funkcijo za standardno urejanje, ali sistemov UI, ki ne spreminjajo bistveno vhodnih podatkov, ki jih zagotovi uvajalec, ali njihove semantike.
(134)
Further to the technical solutions employed by the providers of the AI system, deployers who use an AI system to generate or manipulate image, audio or video content that appreciably resembles existing persons, objects, places, entities or events and would falsely appear to a person to be authentic or truthful (deep fakes), should also clearly and distinguishably disclose that the content has been artificially created or manipulated by labelling the AI output accordingly and disclosing its artificial origin. Compliance with this transparency obligation should not be interpreted as indicating that the use of the AI system or its output impedes the right to freedom of expression and the right to freedom of the arts and sciences guaranteed in the Charter, in particular where the content is part of an evidently creative, satirical, artistic, fictional or analogous work or programme, subject to appropriate safeguards for the rights and freedoms of third parties. In those cases, the transparency obligation for deep fakes set out in this Regulation is limited to disclosure of the existence of such generated or manipulated content in an appropriate manner that does not hamper the display or enjoyment of the work, including its normal exploitation and use, while maintaining the utility and quality of the work. In addition, it is also appropriate to envisage a similar disclosure obligation in relation to AI-generated or manipulated text to the extent it is published with the purpose of informing the public on matters of public interest unless the AI-generated content has undergone a process of human review or editorial control and a natural or legal person holds editorial responsibility for the publication of the content.
(134)
Poleg tehničnih rešitev, ki jih uporabljajo ponudniki sistema UI, bi morali uvajalci, ki sistem UI uporabljajo za ustvarjanje ali prirejanje slikovnih, zvočnih ali video vsebin, ki v znatni meri spominjajo na obstoječe osebe, predmete, mesta ali dogodke in bi se osebi zmotno zdele verodostojne ali resnične (globoki ponaredki), na jasen in razpoznaven način tudi razkriti, da je bila vsebina umetno ustvarjena ali prirejena, tako da ustrezno označijo izhodne podatke UI in razkrijejo njihov umetni izvor. Skladnost s to obveznostjo glede preglednosti se ne bi smela razlagati tako, da pomeni, da uporaba sistema UI ali njegovih izhodnih podatkov ovira pravico do svobode izražanja ter pravico do svobode umetnosti in znanosti, ki ju zagotavlja Listina, zlasti kadar je vsebina del očitno ustvarjalnega, satiričnega, umetniškega, izmišljenega ali podobnega dela ali programa, ob upoštevanju ustreznih zaščitnih ukrepov za pravice in svoboščine tretjih oseb. V teh primerih je obveznost glede preglednosti za globoke ponaredke iz te uredbe omejena na to, da se obstoj tako ustvarjenih ali prirejenih vsebin ustrezno razkrije na način, ki ne ovira prikazovanja dela ali uživanja v njem, vključno z njegovo običajno eksploatacijo in uporabo, ob ohranjanju uporabnosti in kakovosti dela. Primerno je tudi predvideti podobno obveznost razkritja v zvezi z besedilom, ustvarjenim ali prirejenim z UI, če je objavljeno z namenom obveščanja javnosti o zadevah javnega interesa, razen če je vsebino, ustvarjeno z UI, pregledal človek ali urednik, ob tem pa fizična ali pravna oseba nosi uredniško odgovornost za objavo vsebine.
(135)
Without prejudice to the mandatory nature and full applicability of the transparency obligations, the Commission may also encourage and facilitate the drawing up of codes of practice at Union level to facilitate the effective implementation of the obligations regarding the detection and labelling of artificially generated or manipulated content, including to support practical arrangements for making, as appropriate, the detection mechanisms accessible and facilitating cooperation with other actors along the value chain, disseminating content or checking its authenticity and provenance to enable the public to effectively distinguish AI-generated content.
(135)
Komisija lahko brez poseganja v obvezno naravo in polno uporabo obveznosti glede preglednosti prav tako spodbuja in olajšuje pripravo kodeksov prakse na ravni Unije, da se olajša učinkovito izvajanje obveznosti v zvezi z odkrivanjem in označevanjem umetno ustvarjenih ali prirejenih vsebin, po potrebi vključno s podporo praktičnim ureditvam za omogočanje dostopa do mehanizmov odkrivanja, in olajšanje sodelovanja z drugimi akterji vzdolž verige vrednosti, razširjanje vsebine ali preverjanje njene pristnosti in izvora, da se javnosti omogoči učinkovito razlikovanje vsebin, ustvarjenih z UI.
(136)
The obligations placed on providers and deployers of certain AI systems in this Regulation to enable the detection and disclosure that the outputs of those systems are artificially generated or manipulated are particularly relevant to facilitate the effective implementation of Regulation (EU) 2022/2065. This applies in particular as regards the obligations of providers of very large online platforms or very large online search engines to identify and mitigate systemic risks that may arise from the dissemination of content that has been artificially generated or manipulated, in particular the risk of the actual or foreseeable negative effects on democratic processes, civic discourse and electoral processes, including through disinformation. The requirement to label content generated by AI systems under this Regulation is without prejudice to the obligation in Article 16(6) of Regulation (EU) 2022/2065 for providers of hosting services to process notices on illegal content received pursuant to Article 16(1) of that Regulation and should not influence the assessment and the decision on the illegality of the specific content. That assessment should be performed solely with reference to the rules governing the legality of the content.
(136)
Obveznosti za ponudnike in uvajalce nekaterih sistemov UI iz te uredbe, da omogočijo odkrivanje in razkrivanje dejstva, da so izhodni podatki teh sistemov umetno ustvarjeni ali prirejeni, so še zlasti pomembne, da se olajša učinkovito izvajanje Uredbe (EU) 2022/2065. To velja zlasti za obveznosti za ponudnike zelo velikih spletnih platform ali zelo velikih spletnih iskalnikov, da prepoznajo in zmanjšajo sistemska tveganja, ki lahko izhajajo iz razširjanja umetno ustvarjenih ali prirejenih vsebin, zlasti tveganje dejanskih ali predvidljivih negativnih učinkov na demokratične procese, državljansko razpravo in volilne procese, tudi z dezinformacijami. Zahteva za označevanje s sistemi UI ustvarjenih vsebin na podlagi te uredbe ne posega v obveznost iz člena 16(6) Uredbe (EU) 2022/2065, da ponudniki storitev gostovanja obravnavajo prijave nezakonitih vsebin, prejete na podlagi člena 16(1) navedene uredbe, ter ne bi smela vplivati na oceno in odločitev o nezakonitosti določene vsebine. To oceno bi bilo treba opraviti izključno ob upoštevanju pravil, ki urejajo zakonitost vsebine.
(137)
Compliance with the transparency obligations for the AI systems covered by this Regulation should not be interpreted as indicating that the use of the AI system or its output is lawful under this Regulation or other Union and Member State law and should be without prejudice to other transparency obligations for deployers of AI systems laid down in Union or national law.
(137)
Skladnosti z navedenimi obveznostmi glede preglednosti za sisteme UI iz te uredbe ne bi smeli razlagati tako, da pomeni, da je uporaba sistema UI ali njegovih izhodnih podatkov zakonita na podlagi te uredbe ali drugega prava Unije in prava držav članic, ter ne bi smela posegati v druge obveznosti uvajalcev sistemov UI glede preglednosti, določene v pravu Unije ali nacionalnem pravu.
(138)
AI is a rapidly developing family of technologies that requires regulatory oversight and a safe and controlled space for experimentation, while ensuring responsible innovation and integration of appropriate safeguards and risk mitigation measures. To ensure a legal framework that promotes innovation, is future-proof and resilient to disruption, Member States should ensure that their national competent authorities establish at least one AI regulatory sandbox at national level to facilitate the development and testing of innovative AI systems under strict regulatory oversight before these systems are placed on the market or otherwise put into service. Member States could also fulfil this obligation through participating in already existing regulatory sandboxes or establishing jointly a sandbox with one or more Member States’ competent authorities, insofar as this participation provides equivalent level of national coverage for the participating Member States. AI regulatory sandboxes could be established in physical, digital or hybrid form and may accommodate physical as well as digital products. Establishing authorities should also ensure that the AI regulatory sandboxes have the adequate resources for their functioning, including financial and human resources.
(138)
UI je hitro razvijajoča se skupina tehnologij, ki zahteva regulativni nadzor ter varen in nadzorovan prostor za eksperimentiranje, ob zagotavljanju odgovornih inovacij ter vključevanja ustreznih zaščitnih ukrepov in ukrepov za zmanjšanje tveganj. Da bi zagotovili pravni okvir, ki spodbuja inovacije ter je primeren za prihodnost in odporen na motnje, bi morale države članice zagotoviti, da njihovi nacionalni pristojni organi na nacionalni ravni vzpostavijo vsaj en regulativni peskovnik za UI, da bi olajšali razvoj in testiranje inovativnih sistemov UI pod strogim regulativnim nadzorom, preden se ti sistemi dajo na trg ali kako drugače v uporabo. Države članice bi lahko to obveznost izpolnile tudi s sodelovanjem v že obstoječih regulativnih peskovnikih ali z vzpostavitvijo peskovnika skupaj s pristojnimi organi ene ali več držav članic, če tako sodelovanje sodelujočim državam članicam zagotavlja enakovredno raven nacionalne pokritosti. Regulativni peskovniki za UI bi lahko bili vzpostavljeni v fizični, digitalni ali hibridni obliki ter za fizične in digitalne izdelke. Organi, ki vzpostavijo regulativne peskovnike za UI, bi morali tudi zagotoviti, da imajo ti peskovniki ustrezne vire za svoje delovanje, vključno s finančnimi in človeškimi viri.
(139)
The objectives of the AI regulatory sandboxes should be to foster AI innovation by establishing a controlled experimentation and testing environment in the development and pre-marketing phase with a view to ensuring compliance of the innovative AI systems with this Regulation and other relevant Union and national law. Moreover, the AI regulatory sandboxes should aim to enhance legal certainty for innovators and the competent authorities’ oversight and understanding of the opportunities, emerging risks and the impacts of AI use, to facilitate regulatory learning for authorities and undertakings, including with a view to future adaptions of the legal framework, to support cooperation and the sharing of best practices with the authorities involved in the AI regulatory sandbox, and to accelerate access to markets, including by removing barriers for SMEs, including start-ups. AI regulatory sandboxes should be widely available throughout the Union, and particular attention should be given to their accessibility for SMEs, including start-ups. The participation in the AI regulatory sandbox should focus on issues that raise legal uncertainty for providers and prospective providers to innovate, experiment with AI in the Union and contribute to evidence-based regulatory learning. The supervision of the AI systems in the AI regulatory sandbox should therefore cover their development, training, testing and validation before the systems are placed on the market or put into service, as well as the notion and occurrence of substantial modification that may require a new conformity assessment procedure. Any significant risks identified during the development and testing of such AI systems should result in adequate mitigation and, failing that, in the suspension of the development and testing process. Where appropriate, national competent authorities establishing AI regulatory sandboxes should cooperate with other relevant authorities, including those supervising the protection of fundamental rights, and could allow for the involvement of other actors within the AI ecosystem such as national or European standardisation organisations, notified bodies, testing and experimentation facilities, research and experimentation labs, European Digital Innovation Hubs and relevant stakeholder and civil society organisations. To ensure uniform implementation across the Union and economies of scale, it is appropriate to establish common rules for the AI regulatory sandboxes’ implementation and a framework for cooperation between the relevant authorities involved in the supervision of the sandboxes. AI regulatory sandboxes established under this Regulation should be without prejudice to other law allowing for the establishment of other sandboxes aiming to ensure compliance with law other than this Regulation. Where appropriate, relevant competent authorities in charge of those other regulatory sandboxes should consider the benefits of using those sandboxes also for the purpose of ensuring compliance of AI systems with this Regulation. Upon agreement between the national competent authorities and the participants in the AI regulatory sandbox, testing in real world conditions may also be operated and supervised in the framework of the AI regulatory sandbox.
(139)
Cilji regulativnih peskovnikov za UI bi morali biti spodbujanje inovacij na področju UI z vzpostavitvijo nadzorovanega okolja za eksperimentiranje in testiranje v fazi razvoja ter pred trženjem, da se zagotovi skladnost inovativnih sistemov UI s to uredbo ter drugim ustreznim pravom Unije in nacionalnim pravom. Poleg tega bi moral biti cilj regulativnih peskovnikov za UI okrepitev pravne varnosti za inovatorje ter nadzora pristojnih organov in njihovega razumevanja priložnosti, nastajajočih tveganj in vplivov uporabe UI, olajšanje regulativnega učenja za organe in podjetja, tudi zaradi prihodnjih prilagoditev pravnega okvira, podpiranje sodelovanja in izmenjave najboljših praks z organi, vključenimi v regulativni peskovnik za UI, pa tudi pospešitev dostopa do trgov, med drugim z odpravo ovir za MSP, vključno z zagonskimi podjetji. Regulativni peskovniki za UI bi morali biti široko dostopni po vsej Uniji, posebno pozornost pa bi bilo treba nameniti njihovi dostopnosti za MSP, vključno z zagonskimi podjetji. Sodelovanje v regulativnem peskovniku za UI bi moralo biti osredotočeno na vprašanja, ki ustvarjajo pravno negotovost za ponudnike in potencialne ponudnike pri inovacijah, eksperimentiranju z UI v Uniji in prispevanju k regulativnemu učenju, ki temelji na dokazih. Nadzor sistemov UI v regulativnem peskovniku za UI bi zato moral zajemati njihov razvoj, učenje, testiranje in validacijo, preden so sistemi dani na trg ali v uporabo, ter pojem in pojav bistvenih sprememb, zaradi katerih bi lahko bil potreben nov postopek ugotavljanja skladnosti. Vsa pomembna tveganja, prepoznana med razvojem in testiranjem takih sistemov UI, bi bilo treba ustrezno zmanjšati, če to ni mogoče, pa postopek razvoja in testiranja ustaviti. Kadar je primerno, bi morali pristojni nacionalni organi, ki vzpostavijo regulativne peskovnike za UI, sodelovati z drugimi ustreznimi organi, vključno s tistimi, ki nadzirajo varstvo temeljnih pravic, in bi lahko omogočili sodelovanje drugih akterjev v ekosistemu UI, kot so nacionalne ali evropske organizacije za standardizacijo, priglašeni organi, centri za testiranje in eksperimentiranje, laboratoriji za raziskave in eksperimentiranje, evropska vozlišča za digitalne inovacije ter ustrezne organizacije deležnikov in civilne družbe. Za zagotovitev enotnega izvajanja po vsej Uniji in ekonomije obsega je primerno določiti skupna pravila za izvajanje regulativnih peskovnikov za UI in okvir za sodelovanje med ustreznimi organi, vključenimi v nadzor peskovnikov. Regulativni peskovniki za UI, vzpostavljeni na podlagi te uredbe, ne bi smeli posegati v drugo pravo, ki omogoča vzpostavitev drugih peskovnikov, katerih namen je zagotoviti skladnost s pravom, ki ni ta uredba. Ustrezni pristojni organi, odgovorni za te druge regulativne peskovnike, bi morali, kadar je primerno, upoštevati koristi uporabe teh peskovnikov tudi za namen zagotavljanja skladnosti sistemov UI s to uredbo. Po dogovoru med pristojnimi nacionalnimi organi in udeleženci v regulativnem peskovniku za UI se lahko testiranje v realnih razmerah izvaja in nadzira tudi v okviru regulativnega peskovnika za UI.
(140)
This Regulation should provide the legal basis for the providers and prospective providers in the AI regulatory sandbox to use personal data collected for other purposes for developing certain AI systems in the public interest within the AI regulatory sandbox, only under specified conditions, in accordance with Article 6(4) and Article 9(2), point (g), of Regulation (EU) 2016/679, and Articles 5, 6 and 10 of Regulation (EU) 2018/1725, and without prejudice to Article 4(2) and Article 10 of Directive (EU) 2016/680. All other obligations of data controllers and rights of data subjects under Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive (EU) 2016/680 remain applicable. In particular, this Regulation should not provide a legal basis in the meaning of Article 22(2), point (b) of Regulation (EU) 2016/679 and Article 24(2), point (b) of Regulation (EU) 2018/1725. Providers and prospective providers in the AI regulatory sandbox should ensure appropriate safeguards and cooperate with the competent authorities, including by following their guidance and acting expeditiously and in good faith to adequately mitigate any identified significant risks to safety, health, and fundamental rights that may arise during the development, testing and experimentation in that sandbox.
(140)
Ta uredba bi morala zagotoviti pravno podlago, da ponudniki in potencialni ponudniki v regulativnem peskovniku za UI osebne podatke, zbrane za druge namene, uporabijo za razvoj nekaterih sistemov UI v javnem interesu v okviru regulativnega peskovnika za UI samo pod določenimi pogoji v skladu s členom 6(4) in členom 9(2), točka (g), Uredbe (EU) 2016/679, členi 5, 6 in 10 Uredbe (EU) 2018/1725 ter brez poseganja v člen 4(2) in člen 10 Direktive (EU) 2016/680. Vse druge obveznosti upravljavcev podatkov in pravice posameznikov, na katere se nanašajo osebni podatki, na podlagi uredb (EU) 2016/679 in (EU) 2018/1725 ter Direktive (EU) 2016/680 se še naprej uporabljajo. Ta uredba zlasti ne bi smela zagotavljati pravne podlage v smislu člena 22(2), točka (b), Uredbe (EU) 2016/679 in člena 24(2), točka (b), Uredbe (EU) 2018/1725. Ponudniki in potencialni ponudniki v regulativnemu peskovniku za UI bi morali zagotoviti ustrezne zaščitne ukrepe in sodelovati s pristojnimi organi, tudi z upoštevanjem njihovih smernic ter hitrim in dobronamernim ukrepanjem, da bi ustrezno zmanjšali vsa prepoznana znatna tveganja za varnost, zdravje in temeljne pravice, ki se lahko pojavijo med razvojem, testiranjem in eksperimentiranjem v tem peskovniku.
(141)
In order to accelerate the process of development and the placing on the market of the high-risk AI systems listed in an annex to this Regulation, it is important that providers or prospective providers of such systems may also benefit from a specific regime for testing those systems in real world conditions, without participating in an AI regulatory sandbox. However, in such cases, taking into account the possible consequences of such testing on individuals, it should be ensured that appropriate and sufficient guarantees and conditions are introduced by this Regulation for providers or prospective providers. Such guarantees should include, inter alia, requesting informed consent of natural persons to participate in testing in real world conditions, with the exception of law enforcement where the seeking of informed consent would prevent the AI system from being tested. Consent of subjects to participate in such testing under this Regulation is distinct from, and without prejudice to, consent of data subjects for the processing of their personal data under the relevant data protection law. It is also important to minimise the risks and enable oversight by competent authorities and therefore require prospective providers to have a real-world testing plan submitted to competent market surveillance authority, register the testing in dedicated sections in the EU database subject to some limited exceptions, set limitations on the period for which the testing can be done and require additional safeguards for persons belonging to certain vulnerable groups, as well as a written agreement defining the roles and responsibilities of prospective providers and deployers and effective oversight by competent personnel involved in the real world testing. Furthermore, it is appropriate to envisage additional safeguards to ensure that the predictions, recommendations or decisions of the AI system can be effectively reversed and disregarded and that personal data is protected and is deleted when the subjects have withdrawn their consent to participate in the testing without prejudice to their rights as data subjects under the Union data protection law. As regards transfer of data, it is also appropriate to envisage that data collected and processed for the purpose of testing in real-world conditions should be transferred to third countries only where appropriate and applicable safeguards under Union law are implemented, in particular in accordance with bases for transfer of personal data under Union law on data protection, while for non-personal data appropriate safeguards are put in place in accordance with Union law, such as Regulations (EU) 2022/868 (42) and (EU) 2023/2854 (43) of the European Parliament and of the Council.
(141)
Da bi pospešili proces razvoja visokotveganih sistemov UI s seznama v eni od prilog k tej uredbi in njihovega dajanja na trg, je pomembno, da imajo tudi ponudniki ali potencialni ponudniki takih sistemov koristi od posebne ureditve za testiranje teh sistemov v realnih razmerah brez sodelovanja v regulativnem peskovniku za UI. Vendar bi bilo treba v takih primerih, ob upoštevanju možnih posledic takega testiranja za posameznike zagotoviti, da se s to uredbo za ponudnike ali potencialne ponudnike uvedejo ustrezna in zadostna jamstva in pogoji. Taka jamstva bi morala med drugim vključevati zahtevo, da je za sodelovanje fizičnih oseb pri testiranju v realnih razmerah potrebna informirana privolitev, razen ko gre za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj, ko bi pridobitev informirane privolitve preprečila testiranje sistema UI. Privolitev posameznikov, da sodelujejo pri takem testiranju na podlagi te uredbe, se razlikuje od privolitve posameznikov, na katere se nanašajo osebni podatki, v obdelavo njihovih osebnih podatkov na podlagi ustrezne zakonodaje o varstvu podatkov in vanjo ne posega. Pomembno je tudi čim bolj zmanjšati tveganja in pristojnim organom omogočiti nadzor ter zato od potencialnih ponudnikov zahtevati, da imajo načrt testiranja v dejanskih razmerah, ki ga predložijo pristojnemu organu za nadzor trga, da testiranje registrirajo v namenskih delih podatkovne zbirke EU, ob upoštevanju nekaterih omejenih izjem, da določijo omejitve obdobja, v katerem je mogoče opraviti testiranje, in da zahtevajo dodatne zaščitne ukrepe za osebe, ki pripadajo določenim ranljivim s skupinami, ter da imajo pisni dogovor, v katerem so opredeljene vloge in odgovornosti potencialnih ponudnikov in uvajalcev, ter učinkovit nadzor, ki ga izvaja usposobljeno osebje, vključeno v testiranje v realnih razmerah. Poleg tega je primerno predvideti dodatne zaščitne ukrepe za zagotovitev, da se lahko napovedi, priporočila ali odločitve sistema UI učinkovito izničijo in zanemarijo ter da so osebni podatki zaščiteni in izbrisani, ko posamezniki umaknejo privolitev za sodelovanje v testiranju, brez poseganja v njihove pravice, ki jih imajo kot posamezniki, na katere se nanašajo osebni podatki, na podlagi prava Unije o varstvu podatkov. Kar zadeva prenos podatkov, je primerno predvideti tudi, da bi bilo treba podatke, zbrane in obdelane za namene testiranja v realnih razmerah, prenesti v tretje države le, če se izvajajo ustrezni in veljavni zaščitni ukrepi na podlagi prava Unije, zlasti v skladu z osnovami za prenos osebnih podatkov na podlagi prava Unije o varstvu podatkov, medtem ko so za neosebne podatke ustrezni zaščitni ukrepi vzpostavljeni v skladu s pravom Unije, kot sta uredbi (EU) 2022/868 (42) in (EU) 2023/2854 (43) Evropskega parlamenta in Sveta.
(142)
To ensure that AI leads to socially and environmentally beneficial outcomes, Member States are encouraged to support and promote research and development of AI solutions in support of socially and environmentally beneficial outcomes, such as AI-based solutions to increase accessibility for persons with disabilities, tackle socio-economic inequalities, or meet environmental targets, by allocating sufficient resources, including public and Union funding, and, where appropriate and provided that the eligibility and selection criteria are fulfilled, considering in particular projects which pursue such objectives. Such projects should be based on the principle of interdisciplinary cooperation between AI developers, experts on inequality and non-discrimination, accessibility, consumer, environmental, and digital rights, as well as academics.
(142)
Da bi zagotovili, da bo UI privedla do družbeno in okoljsko koristnih rezultatov, se države članice spodbuja, naj podpirajo in spodbujajo raziskave in razvoj rešitev UI v podporo družbeno in okoljsko koristnim rezultatom, kot so rešitve, ki temeljijo na umetni inteligenci, za povečanje dostopnosti za invalide, odpravo socialno-ekonomskih neenakosti ali doseganje okoljskih ciljev, in sicer z dodelitvijo zadostnih sredstev, vključno z javnimi sredstvi in financiranjem Unije, ter, kadar je ustrezno in pod pogojem, da so izpolnjena merila za upravičenost in izbor, zlasti upoštevajoč projekte, ki vključujejo takšne cilje Takšni projekti bi morali temeljiti na načelu interdisciplinarnega sodelovanja med razvijalci UI, strokovnjaki za neenakost in nediskriminacijo, dostopnost, potrošnike, okolje in digitalne pravice ter akademskimi krogi.
(143)
In order to promote and protect innovation, it is important that the interests of SMEs, including start-ups, that are providers or deployers of AI systems are taken into particular account. To that end, Member States should develop initiatives, which are targeted at those operators, including on awareness raising and information communication. Member States should provide SMEs, including start-ups, that have a registered office or a branch in the Union, with priority access to the AI regulatory sandboxes provided that they fulfil the eligibility conditions and selection criteria and without precluding other providers and prospective providers to access the sandboxes provided the same conditions and criteria are fulfilled. Member States should utilise existing channels and where appropriate, establish new dedicated channels for communication with SMEs, including start-ups, deployers, other innovators and, as appropriate, local public authorities, to support SMEs throughout their development path by providing guidance and responding to queries about the implementation of this Regulation. Where appropriate, these channels should work together to create synergies and ensure homogeneity in their guidance to SMEs, including start-ups, and deployers. Additionally, Member States should facilitate the participation of SMEs and other relevant stakeholders in the standardisation development processes. Moreover, the specific interests and needs of providers that are SMEs, including start-ups, should be taken into account when notified bodies set conformity assessment fees. The Commission should regularly assess the certification and compliance costs for SMEs, including start-ups, through transparent consultations and should work with Member States to lower such costs. For example, translation costs related to mandatory documentation and communication with authorities may constitute a significant cost for providers and other operators, in particular those of a smaller scale. Member States should possibly ensure that one of the languages determined and accepted by them for relevant providers’ documentation and for communication with operators is one which is broadly understood by the largest possible number of cross-border deployers. In order to address the specific needs of SMEs, including start-ups, the Commission should provide standardised templates for the areas covered by this Regulation, upon request of the Board. Additionally, the Commission should complement Member States’ efforts by providing a single information platform with easy-to-use information with regards to this Regulation for all providers and deployers, by organising appropriate communication campaigns to raise awareness about the obligations arising from this Regulation, and by evaluating and promoting the convergence of best practices in public procurement procedures in relation to AI systems. Medium-sized enterprises which until recently qualified as small enterprises within the meaning of the Annex to Commission Recommendation 2003/361/EC (44) should have access to those support measures, as those new medium-sized enterprises may sometimes lack the legal resources and training necessary to ensure proper understanding of, and compliance with, this Regulation.
(143)
Za spodbujanje in zaščito inovacij je pomembno, da se upoštevajo interesi MSP, vključno z zagonskimi podjetji, ki so ponudniki ali uvajalci sistemov UI. V ta namen bi morale države članice razviti pobude, namenjene tem operaterjem, vključno z ozaveščanjem in sporočanjem informacij. Države članice bi morale MSP, vključno z zagonskimi podjetji, ki imajo registrirani sedež ali podružnico v Uniji, zagotoviti prednostni dostop do regulativnih peskovnikov za UI, če ti izpolnjujejo pogoje za upravičenost in merila za izbor, ter drugim ponudnikom in potencialnim ponudnikom ne preprečujejo dostopa do peskovnikov, če so izpolnjeni enaki pogoji in merila. Države članice bi morale uporabljati obstoječe kanale in po potrebi vzpostaviti nove namenske kanale za komunikacijo z MSP, vključno z zagonskimi podjetji, uvajalci, drugimi inovatorji in po potrebi z lokalnimi javnimi organi, da se MSP z zagotavljanjem smernic in odgovarjanjem na vprašanja o izvajanju te uredbe zagotovi podpora v celotnem razvojnem procesu. Ti kanali bi morali po potrebi sodelovati, da bi ustvarili sinergije in zagotovili homogenost svojih smernic za MSP, vključno z zagonskimi podjetji, in uvajalce. Države članice bi poleg tega morale olajševati sodelovanje MSP in drugih ustreznih deležnikov v postopkih razvoja standardizacije. Poleg tega bi se pri določanju pristojbin s strani priglašenih organov za ugotavljanje skladnosti morali upoštevati posebni interesi in potrebe ponudnikov, ki so MSP, vključno z zagonskimi podjetji. Komisija bi morala stroške certificiranja in skladnosti za MSP, vključno z zagonskimi podjetji, redno ocenjevati, in sicer s preglednimi posvetovanji, ter sodelovati z državami članicami za znižanje teh stroškov. Na primer, stroški prevajanja, povezani z obvezno dokumentacijo in komuniciranjem z organi, lahko predstavljajo znaten strošek za ponudnike in druge operaterje, zlasti tiste manjšega obsega. Države članice bi morale po možnosti zagotoviti, da je eden od jezikov, ki jih določijo in sprejmejo za dokumentacijo zadevnih ponudnikov in za komunikacijo z operaterji, jezik, ki ga na splošno razume največje možno število čezmejnih uvajalcev. Za obravnavanje posebnih potreb MSP, vključno z zagonskimi podjetji, bi morala Komisija na zahtevo Odbora zagotoviti standardizirane predloge za področja, zajeta v tej uredbi. Poleg tega bi morala Komisija dopolniti prizadevanja držav članic z zagotovitvijo enotne informacijske platforme, ki vsebuje enostavno uporabne informacije v zvezi s to uredbo za vse ponudnike in uvajalce, organiziranjem ustreznih komunikacijskih kampanj za ozaveščanje o obveznostih, ki izhajajo iz te uredbe, ter ocenjevanjem in spodbujanjem zbliževanja najboljših praks v postopkih javnega naročanja v zvezi s sistemi UI. Srednja podjetja, ki so bila do nedavno opredeljena kot mala podjetja v smislu Priloge k Priporočilu Komisije 2003/361/ES (44), bi morala imeti dostop do teh podpornih ukrepov, saj ta nova srednja podjetja včasih morda nimajo pravnih sredstev in niso pridobila ustreznih usposabljanj, potrebnih za zagotovitev ustreznega razumevanja te uredbe in skladnosti z njo.
(144)
In order to promote and protect innovation, the AI-on-demand platform, all relevant Union funding programmes and projects, such as Digital Europe Programme, Horizon Europe, implemented by the Commission and the Member States at Union or national level should, as appropriate, contribute to the achievement of the objectives of this Regulation.
(144)
Za spodbujanje in zaščito inovacij bi morali platforma za UI na zahtevo, vsi ustrezni programi in projekti Unije za financiranje, kot sta programa Digitalna Evropa in Obzorje Evropa, ki jih izvajajo Komisija in države članice na ravni Unije ali nacionalni ravni, prispevati k doseganju ciljev te uredbe.
(145)
In order to minimise the risks to implementation resulting from lack of knowledge and expertise in the market as well as to facilitate compliance of providers, in particular SMEs, including start-ups, and notified bodies with their obligations under this Regulation, the AI-on-demand platform, the European Digital Innovation Hubs and the testing and experimentation facilities established by the Commission and the Member States at Union or national level should contribute to the implementation of this Regulation. Within their respective mission and fields of competence, the AI-on-demand platform, the European Digital Innovation Hubs and the testing and experimentation Facilities are able to provide in particular technical and scientific support to providers and notified bodies.
(145)
K izvajanju te uredbe bi morali prispevati platforma za UI na zahtevo, evropska vozlišča za digitalne inovacije ter centri za testiranje in eksperimentiranje, ki so jih vzpostavile Komisija in države članice na ravni Unije ali nacionalni ravni, in sicer da bi čim bolj zmanjšali tveganja za izvajanje, ki so posledica pomanjkanja znanja in strokovnega znanja na trgu, ter da bi ponudnikom, predvsem MSP, vključno z zagonskimi podjetji, in priglašenim organom olajšali izpolnjevanje njihovih obveznosti iz te uredbe. Platforma za UI na zahtevo, evropska vozlišča za digitalne inovacije ter centri za preskušanje in eksperimentiranje lahko ponudnikom in priglašenim organom v okviru svojih mandatov in pristojnosti zagotavljajo zlasti tehnično in znanstveno podporo.
(146)
Moreover, in light of the very small size of some operators and in order to ensure proportionality regarding costs of innovation, it is appropriate to allow microenterprises to fulfil one of the most costly obligations, namely to establish a quality management system, in a simplified manner which would reduce the administrative burden and the costs for those enterprises without affecting the level of protection and the need for compliance with the requirements for high-risk AI systems. The Commission should develop guidelines to specify the elements of the quality management system to be fulfilled in this simplified manner by microenterprises.
(146)
Poleg tega je zaradi majhnosti nekaterih operaterjev in da se zagotovi sorazmernost, kar zadeva stroške inovacij, primerno, da se mikropodjetjem omogoči izpolnjevanje ene od najdražjih obveznosti, tj. vzpostavitve sistema upravljanja kakovosti, na poenostavljen način, kar bi zmanjšalo upravno breme in stroške za ta podjetja in ne bi vplivalo na raven varstva in potrebo po skladnosti z zahtevami za visokotvegane sisteme UI. Komisija bi morala pripraviti smernice za opredelitev elementov sistema upravljanja kakovosti, ki jih morajo mikropodjetja izpolnjevati na ta poenostavljen način.
(147)
It is appropriate that the Commission facilitates, to the extent possible, access to testing and experimentation facilities to bodies, groups or laboratories established or accredited pursuant to any relevant Union harmonisation legislation and which fulfil tasks in the context of conformity assessment of products or devices covered by that Union harmonisation legislation. This is, in particular, the case as regards expert panels, expert laboratories and reference laboratories in the field of medical devices pursuant to Regulations (EU) 2017/745 and (EU) 2017/746.
(147)
Primerno je, da Komisija organom, skupinam ali laboratorijem, ustanovljenim ali akreditiranim na podlagi katere koli ustrezne harmonizacijske zakonodaje Unije, ki izpolnjujejo naloge v okviru ugotavljanja skladnosti proizvodov ali pripomočkov, zajetih v navedeni harmonizacijski zakonodaji Unije, čim bolj olajša dostop do centrov za testiranje in eksperimentiranje. To velja zlasti za strokovne odbore, strokovne laboratorije in referenčne laboratorije na področju medicinskih pripomočkov na podlagi uredb (EU) 2017/745 in (EU) 2017/746.
(148)
This Regulation should establish a governance framework that both allows to coordinate and support the application of this Regulation at national level, as well as build capabilities at Union level and integrate stakeholders in the field of AI. The effective implementation and enforcement of this Regulation require a governance framework that allows to coordinate and build up central expertise at Union level. The AI Office was established by Commission Decision (45) and has as its mission to develop Union expertise and capabilities in the field of AI and to contribute to the implementation of Union law on AI. Member States should facilitate the tasks of the AI Office with a view to support the development of Union expertise and capabilities at Union level and to strengthen the functioning of the digital single market. Furthermore, a Board composed of representatives of the Member States, a scientific panel to integrate the scientific community and an advisory forum to contribute stakeholder input to the implementation of this Regulation, at Union and national level, should be established. The development of Union expertise and capabilities should also include making use of existing resources and expertise, in particular through synergies with structures built up in the context of the Union level enforcement of other law and synergies with related initiatives at Union level, such as the EuroHPC Joint Undertaking and the AI testing and experimentation facilities under the Digital Europe Programme.
(148)
S to uredbo bi bilo treba vzpostaviti okvir upravljanja, ki bi omogočal tako usklajevanje uporabe te uredbe in podporo uporabi na nacionalni ravni kot tudi krepitev zmogljivosti na ravni Unije in sodelovanje deležnikov s področja UI. Za učinkovito izvajanje in izvrševanje te uredbe je potreben okvir upravljanja, ki omogoča usklajevanje in pridobivanje centraliziranega strokovnega znanja na ravni Unije. Urad za UI je bil ustanovljen s sklepom Komisije (45) z mandatom razvijati strokovno znanje in zmogljivosti Unije na področju UI ter prispevati k izvajanju prava Unije o umetni inteligenci. Države članice bi morale olajšati naloge Urada za UI, da bi podpirale razvoj strokovnega znanja in zmogljivosti Unije na ravni Unije ter okrepile delovanje enotnega digitalnega trga. Poleg tega bi bilo treba ustanoviti odbor, sestavljen iz predstavnikov držav članic, znanstveni odbor za vključitev znanstvene skupnosti in svetovalni forum, da se omogoči prispevanje deležnikov k izvajanju te uredbe na ravni Unije in nacionalni ravni. Razvoj strokovnega znanja in zmogljivosti Unije bi moral vključevati tudi uporabo obstoječih virov in strokovnega znanja, zlasti s pomočjo sinergij s strukturami, vzpostavljenimi v okviru izvrševanja drugega prava na ravni Unije, in sinergij s povezanimi pobudami na ravni Unije, kot so Skupno podjetje EuroHPC ter centri za testiranje in eksperimentiranje na področju UI v okviru programa Digitalna Evropa.
(149)
In order to facilitate a smooth, effective and harmonised implementation of this Regulation a Board should be established. The Board should reflect the various interests of the AI eco-system and be composed of representatives of the Member States. The Board should be responsible for a number of advisory tasks, including issuing opinions, recommendations, advice or contributing to guidance on matters related to the implementation of this Regulation, including on enforcement matters, technical specifications or existing standards regarding the requirements established in this Regulation and providing advice to the Commission and the Member States and their national competent authorities on specific questions related to AI. In order to give some flexibility to Member States in the designation of their representatives in the Board, such representatives may be any persons belonging to public entities who should have the relevant competences and powers to facilitate coordination at national level and contribute to the achievement of the Board’s tasks. The Board should establish two standing sub-groups to provide a platform for cooperation and exchange among market surveillance authorities and notifying authorities on issues related, respectively, to market surveillance and notified bodies. The standing subgroup for market surveillance should act as the administrative cooperation group (ADCO) for this Regulation within the meaning of Article 30 of Regulation (EU) 2019/1020. In accordance with Article 33 of that Regulation, the Commission should support the activities of the standing subgroup for market surveillance by undertaking market evaluations or studies, in particular with a view to identifying aspects of this Regulation requiring specific and urgent coordination among market surveillance authorities. The Board may establish other standing or temporary sub-groups as appropriate for the purpose of examining specific issues. The Board should also cooperate, as appropriate, with relevant Union bodies, experts groups and networks active in the context of relevant Union law, including in particular those active under relevant Union law on data, digital products and services.
(149)
Da bi omogočili nemoteno, učinkovito in harmonizirano izvajanje te uredbe, bi bilo treba ustanoviti Odbor. Odbor bi moral odražati različne interese ekosistema UI in sestavljati bi ga morali predstavniki držav članic. Odgovoren bi moral biti za številne svetovalne naloge, med drugim za izdajanje mnenj, priporočil in nasvetov ali za prispevanje k dajanju smernic o zadevah, povezanih z izvajanjem te uredbe, vključno z zadevami glede izvrševanja, tehničnimi specifikacijami ali obstoječimi standardi v zvezi z zahtevami iz te uredbe, ter za svetovanje Komisiji ter državam članicam in njihovim pristojnim nacionalnim organom pri posebnih vprašanjih v zvezi z UI. Da bi državam članicam omogočili nekaj prožnosti pri imenovanju njihovih predstavnikov v Odbor, so lahko ti predstavniki katere koli osebe, ki pripadajo javnim subjektom, ter bi morale imeti ustrezne pristojnosti in pooblastila za lažje usklajevanje na nacionalni ravni in prispevanje k izpolnjevanju nalog Odbora. Odbor bi moral ustanoviti dve stalni podskupini, da bi zagotovili platformo za sodelovanje in izmenjavo med organi za nadzor trga in priglasitvenimi organi o vprašanjih, povezanih z nadzorom trga oziroma priglašenimi organi. Stalna podskupina za nadzor trga bi morala delovati kot skupina za upravno koordinacijo (ADCO) za to uredbo v smislu člena 30 Uredbe (EU) 2019/1020. V skladu s členom 33 navedene uredbe bi morala Komisija podpirati dejavnosti stalne podskupine za nadzor trga z ocenjevanji ali študijami trga, zlasti z namenom opredelitve vidikov te uredbe, pri katerih je potrebno posebno in nujno usklajevanje med organi za nadzor trga. Odbor lahko ustanovi druge stalne ali začasne podskupine za preučitev posebnih vprašanj. Po potrebi bi moral sodelovati tudi z ustreznimi organi, strokovnimi skupinami in mrežami Unije, dejavnimi v okviru ustreznega prava Unije, zlasti tudi s tistimi, dejavnimi na podlagi ustreznega prava Unije o podatkih, digitalnih proizvodih in storitvah.
(150)
With a view to ensuring the involvement of stakeholders in the implementation and application of this Regulation, an advisory forum should be established to advise and provide technical expertise to the Board and the Commission. To ensure a varied and balanced stakeholder representation between commercial and non-commercial interest and, within the category of commercial interests, with regards to SMEs and other undertakings, the advisory forum should comprise inter alia industry, start-ups, SMEs, academia, civil society, including the social partners, as well as the Fundamental Rights Agency, ENISA, the European Committee for Standardization (CEN), the European Committee for Electrotechnical Standardization (CENELEC) and the European Telecommunications Standards Institute (ETSI).
(150)
Za zagotavljanje sodelovanja deležnikov pri izvajanju in uporabi te uredbe, bi bilo treba vzpostaviti svetovalni forum, ki bi Odboru in Komisiji svetoval in jima zagotavljal tehnično strokovno znanje. Da bi zagotovili raznoliko in uravnoteženo zastopanost deležnikov glede na komercialne in nekomercialne interese, znotraj kategorije poslovnih interesov pa v zvezi z MSP in drugimi podjetji, bi moral biti svetovalni forum med drugim sestavljen iz predstavnikov industrije, zagonskih podjetij, MSP, akademskih krogov, civilne družbe, vključno s socialnimi partnerji, pa tudi Agencije za temeljne pravice, ENISA, Evropskega odbora za standardizacijo (CEN), Evropskega odbora za elektrotehniško standardizacijo (CENELEC) in Evropskega inštituta za telekomunikacijske standarde (ETSI).
(151)
To support the implementation and enforcement of this Regulation, in particular the monitoring activities of the AI Office as regards general-purpose AI models, a scientific panel of independent experts should be established. The independent experts constituting the scientific panel should be selected on the basis of up-to-date scientific or technical expertise in the field of AI and should perform their tasks with impartiality, objectivity and ensure the confidentiality of information and data obtained in carrying out their tasks and activities. To allow the reinforcement of national capacities necessary for the effective enforcement of this Regulation, Member States should be able to request support from the pool of experts constituting the scientific panel for their enforcement activities.
(151)
Za podporo izvajanju in izvrševanju te uredbe, zlasti dejavnosti spremljanja, ki jih v zvezi z modeli UI za splošne namene izvaja Urad za UI, bi bilo treba ustanoviti znanstveni odbor neodvisnih strokovnjakov. Neodvisni strokovnjaki, ki sestavljajo znanstveni odbor, bi morali biti izbrani zaradi najnovejšega znanstvenega ali tehničnega strokovnega znanja na področju UI in bi morali svoje naloge opravljati nepristransko in objektivno ter zagotavljati zaupnost informacij in podatkov, pridobljenih pri izvajanju njihovih nalog in dejavnosti. Da bi omogočili okrepitev nacionalnih zmogljivosti, potrebnih za učinkovito izvrševanje te uredbe, bi morale imeti države članice možnost, da strokovnjake, ki sestavljajo znanstveni odbor, zaprosijo, da jim pomagajo pri dejavnostih izvrševanja.
(152)
In order to support adequate enforcement as regards AI systems and reinforce the capacities of the Member States, Union AI testing support structures should be established and made available to the Member States.
(152)
Da bi podprli ustrezno izvrševanje v zvezi s sistemi UI in okrepili zmogljivosti držav članic, bi bilo treba vzpostaviti podporne strukture Unije za testiranje UI in jih dati na voljo državam članicam.
(153)
Member States hold a key role in the application and enforcement of this Regulation. In that respect, each Member State should designate at least one notifying authority and at least one market surveillance authority as national competent authorities for the purpose of supervising the application and implementation of this Regulation. Member States may decide to appoint any kind of public entity to perform the tasks of the national competent authorities within the meaning of this Regulation, in accordance with their specific national organisational characteristics and needs. In order to increase organisation efficiency on the side of Member States and to set a single point of contact vis-à-vis the public and other counterparts at Member State and Union levels, each Member State should designate a market surveillance authority to act as a single point of contact.
(153)
Države članice imajo ključno vlogo pri uporabi in izvrševanju te uredbe. V zvezi s tem bi morala vsaka država članica za pristojne nacionalne organe za namen nadzora uporabe in izvajanja te uredbe imenovati vsaj en priglasitveni organ in vsaj en organ za nadzor trga. Države članice se lahko v skladu s svojimi specifičnimi nacionalnimi organizacijskimi značilnostmi in potrebami odločijo, da za opravljanje nalog pristojnih nacionalnih organov v smislu te uredbe imenujejo kateri koli javni subjekt. Da bi na strani držav članic izboljšali učinkovitost organizacije ter vzpostavili enotno kontaktno točko za stike z javnostjo in drugimi partnerji na ravni držav članic in Unije, bi morala vsaka država članica imenovati organ za nadzor trga, ki deluje kot enotna kontaktna točka.
(154)
The national competent authorities should exercise their powers independently, impartially and without bias, so as to safeguard the principles of objectivity of their activities and tasks and to ensure the application and implementation of this Regulation. The members of these authorities should refrain from any action incompatible with their duties and should be subject to confidentiality rules under this Regulation.
(154)
Pristojni nacionalni organi bi svoja pooblastila morali izvajati neodvisno, nepristransko in brez predsodkov, da bi zaščitili objektivnost svojih dejavnosti in nalog ter zagotovili uporabo in izvajanje te uredbe. Člani teh organov bi se morali vzdržati vseh dejanj, ki niso združljiva z njihovimi dolžnostmi, in zanje bi se morala uporabljati pravila o zaupnosti na podlagi te uredbe.
(155)
In order to ensure that providers of high-risk AI systems can take into account the experience on the use of high-risk AI systems for improving their systems and the design and development process or can take any possible corrective action in a timely manner, all providers should have a post-market monitoring system in place. Where relevant, post-market monitoring should include an analysis of the interaction with other AI systems including other devices and software. Post-market monitoring should not cover sensitive operational data of deployers which are law enforcement authorities. This system is also key to ensure that the possible risks emerging from AI systems which continue to ‘learn’ after being placed on the market or put into service can be more efficiently and timely addressed. In this context, providers should also be required to have a system in place to report to the relevant authorities any serious incidents resulting from the use of their AI systems, meaning incident or malfunctioning leading to death or serious damage to health, serious and irreversible disruption of the management and operation of critical infrastructure, infringements of obligations under Union law intended to protect fundamental rights or serious damage to property or the environment.
(155)
Da bi zagotovili, da ponudniki visokotveganih sistemov UI izkušnje pri uporabi visokotveganih sistemov UI lahko upoštevajo za izboljšanje svojih sistemov ter postopka zasnove in razvoja ali da lahko pravočasno izvedejo morebitne popravne ukrepe, bi morali imeti vsi ponudniki vzpostavljen sistem spremljanja po dajanju na trg. Po potrebi bi spremljanje po dajanju na trg moralo vključevati analizo interakcije z drugimi sistemi UI, tudi drugimi napravami in programsko opremo. V spremljanje po dajanju na trg ne bi smeli biti zajeti občutljivi operativni podatki uvajalcev, ki so organi za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj. Ta sistem je tudi ključen za zagotovitev učinkovitejše in pravočasnejše obravnave morebitnih tveganj, ki izhajajo iz sistemov UI, ki se po dajanju na trg ali v uporabo še naprej „učijo“. V zvezi s tem bi bilo treba od ponudnikov zahtevati tudi, da imajo vzpostavljen sistem za poročanje ustreznim organom o vseh resnih incidentih, ki so posledica uporabe njihovih sistemov UI, tj. incidentih ali okvarah, ki povzročijo smrt ali resno ogroženost zdravja, hude in nepopravljive motnje v upravljanju in delovanju kritične infrastrukture, kršitve obveznosti na podlagi prava Unije o zaščiti temeljnih pravic ali hudo škodo premoženju ali okolju.
(156)
In order to ensure an appropriate and effective enforcement of the requirements and obligations set out by this Regulation, which is Union harmonisation legislation, the system of market surveillance and compliance of products established by Regulation (EU) 2019/1020 should apply in its entirety. Market surveillance authorities designated pursuant to this Regulation should have all enforcement powers laid down in this Regulation and in Regulation (EU) 2019/1020 and should exercise their powers and carry out their duties independently, impartially and without bias. Although the majority of AI systems are not subject to specific requirements and obligations under this Regulation, market surveillance authorities may take measures in relation to all AI systems when they present a risk in accordance with this Regulation. Due to the specific nature of Union institutions, agencies and bodies falling within the scope of this Regulation, it is appropriate to designate the European Data Protection Supervisor as a competent market surveillance authority for them. This should be without prejudice to the designation of national competent authorities by the Member States. Market surveillance activities should not affect the ability of the supervised entities to carry out their tasks independently, when such independence is required by Union law.
(156)
Za zagotovitev ustreznega in učinkovitega izvrševanja zahtev in obveznosti iz te uredbe, ki je harmonizacijska zakonodaja Unije, bi bilo treba v celoti uporabljati sistem nadzora trga in skladnosti proizvodov, vzpostavljen z Uredbo (EU) 2019/1020. Organi za nadzor trga, imenovani na podlagi te uredbe, bi morali imeti vsa izvršilna pooblastila, določena v tej uredbi in Uredbi (EU) 2019/1020, ter bi morali svoja pooblastila in dolžnosti izvajati neodvisno, nepristransko in brez predsodkov. Čeprav za večino sistemov UI ne veljajo posebne zahteve in obveznosti iz te uredbe, lahko organi za nadzor trga sprejmejo ukrepe v zvezi z vsemi sistemi UI, če ti predstavljajo tveganje v skladu s to uredbo. Zaradi posebne narave institucij, agencij in organov Unije, ki spadajo na področje uporabe te uredbe, je za organ za nadzor trga, ki bo pristojen zanje, primerno imenovati Evropskega nadzornika za varstvo podatkov. To ne bi smelo posegati v imenovanje pristojnih nacionalnih organov s strani držav članic. Dejavnosti nadzora trga ne bi smele vplivati na zmožnost nadzorovanih subjektov, da svoje naloge opravljajo neodvisno, kadar je taka neodvisnost zahtevana po pravu Unije.
(157)
This Regulation is without prejudice to the competences, tasks, powers and independence of relevant national public authorities or bodies which supervise the application of Union law protecting fundamental rights, including equality bodies and data protection authorities. Where necessary for their mandate, those national public authorities or bodies should also have access to any documentation created under this Regulation. A specific safeguard procedure should be set for ensuring adequate and timely enforcement against AI systems presenting a risk to health, safety and fundamental rights. The procedure for such AI systems presenting a risk should be applied to high-risk AI systems presenting a risk, prohibited systems which have been placed on the market, put into service or used in violation of the prohibited practices laid down in this Regulation and AI systems which have been made available in violation of the transparency requirements laid down in this Regulation and present a risk.
(157)
Ta uredba ne posega v pristojnosti, naloge, pooblastila in neodvisnost ustreznih nacionalnih javnih organov ali teles, ki nadzorujejo uporabo prava Unije o varstvu temeljnih pravic, tudi ne organov za enakost in organov za varstvo podatkov. Kadar je to potrebno za njihov mandat, bi morali imeti navedeni nacionalni javni organi ali telesa tudi dostop do kakršne koli dokumentacije, pripravljene na podlagi te uredbe. Določiti bi bilo treba poseben zaščitni postopek za zagotavljanje ustreznega in pravočasnega izvrševanja v zvezi s sistemi UI, ki predstavljajo tveganje za zdravje, varnost in temeljne pravice. Postopek za take sisteme UI, ki predstavljajo tveganje, bi bilo treba uporabljati za visokotvegane sisteme UI, ki predstavljajo tveganje, prepovedane sisteme, ki so bili dani na trg ali v uporabo oziroma se uporabljajo v skladu s prepovedanimi praksami iz te uredbe, in sisteme UI, ki predstavljajo tveganje in katerih dostopnost je bila omogočena v nasprotju z zahtevami glede preglednosti iz te uredbe.
(158)
Union financial services law includes internal governance and risk-management rules and requirements which are applicable to regulated financial institutions in the course of provision of those services, including when they make use of AI systems. In order to ensure coherent application and enforcement of the obligations under this Regulation and relevant rules and requirements of the Union financial services legal acts, the competent authorities for the supervision and enforcement of those legal acts, in particular competent authorities as defined in Regulation (EU) No 575/2013 of the European Parliament and of the Council (46) and Directives 2008/48/EC (47), 2009/138/EC (48), 2013/36/EU (49), 2014/17/EU (50) and (EU) 2016/97 (51) of the European Parliament and of the Council, should be designated, within their respective competences, as competent authorities for the purpose of supervising the implementation of this Regulation, including for market surveillance activities, as regards AI systems provided or used by regulated and supervised financial institutions unless Member States decide to designate another authority to fulfil these market surveillance tasks. Those competent authorities should have all powers under this Regulation and Regulation (EU) 2019/1020 to enforce the requirements and obligations of this Regulation, including powers to carry our ex post market surveillance activities that can be integrated, as appropriate, into their existing supervisory mechanisms and procedures under the relevant Union financial services law. It is appropriate to envisage that, when acting as market surveillance authorities under this Regulation, the national authorities responsible for the supervision of credit institutions regulated under Directive 2013/36/EU, which are participating in the Single Supervisory Mechanism established by Council Regulation (EU) No 1024/2013 (52), should report, without delay, to the European Central Bank any information identified in the course of their market surveillance activities that may be of potential interest for the European Central Bank’s prudential supervisory tasks as specified in that Regulation. To further enhance the consistency between this Regulation and the rules applicable to credit institutions regulated under Directive 2013/36/EU, it is also appropriate to integrate some of the providers’ procedural obligations in relation to risk management, post marketing monitoring and documentation into the existing obligations and procedures under Directive 2013/36/EU. In order to avoid overlaps, limited derogations should also be envisaged in relation to the quality management system of providers and the monitoring obligation placed on deployers of high-risk AI systems to the extent that these apply to credit institutions regulated by Directive 2013/36/EU. The same regime should apply to insurance and re-insurance undertakings and insurance holding companies under Directive 2009/138/EC and the insurance intermediaries under Directive (EU) 2016/97 and other types of financial institutions subject to requirements regarding internal governance, arrangements or processes established pursuant to the relevant Union financial services law to ensure consistency and equal treatment in the financial sector.
(158)
Pravo Unije o finančnih storitvah vključuje pravila in zahteve glede notranjega upravljanja in obvladovanja tveganj, ki veljajo za regulirane finančne institucije med opravljanjem teh storitev, tudi kadar uporabljajo sisteme UI. Za zagotovitev usklajene uporabe in izvrševanja obveznosti na podlagi te uredbe ter ustreznih pravil in zahtev iz pravnih aktov Unije o finančnih storitvah bi bilo treba pristojne organe za nadzor in izvrševanje navedenih pravnih aktov, zlasti pristojne organe, opredeljene v Uredbi (EU) št. 575/2013 Evropskega parlamenta in Sveta (46) ter direktivah 2008/48/ES (47), 2009/138/ES (48), 2013/36/EU (49), 2014/17/EU (50) in (EU) 2016/97 (51) Evropskega parlamenta in Sveta, glede na njihove zadevne pristojnosti imenovati za pristojne organe za namen nadzora izvajanja te uredbe, vključno z dejavnostmi nadzora trga, v zvezi s sistemi UI, ki jih zagotavljajo ali uporabljajo regulirane in nadzorovane finančne institucije, razen če se država članica ne odloči, da bo za opravljanje teh nalog nadzora trga imenovala drug organ. Ti pristojni organi bi morali imeti vsa pooblastila na podlagi te uredbe in Uredbe (EU) 2019/1020 za izvrševanje zahtev in obveznosti iz te uredbe, vključno s pooblastili za izvajanje naknadnih dejavnosti nadzora trga, ki jih lahko, če je to primerno, vključijo v svoje obstoječe nadzorne mehanizme in postopke na podlagi zadevnega prava Unije o finančnih storitvah. Primerno je predvideti, da bi morali nacionalni organi, ki so odgovorni za nadzor kreditnih institucij, ki jih ureja Direktiva 2013/36/EU, in sodelujejo v enotnem mehanizmu nadzora, vzpostavljenem z Uredbo Sveta (EU) št. 1024/2013 (52), kadar delujejo kot organi za nadzor trga na podlagi te uredbe, Evropski centralni banki nemudoma sporočiti vse informacije, pridobljene v okviru njihovih dejavnosti nadzora trga, ki bi lahko bile zanimive za naloge bonitetnega nadzora Evropske centralne banke, kot so določene v navedeni uredbi. Za nadaljnjo krepitev skladnosti med to uredbo in pravili, ki se uporabljajo za kreditne institucije, ki jih ureja Direktiva 2013/36/EU, je primerno v obstoječe obveznosti in postopke iz Direktive 2013/36/EU vključiti tudi nekatere postopkovne obveznosti ponudnikov v zvezi z obvladovanjem tveganj, spremljanjem po dajanju na trg ter dokumentacijo. Da bi se izognili prekrivanju, bi bilo treba predvideti tudi omejena odstopanja v zvezi s sistemom ponudnikov za upravljanje kakovosti in obveznostjo spremljanja, naloženo uvajalcem visokotveganih sistemov UI, če se ta uporabljajo za kreditne institucije, ki jih ureja Direktiva 2013/36/EU. Isto ureditev bi bilo treba uporabljati za zavarovalnice in pozavarovalnice ter zavarovalne holdinge na podlagi Direktive 2009/138/ES in zavarovalne posrednike na podlagi Direktive (EU) 2016/97 ter druge vrste finančnih institucij, za katere veljajo zahteve glede notranjega upravljanja, ureditev ali postopkov, vzpostavljenih na podlagi ustreznega prava Unije o finančnih storitvah, da se zagotovita doslednost in enaka obravnava v finančnem sektorju.
(159)
Each market surveillance authority for high-risk AI systems in the area of biometrics, as listed in an annex to this Regulation insofar as those systems are used for the purposes of law enforcement, migration, asylum and border control management, or the administration of justice and democratic processes, should have effective investigative and corrective powers, including at least the power to obtain access to all personal data that are being processed and to all information necessary for the performance of its tasks. The market surveillance authorities should be able to exercise their powers by acting with complete independence. Any limitations of their access to sensitive operational data under this Regulation should be without prejudice to the powers conferred to them by Directive (EU) 2016/680. No exclusion on disclosing data to national data protection authorities under this Regulation should affect the current or future powers of those authorities beyond the scope of this Regulation.
(159)
Vsak organ za nadzor trga za visokotvegane sisteme UI na področju biometrike, kot so navedeni v eni od prilog k tej uredbi, če se ti sistemi uporabljajo za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, migracij, azila in upravljanja nadzora meja ali za pravosodje in demokratične procese, bi moral imeti pooblastila za preiskovanje in popravne ukrepe, vključno vsaj s pooblastilom za pridobitev dostopa do vseh osebnih podatkov, ki se obdelujejo, in do vseh informacij, potrebnih za opravljanje njegovih nalog. Organi za nadzor trga bi morali imeti možnost, da svoja pooblastila izvajajo popolnoma neodvisno. Morebitne omejitve njihovega dostopa do občutljivih operativnih podatkov na podlagi te uredbe ne bi smele posegati v pooblastila, ki so jim podeljena z Direktivo (EU) 2016/680. Nobena izključitev glede razkritja podatkov nacionalnim organom za varstvo podatkov na podlagi te uredbe ne bi smela vplivati na sedanja ali prihodnja pooblastila teh organov zunaj področja uporabe te uredbe.
(160)
The market surveillance authorities and the Commission should be able to propose joint activities, including joint investigations, to be conducted by market surveillance authorities or market surveillance authorities jointly with the Commission, that have the aim of promoting compliance, identifying non-compliance, raising awareness and providing guidance in relation to this Regulation with respect to specific categories of high-risk AI systems that are found to present a serious risk across two or more Member States. Joint activities to promote compliance should be carried out in accordance with Article 9 of Regulation (EU) 2019/1020. The AI Office should provide coordination support for joint investigations.
(160)
Organom za nadzor trga in Komisiji bi moralo biti omogočeno, da predlagajo skupne dejavnosti – vključno s skupnimi preiskavami, ki jih izvajajo organi za nadzor trga sami ali skupaj s Komisijo –, katerih cilj je spodbujanje skladnosti, odkrivanje neskladnosti, ozaveščanje ali zagotavljanje smernic v zvezi s to uredbo, kar zadeva posebne kategorije visokotveganih sistemov UI, za katere se ugotovi, da predstavljajo resno tveganje v dveh ali več državah članicah. Skupne dejavnosti za spodbujanje skladnosti bi bilo treba izvajati v skladu s členom 9 Uredbe (EU) 2019/1020. Urad za UI bi moral zagotavljati usklajevalno podporo za skupne preiskave.
(161)
It is necessary to clarify the responsibilities and competences at Union and national level as regards AI systems that are built on general-purpose AI models. To avoid overlapping competences, where an AI system is based on a general-purpose AI model and the model and system are provided by the same provider, the supervision should take place at Union level through the AI Office, which should have the powers of a market surveillance authority within the meaning of Regulation (EU) 2019/1020 for this purpose. In all other cases, national market surveillance authorities remain responsible for the supervision of AI systems. However, for general-purpose AI systems that can be used directly by deployers for at least one purpose that is classified as high-risk, market surveillance authorities should cooperate with the AI Office to carry out evaluations of compliance and inform the Board and other market surveillance authorities accordingly. Furthermore, market surveillance authorities should be able to request assistance from the AI Office where the market surveillance authority is unable to conclude an investigation on a high-risk AI system because of its inability to access certain information related to the general-purpose AI model on which the high-risk AI system is built. In such cases, the procedure regarding mutual assistance in cross-border cases in Chapter VI of Regulation (EU) 2019/1020 should apply mutatis mutandis.
(161)
Pojasniti je treba odgovornosti in pristojnosti na ravni Unije in nacionalni ravni v zvezi z sistemi UI, ki temeljijo na modelih UI za splošne namene. Da bi se izognili prekrivanju pristojnosti, kadar sistem UI temelji na modelu UI za splošne namene ter kadar model in sistem zagotavlja isti ponudnik, bi moral biti za nadzor na ravni Unije pristojen Urad za UI, ki bi moral v ta namen imeti pooblastila organa za nadzor trga v smislu Uredbe (EU) 2019/1020. V vseh drugih primerih so za nadzor sistemov UI še naprej odgovorni nacionalni organi za nadzor trga. Vendar bi morali organi za nadzor trga za sisteme UI za splošne namene, ki jih lahko uvajalci neposredno uporabljajo za vsaj en namen, ki je razvrščen kot visoko tveganje, sodelovati z Uradom za UI pri izvedbi ocen skladnosti ter o tem ustrezno obvestili Odbor in druge organe za nadzor trga. Poleg tega bi morali imeti organi za nadzor trga možnost, da Urad za UI zaprosijo za pomoč, kadar organ za nadzor trga ne more zaključiti preiskave visokotveganega sistema UI, ker ne more dostopati do nekaterih informacij, ki se nanašajo na model UI za splošne namene, na katerem temelji visokotvegani sistem UI. V takih primerih bi se moral smiselno uporabljati postopek v zvezi s čezmejno medsebojno pomočjo iz poglavja VI Uredbe (EU) 2019/1020.
(162)
To make best use of the centralised Union expertise and synergies at Union level, the powers of supervision and enforcement of the obligations on providers of general-purpose AI models should be a competence of the Commission. The AI Office should be able to carry out all necessary actions to monitor the effective implementation of this Regulation as regards general-purpose AI models. It should be able to investigate possible infringements of the rules on providers of general-purpose AI models both on its own initiative, following the results of its monitoring activities, or upon request from market surveillance authorities in line with the conditions set out in this Regulation. To support effective monitoring of the AI Office, it should provide for the possibility that downstream providers lodge complaints about possible infringements of the rules on providers of general-purpose AI models and systems.
(162)
Da bi na ravni Unije čim bolje izkoristili centralizirano strokovno znanje in sinergije Unije, bi morala biti pooblastila za nadzor in izvrševanje obveznosti za ponudnike modelov UI za splošne namene v pristojnosti Komisije. Urad za UI bi moral imeti možnost, da izvede vse potrebne ukrepe za spremljanje učinkovitega izvajanja te uredbe v zvezi z modeli UI za splošne namene. Imeti bi moral možnost, da na lastno pobudo na podlagi rezultatov njegovih dejavnosti spremljanja ali na zahtevo organov za nadzor trga v skladu s pogoji iz te uredbe razišče morebitne kršitve pravil o ponudnikih modelov UI za splošne namene. Da bi podprli učinkovito spremljanje Urada za UI, bi bilo treba določiti možnost, da lahko ponudniki nižje v verigi vložijo pritožbe zaradi morebitnih kršitev pravil o ponudnikih modelov UI za splošne namene in sistemov UI.
(163)
With a view to complementing the governance systems for general-purpose AI models, the scientific panel should support the monitoring activities of the AI Office and may, in certain cases, provide qualified alerts to the AI Office which trigger follow-ups, such as investigations. This should be the case where the scientific panel has reason to suspect that a general-purpose AI model poses a concrete and identifiable risk at Union level. Furthermore, this should be the case where the scientific panel has reason to suspect that a general-purpose AI model meets the criteria that would lead to a classification as general-purpose AI model with systemic risk. To equip the scientific panel with the information necessary for the performance of those tasks, there should be a mechanism whereby the scientific panel can request the Commission to require documentation or information from a provider.
(163)
Da bi dopolnili sisteme upravljanja modelov UI za splošne namene, bi moral znanstveni odbor prispevati k dejavnostim spremljanja Urada za UI, ki mu v nekaterih primerih lahko pošlje kvalificirana opozorila, ki sprožijo nadaljnje ukrepanje, kot so preiskave. To bi se moralo zgoditi, kadar znanstveni odbor utemeljeno sumi, da model UI za splošne namene predstavlja konkretno in prepoznavno tveganje na ravni Unije. To bi se prav tako moralo zgoditi, kadar znanstveni odbor utemeljeno sumi, da model UI za splošne namene izpolnjuje merila, na podlagi katerih bi moral biti razvrščen kot model UI za splošne namene s sistemskim tveganjem. Da se znanstvenemu svetu zagotovijo informacije, potrebne za opravljanje teh nalog, bi moral obstajati mehanizem, s katerim lahko znanstveni odbor zaprosi Komisijo, da od ponudnika zahteva dokumentacijo ali informacije.
(164)
The AI Office should be able to take the necessary actions to monitor the effective implementation of and compliance with the obligations for providers of general-purpose AI models laid down in this Regulation. The AI Office should be able to investigate possible infringements in accordance with the powers provided for in this Regulation, including by requesting documentation and information, by conducting evaluations, as well as by requesting measures from providers of general-purpose AI models. When conducting evaluations, in order to make use of independent expertise, the AI Office should be able to involve independent experts to carry out the evaluations on its behalf. Compliance with the obligations should be enforceable, inter alia, through requests to take appropriate measures, including risk mitigation measures in the case of identified systemic risks as well as restricting the making available on the market, withdrawing or recalling the model. As a safeguard, where needed beyond the procedural rights provided for in this Regulation, providers of general-purpose AI models should have the procedural rights provided for in Article 18 of Regulation (EU) 2019/1020, which should apply mutatis mutandis, without prejudice to more specific procedural rights provided for by this Regulation.
(164)
Urad za UI bi moral imeti možnost, da sprejme potrebne ukrepe za spremljanje učinkovitega izvajanja in izpolnjevanja obveznosti za ponudnike modelov UI za splošne namene iz te uredbe. Urad za UI bi moral imeti možnost, da razišče morebitne kršitve v skladu s pooblastili na podlagi te uredbe, tudi tako, da zahteva dokumentacijo in informacije, izvaja ocenjevanje ter od ponudnikov modelov UI za splošne namene zahteva ukrepe. Pri izvajanju ocenjevanja in zato, da bi uporabili neodvisno strokovno znanje, bi moral Urad za UI imeti možnost vključiti neodvisne strokovnjake, da v njegovem imenu izvedejo ocenjevanje. Izpolnjevanje obveznosti bi moralo biti izvršljivo, med drugim z zahtevami za sprejetje ustreznih ukrepov, vključno z ukrepi za zmanjšanje tveganja v primeru prepoznanih sistemskih tveganj, ter z omejevanjem omogočanja dostopnosti modela na trgu, njegovim umikom ali odpoklicem. Kot zaščitni ukrepi, kadar je to potrebno poleg procesnih pravic iz te uredbe, bi morali imeti ponudniki modelov UI za splošne namene procesne pravice iz člena 18 Uredbe (EU) 2019/1020, ki bi se morale uporabljati smiselno in brez poseganja v bolj specifične procesne pravice iz te uredbe.
(165)
The development of AI systems other than high-risk AI systems in accordance with the requirements of this Regulation may lead to a larger uptake of ethical and trustworthy AI in the Union. Providers of AI systems that are not high-risk should be encouraged to create codes of conduct, including related governance mechanisms, intended to foster the voluntary application of some or all of the mandatory requirements applicable to high-risk AI systems, adapted in light of the intended purpose of the systems and the lower risk involved and taking into account the available technical solutions and industry best practices such as model and data cards. Providers and, as appropriate, deployers of all AI systems, high-risk or not, and AI models should also be encouraged to apply on a voluntary basis additional requirements related, for example, to the elements of the Union’s Ethics Guidelines for Trustworthy AI, environmental sustainability, AI literacy measures, inclusive and diverse design and development of AI systems, including attention to vulnerable persons and accessibility to persons with disability, stakeholders’ participation with the involvement, as appropriate, of relevant stakeholders such as business and civil society organisations, academia, research organisations, trade unions and consumer protection organisations in the design and development of AI systems, and diversity of the development teams, including gender balance. To ensure that the voluntary codes of conduct are effective, they should be based on clear objectives and key performance indicators to measure the achievement of those objectives. They should also be developed in an inclusive way, as appropriate, with the involvement of relevant stakeholders such as business and civil society organisations, academia, research organisations, trade unions and consumer protection organisation. The Commission may develop initiatives, including of a sectoral nature, to facilitate the lowering of technical barriers hindering cross-border exchange of data for AI development, including on data access infrastructure, semantic and technical interoperability of different types of data.
(165)
Razvoj sistemov UI, ki niso visokotvegani sistemi UI, v skladu z zahtevami iz te uredbe lahko pripelje do večjega koriščenja etične in zaupanja vredne UI v Uniji. Ponudnike sistemov UI, ki niso sistemi visokega tveganja, bi bilo treba spodbujati k oblikovanju kodeksov ravnanja, vključno s povezanimi mehanizmi upravljanja, ki bodo namenjeni spodbujanju prostovoljne uporabe nekaterih ali vseh obveznih zahtev, ki se uporabljajo za visokotvegane sisteme UI, prilagojeni predvidenemu namenu sistemov in manjšemu tveganju ter bodo v njih upoštevane razpoložljive tehnične rešitve in najboljše prakse v industriji, kot so modeli in podatkovne kartice. Ponudnike in po potrebi uvajalce vseh sistemov UI, ne glede na to, ali so sistemi visokega tveganja ali ne, in modelov UI bi bilo treba spodbujati tudi k prostovoljni uporabi dodatnih zahtev, povezanih na primer z elementi etičnih smernic Unije za zaupanja vredno UI, okoljsko trajnostnostjo, ukrepi za pismenost na področju UI, zasnovo in razvojem sistemov UI, ki zagotavljata inkluzivnost in raznolikost, vključno s poudarkom na ranljivih osebah in dostopnostjo za invalide, sodelovanjem deležnikov, po potrebi s sodelovanjem ustreznih deležnikov, kot so podjetja in organizacije civilne družbe, akademski krogi, raziskovalne organizacije, sindikati in organizacije za varstvo potrošnikov, pri zasnovi in razvoju sistemov UI, ter z raznolikostjo razvojnih skupin, vključno z uravnoteženo zastopanostjo spolov. Da bi zagotovili učinkovitost prostovoljnih kodeksov ravnanja, bi morali ti temeljiti na jasnih ciljih in ključnih kazalnikih uspešnosti za merjenje doseganja teh ciljev. Prav tako bi jih bilo treba razvijati na inkluziven način, kot je ustrezno, ob sodelovanju ustreznih deležnikov, kot so podjetja in organizacije civilne družbe, akademski krogi, raziskovalne organizacije, sindikati in organizacije za varstvo potrošnikov. Komisija lahko pripravi pobude, tudi sektorske narave, da se omogoči zmanjšanje tehničnih ovir za čezmejno izmenjavo podatkov za razvoj UI, tudi na infrastrukturi za dostop do podatkov, ter semantično in tehnično interoperabilnost različnih vrst podatkov.
(166)
It is important that AI systems related to products that are not high-risk in accordance with this Regulation and thus are not required to comply with the requirements set out for high-risk AI systems are nevertheless safe when placed on the market or put into service. To contribute to this objective, Regulation (EU) 2023/988 of the European Parliament and of the Council (53) would apply as a safety net.
(166)
Pomembno je, da so sistemi UI, ki so povezani s proizvodi brez visokega tveganja v skladu s to uredbo in jim zato ni treba izpolnjevati zahtev za visokotvegane sisteme UI, kljub temu varni, ko so dani na trg ali v uporabo. Da bi prispevali k temu cilju, bi se Uredba (EU) 2023/988 Evropskega parlamenta in Sveta (53) uporabljala kot varnostna mreža.
(167)
In order to ensure trustful and constructive cooperation of competent authorities on Union and national level, all parties involved in the application of this Regulation should respect the confidentiality of information and data obtained in carrying out their tasks, in accordance with Union or national law. They should carry out their tasks and activities in such a manner as to protect, in particular, intellectual property rights, confidential business information and trade secrets, the effective implementation of this Regulation, public and national security interests, the integrity of criminal and administrative proceedings, and the integrity of classified information.
(167)
Za zagotovitev zaupanja vrednega in konstruktivnega sodelovanja pristojnih organov na ravni Unije in nacionalni ravni bi morale vse strani, ki sodelujejo pri uporabi te uredbe, spoštovati zaupnost informacij in podatkov, ki so jih pridobili pri opravljanju svojih nalog, v skladu s pravom Unije ali nacionalnim pravom. Svoje naloge in dejavnosti bi morali opravljati tako, da varujejo zlasti pravice intelektualne lastnine, zaupne poslovne informacije in poslovne skrivnosti, učinkovito izvajanje te uredbe, javne in nacionalne varnostne interese, celovitost kazenskih in upravnih postopkov ter celovitost tajnih podatkov.
(168)
Compliance with this Regulation should be enforceable by means of the imposition of penalties and other enforcement measures. Member States should take all necessary measures to ensure that the provisions of this Regulation are implemented, including by laying down effective, proportionate and dissuasive penalties for their infringement, and to respect the ne bis in idem principle. In order to strengthen and harmonise administrative penalties for infringement of this Regulation, the upper limits for setting the administrative fines for certain specific infringements should be laid down. When assessing the amount of the fines, Member States should, in each individual case, take into account all relevant circumstances of the specific situation, with due regard in particular to the nature, gravity and duration of the infringement and of its consequences and to the size of the provider, in particular if the provider is an SME, including a start-up. The European Data Protection Supervisor should have the power to impose fines on Union institutions, agencies and bodies falling within the scope of this Regulation.
(168)
Skladnost s to uredbo bi morala biti izvršljiva z naložitvijo kazni in drugimi izvršilnimi ukrepi. Države članice bi morale sprejeti vse potrebne ukrepe za zagotovitev izvajanja določb te uredbe, tudi z določitvijo učinkovitih, sorazmernih in odvračilnih kazni za njihovo kršitev, in za upoštevanje načela ne bis in idem. Za okrepitev in uskladitev upravnih kazni za kršitev te uredbe bi bilo treba določiti zgornje meje za določitev upravnih glob za nekatere posebne kršitve. Države članice bi morale pri določanju višine glob v vsakem posameznem primeru upoštevati vse ustrezne okoliščine konkretne situacije, zlasti pa naravo, težo in trajanje kršitve ter njene posledice in velikost ponudnika, zlasti če je ponudnik MSP, vključno z zagonskim podjetjem. Evropski nadzornik za varstvo podatkov bi moral biti pooblaščen za nalaganje glob institucijam, agencijam in organom Unije, ki spadajo na področje uporabe te uredbe.
(169)
Compliance with the obligations on providers of general-purpose AI models imposed under this Regulation should be enforceable, inter alia, by means of fines. To that end, appropriate levels of fines should also be laid down for infringement of those obligations, including the failure to comply with measures requested by the Commission in accordance with this Regulation, subject to appropriate limitation periods in accordance with the principle of proportionality. All decisions taken by the Commission under this Regulation are subject to review by the Court of Justice of the European Union in accordance with the TFEU, including the unlimited jurisdiction of the Court of Justice with regard to penalties pursuant to Article 261 TFEU.
(169)
Izpolnjevanje obveznosti za ponudnike modelov UI za splošne namene, določenih na podlagi te uredbe, bi moralo med drugim biti izvršljivo z globami. V ta namen bi bilo treba določiti tudi ustrezne ravni glob za kršitev navedenih obveznosti, vključno z neizpolnjevanjem ukrepov, ki jih Komisija zahteva v skladu s to uredbo, ob upoštevanju ustreznih zastaralnih rokov v skladu z načelom sorazmernosti. Vse odločitve, ki jih Komisija sprejme na podlagi te uredbe, so podvržene nadzoru Sodišča Evropske unije v skladu s PDEU, vključno z neomejeno pristojnostjo Sodišča glede kazni na podlagi člena 261 PDEU.
(170)
Union and national law already provide effective remedies to natural and legal persons whose rights and freedoms are adversely affected by the use of AI systems. Without prejudice to those remedies, any natural or legal person that has grounds to consider that there has been an infringement of this Regulation should be entitled to lodge a complaint to the relevant market surveillance authority.
(170)
Pravo Unije in nacionalno pravo fizičnim in pravnim osebam, na pravice in svoboščine katerih negativno vpliva uporaba sistemov UI, že zagotavljata učinkovita pravna sredstva. Brez poseganja v ta pravna sredstva lahko pritožbo pri ustreznem organu za nadzor trga vloži vsaka fizična ali pravna oseba, ki upravičeno meni, da je prišlo do kršitve te uredbe.
(171)
Affected persons should have the right to obtain an explanation where a deployer’s decision is based mainly upon the output from certain high-risk AI systems that fall within the scope of this Regulation and where that decision produces legal effects or similarly significantly affects those persons in a way that they consider to have an adverse impact on their health, safety or fundamental rights. That explanation should be clear and meaningful and should provide a basis on which the affected persons are able to exercise their rights. The right to obtain an explanation should not apply to the use of AI systems for which exceptions or restrictions follow from Union or national law and should apply only to the extent this right is not already provided for under Union law.
(171)
Osebe, na katere vpliva uporaba sistemov UI, bi morale imeti pravico do pojasnila, kadar odločitev uvajalca temelji predvsem na izhodnih podatkih nekaterih visokotveganih sistemov UI, ki spadajo na področje uporabe te uredbe, in kadar ima ta odločitev pravne učinke za te osebe ali nanje podobno znatno vpliva na način, za katerega menijo, da ima negativne učinke na njihovo zdravje, varnost in temeljne pravice. To pojasnilo bi moralo biti jasno in smiselno ter temelj, na podlagi katerega osebe, na katere vpliva uporaba sistemov UI, lahko uveljavljajo svoje pravice. Pravica do pojasnila se ne bi smela uporabljati za uporabo sistemov UI, za katere izjeme ali omejitve izhajajo iz prava Unije ali nacionalnega prava, temveč bi se morala uporabljati le, če ta pravica še ni določena na podlagi prava Unije.
(172)
Persons acting as whistleblowers on the infringements of this Regulation should be protected under the Union law. Directive (EU) 2019/1937 of the European Parliament and of the Council (54) should therefore apply to the reporting of infringements of this Regulation and the protection of persons reporting such infringements.
(172)
Osebe, ki kot žvižgači opozarjajo na kršitve te uredbe, bi morale biti zaščitene na podlagi prava Unije. Za prijavo kršitev te uredbe in zaščito oseb, ki te kršitve prijavijo, bi se zato morala uporabljati Direktiva (EU) 2019/1937 Evropskega parlamenta in Sveta (54).
(173)
In order to ensure that the regulatory framework can be adapted where necessary, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission to amend the conditions under which an AI system is not to be considered to be high-risk, the list of high-risk AI systems, the provisions regarding technical documentation, the content of the EU declaration of conformity the provisions regarding the conformity assessment procedures, the provisions establishing the high-risk AI systems to which the conformity assessment procedure based on assessment of the quality management system and assessment of the technical documentation should apply, the threshold, benchmarks and indicators, including by supplementing those benchmarks and indicators, in the rules for the classification of general-purpose AI models with systemic risk, the criteria for the designation of general-purpose AI models with systemic risk, the technical documentation for providers of general-purpose AI models and the transparency information for providers of general-purpose AI models. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making (55). In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.
(173)
Za zagotovitev, da se regulativni okvir lahko po potrebi prilagodi, bi bilo treba na Komisijo prenesti pooblastilo, da v skladu s členom 290 PDEU sprejme akte za spremembo pogojev, pod katerimi se sistem UI ne sme šteti za sistem visokega tveganja, seznama visokotveganih sistemov UI, določb o tehnični dokumentaciji, vsebine EU izjave o skladnosti, določb o postopkih ugotavljanja skladnosti, določb o vzpostavitvi visokotveganih sistemov UI, za katere bi se moral uporabljati postopek ugotavljanja skladnosti na podlagi ocene sistema upravljanja kakovosti in ocene tehnične dokumentacije, praga, meril uspešnosti in kazalnikov, tudi z njihovo dopolnitvijo, kot so opredeljeni v pravilih za razvrščanje modelov UI za splošne namene s sistemskim tveganjem, meril za označevanje modelov UI za splošne namene s sistemskim tveganjem, tehnične dokumentacije za ponudnike modelov UI za splošne namene in informacij o preglednosti za ponudnike modelov UI za splošne namene. Zlasti je pomembno, da se Komisija pri svojem pripravljalnem delu ustrezno posvetuje, tudi na ravni strokovnjakov, in da se ta posvetovanja izvedejo v skladu z načeli, določenimi v Medinstitucionalnem sporazumu z dne 13. aprila 2016 o boljši pripravi zakonodaje (55). Za zagotovitev enakopravnega sodelovanja pri pripravi delegiranih aktov Evropski parlament in Svet zlasti prejmeta vse dokumente sočasno s strokovnjaki iz držav članic, njuni strokovnjaki pa se lahko sistematično udeležujejo sestankov strokovnih skupin Komisije, ki zadevajo pripravo delegiranih aktov.
(174)
Given the rapid technological developments and the technical expertise required to effectively apply this Regulation, the Commission should evaluate and review this Regulation by 2 August 2029 and every four years thereafter and report to the European Parliament and the Council. In addition, taking into account the implications for the scope of this Regulation, the Commission should carry out an assessment of the need to amend the list of high-risk AI systems and the list of prohibited practices once a year. Moreover, by 2 August 2028 and every four years thereafter, the Commission should evaluate and report to the European Parliament and to the Council on the need to amend the list of high-risk areas headings in the annex to this Regulation, the AI systems within the scope of the transparency obligations, the effectiveness of the supervision and governance system and the progress on the development of standardisation deliverables on energy efficient development of general-purpose AI models, including the need for further measures or actions. Finally, by 2 August 2028 and every three years thereafter, the Commission should evaluate the impact and effectiveness of voluntary codes of conduct to foster the application of the requirements provided for high-risk AI systems in the case of AI systems other than high-risk AI systems and possibly other additional requirements for such AI systems.
(174)
Glede na hiter tehnološki razvoj in tehnično strokovno znanje, potrebno za učinkovito izvajanje te uredbe bi morala Komisija oceniti in pregledati to uredbo do 2. avgusta 2029 in nato vsaka štiri leta ter poročati Evropskemu parlament in Svetu. Poleg tega bi morala Komisija ob upoštevanju posledic za področje uporabe te uredbe enkrat letno oceniti potrebo po spremembi seznama visokotveganih sistemov UI in seznama prepovedanih praks. Komisija bi morala do 2. avgusta 2028 in nato vsaka štiri leta oceniti tudi potrebo po spremembi seznama področij z visokim tveganjem iz ene od prilog k tej uredbi, sisteme UI, ki spadajo na področje uporabe obveznosti glede preglednosti, učinkovitost sistema nadzora in upravljanja ter napredek pri razvoju standardizacijskih dokumentov o energetsko učinkovitem razvoj modelov UI za splošno rabo, vključno s potrebo po nadaljnjih ukrepih ali dejavnostih, ter o tem poročati Evropskemu parlamentu in Svetu. Komisija bi morala do 2. avgusta 2028 ter nato vsaka tri leta oceniti učinek in učinkovitost prostovoljnih kodeksov ravnanja za spodbujanje uporabe zahtev, ki veljajo za visokotvegane sisteme UI, za sisteme UI, ki niso visokotvegani sistemi UI, ter morebitnih drugih dodatnih zahtev za takšne sisteme UI.
(175)
In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (56).
(175)
Da se zagotovijo enotni pogoji za izvajanje te uredbe, bi bilo treba na Komisijo prenesti izvedbena pooblastila. Ta pooblastila bi bilo treba izvajati v skladu z Uredbo (EU) št. 182/2011 Evropskega parlamenta in Sveta (56).
(176)
Since the objective of this Regulation, namely to improve the functioning of the internal market and to promote the uptake of human centric and trustworthy AI, while ensuring a high level of protection of health, safety, fundamental rights enshrined in the Charter, including democracy, the rule of law and environmental protection against harmful effects of AI systems in the Union and supporting innovation, cannot be sufficiently achieved by the Member States and can rather, by reason of the scale or effects of the action, be better achieved at Union level, the Union may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 TEU. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.
(176)
Ker cilja te uredbe, in sicer izboljšati delovanje notranjega trga in spodbujati uvajanje na človeka osredotočene in zaupanja vredne UI, ob zagotavljanju visoke ravni varovanja zdravja, varnosti, temeljnih pravic iz Listine, vključno z demokracijo, pravno državo in varstvom okolja, pred škodljivimi učinki sistemov UI v Uniji ter podpiranju inovacij, države članice ne morejo zadovoljivo doseči, temveč se zaradi obsega ali učinka ukrepa lažje doseže na ravni Unije, lahko Unija sprejme ukrepe v skladu z načelom subsidiarnosti iz člena 5 PEU. V skladu z načelom sorazmernosti iz navedenega člena ta uredba ne presega tistega, kar je potrebno za doseganje navedenega cilja.
(177)
In order to ensure legal certainty, ensure an appropriate adaptation period for operators and avoid disruption to the market, including by ensuring continuity of the use of AI systems, it is appropriate that this Regulation applies to the high-risk AI systems that have been placed on the market or put into service before the general date of application thereof, only if, from that date, those systems are subject to significant changes in their design or intended purpose. It is appropriate to clarify that, in this respect, the concept of significant change should be understood as equivalent in substance to the notion of substantial modification, which is used with regard only to high-risk AI systems pursuant to this Regulation. On an exceptional basis and in light of public accountability, operators of AI systems which are components of the large-scale IT systems established by the legal acts listed in an annex to this Regulation and operators of high-risk AI systems that are intended to be used by public authorities should, respectively, take the necessary steps to comply with the requirements of this Regulation by end of 2030 and by 2 August 2030.
(177)
Da se zagotovita pravna varnost in ustrezno prilagoditveno obdobje za operaterje ter preprečijo motnje na trgu, vključno z zagotavljanjem neprekinjene uporabe sistemov UI, je primerno, da se ta uredba uporablja za visokotvegane sisteme UI, ki so bili dani na trg ali v uporabo pred splošnim datumom začetka njene uporabe, le, če se pri navedenih sistemih z navedenim datumom bistveno spremeni njihova zasnova ali predvideni namen. Primerno je pojasniti, da bi bilo treba v zvezi s tem koncept bistvene spremembe razumeti kot vsebinsko enakovreden pojmu bistvene spremembe, ki se uporablja samo za visokotvegane sisteme UI na podlagi te uredbe. Tako upravljavci sistemov UI, ki so komponente obsežnih informacijskih sistemov, vzpostavljenih s pravnimi akti iz ene od prilog k tej uredbi, kot tudi operaterji visokotveganih sistemov UI, ki naj bi jih uporabljali javni organi, bi morali izjemoma in glede na javno odgovornost sprejeti potrebne ukrepe za dosego skladnosti z zahtevami iz te uredbe do konca leta 2030 oziroma do 2. avgusta 2030.
(178)
Providers of high-risk AI systems are encouraged to start to comply, on a voluntary basis, with the relevant obligations of this Regulation already during the transitional period.
(178)
Ponudnike visokotveganih sistemov UI se spodbuja, da že v prehodnem obdobju začnejo prostovoljno izpolnjevati ustrezne obveznosti iz te uredbe.
(179)
This Regulation should apply from 2 August 2026. However, taking into account the unacceptable risk associated with the use of AI in certain ways, the prohibitions as well as the general provisions of this Regulation should already apply from 2 February 2025. While the full effect of those prohibitions follows with the establishment of the governance and enforcement of this Regulation, anticipating the application of the prohibitions is important to take account of unacceptable risks and to have an effect on other procedures, such as in civil law. Moreover, the infrastructure related to the governance and the conformity assessment system should be operational before 2 August 2026, therefore the provisions on notified bodies and governance structure should apply from 2 August 2025. Given the rapid pace of technological advancements and adoption of general-purpose AI models, obligations for providers of general-purpose AI models should apply from 2 August 2025. Codes of practice should be ready by 2 May 2025 in view of enabling providers to demonstrate compliance on time. The AI Office should ensure that classification rules and procedures are up to date in light of technological developments. In addition, Member States should lay down and notify to the Commission the rules on penalties, including administrative fines, and ensure that they are properly and effectively implemented by the date of application of this Regulation. Therefore the provisions on penalties should apply from 2 August 2025.
(179)
Ta uredba se uporablja od 2. avgusta 2026. Vendar bi bilo treba zaradi nesprejemljivega tveganja, povezanega z uporabo UI na določene načine, prepovedi ter splošne določbe te uredbe uporabljati že od 2. februarja 2025. Čeprav bodo te prepovedi polno učinkovale šele po vzpostavitvi upravljanja in izvrševanja te uredbe, je pomembno predvideti uporabo prepovedi, da se upoštevajo nesprejemljiva tveganja in zato, da bi to vplivalo na druge postopke, kot denimo v civilnem pravu. Poleg tega bi morala infrastruktura, povezana z upravljanjem in sistemom ugotavljanja skladnosti, začeti delovati pred 2. avgustom 2026, zato bi bilo treba določbe o priglašenih organih in strukturi upravljanja uporabljati od 2. avgusta 2025. Glede na hiter tehnološki napredek in sprejetje modelov UI za splošne namene bi bilo treba obveznosti za ponudnike modelov UI za splošne namene uporabljati od 2. avgusta 2025. Kodekse prakse bi bilo treba pripraviti najpozneje do 2. maja 2025, da bi ponudniki lahko pravočasno dokazali skladnost. Urad za UI bi moral zagotavljati posodabljanje pravil in postopkov razvrščanja glede na tehnološki razvoj. Poleg tega bi morale države članice določiti pravila o kaznih, vključno z upravnimi globami, in o njih uradno obvestiti Komisijo ter do datuma začetka uporabe te uredbe zagotoviti, da jih bodo učinkovito izvajale. Zato bi bilo treba določbe o kaznih uporabljati od 2. avgusta 2025.
(180)
The European Data Protection Supervisor and the European Data Protection Board were consulted in accordance with Article 42(1) and (2) of Regulation (EU) 2018/1725 and delivered their joint opinion on 18 June 2021,
(180)
V skladu s členom 42(1) in (2) Uredbe (EU) 2018/1725 je bilo opravljeno posvetovanje z Evropskim nadzornikom za varstvo podatkov in Evropskim odborom za varstvo podatkov, ki sta dala mnenje 18. junija 2021 –
HAVE ADOPTED THIS REGULATION:
SPREJELA NASLEDNJO UREDBO:
1. This Regulation applies to:
1. Ta uredba se uporablja za:
(a)
providers placing on the market or putting into service AI systems or placing on the market general-purpose AI models in the Union, irrespective of whether those providers are established or located within the Union or in a third country;
(a)
ponudnike, ki dajejo na trg ali v uporabo sisteme UI ali dajejo na trg modele UI za splošne namene v Uniji, ne glede na to, ali imajo ti ponudniki sedež ali se nahajajo v Uniji ali v tretji državi;
(b)
deployers of AI systems that have their place of establishment or are located within the Union;
(b)
uvajalce sistemov UI, ki imajo sedež ali se nahajajo v Uniji;
(c)
providers and deployers of AI systems that have their place of establishment or are located in a third country, where the output produced by the AI system is used in the Union;
(c)
ponudnike in uvajalce sistemov UI, ki imajo sedež ali se nahajajo v tretji državi, kadar se izhodni podatki, ki jih sistem UI ustvari, uporabljajo v Uniji;
(d)
importers and distributors of AI systems;
(d)
uvoznike in distributerje sistemov UI;
(e)
product manufacturers placing on the market or putting into service an AI system together with their product and under their own name or trademark;
(e)
proizvajalce proizvodov, ki dajejo sistem UI na trg ali v uporabo skupaj s svojim proizvodom in pod svojim imenom ali znamko;
(f)
authorised representatives of providers, which are not established in the Union;
(f)
pooblaščene zastopnike ponudnikov, ki nimajo sedeža v Uniji;
(g)
affected persons that are located in the Union.
(g)
osebe, ki jih zadeva in se nahajajo v Uniji.
2. For AI systems classified as high-risk AI systems in accordance with Article 6(1) related to products covered by the Union harmonisation legislation listed in Section B of Annex I, only Article 6(1), Articles 102 to 109 and Article 112 apply. Article 57 applies only in so far as the requirements for high-risk AI systems under this Regulation have been integrated in that Union harmonisation legislation.
2. Za sisteme UI, ki so razvrščeni med visoko tvegane sisteme UI v skladu s členom 6(1) v povezavi s proizvodi, zajetimi v harmonizacijski zakonodaji Unije s seznama v Prilogi I, oddelek B, se uporablja samo člen 6(1), členi 102 do 109 in člen 112. Člen 57 se uporablja le, če so bile zahteve za visokotvegane sisteme UI iz te uredbe vključene v to harmonizacijsko zakonodajo Unije.
3. This Regulation does not apply to areas outside the scope of Union law, and shall not, in any event, affect the competences of the Member States concerning national security, regardless of the type of entity entrusted by the Member States with carrying out tasks in relation to those competences.
3. Ta uredba se ne uporablja za področja, ki ne spadajo na področje uporabe prava Unije, in v nobenem primeru ne vpliva na pristojnosti držav članic v zvezi z nacionalno varnostjo, ne glede na vrsto subjekta, ki ga države članice pooblastijo za opravljanje nalog v zvezi s temi pristojnostmi.
This Regulation does not apply to AI systems where and in so far they are placed on the market, put into service, or used with or without modification exclusively for military, defence or national security purposes, regardless of the type of entity carrying out those activities.
Ta uredba se ne uporablja za sisteme UI, kadar in kolikor so s spremembami ali brez njih dani na trg ali v uporabo oziroma se uporabljajo izključno za vojaške, obrambne ali nacionalne varnostne namene, ne glede na vrsto subjekta, ki izvaja te dejavnosti.
This Regulation does not apply to AI systems which are not placed on the market or put into service in the Union, where the output is used in the Union exclusively for military, defence or national security purposes, regardless of the type of entity carrying out those activities.
Ta uredba se ne uporablja za sisteme UI, ki niso dani na trg ali v uporabo v Uniji, kadar se izhodni podatki uporabljajo v Uniji izključno za vojaške, obrambne ali nacionalne varnostne namene, ne glede na vrsto subjekta, ki izvaja te dejavnosti.
4. This Regulation applies neither to public authorities in a third country nor to international organisations falling within the scope of this Regulation pursuant to paragraph 1, where those authorities or organisations use AI systems in the framework of international cooperation or agreements for law enforcement and judicial cooperation with the Union or with one or more Member States, provided that such a third country or international organisation provides adequate safeguards with respect to the protection of fundamental rights and freedoms of individuals.
4. Ta uredba se ne uporablja za javne organe v tretji državi in mednarodne organizacije, ki spadajo na področje uporabe te uredbe na podlagi odstavka 1, kadar ti organi ali organizacije uporabljajo sisteme UI v okviru mednarodnega sodelovanja ali sporazumov za sodelovanje na področju preprečevanja, odkrivanja in preiskovanja kaznivih dejanj ter za sodelovanje na področju pravosodja z Unijo ali z eno ali več državami članicami, pod pogojem, da ta tretja država ali mednarodna organizacija zagotovi ustrezne zaščitne ukrepe v zvezi z varstvom temeljnih pravic in svoboščin posameznikov.
5. This Regulation shall not affect the application of the provisions on the liability of providers of intermediary services as set out in Chapter II of Regulation (EU) 2022/2065.
5. Ta uredba ne vpliva na uporabo določb o odgovornosti ponudnikov posredniških storitev iz poglavja II Uredbe (EU) 2022/2065.
6. This Regulation does not apply to AI systems or AI models, including their output, specifically developed and put into service for the sole purpose of scientific research and development.
6. Ta uredba se ne uporablja za sisteme UI ali modele UI, vključno z njihovimi izhodnimi podatki, posebej razvite in dane v uporabo zgolj za namene znanstvenih raziskav in razvoja.
7. Union law on the protection of personal data, privacy and the confidentiality of communications applies to personal data processed in connection with the rights and obligations laid down in this Regulation. This Regulation shall not affect Regulation (EU) 2016/679 or (EU) 2018/1725, or Directive 2002/58/EC or (EU) 2016/680, without prejudice to Article 10(5) and Article 59 of this Regulation.
7. Pravo Unije o varstvu osebnih podatkov, zasebnosti in zaupnosti komunikacij se uporablja za osebne podatke, ki se obdelujejo v zvezi s pravicami in obveznostmi iz te uredbe. Brez poseganja v člen 10(5) in člen 59 te uredbe ta uredba ne vpliva na Uredbo (EU) 2016/679 ali (EU) 2018/1725 ali Direktivo 2002/58/ES ali (EU) 2016/680.
8. This Regulation does not apply to any research, testing or development activity regarding AI systems or AI models prior to their being placed on the market or put into service. Such activities shall be conducted in accordance with applicable Union law. Testing in real world conditions shall not be covered by that exclusion.
8. Ta uredba se ne uporablja za raziskovalne dejavnosti, dejavnosti testiranja ali razvojne dejavnosti v zvezi z sistemi UI ali modeli UI, preden se ti dajo na trg ali v uporabo. Te dejavnosti se morajo izvajati v skladu z veljavnim pravom Unije. Ta izključitev ne zajema testiranja v realnih razmerah.
9. This Regulation is without prejudice to the rules laid down by other Union legal acts related to consumer protection and product safety.
9. Ta uredba ne posega v pravila, določena v drugih pravnih aktih Unije v zvezi z varstvom potrošnikov in varnostjo proizvodov.
10. This Regulation does not apply to obligations of deployers who are natural persons using AI systems in the course of a purely personal non-professional activity.
10. Ta uredba se ne uporablja za obveznosti uvajalcev, ki so fizične osebe in uporabljajo sisteme UI v okviru povsem osebne nepoklicne dejavnosti.
11. This Regulation does not preclude the Union or Member States from maintaining or introducing laws, regulations or administrative provisions which are more favourable to workers in terms of protecting their rights in respect of the use of AI systems by employers, or from encouraging or allowing the application of collective agreements which are more favourable to workers.
11. Ta uredba Uniji ali državam članicam ne preprečuje, da ohranijo ali uvedejo zakone ali druge predpise, ki so za delavce ugodnejši v smislu varstva njihovih pravic v zvezi z delodajalčevo uporabo sistemov UI, ali da spodbujajo ali dovolijo uporabo kolektivnih pogodb, ki so za delavce ugodnejše.
12. This Regulation does not apply to AI systems released under free and open-source licences, unless they are placed on the market or put into service as high-risk AI systems or as an AI system that falls under Article 5 or 50.
12. Ta uredba se ne uporablja za sisteme UI, objavljene na podlagi prostih in odprtokodnih licenc, razen če so dani na trg ali v uporabo kot visokotvegani sistemi UI ali sistem UI iz člena 5 ali 50.
1. The following AI practices shall be prohibited:
1. Prepovedane so naslednje prakse UI:
(a)
the placing on the market, the putting into service or the use of an AI system that deploys subliminal techniques beyond a person’s consciousness or purposefully manipulative or deceptive techniques, with the objective, or the effect of materially distorting the behaviour of a person or a group of persons by appreciably impairing their ability to make an informed decision, thereby causing them to take a decision that they would not have otherwise taken in a manner that causes or is reasonably likely to cause that person, another person or group of persons significant harm;
(a)
dajanje na trg, dajanje v uporabo ali uporaba sistema UI, ki uporablja subliminalne tehnike, ki presegajo zavest osebe, ali namerno manipulativne ali zavajajoče tehnike, s ciljem ali učinkom bistvenega izkrivljanja vedenja osebe ali skupine oseb, tako da se znatno zmanjša njihova sposobnost, da sprejmejo informirano odločitev, zaradi česar sprejmejo odločitev, ki je sicer ne bi sprejeli, na način, ki tej osebi, drugi osebi ali skupini oseb povzroči znatno škodo ali za katerega obstaja razumna verjetnost, da bo povzročil znatno škodo;
(b)
the placing on the market, the putting into service or the use of an AI system that exploits any of the vulnerabilities of a natural person or a specific group of persons due to their age, disability or a specific social or economic situation, with the objective, or the effect, of materially distorting the behaviour of that person or a person belonging to that group in a manner that causes or is reasonably likely to cause that person or another person significant harm;
(b)
dajanje na trg, dajanje v uporabo ali uporaba sistema UI, ki izkorišča katere koli šibke točke fizične osebe ali določene skupine oseb zaradi njihove starosti, invalidnosti ali posebnega socialnega ali ekonomskega položaja, s ciljem ali učinkom, bistvenega izkrivljanja vedenja te osebe ali osebe iz te skupine na način, ki tej ali drugi osebi povzroči znatno škodo ali za katerega obstaja razumna verjetnost, da bo povzročil znatno škodo;
(c)
the placing on the market, the putting into service or the use of AI systems for the evaluation or classification of natural persons or groups of persons over a certain period of time based on their social behaviour or known, inferred or predicted personal or personality characteristics, with the social score leading to either or both of the following:
(c)
dajanje na trg, dajanje v uporabo ali uporaba sistemov UI za ocenjevanje ali razvrščanje fizičnih oseb ali skupin, ki jim pripadajo, v določenem časovnem obdobju na podlagi njihovega družbenega vedenja ali znanih, predpostavljenih ali predvidenih osebnih ali osebnostnih značilnosti, pri čemer število družbenih točk privede do ene ali obeh naslednjih možnosti:
(i)
detrimental or unfavourable treatment of certain natural persons or groups of persons in social contexts that are unrelated to the contexts in which the data was originally generated or collected;
(i)
škodljiva ali neugodna obravnava nekaterih fizičnih oseb ali skupin oseb v družbenih okoliščinah, ki niso povezane s konteksti, v katerih so bili podatki prvotno ustvarjeni ali zbrani;
(ii)
detrimental or unfavourable treatment of certain natural persons or groups of persons that is unjustified or disproportionate to their social behaviour or its gravity;
(ii)
škodljiva ali neugodna obravnava nekaterih fizičnih oseb ali skupin oseb, ki je neupravičena ali nesorazmerna z njihovim družbenim vedenjem ali resnostjo njihovega družbenega vedenja;
(d)
the placing on the market, the putting into service for this specific purpose, or the use of an AI system for making risk assessments of natural persons in order to assess or predict the risk of a natural person committing a criminal offence, based solely on the profiling of a natural person or on assessing their personality traits and characteristics; this prohibition shall not apply to AI systems used to support the human assessment of the involvement of a person in a criminal activity, which is already based on objective and verifiable facts directly linked to a criminal activity;
(d)
dajanje na trg, dajanje v uporabo za ta posebni namen ali uporaba sistema UI za ocenjevanje tveganja v zvezi s fizičnimi osebami, da se oceni ali predvidi, kakšno je tveganje, da bo fizična oseba storila kaznivo dejanje, izključno na podlagi oblikovanja profila fizične osebe ali ocenjevanja njenih osebnostnih lastnosti in značilnosti; ta prepoved se ne uporablja za sisteme UI, ki se uporabljajo za podporo človeški oceni vpletenosti osebe v kriminalno dejavnost, ki že temelji na objektivnih in preverljivih dejstvih, neposredno povezanih s kriminalno dejavnostjo;
(e)
the placing on the market, the putting into service for this specific purpose, or the use of AI systems that create or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage;
(e)
dajanje na trg, dajanje v uporabo za ta posebni namen ali uporaba sistemov UI, ki z neciljnim odvzemom podob obraza z interneta ali s posnetkov kamer CCTV ustvarjajo ali širijo podatkovne zbirke za prepoznavanje obraza;
(f)
the placing on the market, the putting into service for this specific purpose, or the use of AI systems to infer emotions of a natural person in the areas of workplace and education institutions, except where the use of the AI system is intended to be put in place or into the market for medical or safety reasons;
(f)
dajanje na trg, dajanje v uporabo za ta posebni namen ali uporaba sistemov UI za sklepanje o čustvih fizične osebe na delovnem mestu in v izobraževalnih ustanovah, razen kadar je uporaba sistema UI namenjena uvedbi ali dajanju na trg iz zdravstvenih ali varnostnih razlogov;
(g)
the placing on the market, the putting into service for this specific purpose, or the use of biometric categorisation systems that categorise individually natural persons based on their biometric data to deduce or infer their race, political opinions, trade union membership, religious or philosophical beliefs, sex life or sexual orientation; this prohibition does not cover any labelling or filtering of lawfully acquired biometric datasets, such as images, based on biometric data or categorizing of biometric data in the area of law enforcement;
(g)
dajanje na trg, dajanje v uporabo za ta posebni namen ali uporaba sistemov za biometrično kategorizacijo, ki posameznike razvrščajo na podlagi njihovih biometričnih podatkov, da bi prišli do sklepov ali ugotovitev glede njihove rase, političnega prepričanja, članstva v sindikatu, verskega ali filozofskega prepričanja, spolnega življenja ali spolne usmerjenosti; ta prepoved ne zajema označevanja ali filtriranja zakonito pridobljenih naborov biometričnih podatkov, kot so slike, na podlagi biometričnih podatkov ali kategorizacije biometričnih podatkov na področju preprečevanja, odkrivanja in preiskovanja kaznivih dejanj;
(h)
the use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for the purposes of law enforcement, unless and in so far as such use is strictly necessary for one of the following objectives:
(h)
uporaba sistemov za biometrično identifikacijo na daljavo v realnem času v javno dostopnih prostorih za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, razen če je taka uporaba nujno potrebna za enega od naslednjih ciljev:
(i)
the targeted search for specific victims of abduction, trafficking in human beings or sexual exploitation of human beings, as well as the search for missing persons;
(i)
ciljno usmerjeno iskanje določenih žrtev ugrabitev, trgovine z ljudmi ali spolnega izkoriščanja ljudi ter iskanje pogrešanih oseb;
(ii)
the prevention of a specific, substantial and imminent threat to the life or physical safety of natural persons or a genuine and present or genuine and foreseeable threat of a terrorist attack;
(ii)
preprečitev konkretne, znatne in neposredne nevarnosti za življenje ali fizično varnost fizičnih oseb ali resnične in sedanje ali resnične in predvidljive grožnje terorističnega napada;
(iii)
the localisation or identification of a person suspected of having committed a criminal offence, for the purpose of conducting a criminal investigation or prosecution or executing a criminal penalty for offences referred to in Annex II and punishable in the Member State concerned by a custodial sentence or a detention order for a maximum period of at least four years.
(iii)
lokalizacija ali identifikacija osebe, osumljene storitve kaznivega dejanja, za namen izvajanja kazenske preiskave ali pregona ali izvršitve kazenske sankcije za kazniva dejanja iz Priloge II, za katera je v zadevni državi članici predpisana zgornja meja zaporne kazni ali ukrepa, vezanega na odvzem prostosti, najmanj štiri leta.
Point (h) of the first subparagraph is without prejudice to Article 9 of Regulation (EU) 2016/679 for the processing of biometric data for purposes other than law enforcement.
Točka (h) prvega pododstavka ne posega v člen 9 Uredbe (EU) 2016/679 v zvezi z obdelavo biometričnih podatkov za namene, ki niso preprečevanje, odkrivanje in preiskovanje kaznivih dejanj.
2. The use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for the purposes of law enforcement for any of the objectives referred to in paragraph 1, first subparagraph, point (h), shall be deployed for the purposes set out in that point only to confirm the identity of the specifically targeted individual, and it shall take into account the following elements:
2. Sistemi za biometrično identifikacijo na daljavo v realnem času v javno dostopnih prostorih za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj za katerega koli od ciljev iz odstavka 1, prvi pododstavek, točka (h), se uporabljajo za namene iz navedene točke, samo da se potrdi identiteta točno določenega posameznika, pri čemer se upoštevajo naslednji elementi:
(a)
the nature of the situation giving rise to the possible use, in particular the seriousness, probability and scale of the harm that would be caused if the system were not used;
(a)
narava razmer, ki povzročajo morebitno uporabo, zlasti resnost, verjetnost in obseg škode, ki bi bila povzročena, če se sistem ne bi uporabljal;
(b)
the consequences of the use of the system for the rights and freedoms of all persons concerned, in particular the seriousness, probability and scale of those consequences.
(b)
posledice uporabe sistema za pravice in svoboščine vseh zadevnih oseb, zlasti resnost, verjetnost in obseg teh posledic.
In addition, the use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for the purposes of law enforcement for any of the objectives referred to in paragraph 1, first subparagraph, point (h), of this Article shall comply with necessary and proportionate safeguards and conditions in relation to the use in accordance with the national law authorising the use thereof, in particular as regards the temporal, geographic and personal limitations. The use of the ‘real-time’ remote biometric identification system in publicly accessible spaces shall be authorised only if the law enforcement authority has completed a fundamental rights impact assessment as provided for in Article 27 and has registered the system in the EU database according to Article 49. However, in duly justified cases of urgency, the use of such systems may be commenced without the registration in the EU database, provided that such registration is completed without undue delay.
Poleg tega mora biti uporaba sistemov za biometrično identifikacijo na daljavo v realnem času v javno dostopnih prostorih za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj za katerega koli od ciljev iz odstavka 1, prvi pododstavek, točka (h), tega člena skladna s potrebnimi in sorazmernimi zaščitnimi ukrepi in pogoji v zvezi z uporabo po nacionalnem pravu, ki dovoljuje njihovo uporabo, zlasti kar zadeva časovne, geografske in osebne omejitve. Uporaba sistema za biometrično identifikacijo na daljavo v realnem času v javno dostopnih prostorih se dovoli le, če je organ za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj opravil oceno učinka na temeljne pravice iz člena 27 in sistem registriral v podatkovni zbirki EU v skladu s členom 49. Vendar se lahko v ustrezno utemeljenih nujnih primerih uporaba takšnih sistemov začne brez registracije v podatkovni zbirki EU, če se takšna registracija zaključi brez nepotrebnega odlašanja.
3. For the purposes of paragraph 1, first subparagraph, point (h) and paragraph 2, each use for the purposes of law enforcement of a ‘real-time’ remote biometric identification system in publicly accessible spaces shall be subject to a prior authorisation granted by a judicial authority or an independent administrative authority whose decision is binding of the Member State in which the use is to take place, issued upon a reasoned request and in accordance with the detailed rules of national law referred to in paragraph 5. However, in a duly justified situation of urgency, the use of such system may be commenced without an authorisation provided that such authorisation is requested without undue delay, at the latest within 24 hours. If such authorisation is rejected, the use shall be stopped with immediate effect and all the data, as well as the results and outputs of that use shall be immediately discarded and deleted.
3. Za namene odstavka 1, prvi pododstavek, točka (h), in odstavka 2 je za vsako uporabo sistema za biometrično identifikacijo na daljavo v realnem času v javno dostopnih prostorih za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj treba pridobiti predhodno dovoljenje sodnega organa ali neodvisnega upravnega organa, katerega odločitev je zavezujoča za državo članico, v kateri bo potekala uporaba, izdano na podlagi obrazložene zahteve in v skladu s podrobnimi pravili nacionalnega prava iz odstavka 5. Vendar se lahko v ustrezno utemeljenih nujnih primerih uporaba takšnega sistema začne brez dovoljenja, pod pogojem, da se takšno dovoljenje zahteva brez nepotrebnega odlašanja in najpozneje v 24 urah. Če se takšno dovoljenje zavrne, se njegova uporaba takoj ustavi, vsi podatki ter izhodni podatki in izsledki, ki izhajajo iz te uporabe, pa se takoj zavržejo in izbrišejo.
The competent judicial authority or an independent administrative authority whose decision is binding shall grant the authorisation only where it is satisfied, on the basis of objective evidence or clear indications presented to it, that the use of the ‘real-time’ remote biometric identification system concerned is necessary for, and proportionate to, achieving one of the objectives specified in paragraph 1, first subparagraph, point (h), as identified in the request and, in particular, remains limited to what is strictly necessary concerning the period of time as well as the geographic and personal scope. In deciding on the request, that authority shall take into account the elements referred to in paragraph 2. No decision that produces an adverse legal effect on a person may be taken based solely on the output of the ‘real-time’ remote biometric identification system.
Pristojni sodni organ ali neodvisni upravni organ, katerega odločitev je zavezujoča, izda dovoljenje samo v primeru, kadar se na podlagi objektivnih dokazov ali jasnih navedb, ki so mu bili predloženi, prepriča, da je uporaba zadevnega sistema za biometrično identifikacijo na daljavo v realnem času potrebna in sorazmerna za doseganje enega od ciljev iz odstavka 1, prvi pododstavek, točka (h), kot je opredeljeno v zahtevi, in zlasti ostaja omejena na to, kar je nujno potrebno v zvezi z obdobjem ter geografskim in osebnim področjem uporabe. Pri odločanju o zahtevi ta organ upošteva elemente iz odstavka 2. Nobena odločitev, ki ima škodljiv pravni učinek na osebo, se ne sme sprejeti samo na podlagi izhodnih podatkov sistema za biometrično identifikacijo na daljavo v realnem času.
4. Without prejudice to paragraph 3, each use of a ‘real-time’ remote biometric identification system in publicly accessible spaces for law enforcement purposes shall be notified to the relevant market surveillance authority and the national data protection authority in accordance with the national rules referred to in paragraph 5. The notification shall, as a minimum, contain the information specified under paragraph 6 and shall not include sensitive operational data.
4. Brez poseganja v odstavek 3 je treba o vsaki uporabi sistema za biometrično identifikacijo na daljavo v realnem času v javno dostopnih prostorih za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj uradno obvestiti ustrezni organ za nadzor trga in nacionalni organ za varstvo podatkov v skladu z nacionalnimi pravili iz odstavka 5. Obvestilo vsebuje vsaj informacije iz odstavka 6 in ne vključuje občutljivih operativnih podatkov.
5. A Member State may decide to provide for the possibility to fully or partially authorise the use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for the purposes of law enforcement within the limits and under the conditions listed in paragraph 1, first subparagraph, point (h), and paragraphs 2 and 3. Member States concerned shall lay down in their national law the necessary detailed rules for the request, issuance and exercise of, as well as supervision and reporting relating to, the authorisations referred to in paragraph 3. Those rules shall also specify in respect of which of the objectives listed in paragraph 1, first subparagraph, point (h), including which of the criminal offences referred to in point (h)(iii) thereof, the competent authorities may be authorised to use those systems for the purposes of law enforcement. Member States shall notify those rules to the Commission at the latest 30 days following the adoption thereof. Member States may introduce, in accordance with Union law, more restrictive laws on the use of remote biometric identification systems.
5. Država članica se lahko odloči, da v okviru omejitev in pod pogoji iz odstavka 1, prvi pododstavek, točka (h), ter odstavkov 2 in 3 v celoti ali delno dovoli uporabo sistemov za biometrično identifikacijo na daljavo v realnem času v javno dostopnih prostorih za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj. Zadevne države članice v svojem nacionalnem pravu določijo potrebna podrobna pravila v zvezi z vložitvijo zahteve za dovoljenja iz odstavka 3, izdajo, izvrševanjem in spremljanjem teh dovoljenj ter poročanjem v zvezi z njimi. V teh pravilih je tudi določeno, za katere od ciljev iz odstavka 1, prvi pododstavek, točka (h), med drugim tudi, za katera kazniva dejanja iz točke (h)(iii) navedenega odstavka, se lahko pristojnim organom dovoli uporaba teh sistemov za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj. Države članice obvestijo Komisijo o teh pravilih najpozneje 30 dni po njihovem sprejetju. Države članice lahko v skladu s pravom Unije uvedejo strožje zakone o uporabi sistemov za biometrično identifikacijo na daljavo.
6. National market surveillance authorities and the national data protection authorities of Member States that have been notified of the use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for law enforcement purposes pursuant to paragraph 4 shall submit to the Commission annual reports on such use. For that purpose, the Commission shall provide Member States and national market surveillance and data protection authorities with a template, including information on the number of the decisions taken by competent judicial authorities or an independent administrative authority whose decision is binding upon requests for authorisations in accordance with paragraph 3 and their result.
6. Nacionalni organi za nadzor trga in nacionalni organi za varstvo podatkov držav članic, ki so bili na podlagi odstavka 4 obveščeni o uporabi sistemov za biometrično identifikacijo na daljavo v realnem času v javno dostopnih prostorih za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, Komisiji predložijo letna poročila o taki uporabi. V ta namen Komisija državam članicam ter nacionalnim organom za nadzor trga in varstvo podatkov zagotovi predlogo, ki vključuje informacije o številu odločitev, ki jih glede zahtevkov za dovoljenja v skladu z odstavkom 3 sprejmejo pristojni sodni organi ali neodvisni upravni organ, katerega odločitev je zavezujoča, in o njihovih rezultatih.
7. The Commission shall publish annual reports on the use of real-time remote biometric identification systems in publicly accessible spaces for law enforcement purposes, based on aggregated data in Member States on the basis of the annual reports referred to in paragraph 6. Those annual reports shall not include sensitive operational data of the related law enforcement activities.
7. Komisija objavi letna poročila o uporabi sistemov za biometrično identifikacijo na daljavo v realnem času v javno dostopnih prostorih za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj na podlagi zbirnih podatkov v državah članicah, ki temeljijo na letnih poročilih iz odstavka 6. Ta letna poročila ne vključujejo občutljivih operativnih podatkov o povezanih dejavnostih preprečevanja, odkrivanja in preiskovanja kaznivih dejanj.
8. This Article shall not affect the prohibitions that apply where an AI practice infringes other Union law.
8. Ta člen ne vpliva na prepovedi, ki se uporabljajo, kadar praksa UI krši drugo pravo Unije.
Classification rules for high-risk AI systems
Pravila razvrstitve za visokotvegane sisteme UI
1. Irrespective of whether an AI system is placed on the market or put into service independently of the products referred to in points (a) and (b), that AI system shall be considered to be high-risk where both of the following conditions are fulfilled:
1. Ne glede na to, ali je sistem UI dan na trg ali v uporabo neodvisno od proizvodov iz točk (a) in (b), se ta sistem UI šteje za visokotvegani, kadar sta izpolnjena oba naslednja pogoja:
(a)
the AI system is intended to be used as a safety component of a product, or the AI system is itself a product, covered by the Union harmonisation legislation listed in Annex I;
(a)
sistem UI je namenjen uporabi kot varnostna komponenta proizvoda ali pa je sam sistem UI proizvod, ki ga zajema harmonizacijska zakonodaja Unije iz Priloge I;
(b)
the product whose safety component pursuant to point (a) is the AI system, or the AI system itself as a product, is required to undergo a third-party conformity assessment, with a view to the placing on the market or the putting into service of that product pursuant to the Union harmonisation legislation listed in Annex I.
(b)
za proizvod, katerega varnostna komponenta na podlagi točke (a) je sistem UI, ali za sistem UI, ki je sam proizvod, je treba opraviti ugotavljanje skladnosti s strani tretje osebe zaradi dajanja tega proizvoda na trg ali v uporabo na podlagi harmonizacijske zakonodaje Unije iz Priloge I.
2. In addition to the high-risk AI systems referred to in paragraph 1, AI systems referred to in Annex III shall be considered to be high-risk.
2. Poleg visokotveganih sistemov UI iz odstavka 1 za visokotvegane sisteme UI štejejo tudi sistemi UI iz Priloge III.
3. By derogation from paragraph 2, an AI system referred to in Annex III shall not be considered to be high-risk where it does not pose a significant risk of harm to the health, safety or fundamental rights of natural persons, including by not materially influencing the outcome of decision making.
3. Z odstopanjem od odstavka 2 sistem UI iz Priloge III ne šteje za visokotvegan, kadar ne predstavlja znatnega tveganja škode za zdravje, varnost ali temeljne pravice fizičnih oseb, tudi s tem, da ne vpliva bistveno na izid odločanja.
The first subparagraph shall apply where any of the following conditions is fulfilled:
Prvi pododstavek se uporablja, kadar je izpolnjen kateri koli od naslednjih pogojev:
(a)
the AI system is intended to perform a narrow procedural task;
(a)
sistem UI naj bi opravljal omejeno postopkovno nalogo;
(b)
the AI system is intended to improve the result of a previously completed human activity;
(b)
namen sistema UI je izboljšati rezultat predhodno zaključene človeške dejavnosti;
(c)
the AI system is intended to detect decision-making patterns or deviations from prior decision-making patterns and is not meant to replace or influence the previously completed human assessment, without proper human review; or
(c)
sistem UI je namenjen odkrivanju vzorcev odločanja ali odstopanj od predhodnih vzorcev odločanja in ni namenjen nadomeščanju ali vplivanju na predhodno dokončano človeško oceno brez ustreznega človeškega pregleda ali
(d)
the AI system is intended to perform a preparatory task to an assessment relevant for the purposes of the use cases listed in Annex III.
(d)
sistem UI je namenjen izvedbi pripravljalne naloge za oceno, ki je pomembna za namene primerov uporabe iz Priloge III.
Notwithstanding the first subparagraph, an AI system referred to in Annex III shall always be considered to be high-risk where the AI system performs profiling of natural persons.
Ne glede na prvi pododstavek sistem UI iz Priloge III vedno šteje za visokotvegan, kadar izvaja oblikovanje profila fizičnih oseb.
4. A provider who considers that an AI system referred to in Annex III is not high-risk shall document its assessment before that system is placed on the market or put into service. Such provider shall be subject to the registration obligation set out in Article 49(2). Upon request of national competent authorities, the provider shall provide the documentation of the assessment.
4. Ponudnik, ki meni, da sistem UI iz Priloge III ne pomeni visokega tveganja, dokumentira svojo oceno, preden se ta sistem da na trg ali v uporabo. Za takega ponudnika velja obveznost registracije iz člena 49(2). Ponudnik na zahtevo pristojnih nacionalnih organov predloži dokumentacijo o oceni.
5. The Commission shall, after consulting the European Artificial Intelligence Board (the ‘Board’), and no later than 2 February 2026, provide guidelines specifying the practical implementation of this Article in line with Article 96 together with a comprehensive list of practical examples of use cases of AI systems that are high-risk and not high-risk.
5. Komisija po posvetovanju z Evropskim odborom za umetno inteligenco (v nadaljnjem besedilu: Odbor) in najpozneje do 2. februarja 2026 zagotovi smernice, v katerih določi praktično izvajanje tega člena v skladu s členom 96, skupaj s celovitim seznamom praktičnih primerov uporabe visokotveganih sistemov UI in sistemov UI brez visokega tveganja.
6. The Commission is empowered to adopt delegated acts in accordance with Article 97 in order to amend paragraph 3, second subparagraph, of this Article by adding new conditions to those laid down therein, or by modifying them, where there is concrete and reliable evidence of the existence of AI systems that fall under the scope of Annex III, but do not pose a significant risk of harm to the health, safety or fundamental rights of natural persons.
6. Na Komisijo se prenese pooblastilo za sprejemanje delegiranih aktov v skladu s členom 97, da bi spremenila odstavek 3, drugi pododstavek, tega člena, s tem da bi k tam določenim pogojem dodala nove pogoje ali jih spremenila, kadar obstajajo konkretni in zanesljivi dokazi o obstoju sistemov UI, ki spadajo na področje uporabe Priloge III, vendar ne predstavljajo znatnega tveganja škode za zdravje, varnost ali temeljne pravice fizičnih oseb.
7. The Commission shall adopt delegated acts in accordance with Article 97 in order to amend paragraph 3, second subparagraph, of this Article by deleting any of the conditions laid down therein, where there is concrete and reliable evidence that this is necessary to maintain the level of protection of health, safety and fundamental rights provided for by this Regulation.
7. Komisija sprejme delegirane akte v skladu s členom 97, da bi spremenila kateri koli pogoj iz odstavka 3, drugi pododstavek, tega člena, s črtanjem katerih koli tam določenih pogojev, kadar obstajajo konkretni in zanesljivi dokazi, da je to potrebno za ohranjanje ravni varovanja zdravja, varnosti in temeljnih pravic iz te uredbe.
8. Any amendment to the conditions laid down in paragraph 3, second subparagraph, adopted in accordance with paragraphs 6 and 7 of this Article shall not decrease the overall level of protection of health, safety and fundamental rights provided for by this Regulation and shall ensure consistency with the delegated acts adopted pursuant to Article 7(1), and take account of market and technological developments.
8. Nobena sprememba pogojev iz odstavka 3, drugi pododstavek, sprejeta v skladu z odstavkoma 6 in 7 tega člena, ne zmanjša splošne ravni varovanja zdravja, varnosti in temeljnih pravic iz te uredbe ter zagotovi skladnost z delegiranimi akti, sprejetimi na podlagi člena 7(1), ter upošteva tržni in tehnološki razvoj.
Sistem za obvladovanje tveganja
1. A risk management system shall be established, implemented, documented and maintained in relation to high-risk AI systems.
1. V zvezi z visokotveganimi sistemi UI se vzpostavi, izvaja, dokumentira in vzdržuje sistem za obvladovanje tveganja.
2. The risk management system shall be understood as a continuous iterative process planned and run throughout the entire lifecycle of a high-risk AI system, requiring regular systematic review and updating. It shall comprise the following steps:
2. Sistem za obvladovanje tveganja pomeni neprekinjen in ponavljajoč se proces, ki se načrtuje in izvaja v celotnem življenjskem ciklu visokotveganega sistema UI in ga je treba redno sistematično pregledovati in posodabljati. Vključuje naslednje korake:
(a)
the identification and analysis of the known and the reasonably foreseeable risks that the high-risk AI system can pose to health, safety or fundamental rights when the high-risk AI system is used in accordance with its intended purpose;
(a)
opredelitev in analizo znanih in razumno predvidljivih tveganj, ki jih lahko visokotvegani sistem UI pomeni za zdravje, varnost ali temeljne pravice, kadar se uporablja v skladu s predvidenim namenom;
(b)
the estimation and evaluation of the risks that may emerge when the high-risk AI system is used in accordance with its intended purpose, and under conditions of reasonably foreseeable misuse;
(b)
oceno in ovrednotenje tveganj, ki se lahko pojavijo pri uporabi visokotveganega sistema UI v skladu s predvidenim namenom in v razmerah razumno predvidljive napačne uporabe;
(c)
the evaluation of other risks possibly arising, based on the analysis of data gathered from the post-market monitoring system referred to in Article 72;
(c)
ovrednotenje drugih morebitnih tveganj na podlagi analize podatkov, zbranih iz sistema spremljanja po dajanju na trg iz člena 72;
(d)
the adoption of appropriate and targeted risk management measures designed to address the risks identified pursuant to point (a).
(d)
sprejetje ustreznih in ciljno usmerjenih ukrepov za obvladovanje tveganja, namenjenih obravnavanju tveganj, opredeljenih na podlagi točke (a).
3. The risks referred to in this Article shall concern only those which may be reasonably mitigated or eliminated through the development or design of the high-risk AI system, or the provision of adequate technical information.
3. Tveganja iz tega člena se nanašajo samo na tista, ki jih je mogoče razumno zmanjšati ali odpraviti z razvojem ali zasnovo visokotveganega sistema UI ali z zagotovitvijo ustreznih tehničnih informacij.
4. The risk management measures referred to in paragraph 2, point (d), shall give due consideration to the effects and possible interaction resulting from the combined application of the requirements set out in this Section, with a view to minimising risks more effectively while achieving an appropriate balance in implementing the measures to fulfil those requirements.
4. Pri ukrepih za obvladovanje tveganja iz odstavka 2, točka (d), se ustrezno upoštevajo učinki in morebitna interakcija, ki izhajajo iz skupne uporabe zahtev iz tega oddelka 2, da bi učinkoviteje in čim bolj zmanjšali tveganja in hkrati dosegli ustrezno ravnovesje pri izvajanju ukrepov za izpolnjevanje teh zahtev.
5. The risk management measures referred to in paragraph 2, point (d), shall be such that the relevant residual risk associated with each hazard, as well as the overall residual risk of the high-risk AI systems is judged to be acceptable.
5. Ukrepi za obvladovanje tveganja iz odstavka 2, točka (d), so taki, da zadevno preostalo tveganje, povezano z vsako posamezno nevarnostjo, in celotno preostalo tveganje visokotveganih sistemov UI štejeta za sprejemljiva.
In identifying the most appropriate risk management measures, the following shall be ensured:
Pri določanju najustreznejših ukrepov za obvladovanje tveganja se zagotovi naslednje:
(a)
elimination or reduction of risks identified and evaluated pursuant to paragraph 2 in as far as technically feasible through adequate design and development of the high-risk AI system;
(a)
odpravljanje ali zmanjševanje tveganj ugotovljenih in ocenjenih na podlagi odstavka 2, kolikor je to tehnično izvedljivo z ustrezno zasnovo in razvojem visokotveganega sistema UI;
(b)
where appropriate, implementation of adequate mitigation and control measures addressing risks that cannot be eliminated;
(b)
po potrebi izvajanje ustreznih ukrepov za zmanjšanje in nadzor tveganj, ki jih ni mogoče odpraviti;
(c)
provision of information required pursuant to Article 13 and, where appropriate, training to deployers.
(c)
zagotavljanje zahtevanih informacij na podlagi člena 13 in po potrebi usposabljanje uvajalcev.
With a view to eliminating or reducing risks related to the use of the high-risk AI system, due consideration shall be given to the technical knowledge, experience, education, the training to be expected by the deployer, and the presumable context in which the system is intended to be used.
Da bi odpravili ali zmanjšali tveganja, povezana z uporabo visokotveganega sistema UI, se ustrezno upoštevajo tehnično znanje, izkušnje, izobraževanje, usposabljanje, ki ga lahko pričakuje uvajalec, in predvideni okvir, v katerem naj bi se sistem uporabljal.
6. High-risk AI systems shall be tested for the purpose of identifying the most appropriate and targeted risk management measures. Testing shall ensure that high-risk AI systems perform consistently for their intended purpose and that they are in compliance with the requirements set out in this Section.
6. Visokotvegani sistemi UI se testirajo, da se določijo najustreznejši in ciljno usmerjeni ukrepi za obvladovanje tveganja. S testiranjem se zagotovi, da visokotvegani sistemi UI dosledno delujejo za predvideni namen in so skladni z zahtevami iz tega oddelka.
7. Testing procedures may include testing in real-world conditions in accordance with Article 60.
7. Postopki testiranja lahko vključujejo testiranje v realnih razmerah v skladu s členom 60.
8. The testing of high-risk AI systems shall be performed, as appropriate, at any time throughout the development process, and, in any event, prior to their being placed on the market or put into service. Testing shall be carried out against prior defined metrics and probabilistic thresholds that are appropriate to the intended purpose of the high-risk AI system.
8. Testiranje visokotveganih sistemov UI se po potrebi izvaja kadar koli med celotnim postopkom razvoja in v vsakem primeru pred njihovim dajanjem na trg ali v uporabo. Testiranje se opravi na podlagi predhodno opredeljenih metrik in verjetnostnih pragov, ki ustrezajo predvidenemu namenu visokotveganega sistema UI.
9. When implementing the risk management system as provided for in paragraphs 1 to 7, providers shall give consideration to whether in view of its intended purpose the high-risk AI system is likely to have an adverse impact on persons under the age of 18 and, as appropriate, other vulnerable groups.
9. Ponudniki pri izvajanju sistema za obvladovanje tveganja iz odstavkov 1 do 7 preučijo, ali je verjetno, da bo visokotvegani sistem UI glede na predvideni namen negativno vplival na osebe, mlajše od 18 let, in po potrebi na druge ranljive skupine.
10. For providers of high-risk AI systems that are subject to requirements regarding internal risk management processes under other relevant provisions of Union law, the aspects provided in paragraphs 1 to 9 may be part of, or combined with, the risk management procedures established pursuant to that law.
10. Pri ponudnikih visokotveganih sistemov UI, za katere veljajo zahteve v zvezi z notranjimi procesi za obvladovanje tveganj v skladu z drugimi ustreznimi določbami prava Unije, so lahko vidiki, opisani v odstavkih 1 do 9, del postopkov za obvladovanje tveganj, vzpostavljenih na podlagi navedenega prava, ali so v kombinaciji s temi postopki.
Podatki in upravljanje podatkov
1. High-risk AI systems which make use of techniques involving the training of AI models with data shall be developed on the basis of training, validation and testing data sets that meet the quality criteria referred to in paragraphs 2 to 5 whenever such data sets are used.
1. Visokotvegani sistemi UI, ki uporabljajo tehnike, ki vključujejo učenje modelov UI s podatki, se razvijejo na podlagi naborov učnih, validacijskih in testnih podatkov, ki izpolnjujejo merila kakovosti iz odstavkov 2 do 5, kadar se uporabljajo ti nabori podatkov.
2. Training, validation and testing data sets shall be subject to data governance and management practices appropriate for the intended purpose of the high-risk AI system. Those practices shall concern in particular:
2. Za nabore učnih, validacijskih in testnih podatkov veljajo prakse ravnanja s podatki in upravljanja podatkov, ki so primerne za predvideni namen visokotveganega sistema UI. Te prakse se nanašajo zlasti na:
(a)
the relevant design choices;
(a)
ustrezne izbire zasnove;
(b)
data collection processes and the origin of data, and in the case of personal data, the original purpose of the data collection;
(b)
postopke zbiranja podatkov in njihov izvor ter v primeru osebnih podatkov prvotni namen zbiranja podatkov;
(c)
relevant data-preparation processing operations, such as annotation, labelling, cleaning, updating, enrichment and aggregation;
(c)
ustrezne postopke obdelave za pripravo podatkov, kot so dodajanje opomb, označevanje, čiščenje, posodabljanje, obogatitev in združevanje;
(d)
the formulation of assumptions, in particular with respect to the information that the data are supposed to measure and represent;
(d)
oblikovanje predpostavk, zlasti v zvezi z informacijami, ki naj bi jih podatki merili in predstavljali;
(e)
an assessment of the availability, quantity and suitability of the data sets that are needed;
(e)
oceno razpoložljivosti, količine in primernosti potrebnih naborov podatkov;
(f)
examination in view of possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations;
(f)
preučitev morebitnih pristranskosti, ki bi lahko vplivale na zdravje in varnost oseb, negativno vplivale na temeljne pravice ali privedle do diskriminacije, ki je na podlagi prava Unije prepovedana, zlasti kadar izhodni podatki vplivajo na vhodne podatke za prihodnje operacije;
(g)
appropriate measures to detect, prevent and mitigate possible biases identified according to point (f);
(g)
ustrezne ukrepe za odkrivanje, preprečevanje in zmanjševanje morebitnih pristranskosti, opredeljenih v skladu s točko (f);
(h)
the identification of relevant data gaps or shortcomings that prevent compliance with this Regulation, and how those gaps and shortcomings can be addressed.
(h)
prepoznavanje ustreznih vrzeli ali pomanjkljivosti v podatkih, ki preprečujejo skladnost s to uredbo, ter način za odpravljanje teh vrzeli in pomanjkljivosti.
3. Training, validation and testing data sets shall be relevant, sufficiently representative, and to the best extent possible, free of errors and complete in view of the intended purpose. They shall have the appropriate statistical properties, including, where applicable, as regards the persons or groups of persons in relation to whom the high-risk AI system is intended to be used. Those characteristics of the data sets may be met at the level of individual data sets or at the level of a combination thereof.
3. Nabori učnih, validacijskih in testnih podatkov so ustrezni, dovolj reprezentativni in v največji možni meri brez napak in popolni glede na predvideni namen. Imeti morajo tudi ustrezne statistične lastnosti, po potrebi tudi v zvezi z osebami ali skupinami oseb, v zvezi s katerimi naj bi se uporabljal visokotvegani sistem UI. Te značilnosti naborov podatkov se lahko izpolnijo na ravni posameznih naborov podatkov ali na ravni njihovih kombinacij.
4. Data sets shall take into account, to the extent required by the intended purpose, the characteristics or elements that are particular to the specific geographical, contextual, behavioural or functional setting within which the high-risk AI system is intended to be used.
4. Nabori podatkov v obsegu, ki se zahteva glede na njihov predvideni namen, upoštevajo značilnosti ali elemente, ki so značilni za posebno geografsko, kontekstualno, vedenjsko ali funkcionalno okolje, v katerem naj bi se visokotvegani sistem UI uporabljal.
5. To the extent that it is strictly necessary for the purpose of ensuring bias detection and correction in relation to the high-risk AI systems in accordance with paragraph (2), points (f) and (g) of this Article, the providers of such systems may exceptionally process special categories of personal data, subject to appropriate safeguards for the fundamental rights and freedoms of natural persons. In addition to the provisions set out in Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive (EU) 2016/680, all the following conditions must be met in order for such processing to occur:
5. Če je nujno potrebno za namene zagotavljanja odkrivanja in popravljanja pristranskosti v zvezi z visokotveganimi sistemi UI v skladu z odstavkom 2, točki (f) in (g), tega člena, lahko ponudniki takih sistemov izjemoma obdelujejo posebne vrste osebnih podatkov, ob upoštevanju ustreznih zaščitnih ukrepov za temeljne pravice in svoboščine fizičnih oseb. Poleg določb iz uredb (EU) 2016/679 in (EU) 2018/1725 ter Direktive (EU) 2016/680 morajo biti za tako obdelavo izpolnjeni vsi naslednji pogoji:
(a)
the bias detection and correction cannot be effectively fulfilled by processing other data, including synthetic or anonymised data;
(a)
odkrivanja in popravljanja pristranskosti ni mogoče učinkovito doseči z obdelavo drugih podatkov, vključno s sintetičnimi ali anonimiziranimi podatki;
(b)
the special categories of personal data are subject to technical limitations on the re-use of the personal data, and state-of-the-art security and privacy-preserving measures, including pseudonymisation;
(b)
za posebne vrste osebnih podatkov veljajo tehnične omejitve glede ponovne uporabe osebnih podatkov ter najsodobnejši ukrepi za varnost in ohranjanje zasebnosti, vključno s psevdonimizacijo;
(c)
the special categories of personal data are subject to measures to ensure that the personal data processed are secured, protected, subject to suitable safeguards, including strict controls and documentation of the access, to avoid misuse and ensure that only authorised persons have access to those personal data with appropriate confidentiality obligations;
(c)
za posebne kategorije osebnih podatkov veljajo ukrepi, s katerimi se zagotavlja, da so osebni podatki, ki se obdelujejo, zaščiteni, ob upoštevanju ustreznih zaščitnih ukrepov, vključno s strogim nadzorom in dokumentiranjem dostopa, da se prepreči napačna uporaba in zagotovi, da imajo dostop do teh osebnih podatkov samo pooblaščene osebe z ustreznimi obveznostmi glede zaupnosti;
(d)
the special categories of personal data are not to be transmitted, transferred or otherwise accessed by other parties;
(d)
posebne kategorije osebnih podatkov ne smejo biti posredovani, preneseni ali drugače dostopni drugim strankam;
(e)
the special categories of personal data are deleted once the bias has been corrected or the personal data has reached the end of its retention period, whichever comes first;
(e)
posebne kategorije osebnih podatkov se izbrišejo, ko je pristranskost odpravljena ali ko se izteče obdobje njihove hrambe, odvisno od tega, kaj nastopi prej;
(f)
the records of processing activities pursuant to Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive (EU) 2016/680 include the reasons why the processing of special categories of personal data was strictly necessary to detect and correct biases, and why that objective could not be achieved by processing other data.
(f)
evidence dejavnosti obdelave na podlagi uredb (EU) 2016/679 in (EU) 2018/1725 ter Direktivo (EU) 2016/680 vključujejo razloge, zakaj je bila obdelava posebnih kategorij osebnih podatkov nujno potrebna za odkrivanje in odpravo pristranskosti ter zakaj tega cilja ni bilo mogoče doseči z obdelavo drugih podatkov.
6. For the development of high-risk AI systems not using techniques involving the training of AI models, paragraphs 2 to 5 apply only to the testing data sets.
6. Za razvoj visokotveganih sistemov UI, ki ne uporabljajo tehnik, ki vključujejo učenje modelov s podatki, se odstavki 2 do 5 uporabljajo le za nabore testnih podatkov.
1. The technical documentation of a high-risk AI system shall be drawn up before that system is placed on the market or put into service and shall be kept up-to date.
1. Tehnična dokumentacija visokotveganega sistema UI se pripravi pred dajanjem sistema na trg ali v uporabo in se posodablja.
The technical documentation shall be drawn up in such a way as to demonstrate that the high-risk AI system complies with the requirements set out in this Section and to provide national competent authorities and notified bodies with the necessary information in a clear and comprehensive form to assess the compliance of the AI system with those requirements. It shall contain, at a minimum, the elements set out in Annex IV. SMEs, including start-ups, may provide the elements of the technical documentation specified in Annex IV in a simplified manner. To that end, the Commission shall establish a simplified technical documentation form targeted at the needs of small and microenterprises. Where an SME, including a start-up, opts to provide the information required in Annex IV in a simplified manner, it shall use the form referred to in this paragraph. Notified bodies shall accept the form for the purposes of the conformity assessment.
Tehnična dokumentacija se pripravi tako, da izkazuje, da je visokotvegani sistem UI skladen z zahtevami iz tega oddelka, ter pristojnim nacionalnim organom in priglašenim organom jasno in celovito zagotavlja potrebne informacije za ugotavljanje skladnosti sistema UI z navedenimi zahtevami. Vsebovati mora vsaj elemente iz Priloge IV. MSP, vključno z zagonskimi podjetji, lahko elemente tehnične dokumentacije iz Priloge IV predložijo na poenostavljen način. V ta namen Komisija pripravi poenostavljen obrazec tehnične dokumentacije, namenjen potrebam malih in mikro podjetij. Kadar se MSP, vključno z zagonskim podjetjem, odloči, da bo informacije, zahtevane v Prilogi IV, zagotovilo na poenostavljen način, uporabi obrazec iz tega odstavka. Priglašeni organi sprejmejo obrazec za namene ugotavljanja skladnosti.
2. Where a high-risk AI system related to a product covered by the Union harmonisation legislation listed in Section A of Annex I is placed on the market or put into service, a single set of technical documentation shall be drawn up containing all the information set out in paragraph 1, as well as the information required under those legal acts.
2. Kadar je visokotvegani sistem UI, povezan s proizvodom, za katerega se uporablja harmonizacijska zakonodaja Unije iz Priloge I, oddelek A, dan na trg ali v uporabo, se pripravi enoten sklop tehnične dokumentacije, ki vsebuje vse informacije iz odstavka 1 in informacije, zahtevane v navedenih pravnih aktih.
3. The Commission is empowered to adopt delegated acts in accordance with Article 97 in order to amend Annex IV, where necessary, to ensure that, in light of technical progress, the technical documentation provides all the information necessary to assess the compliance of the system with the requirements set out in this Section.
3. Na Komisijo se prenese pooblastilo za sprejemanje delegiranih aktov v skladu s členom 97 za spremembo Priloge IV, kadar je to potrebno za zagotovitev, da tehnična dokumentacija glede na tehnični napredek zagotavlja vse potrebne informacije za ugotavljanje skladnosti sistema z zahtevami iz tega oddelka.
1. High-risk AI systems shall be designed and developed in such a way, including with appropriate human-machine interface tools, that they can be effectively overseen by natural persons during the period in which they are in use.
1. Visokotvegani sistemi UI morajo biti zasnovani in razviti tako, da jih lahko fizične osebe v obdobju njihove uporabe učinkovito nadzorujejo, tudi z ustreznimi vmesniškimi orodji človek-stroj.
2. Human oversight shall aim to prevent or minimise the risks to health, safety or fundamental rights that may emerge when a high-risk AI system is used in accordance with its intended purpose or under conditions of reasonably foreseeable misuse, in particular where such risks persist despite the application of other requirements set out in this Section.
2. Namen človeškega nadzora je preprečiti ali čim bolj zmanjšati tveganja za zdravje, varnost ali temeljne pravice, ki se lahko pojavijo pri uporabi visokotveganega sistema UI v skladu s predvidenim namenom ali v razmerah razumno predvidljive napačne uporabe, zlasti kadar taka tveganja niso odpravljena kljub uporabi drugih zahtev iz tega oddelka.
3. The oversight measures shall be commensurate with the risks, level of autonomy and context of use of the high-risk AI system, and shall be ensured through either one or both of the following types of measures:
3. Nadzorni ukrepi morajo biti sorazmerni s tveganji, stopnjo samostojnosti in kontekstom uporabe visokotveganega sistema UI in se zagotavljajo z eno ali obema naslednjima vrstama ukrepov:
(a)
measures identified and built, when technically feasible, into the high-risk AI system by the provider before it is placed on the market or put into service;
(a)
ukrepi, določeni in vgrajeni, če je to tehnično izvedljivo, v visokotvegani sistem UI s strani ponudnika, preden je sistem dan na trg ali v uporabo;
(b)
measures identified by the provider before placing the high-risk AI system on the market or putting it into service and that are appropriate to be implemented by the deployer.
(b)
ukrepi, ki jih ponudnik določi pred dajanjem visokotveganega sistema UI na trg ali v uporabo in so primerni za izvedbo s strani uvajalca.
4. For the purpose of implementing paragraphs 1, 2 and 3, the high-risk AI system shall be provided to the deployer in such a way that natural persons to whom human oversight is assigned are enabled, as appropriate and proportionate:
4. Za namene izvajanja odstavkov 1, 2 in 3 se visokotvegani sistem UI uvajalcu zagotovi tako, da fizične osebe, ki jim je dodeljen človeški nadzor, če je to primerno in sorazmerno:
(a)
to properly understand the relevant capacities and limitations of the high-risk AI system and be able to duly monitor its operation, including in view of detecting and addressing anomalies, dysfunctions and unexpected performance;
(a)
pravilno razumejo ustrezne zmogljivosti in omejitve visokotveganega sistema UI ter ustrezno spremljajo njegovo delovanje, tudi za odkrivanje in obravnavanje nepravilnosti, motenj in nepričakovane zmogljivosti;
(b)
to remain aware of the possible tendency of automatically relying or over-relying on the output produced by a high-risk AI system (automation bias), in particular for high-risk AI systems used to provide information or recommendations for decisions to be taken by natural persons;
(b)
se zavedajo morebitne težnje po samodejnem zanašanju ali prevelikem zanašanju na izhodne podatke visokotveganega sistema UI (pristranskost zaradi avtomatizacije), zlasti pri visokotveganih sistemih UI, ki se uporabljajo za zagotavljanje informacij ali priporočil za odločitve, ki jih sprejemajo fizične osebe;
(c)
to correctly interpret the high-risk AI system’s output, taking into account, for example, the interpretation tools and methods available;
(c)
pravilno razlagajo izhodne podatke visokotveganega sistema UI, zlasti na primer ob upoštevanju razpoložljivih orodij in metod za razlago;
(d)
to decide, in any particular situation, not to use the high-risk AI system or to otherwise disregard, override or reverse the output of the high-risk AI system;
(d)
se v specifičnih situacijah odločijo, da visokotveganega sistema UI ne bodo uporabile ali bodo kako drugače zanemarile, ovrgle ali izničile izhodne podatke visokotveganega sistema UI;
(e)
to intervene in the operation of the high-risk AI system or interrupt the system through a ‘stop’ button or a similar procedure that allows the system to come to a halt in a safe state.
(e)
posegajo v delovanje visokotveganega sistema UI ali ga prekinejo s tipko „stop“ ali podobnim postopkom, ki omogoča varno zaustavitev sistema.
5. For high-risk AI systems referred to in point 1(a) of Annex III, the measures referred to in paragraph 3 of this Article shall be such as to ensure that, in addition, no action or decision is taken by the deployer on the basis of the identification resulting from the system unless that identification has been separately verified and confirmed by at least two natural persons with the necessary competence, training and authority.
5. Za visokotvegane sisteme UI iz Priloge III, točka 1(a), morajo biti ukrepi iz odstavka 3 takšni, da zagotavljajo, da uvajalec poleg tega ne izvede nobenega dejanja ali ne sprejme nobenega ukrepa ali odločitve na podlagi identifikacije, ki izhaja iz sistema, razen če to ločeno preverita in potrdita vsaj dve fizični osebi z ustreznimi kompetencami, usposobljenostjo in pooblastili.
The requirement for a separate verification by at least two natural persons shall not apply to high-risk AI systems used for the purposes of law enforcement, migration, border control or asylum, where Union or national law considers the application of this requirement to be disproportionate.
Zahteva o ločeni preverbi s strani vsaj dveh fizičnih oseb se ne uporablja za visokotvegane sisteme UI, ki se uporabljajo za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, migracij, nadzora meje ali azila, v primerih, ko je v skladu s pravom Unije in nacionalnim pravom uporaba te zahteve nesorazmerna.
Accuracy, robustness and cybersecurity
Točnost, robustnost in kibernetska varnost
1. High-risk AI systems shall be designed and developed in such a way that they achieve an appropriate level of accuracy, robustness, and cybersecurity, and that they perform consistently in those respects throughout their lifecycle.
1. Visokotvegani sistemi UI morajo biti zasnovani in razviti tako, da dosegajo ustrezno raven točnosti, robustnosti in kibernetske varnosti ter v teh vidikih v vsem svojem življenjskem ciklu delujejo dosledno.
2. To address the technical aspects of how to measure the appropriate levels of accuracy and robustness set out in paragraph 1 and any other relevant performance metrics, the Commission shall, in cooperation with relevant stakeholders and organisations such as metrology and benchmarking authorities, encourage, as appropriate, the development of benchmarks and measurement methodologies.
2. Za obravnavo tehničnih vidikov merjenja ustreznih ravni točnosti in robustnosti iz odstavka 1 ter vseh drugih ustreznih metrike učinkovitosti Komisija v sodelovanju z ustreznimi deležniki in organizacijami, kot so meroslovni organi in organi za primerjalno analizo, po potrebi spodbuja razvoj referenčnih vrednosti in metodologij merjenja.
3. The levels of accuracy and the relevant accuracy metrics of high-risk AI systems shall be declared in the accompanying instructions of use.
3. Ravni točnosti in ustrezne metrike točnosti visokotveganih sistemov UI se navedejo v priloženih navodilih za uporabo.
4. High-risk AI systems shall be as resilient as possible regarding errors, faults or inconsistencies that may occur within the system or the environment in which the system operates, in particular due to their interaction with natural persons or other systems. Technical and organisational measures shall be taken in this regard.
4. Visokotvegani sistemi UI morajo biti čim bolj odporni na napake, okvare ali neskladnosti, ki se lahko pojavijo v sistemu ali okolju, v katerem sistem deluje, zlasti zaradi njihove interakcije s fizičnimi osebami ali drugimi sistemi. V zvezi s tem se sprejmejo tehnični in organizacijski ukrepi.
The robustness of high-risk AI systems may be achieved through technical redundancy solutions, which may include backup or fail-safe plans.
Robustnost visokotveganih sistemov UI se lahko doseže s tehničnimi redundantnimi rešitvami, ki lahko vključujejo rezervne načrte ali načrte varne odpovedi.
High-risk AI systems that continue to learn after being placed on the market or put into service shall be developed in such a way as to eliminate or reduce as far as possible the risk of possibly biased outputs influencing input for future operations (feedback loops), and as to ensure that any such feedback loops are duly addressed with appropriate mitigation measures.
Visokotvegane sisteme UI, ki se po dajanju na trg ali v uporabo še naprej učijo, je treba razviti tako, da se odpravi ali v največji možni meri zmanjša tveganje morebitnih pristranskih izhodnih podatkov, ki bi vplivali na vhodne podatke za prihodnje operacije (povratne zanke), in zagotovi, da se vse take povratne zanke ustrezno obravnavajo z ustreznimi ukrepi za zmanjšanje tveganj.
5. High-risk AI systems shall be resilient against attempts by unauthorised third parties to alter their use, outputs or performance by exploiting system vulnerabilities.
5. Visokotvegani sistemi UI morajo biti odporni na poskuse nepooblaščenih tretjih oseb, da z izkoriščanjem šibkih točk sistema spremenijo njihovo uporabo, izhodne podatke ali zmogljivost.
The technical solutions aiming to ensure the cybersecurity of high-risk AI systems shall be appropriate to the relevant circumstances and the risks.
Tehnične rešitve, namenjene zagotavljanju kibernetske varnosti visokotveganih sistemov UI, morajo ustrezati zadevnim okoliščinam in tveganjem.
The technical solutions to address AI specific vulnerabilities shall include, where appropriate, measures to prevent, detect, respond to, resolve and control for attacks trying to manipulate the training data set (data poisoning), or pre-trained components used in training (model poisoning), inputs designed to cause the AI model to make a mistake (adversarial examples or model evasion), confidentiality attacks or model flaws.
Tehnične rešitve za odpravljanje šibkih točk, značilnih za UI, po potrebi vključujejo ukrepe za preprečevanje, odkrivanje, odzivanje, reševanje in nadzor v zvezi z napadi, ki poskušajo manipulirati z naborom učnih podatkov (zastrupitev podatkov) ali prednaučenimi komponentami, uporabljenimi pri učenju (zastrupitev modelov), v zvezi z vhodnimi podatki, katerih namen je povzročiti napako modela UI (nasprotovalni primer ali izogibanje modelov), napadi na zaupnost ali pomanjkljivostmi modela.
Quality management system
Sistem upravljanja kakovosti
1. Providers of high-risk AI systems shall put a quality management system in place that ensures compliance with this Regulation. That system shall be documented in a systematic and orderly manner in the form of written policies, procedures and instructions, and shall include at least the following aspects:
1. Ponudniki visokotveganih sistemov UI vzpostavijo sistem upravljanja kakovosti, ki zagotavlja skladnost s to uredbo. Ta sistem se sistematično in urejeno dokumentira v obliki pisnih politik, postopkov in navodil ter vključuje vsaj naslednje vidike:
(a)
a strategy for regulatory compliance, including compliance with conformity assessment procedures and procedures for the management of modifications to the high-risk AI system;
(a)
strategijo za skladnost z zakonodajo, tudi skladnost s postopki za ugotavljanje skladnosti in postopki za upravljanje sprememb visokotveganega sistema UI;
(b)
techniques, procedures and systematic actions to be used for the design, design control and design verification of the high-risk AI system;
(b)
tehnike, postopke in sistematične ukrepe, ki se uporabljajo za razvoj, nadzor kakovosti in zagotavljanje kakovosti visokotveganega sistema UI;
(c)
techniques, procedures and systematic actions to be used for the development, quality control and quality assurance of the high-risk AI system;
(c)
tehnike, postopke in sistematične ukrepe, ki se uporabljajo za razvoj, nadzor kakovosti in zagotavljanje kakovosti visokotveganega sistema UI;
(d)
examination, test and validation procedures to be carried out before, during and after the development of the high-risk AI system, and the frequency with which they have to be carried out;
(d)
postopke pregledovanja, testiranja in validacije, ki se izvedejo pred razvojem visokotveganega sistema UI, med njim in po njem, ter pogostost njihovega izvajanja;
(e)
technical specifications, including standards, to be applied and, where the relevant harmonised standards are not applied in full or do not cover all of the relevant requirements set out in Section 2, the means to be used to ensure that the high-risk AI system complies with those requirements;
(e)
tehnične specifikacije, vključno s standardi, ki jih je treba uporabiti, in, kadar se ustrezni harmonizirani standardi ne uporabljajo v celoti ali ne zajemajo vseh ustreznih zahtev iz oddelka 2, sredstva, ki se uporabijo za zagotovitev, da visokotvegani sistem UI izpolnjuje navedene zahteve;
(f)
systems and procedures for data management, including data acquisition, data collection, data analysis, data labelling, data storage, data filtration, data mining, data aggregation, data retention and any other operation regarding the data that is performed before and for the purpose of the placing on the market or the putting into service of high-risk AI systems;
(f)
sisteme in postopke za ravnanje s podatki, vključno s pridobivanjem podatkov, zbiranjem podatkov, analizo podatkov, označevanjem podatkov, shranjevanjem podatkov, filtriranjem podatkov, podatkovnim rudarjenjem, združevanjem podatkov, hrambo podatkov ter vsemi drugimi postopki v zvezi s podatki, ki se izvajajo pred dajanjem visokotveganih sistemov UI na trg ali v uporabo in za namen dajanja na trg ali v uporabo;
(g)
the risk management system referred to in Article 9;
(g)
sistem za obvladovanje tveganj iz člena 9;
(h)
the setting-up, implementation and maintenance of a post-market monitoring system, in accordance with Article 72;
(h)
vzpostavitev, izvajanje in vzdrževanje sistema spremljanja po dajanju na trg v skladu s členom 72;
(i)
procedures related to the reporting of a serious incident in accordance with Article 73;
(i)
postopke v zvezi s poročanjem o resnih incidentih v skladu s členom 73;
(j)
the handling of communication with national competent authorities, other relevant authorities, including those providing or supporting the access to data, notified bodies, other operators, customers or other interested parties;
(j)
vodenje komunikacije s pristojnimi nacionalnimi organi, drugimi ustreznimi organi, tudi s tistimi, ki zagotavljajo ali podpirajo dostop do podatkov, priglašenimi organi, drugimi operaterji, strankami ali drugimi zainteresiranimi stranmi;
(k)
systems and procedures for record-keeping of all relevant documentation and information;
(k)
sisteme in postopke za vodenje evidenc vse ustrezne dokumentacije in informacij;
(l)
resource management, including security-of-supply related measures;
(l)
upravljanje virov, vključno z ukrepi, povezanimi z zanesljivostjo oskrbe;
(m)
an accountability framework setting out the responsibilities of the management and other staff with regard to all the aspects listed in this paragraph.
(m)
okvir odgovornosti, ki določa odgovornosti vodstva in drugega osebja v zvezi z vsemi vidiki iz tega odstavka.
2. The implementation of the aspects referred to in paragraph 1 shall be proportionate to the size of the provider’s organisation. Providers shall, in any event, respect the degree of rigour and the level of protection required to ensure the compliance of their high-risk AI systems with this Regulation.
2. Izvajanje vidikov iz odstavka 1 je sorazmerno z velikostjo organizacije ponudnika. V vsakem primeru pa ponudniki spoštujejo stopnjo strogosti in raven zaščite, ki se zahtevata za skladnost njihovih visokotveganih sistemov UI s to uredbo.
3. Providers of high-risk AI systems that are subject to obligations regarding quality management systems or an equivalent function under relevant sectoral Union law may include the aspects listed in paragraph 1 as part of the quality management systems pursuant to that law.
3. Ponudniki visokotveganih sistemov UI, za katere veljajo obveznosti v zvezi s sistemi upravljanja kakovosti ali enakovredno funkcijo na podlagi ustreznega sektorskega prava Unije, lahko vključijo vidike, navedene v odstavku 1, kot del sistemov upravljanja kakovosti, vzpostavljenih na podlagi navedenega prava.
4. For providers that are financial institutions subject to requirements regarding their internal governance, arrangements or processes under Union financial services law, the obligation to put in place a quality management system, with the exception of paragraph 1, points (g), (h) and (i) of this Article, shall be deemed to be fulfilled by complying with the rules on internal governance arrangements or processes pursuant to the relevant Union financial services law. To that end, any harmonised standards referred to in Article 40 shall be taken into account.
4. Za ponudnike, ki so finančne institucije in za katere veljajo zahteve v zvezi z njihovim notranjim upravljanjem, ureditvami ali postopki na podlagi prava Unije o finančnih storitvah, se šteje, da je obveznost vzpostavitve sistema vodenja kakovosti z izjemo odstavka 1, točke (g), (h) in (i) tega člena, izpolnjena z upoštevanjem pravil o ureditvah ali postopkih notranjega upravljanja na podlagi ustreznega prava Unije o finančnih storitvah. V ta namen se upoštevajo vsi harmonizirani standardi iz člena 40.
Corrective actions and duty of information
Korektivni ukrepi in dolžnost obveščanja
1. Providers of high-risk AI systems which consider or have reason to consider that a high-risk AI system that they have placed on the market or put into service is not in conformity with this Regulation shall immediately take the necessary corrective actions to bring that system into conformity, to withdraw it, to disable it, or to recall it, as appropriate. They shall inform the distributors of the high-risk AI system concerned and, where applicable, the deployers, the authorised representative and importers accordingly.
1. Ponudniki visokotveganih sistemov UI, ki menijo ali utemeljeno domnevajo, da visokotvegani sistem UI, ki so ga dali na trg ali v uporabo, ni v skladu s to uredbo, nemudoma sprejmejo potrebne popravne ukrepe, da zagotovijo skladnost sistema ali pa ga po potrebi umaknejo, onemogočijo ali prekličejo. O tem obvestijo distributerje zadevnega visokotveganega sistema UI ter, kadar je primerno, uvajalce, pooblaščenega zastopnika in uvoznike.
2. Where the high-risk AI system presents a risk within the meaning of Article 79(1) and the provider becomes aware of that risk, it shall immediately investigate the causes, in collaboration with the reporting deployer, where applicable, and inform the market surveillance authorities competent for the high-risk AI system concerned and, where applicable, the notified body that issued a certificate for that high-risk AI system in accordance with Article 44, in particular, of the nature of the non-compliance and of any relevant corrective action taken.
2. Kadar visokotvegani sistem UI predstavlja tveganje v smislu člena 79(1) in se ponudnik seznani s tem tveganjem, nemudoma razišče vzroke, po potrebi v sodelovanju z uvajalcem, ki poroča, ter obvesti organe za nadzor trga, pristojne za zadevni visokotvegani sistem UI, in po potrebi priglašeni organ, ki je izdal certifikat za visokotvegani sistem UI v skladu s členom 44, zlasti o naravi neskladnosti in vseh ustreznih sprejetih korektivnih ukrepih.
Authorised representatives of providers of high-risk AI systems
Pooblaščeni zastopniki ponudnikov visokotveganih sistemov UI
1. Prior to making their high-risk AI systems available on the Union market, providers established in third countries shall, by written mandate, appoint an authorised representative which is established in the Union.
1. Ponudniki s sedežem v tretjih državah pred omogočanjem dostopnosti visokotveganih sistemov UI na trgu Unije s pisnim pooblastilom imenujejo pooblaščenega zastopnika s sedežem v Uniji.
2. The provider shall enable its authorised representative to perform the tasks specified in the mandate received from the provider.
2. Ponudnik svojemu pooblaščenemu zastopniku omogoči, da opravlja naloge, določene v pooblastilu, ki ga prejme od ponudnika.
3. The authorised representative shall perform the tasks specified in the mandate received from the provider. It shall provide a copy of the mandate to the market surveillance authorities upon request, in one of the official languages of the institutions of the Union, as indicated by the competent authority. For the purposes of this Regulation, the mandate shall empower the authorised representative to carry out the following tasks:
3. Pooblaščeni zastopnik opravlja naloge, določene v pooblastilu, ki ga prejme od ponudnika. Če organi za nadzor trga to zahtevajo, jim predloži izvod pooblastila, in sicer v enem od uradnih jezikov institucij Unije, ki ga navede pristojni organ. Za namene te uredbe pooblastilo pooblaščenemu zastopniku omogoča, da opravlja naslednje naloge:
(a)
verify that the EU declaration of conformity referred to in Article 47 and the technical documentation referred to in Article 11 have been drawn up and that an appropriate conformity assessment procedure has been carried out by the provider;
(a)
preveri, da je bila pripravljena EU izjava o skladnosti iz člena 47 in tehnična dokumentacija iz člena 11 ter da je ponudnik izvedel ustrezen postopek ugotavljanja skladnosti;
(b)
keep at the disposal of the competent authorities and national authorities or bodies referred to in Article 74(10), for a period of 10 years after the high-risk AI system has been placed on the market or put into service, the contact details of the provider that appointed the authorised representative, a copy of the EU declaration of conformity referred to in Article 47, the technical documentation and, if applicable, the certificate issued by the notified body;
(b)
daje kontaktne podatke ponudnika, ki je določil pooblaščenega zastopnika, izvod EU izjave o skladnosti iz člena 47, tehnično dokumentacijo in, če je ustrezno, certifikat, ki ga je izdal priglašeni organ, na voljo pristojnim organom in nacionalnim organom ali telesom iz člena 74(10) še deset let po tem, ko je bil visokotvegani sistem UI dan na trg ali v uporabo;
(c)
provide a competent authority, upon a reasoned request, with all the information and documentation, including that referred to in point (b) of this subparagraph, necessary to demonstrate the conformity of a high-risk AI system with the requirements set out in Section 2, including access to the logs, as referred to in Article 12(1), automatically generated by the high-risk AI system, to the extent such logs are under the control of the provider;
(c)
pristojnemu organu na podlagi obrazložene zahteve zagotovi vse informacije in dokumentacijo, vključno s tisto, ki se hrani v skladu s točko (b) tega pododstavka, potrebne za dokazovanje skladnosti visokotveganega sistema UI z zahtevami iz oddelka 2, vključno z dostopom do dnevnikov, kakor je navedeno v členu 12(1), ki jih samodejno ustvari visokotvegani sistem UI, če so ti dnevniki pod nadzorom ponudnika;
(d)
cooperate with competent authorities, upon a reasoned request, in any action the latter take in relation to the high-risk AI system, in particular to reduce and mitigate the risks posed by the high-risk AI system;
(d)
na podlagi obrazložene zahteve sodeluje s pristojnimi organi pri vseh ukrepih, ki jih ti sprejmejo v zvezi z visokotveganim sistemom UI, zlasti za zmanjšanje in omejitev tveganj, ki jih predstavlja visokotvegani sistem UI;
(e)
where applicable, comply with the registration obligations referred to in Article 49(1), or, if the registration is carried out by the provider itself, ensure that the information referred to in point 3 of Section A of Annex VIII is correct.
(e)
po potrebi izpolnjuje obveznosti registracije iz člena 49(1) ali, če registracijo izvede ponudnik sam, zagotovi, da so informacije iz Priloge VIII, oddelek A, točka 3, pravilne.
The mandate shall empower the authorised representative to be addressed, in addition to or instead of the provider, by the competent authorities, on all issues related to ensuring compliance with this Regulation.
Na podlagi pooblastila je pooblaščeni zastopnik pooblaščen, da lahko pristojni organi nanj, poleg ponudnika ali namesto njega, naslovijo vsa vprašanja, povezana z zagotavljanjem skladnosti s to uredbo.
4. The authorised representative shall terminate the mandate if it considers or has reason to consider the provider to be acting contrary to its obligations pursuant to this Regulation. In such a case, it shall immediately inform the relevant market surveillance authority, as well as, where applicable, the relevant notified body, about the termination of the mandate and the reasons therefor.
4. Pooblaščeni zastopnik odpove pooblastilo, če meni ali utemeljeno domneva, da ponudnik ravna v nasprotju s svojimi obveznostmi iz te uredbe. V takem primeru o odpovedi pooblastila in razlogih zanjo nemudoma obvesti ustrezni organ za nadzor trga in, kadar je primerno, ustrezni priglašeni organ.
1. Before placing a high-risk AI system on the market, importers shall ensure that the system is in conformity with this Regulation by verifying that:
1. Pred dajanjem visokotveganega sistema UI na trg uvozniki zagotovijo njegovo skladnost s to uredbo tako, da preverijo, da:
(a)
the relevant conformity assessment procedure referred to in Article 43 has been carried out by the provider of the high-risk AI system;
(a)
je ponudnik za ta visokotvegani sistem UI izvedel ustrezen postopek ugotavljanja skladnosti iz člena 43;
(b)
the provider has drawn up the technical documentation in accordance with Article 11 and Annex IV;
(b)
je ponudnik pripravil tehnično dokumentacijo v skladu s členom 11 in Prilogo IV;
(c)
the system bears the required CE marking and is accompanied by the EU declaration of conformity referred to in Article 47 and instructions for use;
(c)
je sistem opremljen z zahtevano oznako CE ter so mu priloženi EU izjava o skladnosti iz člena 47 in navodila za uporabo;
(d)
the provider has appointed an authorised representative in accordance with Article 22(1).
(d)
je ponudnik imenoval pooblaščenega zastopnika v skladu s členom 22(1).
2. Where an importer has sufficient reason to consider that a high-risk AI system is not in conformity with this Regulation, or is falsified, or accompanied by falsified documentation, it shall not place the system on the market until it has been brought into conformity. Where the high-risk AI system presents a risk within the meaning of Article 79(1), the importer shall inform the provider of the system, the authorised representative and the market surveillance authorities to that effect.
2. Kadar ima uvoznik zadosten razlog za domnevo, da visokotvegani sistem UI ni skladen s to uredbo ali je ponarejen ali mu je priložena ponarejena dokumentacija, tega sistema ne da na trg, dokler ni zagotovljena njegova skladnost. Kadar visokotvegani sistem UI predstavlja tveganje v smislu člena 79(1), uvoznik o tem obvesti ponudnika sistema, pooblaščenega zastopnika in organe za nadzor trga.
3. Importers shall indicate their name, registered trade name or registered trade mark, and the address at which they can be contacted on the high-risk AI system and on its packaging or its accompanying documentation, where applicable.
3. Uvozniki na visokotveganem sistemu UI in na embalaži ali v spremni dokumentaciji, kadar je ustrezno, navedejo svoje ime, registrirano trgovsko ime ali registrirano znamko in naslov, na katerem so dosegljivi.
4. Importers shall ensure that, while a high-risk AI system is under their responsibility, storage or transport conditions, where applicable, do not jeopardise its compliance with the requirements set out in Section 2.
4. Uvozniki zagotovijo, da v času, ko so odgovorni za visokotvegani sistem UI, pogoji skladiščenja ali prevoza, kadar je ustrezno, ne ogrožajo skladnosti sistema z zahtevami iz oddelka 2.
5. Importers shall keep, for a period of 10 years after the high-risk AI system has been placed on the market or put into service, a copy of the certificate issued by the notified body, where applicable, of the instructions for use, and of the EU declaration of conformity referred to in Article 47.
5. Uvozniki še deset let po tem, ko je bil visokotvegani sistem UI dan na trg ali v uporabo, hranijo izvod certifikata, ki ga je izdal priglašeni organ, navodil za uporabo, kadar je to primerno, in EU izjave o skladnosti iz člena 47.
6. Importers shall provide the relevant competent authorities, upon a reasoned request, with all the necessary information and documentation, including that referred to in paragraph 5, to demonstrate the conformity of a high-risk AI system with the requirements set out in Section 2 in a language which can be easily understood by them. For this purpose, they shall also ensure that the technical documentation can be made available to those authorities.
6. Uvozniki ustreznim pristojnim organom na podlagi obrazložene zahteve predložijo vse potrebne informacije in dokumentacijo, vključno s tistimi iz odstavka 5, da dokažejo skladnost visokotveganega sistema UI z zahtevami iz oddelka 2, v jeziku, ki ga organi zlahka razumejo. V ta namen zagotovijo tudi, da se tem organom lahko da na voljo tehnična dokumentacija.
7. Importers shall cooperate with the relevant competent authorities in any action those authorities take in relation to a high-risk AI system placed on the market by the importers, in particular to reduce and mitigate the risks posed by it.
7. Uvozniki sodelujejo z ustreznimi pristojnimi organi pri vseh ukrepih, ki jih ti organi sprejmejo v zvezi z visokotveganim sistemom UI, ki so ga uvozniki dali na trg, zlasti za zmanjšanje ali omejitev tveganj, ki jih predstavlja ta sistem.
Obligations of distributors
Obveznosti distributerjev
1. Before making a high-risk AI system available on the market, distributors shall verify that it bears the required CE marking, that it is accompanied by a copy of the EU declaration of conformity referred to in Article 47 and instructions for use, and that the provider and the importer of that system, as applicable, have complied with their respective obligations as laid down in Article 16, points (b) and (c) and Article 23(3).
1. Preden omogočijo dostopnost visokotveganega sistema UI na trgu, distributerji preverijo, ali ima zahtevano oznako CE, ali so mu priloženi izvod EU izjave o skladnosti iz člena 47 in navodila za uporabo ter ali sta ponudnik in uvoznik tega sistema, kot je ustrezno, izpolnila vsak svoje obveznosti iz člena 16, točki (b) in (c), oziroma člena 23(3).
2. Where a distributor considers or has reason to consider, on the basis of the information in its possession, that a high-risk AI system is not in conformity with the requirements set out in Section 2, it shall not make the high-risk AI system available on the market until the system has been brought into conformity with those requirements. Furthermore, where the high-risk AI system presents a risk within the meaning of Article 79(1), the distributor shall inform the provider or the importer of the system, as applicable, to that effect.
2. Kadar distributer meni ali na podlagi informacij, ki jih ima, utemeljeno domneva, da visokotvegani sistem UI ni skladen z zahtevami iz oddelka 2, za visokotvegani sistem UI ne omogoči dostopnosti na trgu, dokler ni zagotovljena skladnost tega sistema z navedenimi zahtevami. Kadar visokotvegani sistem UI predstavlja tveganje v smislu člena 79(1), distributer o tem obvesti ponudnika oziroma uvoznika sistema, kot je ustrezno.
3. Distributors shall ensure that, while a high-risk AI system is under their responsibility, storage or transport conditions, where applicable, do not jeopardise the compliance of the system with the requirements set out in Section 2.
3. Distributerji zagotovijo, da v času, ko so odgovorni za visokotvegani sistem UI, pogoji skladiščenja ali prevoza, kadar je ustrezno, ne ogrožajo njegove skladnosti z zahtevami iz oddelka 2.
4. A distributor that considers or has reason to consider, on the basis of the information in its possession, a high-risk AI system which it has made available on the market not to be in conformity with the requirements set out in Section 2, shall take the corrective actions necessary to bring that system into conformity with those requirements, to withdraw it or recall it, or shall ensure that the provider, the importer or any relevant operator, as appropriate, takes those corrective actions. Where the high-risk AI system presents a risk within the meaning of Article 79(1), the distributor shall immediately inform the provider or importer of the system and the authorities competent for the high-risk AI system concerned, giving details, in particular, of the non-compliance and of any corrective actions taken.
4. Distributer, ki na podlagi informacij, ki jih ima, meni ali utemeljeno domneva, da visokotvegani sistem UI, za katerega je omogočil dostopnost na trgu, ni skladen z zahtevami iz oddelka 2, sprejme popravne ukrepe, potrebne za uskladitev tega sistema z navedenimi zahtevami, ga umakne ali prekliče ali zagotovi, da te popravne ukrepe sprejme ponudnik, uvoznik ali kateri koli zadevni operater, kot je ustrezno. Kadar visokotvegani sistem UI predstavlja tveganje v smislu člena 79(1), distributer o tem nemudoma obvesti ponudnika ali uvoznika sistema in organe, pristojne za zadevni visokotvegani sistem UI, ter navede podrobnosti, zlasti o neskladnosti in vseh sprejetih popravnih ukrepih.
5. Upon a reasoned request from a relevant competent authority, distributors of a high-risk AI system shall provide that authority with all the information and documentation regarding their actions pursuant to paragraphs 1 to 4 necessary to demonstrate the conformity of that system with the requirements set out in Section 2.
5. Distributerji visokotveganega sistema UI ustreznemu pristojnemu organu na podlagi obrazložene zahteve zagotovijo vse informacije in dokumentacijo o svojih ukrepih na podlagi odstavkov 1 do 4, ki so potrebne za dokazovanje skladnosti visokotveganega sistema UI z zahtevami iz oddelka 2.
6. Distributors shall cooperate with the relevant competent authorities in any action those authorities take in relation to a high-risk AI system made available on the market by the distributors, in particular to reduce or mitigate the risk posed by it.
6. Distributerji sodelujejo z ustreznimi pristojnimi organi pri vseh ukrepih, ki jih ti organi sprejmejo v zvezi z visokotveganim sistemom UI, katerega so distributerji dali na trg, zlasti za zmanjšanje ali omejitev tveganja, ki ga predstavlja visokotvegani sistem UI.
Responsibilities along the AI value chain
Odgovornosti vzdolž verige vrednosti UI
1. Any distributor, importer, deployer or other third-party shall be considered to be a provider of a high-risk AI system for the purposes of this Regulation and shall be subject to the obligations of the provider under Article 16, in any of the following circumstances:
1. Vsak distributer, uvoznik, uvajalec ali druga tretja oseba za namene te uredbe šteje za ponudnika visokotveganega sistema UI in zanj veljajo obveznosti ponudnika iz člena 16 v kateri koli od naslednjih okoliščin:
(a)
they put their name or trademark on a high-risk AI system already placed on the market or put into service, without prejudice to contractual arrangements stipulating that the obligations are otherwise allocated;
(a)
visokotvegani sistem UI, ki je že bil dan na trg ali v uporabo, označijo s svojim imenom ali znamko, brez poseganja v pogodbene dogovore, ki določajo, da so obveznosti drugače dodeljene;
(b)
they make a substantial modification to a high-risk AI system that has already been placed on the market or has already been put into service in such a way that it remains a high-risk AI system pursuant to Article 6;
(b)
bistveno spremenijo visokotvegani sistem UI, ki je že bil dan na trg ali v uporabo, na način, da ostane visokotvegani sistem UI na podlagi člena 6;
(c)
they modify the intended purpose of an AI system, including a general-purpose AI system, which has not been classified as high-risk and has already been placed on the market or put into service in such a way that the AI system concerned becomes a high-risk AI system in accordance with Article 6.
(c)
spremenijo predvideni namen sistema UI, vključno s sistemom UI za splošne namene, ki ni bil razvrščen kot sistem visokega tveganja in je že bil dan na trg ali v uporabo na način, da postane visokotvegani sistem UI v skladu s členom 6.
2. Where the circumstances referred to in paragraph 1 occur, the provider that initially placed the AI system on the market or put it into service shall no longer be considered to be a provider of that specific AI system for the purposes of this Regulation. That initial provider shall closely cooperate with new providers and shall make available the necessary information and provide the reasonably expected technical access and other assistance that are required for the fulfilment of the obligations set out in this Regulation, in particular regarding the compliance with the conformity assessment of high-risk AI systems. This paragraph shall not apply in cases where the initial provider has clearly specified that its AI system is not to be changed into a high-risk AI system and therefore does not fall under the obligation to hand over the documentation.
2. Kadar nastopijo okoliščine iz odstavka 1, ponudnik, ki je prvotno dal sistem UI na trg ali v uporabo, za namene te uredbe ne šteje več za ponudnika tega posameznega sistema UI. Ta prvotni ponudnik tesno sodeluje z novimi ponudniki in daje na voljo potrebne informacije ter zagotavlja razumno pričakovani tehnični dostop in drugo pomoč, ki je potrebna za izpolnjevanje obveznosti iz te uredbe, zlasti v zvezi z ugotavljanjem skladnosti visokotveganih sistemov UI. Ta odstavek se ne uporablja v primerih, ko je prvotni ponudnik jasno navedel, da se njegov sistem UI ne sme spremeniti v visokotvegani sistem UI, in zato zanj ne velja obveznost predaje dokumentacije.
3. In the case of high-risk AI systems that are safety components of products covered by the Union harmonisation legislation listed in Section A of Annex I, the product manufacturer shall be considered to be the provider of the high-risk AI system, and shall be subject to the obligations under Article 16 under either of the following circumstances:
3. Za visokotvegane sisteme UI, ki so varnostne komponente proizvodov, za katere se uporablja harmonizacijska zakonodaja Unije iz Priloge I, oddelek A, proizvajalec teh proizvodov šteje za ponudnika visokotveganega sistema UI in zanj veljajo obveznosti iz člena 16 na podlagi enega od naslednjih scenarijev:
(a)
the high-risk AI system is placed on the market together with the product under the name or trademark of the product manufacturer;
(a)
visokotvegani sistem UI se da na trg skupaj s proizvodom pod imenom ali znamko proizvajalca proizvoda;
(b)
the high-risk AI system is put into service under the name or trademark of the product manufacturer after the product has been placed on the market.
(b)
visokotvegani sistem UI se da v uporabo pod imenom ali znamko proizvajalca proizvoda, potem ko je bil ta dan na trg.
4. The provider of a high-risk AI system and the third party that supplies an AI system, tools, services, components, or processes that are used or integrated in a high-risk AI system shall, by written agreement, specify the necessary information, capabilities, technical access and other assistance based on the generally acknowledged state of the art, in order to enable the provider of the high-risk AI system to fully comply with the obligations set out in this Regulation. This paragraph shall not apply to third parties making accessible to the public tools, services, processes, or components, other than general-purpose AI models, under a free and open-source licence.
4. Ponudnik visokotveganega sistema UI in tretja oseba, ki dobavlja sistem UI, orodja, storitve, komponente ali procese, ki se uporabljajo ali integrirajo v visokotvegani sistem UI, s pisnim dogovorom določita potrebne informacije, zmogljivosti, tehnični dostop in drugo pomoč na podlagi splošno priznanih najsodobnejših tehnoloških dosežkov, da lahko ponudnik visokotveganega sistema UI v celoti izpolnjuje obveznosti iz te uredbe. Ta odstavek se ne uporablja za tretje osebe, ki javnosti omogočajo dostop do orodij, storitev, postopkov ali komponent, ki niso modeli UI za splošne namene, na podlagi proste in odprtokodne licence.
The AI Office may develop and recommend voluntary model terms for contracts between providers of high-risk AI systems and third parties that supply tools, services, components or processes that are used for or integrated into high-risk AI systems. When developing those voluntary model terms, the AI Office shall take into account possible contractual requirements applicable in specific sectors or business cases. The voluntary model terms shall be published and be available free of charge in an easily usable electronic format.
Urad za UI lahko pripravi in priporoči prostovoljne vzorčne pogoje za pogodbe med ponudniki visokotveganih sistemov UI in tretjimi osebami, ki zagotavljajo orodja, storitve, komponente ali postopke, ki se uporabljajo za visokotvegane sisteme UI ali so vanje vključeni. Urad za UI pri oblikovanju teh vzorčnih pogojev upošteva morebitne pogodbene zahteve, ki se uporabljajo v posameznih sektorjih ali poslovnih primerih. Prostovoljni vzorčni pogoji se objavijo in so brezplačno na voljo v lahko uporabni elektronski obliki.
5. Paragraphs 2 and 3 are without prejudice to the need to observe and protect intellectual property rights, confidential business information and trade secrets in accordance with Union and national law.
5. Odstavka 2 in 3 ne posegata v potrebo po spoštovanju in varstvu pravic intelektualne lastnine, zaupnih poslovnih informacij in poslovnih skrivnosti v skladu s pravom Unije in nacionalnim pravom.
Obligations of deployers of high-risk AI systems
Obveznosti uvajalcev visokotveganih sistemov UI
1. Deployers of high-risk AI systems shall take appropriate technical and organisational measures to ensure they use such systems in accordance with the instructions for use accompanying the systems, pursuant to paragraphs 3 and 6.
1. Uvajalci visokotveganih sistemov UI sprejmejo ustrezne tehnične in organizacijske ukrepe, s katerimi zagotovijo, da uporabljajo take sisteme v skladu s priloženimi navodili za uporabo, na podlagi odstavkov 3 in 6.
2. Deployers shall assign human oversight to natural persons who have the necessary competence, training and authority, as well as the necessary support.
2. Uvajalci dodelijo človeški nadzor fizičnim osebam, ki imajo potrebne kompetence, usposobljenost in pooblastila ter potrebno podporo.
3. The obligations set out in paragraphs 1 and 2, are without prejudice to other deployer obligations under Union or national law and to the deployer’s freedom to organise its own resources and activities for the purpose of implementing the human oversight measures indicated by the provider.
3. Obveznosti iz odstavkov 1 in 2 ne posegajo v druge obveznosti uvajalca v skladu s pravom Unije ali nacionalnim pravom ter v pravico uvajalca, da organizira lastna sredstva in dejavnosti za izvajanje ukrepov za človeški nadzor, ki jih navede ponudnik.
4. Without prejudice to paragraphs 1 and 2, to the extent the deployer exercises control over the input data, that deployer shall ensure that input data is relevant and sufficiently representative in view of the intended purpose of the high-risk AI system.
4. Brez poseganja v odstavka 1 in 2, če uvajalec izvaja nadzor nad vhodnimi podatki, ta uvajalec zagotovi, da so vhodni podatki ustrezni in dovolj reprezentativni glede na predvideni namen visokotveganega sistema UI.
5. Deployers shall monitor the operation of the high-risk AI system on the basis of the instructions for use and, where relevant, inform providers in accordance with Article 72. Where deployers have reason to consider that the use of the high-risk AI system in accordance with the instructions may result in that AI system presenting a risk within the meaning of Article 79(1), they shall, without undue delay, inform the provider or distributor and the relevant market surveillance authority, and shall suspend the use of that system. Where deployers have identified a serious incident, they shall also immediately inform first the provider, and then the importer or distributor and the relevant market surveillance authorities of that incident. If the deployer is not able to reach the provider, Article 73 shall apply mutatis mutandis. This obligation shall not cover sensitive operational data of deployers of AI systems which are law enforcement authorities.
5. Uvajalci spremljajo delovanje visoko tveganega sistem UI na podlagi navodil za uporabo in po potrebi obvestijo ponudnike v skladu s členom 72. Kadar imajo uvajalci razlog za domnevo, da bi uporaba visoko tveganega sistema UI v skladu z navodili lahko povzročila, da bi visokotvegani sistem UI predstavljal tveganje v smislu člena 79(1), o tem brez nepotrebnega odlašanja obvestijo ponudnika ali distributerja in ustrezni organ za nadzor trga ter začasno prekinejo uporabo tega sistema. Kadar uvajalci odkrijejo resen incident, o tem incidentu takoj obvestijo najprej ponudnika in nato uvoznika ali distributerja in ustrezne organe za nadzor trga. Če uvajalec ne more priti v stik s ponudnikom, se smiselno uporablja člen 73. Ta obveznost ne zajema občutljivih operativnih podatkov uvajalcev sistemov UI, ki so organi za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj.
For deployers that are financial institutions subject to requirements regarding their internal governance, arrangements or processes under Union financial services law, the monitoring obligation set out in the first subparagraph shall be deemed to be fulfilled by complying with the rules on internal governance arrangements, processes and mechanisms pursuant to the relevant financial service law.
Za uvajalce, ki so finančne institucije in za katere veljajo zahteve v zvezi z njihovim notranjim upravljanjem, ureditvami ali postopki na podlagi prava Unije o finančnih storitvah, se šteje, da je obveznost spremljanja iz prvega pododstavka izpolnjena z upoštevanjem pravil o ureditvah, procesih in mehanizmih notranjega upravljanja na podlagi ustreznega prava o finančnih storitvah.
6. Deployers of high-risk AI systems shall keep the logs automatically generated by that high-risk AI system to the extent such logs are under their control, for a period appropriate to the intended purpose of the high-risk AI system, of at least six months, unless provided otherwise in applicable Union or national law, in particular in Union law on the protection of personal data.
6. Uvajalci visokotveganih sistemov UI vodijo dnevnike, ki jih samodejno ustvari ta visokotvegani sistem UI, če so ti dnevniki pod njihovim nadzorom, v obdobju, ki ustreza predvidenemu namenu visokotveganega sistema UI, in sicer vsaj šest mesecev, razen če je v veljavnem pravu Unije ali nacionalnem pravu, zlasti v pravu Unije o varstvu osebnih podatkov, določeno drugače.
Deployers that are financial institutions subject to requirements regarding their internal governance, arrangements or processes under Union financial services law shall maintain the logs as part of the documentation kept pursuant to the relevant Union financial service law.
Uvajalci, ki so finančne institucije in za katere veljajo zahteve v zvezi z njihovim notranjim upravljanjem, ureditvami ali postopki na podlagi prava Unije o finančnih storitvah, vodijo dnevnike kot del dokumentacije, ki se hrani na podlagi ustreznega prava Unije o finančnih storitvah.
7. Before putting into service or using a high-risk AI system at the workplace, deployers who are employers shall inform workers’ representatives and the affected workers that they will be subject to the use of the high-risk AI system. This information shall be provided, where applicable, in accordance with the rules and procedures laid down in Union and national law and practice on information of workers and their representatives.
7. Uvajalci, ki so delodajalci, pred dajanjem v uporabo ali pred uporabo visokotveganega sistema UI na delovnem mestu obvestijo predstavnike delavcev in delavce, na katere se to nanaša, da se bo zanje uporabljal visokotvegani sistem UI. Te informacije se po potrebi zagotovijo v skladu s pravili in postopki, določenimi v pravu Unije in nacionalnem pravu ter praksi v zvezi z obveščanjem delavcev in njihovih predstavnikov.
8. Deployers of high-risk AI systems that are public authorities, or Union institutions, bodies, offices or agencies shall comply with the registration obligations referred to in Article 49. When such deployers find that the high-risk AI system that they envisage using has not been registered in the EU database referred to in Article 71, they shall not use that system and shall inform the provider or the distributor.
8. Uvajalci visokotveganih sistemov UI, ki so javni organi ali institucije, organi, uradi in agencije Unije, izpolnjujejo obveznosti registracije iz člena 49. Če ti uvajalci ugotovijo, da visokotvegani sistem UI, ki ga nameravajo uporabljati, ni bil registriran v podatkovni zbirki EU iz člena 71, tega sistema ne uporabljajo in o tem obvestijo ponudnika ali distributerja.
9. Where applicable, deployers of high-risk AI systems shall use the information provided under Article 13 of this Regulation to comply with their obligation to carry out a data protection impact assessment under Article 35 of Regulation (EU) 2016/679 or Article 27 of Directive (EU) 2016/680.
9. Uvajalci visokotveganih sistemov UI po potrebi uporabijo informacije iz člena 13 te uredbe, da izpolnijo svojo obveznost izvedbe ocene učinka v zvezi z varstvom podatkov na podlagi člena 35 Uredbe (EU) 2016/679 ali člena 27 Direktive (EU) 2016/680.
10. Without prejudice to Directive (EU) 2016/680, in the framework of an investigation for the targeted search of a person suspected or convicted of having committed a criminal offence, the deployer of a high-risk AI system for post-remote biometric identification shall request an authorisation, ex ante, or without undue delay and no later than 48 hours, by a judicial authority or an administrative authority whose decision is binding and subject to judicial review, for the use of that system, except when it is used for the initial identification of a potential suspect based on objective and verifiable facts directly linked to the offence. Each use shall be limited to what is strictly necessary for the investigation of a specific criminal offence.
10. Brez poseganja v Direktivo (EU) 2016/680 v okviru preiskave za ciljno iskanje osebe, ki je osumljena ali obsojena storitve kaznivega dejanja, uvajalec visokotveganega sistema UI za naknadno biometrično identifikacijo na daljavo predhodno ali brez nepotrebnega odlašanja in najpozneje v 48 urah zaprosi sodni organ ali upravni organ, katerega odločitev je zavezujoča in je predmet sodnega nadzora, za uporabo tega sistema, razen če se ta uporablja za prvotno identifikacijo morebitnega osumljenca na podlagi objektivnih in preverljivih dejstev, neposredno povezanih s kaznivim dejanjem. Vsaka uporaba mora biti omejena na tisto, kar je nujno potrebno za preiskavo določenega kaznivega dejanja.
If the authorisation requested pursuant to the first subparagraph is rejected, the use of the post-remote biometric identification system linked to that requested authorisation shall be stopped with immediate effect and the personal data linked to the use of the high-risk AI system for which the authorisation was requested shall be deleted.
Če se dovoljenje, zahtevano na podlagi prvega pododstavka, zavrne, je treba takoj prenehati uporabljati sistem za naknadno biometrično identifikacijo na daljavo, povezan z zahtevanim dovoljenjem, osebni podatki, povezani z uporabo visokotveganega sistema UI, za katerega je bilo zaprošeno dovoljenje, pa se izbrišejo.
In no case shall such high-risk AI system for post-remote biometric identification be used for law enforcement purposes in an untargeted way, without any link to a criminal offence, a criminal proceeding, a genuine and present or genuine and foreseeable threat of a criminal offence, or the search for a specific missing person. It shall be ensured that no decision that produces an adverse legal effect on a person may be taken by the law enforcement authorities based solely on the output of such post-remote biometric identification systems.
V nobenem primeru se tak visokotvegani sistem UI za naknadno biometrično identifikacijo na daljavo ne sme uporabljati za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj na neciljen način, brez kakršne koli povezave s kaznivim dejanjem, kazenskim postopkom, resnično in sedanjo ali resnično in predvidljivo grožnjo kaznivega dejanja ali iskanjem določene pogrešane osebe. Zagotovi se, da organi za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj izključno na podlagi izhodnih podatkov sistema za naknadno biometrično identifikacijo na daljavo ne smejo sprejeti nobene odločitve, ki bi imela negativen pravni učinek na osebo.
This paragraph is without prejudice to Article 9 of Regulation (EU) 2016/679 and Article 10 of Directive (EU) 2016/680 for the processing of biometric data.
Ta odstavek ne posega v člen 9 Uredbe (EU) 2016/679 in člen 10 Direktive (EU) 2016/680 za obdelavo biometričnih podatkov.
Regardless of the purpose or deployer, each use of such high-risk AI systems shall be documented in the relevant police file and shall be made available to the relevant market surveillance authority and the national data protection authority upon request, excluding the disclosure of sensitive operational data related to law enforcement. This subparagraph shall be without prejudice to the powers conferred by Directive (EU) 2016/680 on supervisory authorities.
Ne glede na namen ali uvajalca se vsaka uporaba takih visokotveganih sistemov UI dokumentira v ustrezni policijski datoteki ter se na zahtevo da na voljo ustreznemu organu za nadzor trga in nacionalnemu organu za varstvo podatkov, razen razkritja občutljivih operativnih podatkov, povezanih s preprečevanjem, odkrivanjem in preiskovanjem kaznivih dejanj. Ta pododstavek ne posega v pooblastila, ki so z Direktivo (EU) 2016/680 dodeljena nadzornim organom.
Deployers shall submit annual reports to the relevant market surveillance and national data protection authorities on their use of post-remote biometric identification systems, excluding the disclosure of sensitive operational data related to law enforcement. The reports may be aggregated to cover more than one deployment.
Uvajalci ustreznim organom za nadzor trga in nacionalnim organom za varstvo podatkov predložijo letna poročila o uporabi sistemov za naknadno biometrično identifikacijo na daljavo, razen razkritja občutljivih operativnih podatkov v zvezi z organi za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj. Poročila se lahko združijo tako, da zajemajo več kot eno uvedbo.
Member States may introduce, in accordance with Union law, more restrictive laws on the use of post-remote biometric identification systems.
Države članice lahko v skladu s pravom Unije uvedejo strožje zakone o uporabi sistemov za naknadno biometrično identifikacijo na daljavo.
11. Without prejudice to Article 50 of this Regulation, deployers of high-risk AI systems referred to in Annex III that make decisions or assist in making decisions related to natural persons shall inform the natural persons that they are subject to the use of the high-risk AI system. For high-risk AI systems used for law enforcement purposes Article 13 of Directive (EU) 2016/680 shall apply.
11. Brez poseganja v člen 50 te uredbe uvajalci visokotveganih sistemov UI iz Priloge III, ki sprejemajo odločitve ali pomagajo pri njihovem odločanju v zvezi s fizičnimi osebami, slednje obvestijo, da se zanje uporablja visokotvegani sistem UI. Za visokotvegane sisteme UI, ki se uporabljajo za namene preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, se uporablja člen 13 Direktive (EU) 2016/680.
12. Deployers shall cooperate with the relevant competent authorities in any action those authorities take in relation to the high-risk AI system in order to implement this Regulation.
12. Uvajalci sodelujejo z ustreznimi pristojnimi organi pri vseh ukrepih, ki jih ti organi sprejmejo v zvezi z visokotveganim sistemom UI, da bi uresničili to uredbo.
Fundamental rights impact assessment for high-risk AI systems
Ocena učinka na temeljne pravice za visokotvegane sisteme UI
1. Prior to deploying a high-risk AI system referred to in Article 6(2), with the exception of high-risk AI systems intended to be used in the area listed in point 2 of Annex III, deployers that are bodies governed by public law, or are private entities providing public services, and deployers of high-risk AI systems referred to in points 5 (b) and (c) of Annex III, shall perform an assessment of the impact on fundamental rights that the use of such system may produce. For that purpose, deployers shall perform an assessment consisting of:
1. Pred uvedbo visoko tveganega sistema UI iz člena 6(2), razen visokotveganih sistemov UI, namenjenih uporabi na področju iz Priloge III, točka 2, uvajalci, ki so osebe javnega prava ali zasebni subjekti in zagotavljajo javne storitve, ter uvajalci visokotveganih sistemov UI iz Priloge III, točki 5(b) in (c), izvedejo oceno učinka, ki ga lahko povzroči uporaba takega sistema na temeljne pravice. V ta namen uvajalci izvedejo oceno, ki jo sestavljajo:
(a)
a description of the deployer’s processes in which the high-risk AI system will be used in line with its intended purpose;
(a)
opis postopkov uvajalca, v katerih se bo visokotvegani sistem UI uporabljal v skladu s predvidenim namenom;
(b)
a description of the period of time within which, and the frequency with which, each high-risk AI system is intended to be used;
(b)
opis obdobja in pogostosti uporabe vsakega visokotveganega sistema UI;
(c)
the categories of natural persons and groups likely to be affected by its use in the specific context;
(c)
kategorije fizičnih oseb in skupin, na katere bo verjetno vplivala njegova uporaba v specifičnem kontekstu;
(d)
the specific risks of harm likely to have an impact on the categories of natural persons or groups of persons identified pursuant to point (c) of this paragraph, taking into account the information given by the provider pursuant to Article 13;
(d)
posebna tveganja škode, ki bi lahko vplivala na kategorije fizičnih oseb ali skupine oseb, opredeljene na podlagi tega odstavka, točka (c), ob upoštevanju informacij, ki jih je ponudnik predložil na podlagi člena 13;
(e)
a description of the implementation of human oversight measures, according to the instructions for use;
(e)
opis izvajanja ukrepov za človeški nadzor v skladu z navodili za uporabo;
(f)
the measures to be taken in the case of the materialisation of those risks, including the arrangements for internal governance and complaint mechanisms.
(f)
ukrepi, ki jih je treba sprejeti, v primeru uresničitve teh tveganj, vključno z ureditvami za notranje upravljanje in pritožbene mehanizme.
2. The obligation laid down in paragraph 1 applies to the first use of the high-risk AI system. The deployer may, in similar cases, rely on previously conducted fundamental rights impact assessments or existing impact assessments carried out by provider. If, during the use of the high-risk AI system, the deployer considers that any of the elements listed in paragraph 1 has changed or is no longer up to date, the deployer shall take the necessary steps to update the information.
2. Obveznost iz odstavka 1 se uporablja za prvo uporabo visokotveganega sistema UI. Uvajalec lahko v podobnih primerih uporabi predhodno izvedeno oceno učinka na temeljne pravice ali obstoječo oceno, ki jo je izvedel ponudnik. Če uvajalec med uporabo visokotveganega sistema UI meni, da se je kateri koli element iz odstavka 1 spremenil ali ni več posodobljen, sprejme potrebne ukrepe za posodobitev informacij.
3. Once the assessment referred to in paragraph 1 of this Article has been performed, the deployer shall notify the market surveillance authority of its results, submitting the filled-out template referred to in paragraph 5 of this Article as part of the notification. In the case referred to in Article 46(1), deployers may be exempt from that obligation to notify.
3. Po izvedbi ocene iz odstavka 1 tega člena uvajalec obvesti organ za nadzor trga o svojih rezultatih, s predložitvijo izpolnjene predloge iz odstavka 5 tega člena. V primeru iz člena 46(1) so lahko uvajalci izvzeti iz obveznosti obveščanja.
4. If any of the obligations laid down in this Article is already met through the data protection impact assessment conducted pursuant to Article 35 of Regulation (EU) 2016/679 or Article 27 of Directive (EU) 2016/680, the fundamental rights impact assessment referred to in paragraph 1 of this Article shall complement that data protection impact assessment.
4. Če je katera od obveznosti iz tega člena že izpolnjena na podlagi ocene učinka v zvezi z varstvom podatkov, izvedene na podlagi člena 35 Uredbe (EU) 2016/679 ali člena 27 Direktive (EU) 2016/680, ocena učinka na temeljne pravice iz odstavka 1 tega člena dopolnjuje to oceno učinka v zvezi z varstvom podatkov.
5. The AI Office shall develop a template for a questionnaire, including through an automated tool, to facilitate deployers in complying with their obligations under this Article in a simplified manner.
5. Urad za UI pripravi predlogo vprašalnika, tudi z avtomatiziranim orodjem, da bi se uvajalcem omogočilo, da na poenostavljen način izpolnijo svoje obveznosti iz tega člena.
1. Each Member State shall designate or establish at least one notifying authority responsible for setting up and carrying out the necessary procedures for the assessment, designation and notification of conformity assessment bodies and for their monitoring. Those procedures shall be developed in cooperation between the notifying authorities of all Member States.
1. Vsaka država članica imenuje ali vzpostavi vsaj en priglasitveni organ, odgovoren za vzpostavitev in izvajanje potrebnih postopkov za ocenjevanje, imenovanje in priglasitev organov za ugotavljanje skladnosti ter za njihovo spremljanje. Takšni postopki se oblikujejo v sodelovanju med priglasitvenimi organi vseh držav članic.
2. Member States may decide that the assessment and monitoring referred to in paragraph 1 is to be carried out by a national accreditation body within the meaning of, and in accordance with, Regulation (EC) No 765/2008.
2. Države članice lahko odločijo, da mora ocenjevanje in spremljanje iz odstavka 1 izvajati nacionalni akreditacijski organ v smislu Uredbe (ES) št. 765/2008 in v skladu z njo.
3. Notifying authorities shall be established, organised and operated in such a way that no conflict of interest arises with conformity assessment bodies, and that the objectivity and impartiality of their activities are safeguarded.
3. Priglasitveni organi se ustanovijo, organizirajo in delujejo tako, da ne pride do navzkrižja interesov z organi za ugotavljanje skladnosti ter da se zaščitita objektivnost in nepristranskost njihovih dejavnosti.
4. Notifying authorities shall be organised in such a way that decisions relating to the notification of conformity assessment bodies are taken by competent persons different from those who carried out the assessment of those bodies.
4. Priglasitveni organi so organizirani tako, da odločitve v zvezi s priglasitvijo organov za ugotavljanje skladnosti sprejemajo pristojne osebe, ki niso tiste, ki so izvedle ocenjevanje teh organov.
5. Notifying authorities shall offer or provide neither any activities that conformity assessment bodies perform, nor any consultancy services on a commercial or competitive basis.
5. Priglasitveni organi ne ponujajo ali izvajajo nobenih dejavnosti, ki jih izvajajo organi za ugotavljanje skladnosti, in tudi nobenih storitev svetovanja na komercialni ali konkurenčni podlagi.
6. Notifying authorities shall safeguard the confidentiality of the information that they obtain, in accordance with Article 78.
6. Priglasitveni organi zagotavljajo zaupnost pridobljenih informacij v skladu s členom 78.
7. Notifying authorities shall have an adequate number of competent personnel at their disposal for the proper performance of their tasks. Competent personnel shall have the necessary expertise, where applicable, for their function, in fields such as information technologies, AI and law, including the supervision of fundamental rights.
7. Priglasitveni organi morajo imeti na voljo zadostno število strokovnega osebja za pravilno izvajanje svojih nalog. Pristojno osebje mora imeti potrebno strokovno znanje, kadar je ustrezno, za svojo funkcijo na področjih, kot so informacijske tehnologije, UI in pravo, vključno z nadzorom temeljnih pravic.
Application of a conformity assessment body for notification
Vloga organa za ugotavljanje skladnosti za priglasitev
1. Conformity assessment bodies shall submit an application for notification to the notifying authority of the Member State in which they are established.
1. Organi za ugotavljanje skladnosti predložijo vlogo za priglasitev priglasitvenemu organu države članice, v kateri imajo sedež.
2. The application for notification shall be accompanied by a description of the conformity assessment activities, the conformity assessment module or modules and the types of AI systems for which the conformity assessment body claims to be competent, as well as by an accreditation certificate, where one exists, issued by a national accreditation body attesting that the conformity assessment body fulfils the requirements laid down in Article 31.
2. Vlogi za priglasitev se priložijo opis dejavnosti ugotavljanja skladnosti, opis modula ali modulov za ugotavljanje skladnosti in opis vrst sistemov UI, za katere organ za ugotavljanje skladnosti trdi, da je zanje pristojen, ter morebitni certifikat o akreditaciji, ki ga izda nacionalni akreditacijski organ, ki potrjuje, da organ za ugotavljanje skladnosti izpolnjuje zahteve iz člena 31.
Any valid document related to existing designations of the applicant notified body under any other Union harmonisation legislation shall be added.
Dodajo se vsi veljavni dokumenti v zvezi z obstoječimi imenovanji priglašenega organa vlagatelja na podlagi katere koli druge harmonizacijske zakonodaje Unije.
3. Where the conformity assessment body concerned cannot provide an accreditation certificate, it shall provide the notifying authority with all the documentary evidence necessary for the verification, recognition and regular monitoring of its compliance with the requirements laid down in Article 31.
3. Kadar zadevni organ za ugotavljanje skladnosti ne more zagotoviti certifikata o akreditaciji, priglasitvenemu organu predloži vsa dokumentarna dokazila, potrebna za preverjanje, priznavanje in redno spremljanje njegove skladnosti z zahtevami iz člena 31.
4. For notified bodies which are designated under any other Union harmonisation legislation, all documents and certificates linked to those designations may be used to support their designation procedure under this Regulation, as appropriate. The notified body shall update the documentation referred to in paragraphs 2 and 3 of this Article whenever relevant changes occur, in order to enable the authority responsible for notified bodies to monitor and verify continuous compliance with all the requirements laid down in Article 31.
4. Za priglašene organe, imenovane na podlagi katere koli druge harmonizacijske zakonodaje Unije, se lahko vsi dokumenti in certifikati v zvezi s temi imenovanji uporabijo za podporo njihovemu postopku imenovanja na podlagi te uredbe, če je to primerno. Priglašeni organ posodobi dokumentacijo iz odstavkov 2 in 3 tega člena, kadar pride do pomembnih sprememb, da bi organu, pristojnemu za priglašene organe, omogočil spremljanje in preverjanje stalne skladnosti z vsemi zahtevami, določenimi v členu 31.
1. Notifying authorities may notify only conformity assessment bodies which have satisfied the requirements laid down in Article 31.
1. Priglasitveni organi lahko priglasijo samo tiste organe za ugotavljanje skladnosti, ki izpolnjujejo zahteve iz člena 31.
2. Notifying authorities shall notify the Commission and the other Member States, using the electronic notification tool developed and managed by the Commission, of each conformity assessment body referred to in paragraph 1.
2. Priglasitveni organi Komisiji in ostalim državam članicam priglasijo vsak organ za ugotavljanje skladnosti iz odstavka 1 z uporabo elektronskega orodja za priglasitev, ki ga je razvila in ga upravlja Komisija.
3. The notification referred to in paragraph 2 of this Article shall include full details of the conformity assessment activities, the conformity assessment module or modules, the types of AI systems concerned, and the relevant attestation of competence. Where a notification is not based on an accreditation certificate as referred to in Article 29(2), the notifying authority shall provide the Commission and the other Member States with documentary evidence which attests to the competence of the conformity assessment body and to the arrangements in place to ensure that that body will be monitored regularly and will continue to satisfy the requirements laid down in Article 31.
3. Priglasitev iz odstavka 2 tega člena vključuje vse podrobnosti o dejavnostih ugotavljanja skladnosti, modulu ali modulih za ugotavljanje skladnosti in zadevnih vrstah sistemov UI ter ustrezno potrdilo o usposobljenosti. Kadar priglasitev ne temelji na potrdilu o akreditaciji iz člena 29(2), priglasitveni organ Komisiji in drugim državam članicam predloži dokumentarna dokazila, ki potrjujejo usposobljenost organa za ugotavljanje skladnosti in vzpostavljene ureditve, s čimer se zagotovi, da bo organ redno spremljan in bo še naprej izpolnjeval zahteve iz člena 31.
4. The conformity assessment body concerned may perform the activities of a notified body only where no objections are raised by the Commission or the other Member States within two weeks of a notification by a notifying authority where it includes an accreditation certificate referred to in Article 29(2), or within two months of a notification by the notifying authority where it includes documentary evidence referred to in Article 29(3).
4. Zadevni organ za ugotavljanje skladnosti lahko izvaja dejavnosti priglašenega organa le, kadar Komisija ali druge države članice ne vložijo ugovora bodisi v dveh tednih od priglasitve s strani priglasitvenega organa, kadar ta vključuje potrdilo o akreditaciji iz člena 29(2), ali v dveh mesecih od priglasitve s strani priglasitvenega organa, kadar ta vključuje dokumentarna dokazila iz člena 29(3).
5. Where objections are raised, the Commission shall, without delay, enter into consultations with the relevant Member States and the conformity assessment body. In view thereof, the Commission shall decide whether the authorisation is justified. The Commission shall address its decision to the Member State concerned and to the relevant conformity assessment body.
5. Kadar so vloženi ugovori, se Komisija nemudoma posvetuje z zadevnimi državami članicami in organom za ugotavljanje skladnosti. Glede na to, Komisija odloči, ali je dovoljenje upravičeno ali ne. Svojo odločitev naslovi na zadevno državo članico in ustrezni organ za ugotavljanje skladnosti.
Requirements relating to notified bodies
Zahteve v zvezi s priglašenimi organi
1. A notified body shall be established under the national law of a Member State and shall have legal personality.
1. Priglašeni organ mora biti ustanovljen na podlagi nacionalnega prava države članice in imeti pravno osebnost.
2. Notified bodies shall satisfy the organisational, quality management, resources and process requirements that are necessary to fulfil their tasks, as well as suitable cybersecurity requirements.
2. Priglašeni organi morajo izpolnjevati organizacijske zahteve, zahteve glede upravljanja kakovosti, virov in procesov, potrebnih za izpolnjevanje njihovih nalog, ter ustrezne zahteve glede kibernetske varnosti.
3. The organisational structure, allocation of responsibilities, reporting lines and operation of notified bodies shall ensure confidence in their performance, and in the results of the conformity assessment activities that the notified bodies conduct.
3. Organizacijska struktura, dodelitev pristojnosti, poročanje in delovanje priglašenih organov morajo zagotavljati zaupanje v učinkovitost priglašenih organov in v rezultate dejavnosti ugotavljanja skladnosti, ki jih izvajajo.
4. Notified bodies shall be independent of the provider of a high-risk AI system in relation to which they perform conformity assessment activities. Notified bodies shall also be independent of any other operator having an economic interest in high-risk AI systems assessed, as well as of any competitors of the provider. This shall not preclude the use of assessed high-risk AI systems that are necessary for the operations of the conformity assessment body, or the use of such high-risk AI systems for personal purposes.
4. Priglašeni organi morajo biti neodvisni od ponudnika visokotveganega sistema UI, v zvezi s katerim izvajajo dejavnosti ugotavljanja skladnosti. Neodvisni morajo biti tudi od vseh drugih operaterjev, ki imajo gospodarski interes pri ocenjevanem visoko tveganem sistemu UI, in od vseh konkurentov ponudnika. To ne izključuje uporabe ocenjenih visokotveganih sistemov UI, nujnih za delovanje organa za ugotavljanje skladnosti, ali uporabe teh sistemov v zasebne namene.
5. Neither a conformity assessment body, its top-level management nor the personnel responsible for carrying out its conformity assessment tasks shall be directly involved in the design, development, marketing or use of high-risk AI systems, nor shall they represent the parties engaged in those activities. They shall not engage in any activity that might conflict with their independence of judgement or integrity in relation to conformity assessment activities for which they are notified. This shall, in particular, apply to consultancy services.
5. Niti organ za ugotavljanje skladnosti in njegovo najvišje vodstvo niti osebje, pristojno za opravljanje nalog ugotavljanja skladnosti, ne smejo neposredno sodelovati pri zasnovi, razvoju, trženju ali uporabi visokotveganih sistemov UI in tudi ne zastopati strani, ki sodelujejo pri teh dejavnostih. Ne smejo sodelovati pri nobeni dejavnosti, ki bi lahko vplivala na njihovo neodvisno presojo ali integriteto v zvezi z dejavnostmi ugotavljanja skladnosti, za katere so priglašeni. To zlasti velja za svetovalne storitve.
6. Notified bodies shall be organised and operated so as to safeguard the independence, objectivity and impartiality of their activities. Notified bodies shall document and implement a structure and procedures to safeguard impartiality and to promote and apply the principles of impartiality throughout their organisation, personnel and assessment activities.
6. Priglašeni organi s svojo organizacijo in delovanjem zagotavljajo neodvisnost, objektivnost in nepristranskost pri izvajanju svojih dejavnosti. Dokumentirajo in izvajajo strukturo in postopke za zagotovitev nepristranskosti ter za spodbujanje in uporabo načel nepristranskosti v svoji organizaciji, med osebjem in v dejavnostih ocenjevanja.
7. Notified bodies shall have documented procedures in place ensuring that their personnel, committees, subsidiaries, subcontractors and any associated body or personnel of external bodies maintain, in accordance with Article 78, the confidentiality of the information which comes into their possession during the performance of conformity assessment activities, except when its disclosure is required by law. The staff of notified bodies shall be bound to observe professional secrecy with regard to all information obtained in carrying out their tasks under this Regulation, except in relation to the notifying authorities of the Member State in which their activities are carried out.
7. Priglašeni organi morajo imeti vzpostavljene dokumentirane postopke za zagotovitev, da njihovo osebje, odbori, odvisne družbe, podizvajalci, kateri koli povezan organ ali osebje zunanjih organov v skladu s členom 78 ohranjajo zaupnost informacij, pridobljenih med opravljanjem dejavnosti ugotavljanja skladnosti, razen kadar njihovo razkritje zahteva zakon. Njihovo osebje je zavezano varovanju poklicnih skrivnosti v zvezi z vsemi informacijami, pridobljenimi med izvajanjem nalog na podlagi te uredbe, razen v zvezi s priglasitvenimi organi države članice, v kateri izvajajo svoje dejavnosti.
8. Notified bodies shall have procedures for the performance of activities which take due account of the size of a provider, the sector in which it operates, its structure, and the degree of complexity of the AI system concerned.
8. Priglašeni organi morajo imeti vzpostavljene postopke za izvajanje dejavnosti, pri katerih se ustrezno upoštevajo velikost ponudnika, sektor, v katerem deluje, njegova struktura in stopnja zahtevnosti zadevnega sistema UI.
9. Notified bodies shall take out appropriate liability insurance for their conformity assessment activities, unless liability is assumed by the Member State in which they are established in accordance with national law or that Member State is itself directly responsible for the conformity assessment.
9. Priglašeni organi sklenejo ustrezno zavarovanje odgovornosti za svoje dejavnosti ugotavljanja skladnosti, razen če odgovornost prevzame država članica, v kateri imajo sedež, v skladu z nacionalnim pravom ali če je ta država članica sama neposredno pristojna za ugotavljanje skladnosti.
10. Notified bodies shall be capable of carrying out all their tasks under this Regulation with the highest degree of professional integrity and the requisite competence in the specific field, whether those tasks are carried out by notified bodies themselves or on their behalf and under their responsibility.
10. Priglašeni organi morajo biti sposobni izvajati vse naloge na podlagi te uredbe z najvišjo stopnjo profesionalne integritete in potrebno usposobljenostjo na določenem področju, ne glede na to, ali navedene naloge izvajajo priglašeni organi sami ali se izvajajo v njihovem imenu in pod njihovo odgovornostjo.
11. Notified bodies shall have sufficient internal competences to be able effectively to evaluate the tasks conducted by external parties on their behalf. The notified body shall have permanent availability of sufficient administrative, technical, legal and scientific personnel who possess experience and knowledge relating to the relevant types of AI systems, data and data computing, and relating to the requirements set out in Section 2.
11. Priglašeni organi morajo imeti zadostne notranje kompetence, da lahko učinkovito ocenijo naloge, ki jih opravljajo zunanje stranke v njihovem imenu. Stalno morajo imeti na voljo dovolj upravnega, tehničnega, pravnega in znanstvenega osebja, ki ima izkušnje in znanje v zvezi z ustreznimi vrstami sistemov UI, podatki in računalniško obdelavo podatkov ter v zvezi z zahtevami iz oddelka 2.
12. Notified bodies shall participate in coordination activities as referred to in Article 38. They shall also take part directly, or be represented in, European standardisation organisations, or ensure that they are aware and up to date in respect of relevant standards.
12. Priglašeni organi sodelujejo v usklajevalnih dejavnostih iz člena 38. Sodelujejo tudi neposredno v evropskih organizacijah za standardizacijo ali so v njih zastopani oziroma zagotavljajo, da so seznanjeni z ustreznimi standardi in na tekočem z njimi.
1. The notifying authority shall notify the Commission and the other Member States of any relevant changes to the notification of a notified body via the electronic notification tool referred to in Article 30(2).
1. Priglasitveni organ uradno obvesti Komisijo in druge države članice o vseh pomembnih spremembah priglasitve priglašenega organa z uporabo elektronskega orodja za priglasitev iz člena 30(2).
2. The procedures laid down in Articles 29 and 30 shall apply to extensions of the scope of the notification.
2. Postopki iz členov 29 in 30 se uporabljajo za razširitev področja uporabe priglasitve.
For changes to the notification other than extensions of its scope, the procedures laid down in paragraphs (3) to (9) shall apply.
Za druge spremembe priglasitve, razen za razširitev njenega področja uporabe, se uporabljajo postopki iz odstavkov 3 do 9.
3. Where a notified body decides to cease its conformity assessment activities, it shall inform the notifying authority and the providers concerned as soon as possible and, in the case of a planned cessation, at least one year before ceasing its activities. The certificates of the notified body may remain valid for a period of nine months after cessation of the notified body’s activities, on condition that another notified body has confirmed in writing that it will assume responsibilities for the high-risk AI systems covered by those certificates. The latter notified body shall complete a full assessment of the high-risk AI systems affected by the end of that nine-month-period before issuing new certificates for those systems. Where the notified body has ceased its activity, the notifying authority shall withdraw the designation.
3. Kadar priglašeni organ sklene, da bo prenehal izvajati dejavnosti za ugotavljanje skladnosti, o tem obvesti priglasitveni organ in zadevne ponudnike čim prej, v primeru načrtovanega prenehanja pa vsaj eno leto pred prenehanjem izvajanja svojih dejavnosti. Certifikati priglašenega organa lahko ostanejo veljavni devet mesecev po prenehanju njegovih dejavnosti, pod pogojem da je drug priglašeni organ pisno potrdil, da bo prevzel odgovornost za visokotvegane sisteme UI, na katere se ti certifikati nanašajo. Slednji priglašeni organ opravi celovito oceno zadevnih visokotveganih sistemov UI do konca tega devetmesečnega obdobja, preden izda nove certifikate za te sisteme. Kadar priglašeni organ preneha opravljati svojo dejavnost, priglasitveni organ imenovanje umakne.
4. Where a notifying authority has sufficient reason to consider that a notified body no longer meets the requirements laid down in Article 31, or that it is failing to fulfil its obligations, the notifying authority shall without delay investigate the matter with the utmost diligence. In that context, it shall inform the notified body concerned about the objections raised and give it the possibility to make its views known. If the notifying authority comes to the conclusion that the notified body no longer meets the requirements laid down in Article 31 or that it is failing to fulfil its obligations, it shall restrict, suspend or withdraw the designation as appropriate, depending on the seriousness of the failure to meet those requirements or fulfil those obligations. It shall immediately inform the Commission and the other Member States accordingly.
4. Kadar ima priglasitveni organ zadosten razlog za domnevo, da priglašeni organ ne izpolnjuje več zahtev iz člena 31 ali da ne izpolnjuje svojih obveznosti, zadevo brez odlašanja razišče z največjo skrbnostjo. V tem okviru obvesti zadevni priglašeni organ o vloženih ugovorih in mu omogoči, da izrazi svoja stališča. Če priglasitveni organ ugotovi, da priglašeni organ ne izpolnjuje več zahtev iz člena 31 ali ne izpolnjuje svojih obveznosti, omeji, začasno prekliče ali umakne imenovanje, odvisno od resnosti neizpolnjevanja navedenih zahtev ali neizpolnjevanja navedenih obveznosti. O tem nemudoma obvesti Komisijo in druge države članice.
5. Where its designation has been suspended, restricted, or fully or partially withdrawn, the notified body shall inform the providers concerned within 10 days.
5. Kadar se imenovanje priglašenega organa začasno prekliče, omeji oziroma v celoti ali delno umakne, priglašeni organ o tem obvesti zadevne ponudnike v desetih dneh.
6. In the event of the restriction, suspension or withdrawal of a designation, the notifying authority shall take appropriate steps to ensure that the files of the notified body concerned are kept, and to make them available to notifying authorities in other Member States and to market surveillance authorities at their request.
6. V primeru omejitve, začasnega preklica ali umika imenovanja priglasitveni organ izvede ustrezne ukrepe za zagotovitev, da se dokumentacija zadevnega priglašenega organa ohrani in je na voljo priglasitvenim organom v drugih državah članicah ter organom, pristojnim za nadzor trga, če to zahtevajo.
7. In the event of the restriction, suspension or withdrawal of a designation, the notifying authority shall:
7. V primeru omejitve, začasnega preklica ali umika imenovanja priglasitveni organ:
(a)
assess the impact on the certificates issued by the notified body;
(a)
oceni vpliv na certifikate, ki jih je izdal priglašeni organ;
(b)
submit a report on its findings to the Commission and the other Member States within three months of having notified the changes to the designation;
(b)
Komisiji in drugim državam članicam v treh mesecih od uradnega obvestila o spremembah imenovanja predloži poročilo o svojih ugotovitvah;
(c)
require the notified body to suspend or withdraw, within a reasonable period of time determined by the authority, any certificates which were unduly issued, in order to ensure the continuing conformity of high-risk AI systems on the market;
(c)
od priglašenega organa zahteva, da v razumnem časovnem roku, ki ga določi organ, začasno prekliče ali umakne vse neupravičeno izdane certifikate, da se zagotovi kontinuirana skladnost visokotveganih sistemov UI na trgu;
(d)
inform the Commission and the Member States about certificates the suspension or withdrawal of which it has required;
(d)
Komisijo in države članice obvesti o certifikatih, katerih začasni preklic ali umik je zahteval;
(e)
provide the national competent authorities of the Member State in which the provider has its registered place of business with all relevant information about the certificates of which it has required the suspension or withdrawal; that authority shall take the appropriate measures, where necessary, to avoid a potential risk to health, safety or fundamental rights.
(e)
pristojnim nacionalnim organom države članice, v kateri ima ponudnik registriran sedež poslovanja, zagotovi vse ustrezne informacije o certifikatih, katerih začasni preklic ali umik je zahteval; ta organ sprejme ustrezne ukrepe za preprečitev morebitnega tveganja za zdravje, varnost ali temeljne pravice, kadar je to potrebno.
8. With the exception of certificates unduly issued, and where a designation has been suspended or restricted, the certificates shall remain valid in one of the following circumstances:
8. Razen neupravičeno izdanih certifikatov ostanejo certifikati, kadar je bilo imenovanje začasno preklicano ali omejeno, veljavni v naslednjih okoliščinah:
(a)
the notifying authority has confirmed, within one month of the suspension or restriction, that there is no risk to health, safety or fundamental rights in relation to certificates affected by the suspension or restriction, and the notifying authority has outlined a timeline for actions to remedy the suspension or restriction; or
(a)
priglasitveni organ je v enem mesecu od začasnega preklica ali omejitve potrdil, da v zvezi s certifikati, za katere velja začasni preklic ali omejitev, ni nobenega tveganja za zdravje, varnost ali temeljne pravice, ter določil časovni potek za ukrepe, potrebne za odpravo začasnega preklica ali omejitve, ali
(b)
the notifying authority has confirmed that no certificates relevant to the suspension will be issued, amended or re-issued during the course of the suspension or restriction, and states whether the notified body has the capability of continuing to monitor and remain responsible for existing certificates issued for the period of the suspension or restriction; in the event that the notifying authority determines that the notified body does not have the capability to support existing certificates issued, the provider of the system covered by the certificate shall confirm in writing to the national competent authorities of the Member State in which it has its registered place of business, within three months of the suspension or restriction, that another qualified notified body is temporarily assuming the functions of the notified body to monitor and remain responsible for the certificates during the period of suspension or restriction.
(b)
priglasitveni organ je potrdil, da v obdobju začasnega preklica ali omejitve ne bo izdan, spremenjen ali ponovno izdan noben certifikat, povezan z začasnim preklicem, hkrati pa navedel, ali je priglašeni organ v obdobju začasnega preklica ali omejitve še vedno sposoben spremljati veljavne izdane certifikate in zanje odgovarjati; če priglasitveni organ ugotovi, da priglašeni organ ni sposoben zagotavljati podpore za veljavne izdane certifikate, ponudnik sistema, na katerega se nanaša certifikat, pristojnim nacionalnim organom države članice, v kateri ima registrirani sedež poslovanja, v treh mesecih od začasnega preklica ali omejitve pisno potrdi, da drug kvalificiran priglašeni organ začasno prevzema naloge priglašenega organa v smislu spremljanja certifikatov in odgovarjanja zanje v obdobju začasnega preklica ali omejitve.
9. With the exception of certificates unduly issued, and where a designation has been withdrawn, the certificates shall remain valid for a period of nine months under the following circumstances:
9. Razen v primeru neupravičeno izdanih certifikatov in kadar je bilo imenovanje umaknjeno, ostanejo certifikati v naslednjih okoliščinah veljavni še devet mesecev:
(a)
the national competent authority of the Member State in which the provider of the high-risk AI system covered by the certificate has its registered place of business has confirmed that there is no risk to health, safety or fundamental rights associated with the high-risk AI systems concerned; and
(a)
pristojni nacionalni organ države članice, v kateri ima ponudnik visoko tveganega sistema UI, na katerega se nanaša certifikat, registrirani sedež poslovanja, je potrdil, da v povezavi z zadevnimi visokotveganimi sistemi UI ni tveganja za zdravje, varnost ali temeljne pravice, ter
(b)
another notified body has confirmed in writing that it will assume immediate responsibility for those AI systems and completes its assessment within 12 months of the withdrawal of the designation.
(b)
drug priglašeni organ je pisno potrdil, da bo takoj prevzel odgovornost za te sisteme UI in v 12 mesecih od umika imenovanja zaključi njihovo ocenjevanje.
In the circumstances referred to in the first subparagraph, the national competent authority of the Member State in which the provider of the system covered by the certificate has its place of business may extend the provisional validity of the certificates for additional periods of three months, which shall not exceed 12 months in total.
V okoliščinah iz prvega pododstavka sme pristojni nacionalni organ države članice, v kateri ima ponudnik sistema, na katerega se nanaša certifikat, sedež poslovanja, podaljšati začasno veljavnost certifikatov za nadaljnja obdobja treh mesecev, ki pa skupaj ne smejo trajati dlje kot dvanajst mesecev.
The national competent authority or the notified body assuming the functions of the notified body affected by the change of designation shall immediately inform the Commission, the other Member States and the other notified bodies thereof.
Pristojni nacionalni organ ali priglašeni organ, ki prevzame naloge priglašenega organa, na katerega se nanaša sprememba imenovanja, o tem takoj obvesti Komisijo, druge države članice in druge priglašene organe.
Challenge to the competence of notified bodies
Izpodbijanje usposobljenosti priglašenih organov
1. The Commission shall, where necessary, investigate all cases where there are reasons to doubt the competence of a notified body or the continued fulfilment by a notified body of the requirements laid down in Article 31 and of its applicable responsibilities.
1. Komisija po potrebi razišče vse primere, v katerih obstajajo razlogi za dvom v usposobljenost priglašenega organa oziroma ali priglašeni organ še vedno izpolnjuje zahteve iz člena 31 in svoje veljavne obveznosti.
2. The notifying authority shall provide the Commission, on request, with all relevant information relating to the notification or the maintenance of the competence of the notified body concerned.
2. Priglasitveni organ Komisiji na zahtevo predloži vse ustrezne informacije v zvezi s priglasitvijo ali vzdrževanjem usposobljenosti zadevnega priglašenega organa.
3. The Commission shall ensure that all sensitive information obtained in the course of its investigations pursuant to this Article is treated confidentially in accordance with Article 78.
3. Komisija zagotovi, da se vse občutljive informacije, ki jih pridobi med preiskavami na podlagi tega člena, obravnavajo zaupno v skladu s členom 78.
4. Where the Commission ascertains that a notified body does not meet or no longer meets the requirements for its notification, it shall inform the notifying Member State accordingly and request it to take the necessary corrective measures, including the suspension or withdrawal of the notification if necessary. Where the Member State fails to take the necessary corrective measures, the Commission may, by means of an implementing act, suspend, restrict or withdraw the designation. That implementing act shall be adopted in accordance with the examination procedure referred to in Article 98(2).
4. Kadar Komisija ugotovi, da priglašeni organ ne izpolnjuje ali ne izpolnjuje več zahtev za priglasitev, o tem ustrezno obvesti državo članico priglasiteljico in od nje zahteva, da sprejme potrebne popravne ukrepe, po potrebi vključno z začasnim preklicem ali umikom priglasitve. Kadar država članica ne sprejme potrebnih popravnih ukrepov, lahko Komisija z izvedbenim aktom začasno prekliče, omeji ali umakne imenovanje. Ta izvedbeni akt se sprejme v skladu s postopkom pregleda iz člena 98(2).
Harmonised standards and standardisation deliverables
Harmonizirani standardi in standardizacijski dokumenti
1. High-risk AI systems or general-purpose AI models which are in conformity with harmonised standards or parts thereof the references of which have been published in the Official Journal of the European Union in accordance with Regulation (EU) No 1025/2012 shall be presumed to be in conformity with the requirements set out in Section 2 of this Chapter or, as applicable, with the obligations set out in of Chapter V, Sections 2 and 3, of this Regulation, to the extent that those standards cover those requirements or obligations.
1. Za visokotvegane sisteme UI ali modele UI za splošne namene, ki so skladni s harmoniziranimi standardi ali njihovimi deli, katerih sklici so bili objavljeni v Uradnem listu Evropske unije v skladu z Uredbo (EU) št. 1025/2012, se domneva, da so skladni z zahtevami iz oddelka 2 tega poglavja ali, kot je ustrezno, z obveznostmi iz poglavja V, oddelka 2 in 3, te uredbe, kolikor ti standardi zajemajo te zahteve ali obveznosti.
2. In accordance with Article 10 of Regulation (EU) No 1025/2012, the Commission shall issue, without undue delay, standardisation requests covering all requirements set out in Section 2 of this Chapter and, as applicable, standardisation requests covering obligations set out in Chapter V, Sections 2 and 3, of this Regulation. The standardisation request shall also ask for deliverables on reporting and documentation processes to improve AI systems’ resource performance, such as reducing the high-risk AI system’s consumption of energy and of other resources during its lifecycle, and on the energy-efficient development of general-purpose AI models. When preparing a standardisation request, the Commission shall consult the Board and relevant stakeholders, including the advisory forum.
2. Komisija v skladu s členom 10 Uredbe (EU) št. 1025/2012 brez nepotrebnega odlašanja izda zahteve za standardizacijo, ki zajemajo vse zahteve iz oddelka 2 tega poglavja in, kot je ustrezno, zahteve za standardizacijo, ki zajemajo obveznosti iz poglavja V, oddelka 2 in 3, te uredbe. V zahtevi za standardizacijo se zahtevajo tudi dokumenti v zvezi s postopki poročanja in dokumentiranja za izboljšanje učinkovitosti virov sistemov UI, kot je zmanjšanje porabe energije in drugih virov visokotveganega sistema UI v njegovem življenjskem ciklu, ter dokumenti v zvezi z energijsko učinkovitim razvojem modelov UI za splošne namene. Komisija se pri pripravi zahteve za standardizacijo posvetuje z Odborom in ustreznimi deležniki, vključno s svetovalnim forumom.
When issuing a standardisation request to European standardisation organisations, the Commission shall specify that standards have to be clear, consistent, including with the standards developed in the various sectors for products covered by the existing Union harmonisation legislation listed in Annex I, and aiming to ensure that high-risk AI systems or general-purpose AI models placed on the market or put into service in the Union meet the relevant requirements or obligations laid down in this Regulation.
Komisija pri izdaji zahteve za standardizacijo evropskim organizacijam za standardizacijo določi, da morajo biti standardi jasni, skladni, tudi s standardi, razvitimi v različnih sektorjih, za proizvode, za katere velja obstoječa harmonizacijska zakonodaja Unije iz Priloge I, in namenjeni temu, da se zagotovi, da visokotvegani sistemi UI ali modeli UI za splošne namene, ki so dani na trg ali v uporabo v Uniji, izpolnjujejo ustrezne zahteve ali obveznosti iz te uredbe.
The Commission shall request the European standardisation organisations to provide evidence of their best efforts to fulfil the objectives referred to in the first and the second subparagraph of this paragraph in accordance with Article 24 of Regulation (EU) No 1025/2012.
Komisija od evropskih organizacij za standardizacijo zahteva, da v skladu s členom 24 Uredbe (EU) št. 1025/2012 predložijo dokaze o svojih najboljših prizadevanjih za izpolnitev ciljev iz prvega in drugega pododstavka tega odstavka.
3. The participants in the standardisation process shall seek to promote investment and innovation in AI, including through increasing legal certainty, as well as the competitiveness and growth of the Union market, to contribute to strengthening global cooperation on standardisation and taking into account existing international standards in the field of AI that are consistent with Union values, fundamental rights and interests, and to enhance multi-stakeholder governance ensuring a balanced representation of interests and the effective participation of all relevant stakeholders in accordance with Articles 5, 6, and 7 of Regulation (EU) No 1025/2012.
3. Udeleženci v postopku standardizacije si prizadevajo spodbujati naložbe in inovacije na področju UI, tudi s krepitvijo pravne varnosti, ter konkurenčnost in rast trga Unije, prispevati k izboljšanju globalnega sodelovanja na področju standardizacije ob upoštevanju obstoječih mednarodnih standardov na področju UI, ki so skladni z vrednotami, temeljnimi pravicami in interesi Unije, ter krepiti večdeležniško upravljanje, pri čemer zagotavljajo uravnoteženo zastopanost interesov in učinkovito sodelovanje vseh ustreznih deležnikov v skladu s členi 5, 6 in 7 Uredbe (EU) št. 1025/2012.
1. The Commission may adopt, implementing acts establishing common specifications for the requirements set out in Section 2 of this Chapter or, as applicable, for the obligations set out in Sections 2 and 3 of Chapter V where the following conditions have been fulfilled:
1. Komisija lahko sprejme izvedbene akte o določitvi skupnih specifikacij za zahteve iz oddelka 2 tega poglavja ali, kot je ustrezno, za obveznosti iz oddelkov 2 in 3 poglavja V, kadar so izpolnjeni naslednji pogoji:
(a)
the Commission has requested, pursuant to Article 10(1) of Regulation (EU) No 1025/2012, one or more European standardisation organisations to draft a harmonised standard for the requirements set out in Section 2 of this Chapter, or, as applicable, for the obligations set out in Sections 2 and 3 of Chapter V, and:
(a)
Komisija je na podlagi člena 10(1) Uredbe (EU) št. 1025/2012 zahtevala, da ena ali več evropskih organizacij za standardizacijo pripravi osnutek harmoniziranega standarda za zahteve iz oddelka 2 tega poglavja ali, kot je ustrezno, za obveznosti iz oddelkov 2 in 3 poglavja V, in:
(i)
the request has not been accepted by any of the European standardisation organisations; or
(i)
zahteve ni sprejela nobena evropska organizacija za standardizacijo ali
(ii)
the harmonised standards addressing that request are not delivered within the deadline set in accordance with Article 10(1) of Regulation (EU) No 1025/2012; or
(ii)
harmonizirani standardi, ki se nanašajo na to zahtevo, niso bili predloženi v roku, določenem v skladu s členom 10(1) Uredbe (EU) št. 1025/2012, ali
(iii)
the relevant harmonised standards insufficiently address fundamental rights concerns; or
(iii)
v ustreznih harmoniziranih standardih so nezadostno obravnavani pomisleki glede temeljnih pravic ali
(iv)
the harmonised standards do not comply with the request; and
(iv)
harmonizirani standardi niso skladni z zahtevo ter
(b)
no reference to harmonised standards covering the requirements referred to in Section 2 of this Chapter or, as applicable, the obligations referred to in Sections 2 and 3 of Chapter V has been published in the Official Journal of the European Union in accordance with Regulation (EU) No 1025/2012, and no such reference is expected to be published within a reasonable period.
(b)
v Uradnem listu Evropske unije v skladu z Uredbo (EU) št. 1025/2012 ni objavljen sklic na harmonizirane standarde, ki zajemajo zahteve iz oddelka 2 tega poglavja ali, kot je ustrezno, obveznosti iz oddelkov 2 in 3 poglavja V, in objava takega sklica se v razumnem roku tudi ne pričakuje.
When drafting the common specifications, the Commission shall consult the advisory forum referred to in Article 67.
Pri pripravi skupnih specifikacij se Komisija posvetuje s svetovalnim forumom iz člena 67.
The implementing acts referred to in the first subparagraph of this paragraph shall be adopted in accordance with the examination procedure referred to in Article 98(2).
Izvedbeni akti iz prvega pododstavka tega odstavka se sprejmejo v skladu s postopkom pregleda iz člena 98(2).
2. Before preparing a draft implementing act, the Commission shall inform the committee referred to in Article 22 of Regulation (EU) No 1025/2012 that it considers the conditions laid down in paragraph 1 of this Article to be fulfilled.
2. Komisija pred pripravo osnutka izvedbenega akta obvesti odbor iz člena 22 Uredbe (EU) št. 1025/2012, da meni, da so pogoji iz odstavka 1 tega člena izpolnjeni.
3. High-risk AI systems or general-purpose AI models which are in conformity with the common specifications referred to in paragraph 1, or parts of those specifications, shall be presumed to be in conformity with the requirements set out in Section 2 of this Chapter or, as applicable, to comply with the obligations referred to in Sections 2 and 3 of Chapter V, to the extent those common specifications cover those requirements or those obligations.
3. Za visokotvegane sisteme UI ali modele UI za splošne namene, ki so v skladu s skupnimi specifikacijami iz odstavka 1 ali deli navedenih specifikacij, se domneva, da so skladni z zahtevami iz oddelka 2 tega poglavja ali, kot je ustrezno, izpolnjujejo zahteve iz oddelkov 2 in 3 poglavja V, kolikor so te zajete v teh skupnih specifikacijah ali teh obveznostih.
4. Where a harmonised standard is adopted by a European standardisation organisation and proposed to the Commission for the publication of its reference in the Official Journal of the European Union, the Commission shall assess the harmonised standard in accordance with Regulation (EU) No 1025/2012. When reference to a harmonised standard is published in the Official Journal of the European Union, the Commission shall repeal the implementing acts referred to in paragraph 1, or parts thereof which cover the same requirements set out in Section 2 of this Chapter or, as applicable, the same obligations set out in Sections 2 and 3 of Chapter V.
4. Kadar evropska organizacija za standardizacijo sprejme harmonizirani standard in ga predloži Komisiji, da se sklic nanj objavi v Uradnem listu Evropske unije, Komisija harmonizirani standard oceni v skladu z Uredbo (EU) št. 1025/2012. Ko se sklic na harmonizirani standard objavi v Uradnem listu Evropske unije, Komisija razveljavi izvedbene akte iz odstavka 1 ali njihove dele, ki zajemajo zahteve, enake zahtevam iz oddelka 2 tega poglavja ali, kot je ustrezno, iste obveznosti iz oddelkov 2 in 3 poglavja V.
5. Where providers of high-risk AI systems or general-purpose AI models do not comply with the common specifications referred to in paragraph 1, they shall duly justify that they have adopted technical solutions that meet the requirements referred to in Section 2 of this Chapter or, as applicable, comply with the obligations set out in Sections 2 and 3 of Chapter V to a level at least equivalent thereto.
5. Kadar ponudniki visokotveganih sistemov UI ali modelov UI za splošne namene ne izpolnjujejo skupnih specifikacij iz odstavka 1, ustrezno utemeljijo, da so sprejeli tehnične rešitve, ki izpolnjujejo zahteve iz oddelka 2 tega poglavja ali, kot je ustrezno, izpolnjujejo obveznosti iz oddelkov 2 in 3 poglavja V v tolikšni meri, da so jim vsaj enakovredne.
6. Where a Member State considers that a common specification does not entirely meet the requirements set out in Section 2 or, as applicable, comply with obligations set out in Sections 2 and 3 of Chapter V, it shall inform the Commission thereof with a detailed explanation. The Commission shall assess that information and, if appropriate, amend the implementing act establishing the common specification concerned.
6. Kadar država članica meni, da skupna specifikacija ne izpolnjuje v celoti zahtev iz oddelka 2 ali, kot je ustrezno, ne izpolnjuje obveznosti iz oddelkov 2 in 3 poglavja V, o tem s podrobno obrazložitvijo obvesti Komisijo. Komisija te informacije oceni in po potrebi spremeni izvedbeni akt o določitvi zadevne skupne specifikacije.
1. For high-risk AI systems listed in point 1 of Annex III, where, in demonstrating the compliance of a high-risk AI system with the requirements set out in Section 2, the provider has applied harmonised standards referred to in Article 40, or, where applicable, common specifications referred to in Article 41, the provider shall opt for one of the following conformity assessment procedures based on:
1. Za visokotvegane sisteme UI iz Priloge III, točka 1, pri katerih je ponudnik pri dokazovanju skladnosti visokotveganega sistema UI z zahtevami iz oddelka 2 uporabil harmonizirane standarde iz člena 40 ali, kadar je to primerno, skupne specifikacije iz člena 41, ponudnik izbere enega od naslednjih postopkov za ugotavljanje skladnosti na podlagi:
(a)
the internal control referred to in Annex VI; or
(a)
notranjega nadzora iz Priloge VI ali
(b)
the assessment of the quality management system and the assessment of the technical documentation, with the involvement of a notified body, referred to in Annex VII.
(b)
ocenjevanja sistema upravljanja kakovosti in ocenjevanja tehnične dokumentacije s sodelovanjem priglašenega organa iz Priloge VII.
In demonstrating the compliance of a high-risk AI system with the requirements set out in Section 2, the provider shall follow the conformity assessment procedure set out in Annex VII where:
Pri dokazovanju skladnosti visokotveganega sistema UI z zahtevami iz oddelka 2 ponudnik opravi postopek ugotavljanja skladnosti iz Priloge VII, kadar:
(a)
harmonised standards referred to in Article 40 do not exist, and common specifications referred to in Article 41 are not available;
(a)
harmonizirani standardi iz člena 40 ne obstajajo in skupne specifikacije iz člena 41 niso na voljo;
(b)
the provider has not applied, or has applied only part of, the harmonised standard;
(b)
ponudnik ni uporabil harmoniziranega standarda ali ga je uporabil le delno;
(c)
the common specifications referred to in point (a) exist, but the provider has not applied them;
(c)
skupne specifikacije iz točke (a) obstajajo, vendar jih ponudnik ni uporabil;
(d)
one or more of the harmonised standards referred to in point (a) has been published with a restriction, and only on the part of the standard that was restricted.
(d)
je bil eden ali več harmoniziranih standardov iz točke (a) objavljen z omejitvijo in samo za tisti del standarda, ki je bil omejen.
For the purposes of the conformity assessment procedure referred to in Annex VII, the provider may choose any of the notified bodies. However, where the high-risk AI system is intended to be put into service by law enforcement, immigration or asylum authorities or by Union institutions, bodies, offices or agencies, the market surveillance authority referred to in Article 74(8) or (9), as applicable, shall act as a notified body.
Za namene postopka ugotavljanja skladnosti iz Priloge VII lahko ponudnik izbere katerega koli od priglašenih organov. Kadar pa naj bi visokotvegani sistem UI dali v uporabo organi za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj, organi, pristojni za priseljevanje, ali azilni organi ali institucije, organi, uradi in agencije Unije, je priglašeni organ organ za nadzor trga iz člena 74(8) ali (9), kot je ustrezno.
2. For high-risk AI systems referred to in points 2 to 8 of Annex III, providers shall follow the conformity assessment procedure based on internal control as referred to in Annex VI, which does not provide for the involvement of a notified body.
2. Za visokotvegane sisteme UI iz Priloge III, točke 2 do 8, ponudniki upoštevajo postopek ugotavljanja skladnosti na podlagi notranje kontrole iz Priloge VI, ki ne predvideva sodelovanja priglašenega organa.
3. For high-risk AI systems covered by the Union harmonisation legislation listed in Section A of Annex I, the provider shall follow the relevant conformity assessment procedure as required under those legal acts. The requirements set out in Section 2 of this Chapter shall apply to those high-risk AI systems and shall be part of that assessment. Points 4.3., 4.4., 4.5. and the fifth paragraph of point 4.6 of Annex VII shall also apply.
3. Za visokotvegane sisteme UI, zajete v harmonizacijski zakonodaji Unije iz Priloge I, oddelek A, ponudnik upošteva ustrezni postopek ugotavljanja skladnosti, kot se zahteva v navedenih pravnih aktih. Za te visokotvegane sisteme UI se uporabljajo zahteve iz oddelka 2 tega poglavja, ki so del te ocene. Uporablja se tudi Priloga VII, točke 4.3, 4.4, 4.5 in peti odstavek točke 4.6.
For the purposes of that assessment, notified bodies which have been notified under those legal acts shall be entitled to control the conformity of the high-risk AI systems with the requirements set out in Section 2, provided that the compliance of those notified bodies with requirements laid down in Article 31(4), (5), (10) and (11) has been assessed in the context of the notification procedure under those legal acts.
Za namene te ocene so priglašeni organi, ki so priglašeni na podlagi teh pravnih aktov, upravičeni nadzorovati skladnost visokotveganih sistemov UI z zahtevami iz oddelka 2, če je bila skladnost teh priglašenih organov z zahtevami iz člena 31(4), (5), (10) in (11) ocenjena v okviru postopka priglasitve na podlagi teh pravnih aktov.
Where a legal act listed in Section A of Annex I enables the product manufacturer to opt out from a third-party conformity assessment, provided that that manufacturer has applied all harmonised standards covering all the relevant requirements, that manufacturer may use that option only if it has also applied harmonised standards or, where applicable, common specifications referred to in Article 41, covering all requirements set out in Section 2 of this Chapter.
Kadar pravni akt iz Priloge I, oddelek A, proizvajalcu proizvoda omogoča, da se odloči za izvzetje iz ugotavljanja skladnosti s strani tretjih oseb, pod pogojem, da je ta proizvajalec uporabil vse harmonizirane standarde, ki zajemajo vse ustrezne zahteve, lahko ta proizvajalec uporabi to možnost le, če je uporabil harmonizirane standarde ali, kadar je to primerno, skupne specifikacije iz člena 41, ki zajemajo vse zahteve iz oddelka 2 tega poglavja.
4. High-risk AI systems that have already been subject to a conformity assessment procedure shall undergo a new conformity assessment procedure in the event of a substantial modification, regardless of whether the modified system is intended to be further distributed or continues to be used by the current deployer.
4. Pri visokotveganih sistemih UI, pri katerih je bil že opravljen postopek ugotavljanja skladnosti, se v primeru bistvene spremembe opravi nov postopek ugotavljanja skladnosti, ne glede na to, ali je spremenjeni sistem namenjen nadaljnji distribuciji ali ga še naprej uporablja sedanji uvajalec.
For high-risk AI systems that continue to learn after being placed on the market or put into service, changes to the high-risk AI system and its performance that have been pre-determined by the provider at the moment of the initial conformity assessment and are part of the information contained in the technical documentation referred to in point 2(f) of Annex IV, shall not constitute a substantial modification.
Za visokotvegane sisteme UI, ki se po dajanju na trg ali v uporabo še naprej učijo, spremembe visokotveganega sistema UI in njegove zmogljivosti, ki jih je ponudnik vnaprej določil ob začetnem ugotavljanju skladnosti in so del informacij iz tehnične dokumentacije iz Priloge IV, točka 2(f), ne pomenijo bistvene spremembe.
5. The Commission is empowered to adopt delegated acts in accordance with Article 97 in order to amend Annexes VI and VII by updating them in light of technical progress.
5. Na Komisijo se prenese pooblastilo za sprejemanje delegiranih aktov v skladu s členom 97, da zaradi tehničnega napredka spremeni s posodobitvijo prilogi VI in VII.
6. The Commission is empowered to adopt delegated acts in accordance with Article 97 in order to amend paragraphs 1 and 2 of this Article in order to subject high-risk AI systems referred to in points 2 to 8 of Annex III to the conformity assessment procedure referred to in Annex VII or parts thereof. The Commission shall adopt such delegated acts taking into account the effectiveness of the conformity assessment procedure based on internal control referred to in Annex VI in preventing or minimising the risks to health and safety and protection of fundamental rights posed by such systems, as well as the availability of adequate capacities and resources among notified bodies.
6. Na Komisijo se prenese pooblastilo za sprejemanje delegiranih aktov v skladu s členom 97 za spremembo odstavkov 1 in 2 tega člena, da se za visokotvegane sisteme UI iz Priloge III, točke 2 do 8, v celoti ali deloma uvede postopek ugotavljanja skladnosti iz Priloge VII. Komisija take delegirane akte sprejme ob upoštevanju učinkovitosti postopka ugotavljanja skladnosti na podlagi notranje kontrole iz Priloge VI pri preprečevanju ali čim večjem zmanjševanju tveganj za zdravje in varnost ter varstvo temeljnih pravic, ki jih predstavljajo taki sistemi, ter razpoložljivosti ustreznih zmogljivosti in virov med priglašenimi organi.
1. Certificates issued by notified bodies in accordance with Annex VII shall be drawn-up in a language which can be easily understood by the relevant authorities in the Member State in which the notified body is established.
1. Certifikati, ki jih izdajo priglašeni organi v skladu s Prilogo VII, so sestavljeni v jeziku, ki ga ustrezni organi v državi članici, v kateri ima priglašeni organ sedež, zlahka razumejo.
2. Certificates shall be valid for the period they indicate, which shall not exceed five years for AI systems covered by Annex I, and four years for AI systems covered by Annex III. At the request of the provider, the validity of a certificate may be extended for further periods, each not exceeding five years for AI systems covered by Annex I, and four years for AI systems covered by Annex III, based on a re-assessment in accordance with the applicable conformity assessment procedures. Any supplement to a certificate shall remain valid, provided that the certificate which it supplements is valid.
2. Certifikati so veljavni toliko časa, kolikor je navedeno, a ne več kot pet let za sisteme UI iz Priloge I in štiri leta za sisteme UI iz Priloge III. Na zahtevo ponudnika se lahko veljavnost certifikata na podlagi ponovne ocene v skladu z veljavnimi postopki za ugotavljanje skladnosti podaljša za nadaljnja obdobja, ki ne presegajo pet let za sisteme UI iz Priloge I in štirih let za sisteme UI iz Priloge III. Vsako dopolnilo k certifikatu ostane veljavno, če je veljaven certifikat, ki ga to dopolnjuje.
3. Where a notified body finds that an AI system no longer meets the requirements set out in Section 2, it shall, taking account of the principle of proportionality, suspend or withdraw the certificate issued or impose restrictions on it, unless compliance with those requirements is ensured by appropriate corrective action taken by the provider of the system within an appropriate deadline set by the notified body. The notified body shall give reasons for its decision.
3. Kadar priglašeni organ ugotovi, da sistem UI ne izpolnjuje več zahtev iz oddelka 2, ob upoštevanju načela sorazmernosti začasno prekliče ali umakne izdan certifikat oziroma ga omeji, razen če se skladnost s temi zahtevami zagotovi z ustreznimi popravnimi ukrepi, ki jih je ponudnik sistema sprejel v ustreznem roku, ki ga je določil priglašeni organ. Priglašeni organ svojo odločitev obrazloži.
An appeal procedure against decisions of the notified bodies, including on conformity certificates issued, shall be available.
Zoper odločitve priglašenih organov, tudi o izdanih certifikatih o skladnosti, je na voljo pritožbeni postopek.
Derogation from conformity assessment procedure
Odstopanje od postopka ugotavljanja skladnosti
1. By way of derogation from Article 43 and upon a duly justified request, any market surveillance authority may authorise the placing on the market or the putting into service of specific high-risk AI systems within the territory of the Member State concerned, for exceptional reasons of public security or the protection of life and health of persons, environmental protection or the protection of key industrial and infrastructural assets. That authorisation shall be for a limited period while the necessary conformity assessment procedures are being carried out, taking into account the exceptional reasons justifying the derogation. The completion of those procedures shall be undertaken without undue delay.
1. Z odstopanjem od člena 43 in na podlagi ustrezno utemeljene zahteve lahko kateri koli organ za nadzor trga dovoli dajanje posebnih visokotveganih sistemov UI na trg ali v uporabo na ozemlju zadevne države članice iz izjemnih razlogov javne varnosti ali varstva življenja in zdravja ljudi, varstva okolja ter varstva ključnih industrijskih in infrastrukturnih sredstev. To dovoljenje velja omejeno obdobje, dokler se izvajajo potrebni postopki ugotavljanja skladnosti, ob upoštevanju izjemnih razlogov, ki upravičujejo odstopanje. Ti postopki se zaključijo brez nepotrebnega odlašanja.
2. In a duly justified situation of urgency for exceptional reasons of public security or in the case of specific, substantial and imminent threat to the life or physical safety of natural persons, law-enforcement authorities or civil protection authorities may put a specific high-risk AI system into service without the authorisation referred to in paragraph 1, provided that such authorisation is requested during or after the use without undue delay. If the authorisation referred to in paragraph 1 is refused, the use of the high-risk AI system shall be stopped with immediate effect and all the results and outputs of such use shall be immediately discarded.
2. V ustrezno utemeljenih nujnih primerih iz izjemnih razlogov javne varnosti ali v primeru posebne, precejšnje in neposredne grožnje za življenje ali telesno varnost fizičnih oseb lahko organi za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj ali organi civilne zaščite dajo določen visokotvegani sistem UI v uporabo brez dovoljenja iz odstavka 1, če se za tako dovoljenje brez nepotrebnega odlašanja zaprosi med uporabo ali po njej. Če se dovoljenje iz odstavka 1 zavrne, se uporaba visokotveganega sistema UI takoj ustavi, vsi rezultati in izhodni podatki, ki izhajajo iz take uporabe, pa se takoj zavržejo.
3. The authorisation referred to in paragraph 1 shall be issued only if the market surveillance authority concludes that the high-risk AI system complies with the requirements of Section 2. The market surveillance authority shall inform the Commission and the other Member States of any authorisation issued pursuant to paragraphs 1 and 2. This obligation shall not cover sensitive operational data in relation to the activities of law-enforcement authorities.
3. Dovoljenje iz odstavka 1 se izda le, če organ za nadzor trga ugotovi, da visokotvegani sistem UI izpolnjuje zahteve iz oddelka 2. Organ za nadzor trga obvesti Komisijo in druge države članice o vseh dovoljenjih, izdanih na podlagi odstavkov 1 in 2. Ta obveznost ne zajema občutljivih operativnih podatkov v zvezi z dejavnostmi organov za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj.
4. Where, within 15 calendar days of receipt of the information referred to in paragraph 3, no objection has been raised by either a Member State or the Commission in respect of an authorisation issued by a market surveillance authority of a Member State in accordance with paragraph 1, that authorisation shall be deemed justified.
4. Kadar v 15 koledarskih dneh po prejemu informacij iz odstavka 3 država članica ali Komisija ne poda nobenega ugovora glede dovoljenja, ki ga je izdal organ za nadzor trga države članice v skladu z odstavkom 1, se šteje, da je dovoljenje upravičeno.
5. Where, within 15 calendar days of receipt of the notification referred to in paragraph 3, objections are raised by a Member State against an authorisation issued by a market surveillance authority of another Member State, or where the Commission considers the authorisation to be contrary to Union law, or the conclusion of the Member States regarding the compliance of the system as referred to in paragraph 3 to be unfounded, the Commission shall, without delay, enter into consultations with the relevant Member State. The operators concerned shall be consulted and have the possibility to present their views. Having regard thereto, the Commission shall decide whether the authorisation is justified. The Commission shall address its decision to the Member State concerned and to the relevant operators.
5. Kadar v 15 koledarskih dneh po prejemu obvestila iz odstavka 3 država članica poda ugovore zoper dovoljenje, ki ga je izdal organ za nadzor trga druge države članice, ali kadar Komisija meni, da je dovoljenje v nasprotju s pravom Unije ali da je sklep držav članic glede skladnosti sistema iz odstavka 3 neutemeljen, se Komisija brez odlašanja posvetuje z zadevno državo članico. Z zadevnimi operaterji se posvetuje in ti imajo možnost, da predstavijo svoja stališča. Glede na to Komisija odloči, ali je dovoljenje upravičeno. Komisija svojo odločitev sporoči zadevnim državam članicam in ustreznim operaterjem.
6. Where the Commission considers the authorisation unjustified, it shall be withdrawn by the market surveillance authority of the Member State concerned.
6. Kadar Komisija meni, da je dovoljenje neupravičeno, ga organ za nadzor trga zadevne države članice umakne.
7. For high-risk AI systems related to products covered by Union harmonisation legislation listed in Section A of Annex I, only the derogations from the conformity assessment established in that Union harmonisation legislation shall apply.
7. Za visokotvegane sisteme UI, povezane s proizvodi, zajetimi v harmonizacijski zakonodaji Unije iz Priloge I, oddelek A, se uporabljajo samo odstopanja od ugotavljanja skladnosti, določena v navedeni harmonizacijski zakonodaji Unije.
EU declaration of conformity
1. The provider shall draw up a written machine readable, physical or electronically signed EU declaration of conformity for each high-risk AI system, and keep it at the disposal of the national competent authorities for 10 years after the high-risk AI system has been placed on the market or put into service. The EU declaration of conformity shall identify the high-risk AI system for which it has been drawn up. A copy of the EU declaration of conformity shall be submitted to the relevant national competent authorities upon request.
1. Ponudnik za vsak visokotvegani sistem UI sestavi strojno berljivo, fizično ali elektronsko podpisano pisno EU izjavo o skladnosti in jo hrani za potrebe pristojnih nacionalnih organov ter jim jo daje na voljo še 10 let po tem, ko je bil visokotvegani sistem UI dan na trg ali v uporabo. V EU izjavi o skladnosti se opredeli, za kateri visokotvegani sistem UI je bila sestavljena. Na zahtevo se ustreznim pristojnim nacionalnim organom predloži izvod EU izjave o skladnosti.
2. The EU declaration of conformity shall state that the high-risk AI system concerned meets the requirements set out in Section 2. The EU declaration of conformity shall contain the information set out in Annex V, and shall be translated into a language that can be easily understood by the national competent authorities of the Member States in which the high-risk AI system is placed on the market or made available.
2. V EU izjavi o skladnosti se navede, da zadevni visokotvegani sistem UI izpolnjuje zahteve iz oddelka 2. EU izjava o skladnosti vsebuje informacije iz Priloge V in se prevede v jezik, ki ga pristojni nacionalni organi držav članic, v katerih je visokotvegani sistem UI dan na trg ali je omogočena dostopnost do njega, zlahka razumejo.
3. Where high-risk AI systems are subject to other Union harmonisation legislation which also requires an EU declaration of conformity, a single EU declaration of conformity shall be drawn up in respect of all Union law applicable to the high-risk AI system. The declaration shall contain all the information required to identify the Union harmonisation legislation to which the declaration relates.
3. Kadar za visokotvegane sisteme UI velja druga harmonizacijska zakonodaja Unije, v skladu s katero se zahteva tudi EU izjava o skladnosti, se pripravi enotna EU izjava o skladnosti za pravo Unije, ki se uporablja za visokotvegani sistem UI. Ta izjava vsebuje vse informacije, s katerimi se ugotovi, na katero harmonizacijsko zakonodajo Unije se izjava nanaša.
4. By drawing up the EU declaration of conformity, the provider shall assume responsibility for compliance with the requirements set out in Section 2. The provider shall keep the EU declaration of conformity up-to-date as appropriate.
4. S pripravo EU izjave o skladnosti ponudnik prevzame odgovornost za skladnost z zahtevami iz oddelka 2. Ponudnik EU izjavo o skladnosti, če je to primerno, posodablja.
5. The Commission is empowered to adopt delegated acts in accordance with Article 97 in order to amend Annex V by updating the content of the EU declaration of conformity set out in that Annex, in order to introduce elements that become necessary in light of technical progress.
5. Na Komisijo se prenese pooblastilo za sprejemanje delegiranih aktov v skladu s členom 97, da se spremeni Priloga V, s posodobitvijo vsebine EU izjave o skladnosti iz navedene priloge, da se uvedejo elementi, potrebni zaradi tehničnega napredka.
1. The CE marking shall be subject to the general principles set out in Article 30 of Regulation (EC) No 765/2008.
1. Za oznako CE veljajo splošna načela iz člena 30 Uredbe (ES) št. 765/2008.
2. For high-risk AI systems provided digitally, a digital CE marking shall be used, only if it can easily be accessed via the interface from which that system is accessed or via an easily accessible machine-readable code or other electronic means.
2. Za visokotvegane sisteme UI, ki se zagotavljajo digitalno, se digitalna oznaka CE uporablja le, če je do nje mogoče enostavno dostopati prek vmesnika, prek katerega se dostopa do tega sistema, ali prek lahko dostopne strojno berljive kode ali drugega elektronskega sredstva.
3. The CE marking shall be affixed visibly, legibly and indelibly for high-risk AI systems. Where that is not possible or not warranted on account of the nature of the high-risk AI system, it shall be affixed to the packaging or to the accompanying documentation, as appropriate.
3. Oznaka CE se vidno, čitljivo in neizbrisno namesti na visokotvegane sisteme UI. Kadar to ni mogoče ali ni upravičeno zaradi značilnosti visokotveganega sistema UI, se oznaka namesti bodisi na embalažo ali na priloženo dokumentacijo.
4. Where applicable, the CE marking shall be followed by the identification number of the notified body responsible for the conformity assessment procedures set out in Article 43. The identification number of the notified body shall be affixed by the body itself or, under its instructions, by the provider or by the provider’s authorised representative. The identification number shall also be indicated in any promotional material which mentions that the high-risk AI system fulfils the requirements for CE marking.
4. Kadar je to primerno, oznaki CE sledi identifikacijska številka priglašenega organa, odgovornega za postopke ugotavljanja skladnosti iz člena 43. Identifikacijsko številko priglašenega organa pritrdi organ sam ali pa jo na podlagi njegovih navodil pritrdi ponudnik ali njegov pooblaščeni zastopnik. Identifikacijska številka se navede tudi v promocijskem gradivu, v katerem je omenjeno, da visokotvegani sistem UI izpolnjuje zahteve za oznako CE.
5. Where high-risk AI systems are subject to other Union law which also provides for the affixing of the CE marking, the CE marking shall indicate that the high-risk AI system also fulfil the requirements of that other law.
5. Kadar visokotvegane sisteme UI ureja drugo pravo Unije, ki prav tako določa namestitev oznake CE, se na tej oznaki navede, da visokotvegani sistem UI izpolnjuje tudi zahteve tega drugega prava.
1. Before placing on the market or putting into service a high-risk AI system listed in Annex III, with the exception of high-risk AI systems referred to in point 2 of Annex III, the provider or, where applicable, the authorised representative shall register themselves and their system in the EU database referred to in Article 71.
1. Pred dajanjem visokotveganega sistema UI iz Priloge III, z izjemo visokotveganih sistemov UI iz Priloge III, točka 2, na trg ali v uporabo ponudnik ali, kadar je to ustrezno, pooblaščeni zastopnik sebe in svoj sistem registrira v podatkovni zbirki EU iz člena 71.
2. Before placing on the market or putting into service an AI system for which the provider has concluded that it is not high-risk according to Article 6(3), that provider or, where applicable, the authorised representative shall register themselves and that system in the EU database referred to in Article 71.
2. Pred dajanjem sistema UI, za katerega je ponudnik ugotovil, da v skladu s členom 6(3) ne šteje za visokotvegan, na trg ali v uporabo ponudnik ali, kadar je to ustrezno, pooblaščeni zastopnik sebe in navedeni sistem registrira v podatkovni zbirki EU iz člena 71.
3. Before putting into service or using a high-risk AI system listed in Annex III, with the exception of high-risk AI systems listed in point 2 of Annex III, deployers that are public authorities, Union institutions, bodies, offices or agencies or persons acting on their behalf shall register themselves, select the system and register its use in the EU database referred to in Article 71.
3. Pred dajanjem v uporabo ali pred uporabo visokotveganega sistema UI iz Priloge III, z izjemo visokotveganih sistemov UI iz Priloge III, točka 2, se uvajalci, ki so javni organi, institucije, organi, uradi ali agencije Unije ali osebe, ki delujejo v njihovem imenu, registrirajo, izberejo sistem in registrirajo njegovo uporabo v podatkovni zbirki EU iz člena 71.
4. For high-risk AI systems referred to in points 1, 6 and 7 of Annex III, in the areas of law enforcement, migration, asylum and border control management, the registration referred to in paragraphs 1, 2 and 3 of this Article shall be in a secure non-public section of the EU database referred to in Article 71 and shall include only the following information, as applicable, referred to in:
4. Za visokotvegane sisteme UI iz Priloge III, točke 1, 6 in 7, na področju preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, migracij, azila in upravljanja nadzora meja se registracija iz odstavkov 1, 2 in 3 tega člena izvede v varnem nejavnem delu podatkovne zbirke EU iz člena 71 in vključuje le naslednje informacije, kot je ustrezno, iz:
(a)
Section A, points 1 to 10, of Annex VIII, with the exception of points 6, 8 and 9;
(a)
Priloge VIII, oddelek A, točke 1 do 10, razen točk 6, 8 in 9;
(b)
Section B, points 1 to 5, and points 8 and 9 of Annex VIII;
(b)
Priloge VIII, oddelek B, točke 1 do 5 ter točki 8 in 9;
(c)
Section C, points 1 to 3, of Annex VIII;
(c)
Priloge VIII, oddelek C, točke 1 do 3;
(d)
points 1, 2, 3 and 5, of Annex IX.
(d)
Priloge IX, točke 1, 2, 3 in 5.
Only the Commission and national authorities referred to in Article 74(8) shall have access to the respective restricted sections of the EU database listed in the first subparagraph of this paragraph.
Dostop do ustreznih omejenih delov podatkovne zbirke EU iz prvega pododstavka tega odstavka imajo samo Komisija in nacionalni organi iz člena 74(8).
5. High-risk AI systems referred to in point 2 of Annex III shall be registered at national level.
5. Visokotvegani sistemi UI iz Priloge III, točka 2, se registrirajo na nacionalni ravni.
Transparency obligations for providers and deployers of certain AI systems
Obveznosti ponudnikov in uvajalcev nekaterih sistemov UI glede preglednosti
1. Providers shall ensure that AI systems intended to interact directly with natural persons are designed and developed in such a way that the natural persons concerned are informed that they are interacting with an AI system, unless this is obvious from the point of view of a natural person who is reasonably well-informed, observant and circumspect, taking into account the circumstances and the context of use. This obligation shall not apply to AI systems authorised by law to detect, prevent, investigate or prosecute criminal offences, subject to appropriate safeguards for the rights and freedoms of third parties, unless those systems are available for the public to report a criminal offence.
1. Ponudniki zagotovijo, da so sistemi UI, namenjeni neposredni interakciji s fizičnimi osebami, zasnovani in razviti tako, da so zadevne fizične osebe obveščene, da so v interakciji s sistemom UI, razen če je to očitno z vidika razmeroma dobro obveščene, pozorne in preudarne fizične osebe ob upoštevanju okoliščin in konteksta uporabe. Ta obveznost se ob upoštevanju ustreznih zaščitnih ukrepov za pravice in svoboščine tretjih oseb ne uporablja za sisteme UI, ki so z zakonom odobreni za odkrivanje, preprečevanje, preiskovanje ali pregon kaznivih dejanj, razen če so ti sistemi na voljo javnosti za prijavo kaznivega dejanja.
2. Providers of AI systems, including general-purpose AI systems, generating synthetic audio, image, video or text content, shall ensure that the outputs of the AI system are marked in a machine-readable format and detectable as artificially generated or manipulated. Providers shall ensure their technical solutions are effective, interoperable, robust and reliable as far as this is technically feasible, taking into account the specificities and limitations of various types of content, the costs of implementation and the generally acknowledged state of the art, as may be reflected in relevant technical standards. This obligation shall not apply to the extent the AI systems perform an assistive function for standard editing or do not substantially alter the input data provided by the deployer or the semantics thereof, or where authorised by law to detect, prevent, investigate or prosecute criminal offences.
2. Ponudniki sistemov UI, vključno s sistemi UI za splošne namene, ki ustvarjajo sintetično zvočno, slikovno, video ali besedilno vsebino, zagotovijo, da so izhodni podatki sistema UI označeni v strojno berljivi obliki in jih je mogoče prepoznati kot umetno ustvarjene ali prirejene. Ponudniki zagotovijo, da so njihove tehnične rešitve učinkovite, interoperabilne, robustne in zanesljive, kolikor je to tehnično izvedljivo, pri čemer upoštevajo posebnosti in omejitve različnih vrst vsebin, stroške izvajanja in splošno priznane najsodobnejše tehnološke dosežke, kar se lahko odraža v ustreznih tehničnih standardih. Ta obveznost se ne uporablja, kolikor sistemi UI zagotavljajo podporno funkcijo za standardno urejanje ali ne spreminjajo bistveno vhodnih podatkov, ki jih zagotovi uvajalec, ali njihove semantike ali kadar so z zakonom dovoljeni za odkrivanje, preprečevanje, preiskovanje ali pregon kaznivih dejanj.
3. Deployers of an emotion recognition system or a biometric categorisation system shall inform the natural persons exposed thereto of the operation of the system, and shall process the personal data in accordance with Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive (EU) 2016/680, as applicable. This obligation shall not apply to AI systems used for biometric categorisation and emotion recognition, which are permitted by law to detect, prevent or investigate criminal offences, subject to appropriate safeguards for the rights and freedoms of third parties, and in accordance with Union law.
3. Uvajalci sistema za prepoznavanje čustev ali sistema za biometrično kategorizacijo o delovanju sistema obvestijo fizične osebe, ki so mu izpostavljene, in obdelujejo osebne podatke v skladu z uredbama (EU) 2016/679 in (EU) 2018/1725 ter Direktivo (EU) 2016/680, kot je ustrezno. Ta obveznost se ob upoštevanju ustreznih zaščitnih ukrepov za pravice in svoboščine tretjih oseb ter v skladu s pravom Unije ne uporablja za sisteme UI, ki se uporabljajo za biometrično kategorizacijo in prepoznavanje čustev ter so z zakonom dovoljeni za odkrivanje, preprečevanje ali preiskovanje kaznivih dejanj.
4. Deployers of an AI system that generates or manipulates image, audio or video content constituting a deep fake, shall disclose that the content has been artificially generated or manipulated. This obligation shall not apply where the use is authorised by law to detect, prevent, investigate or prosecute criminal offence. Where the content forms part of an evidently artistic, creative, satirical, fictional or analogous work or programme, the transparency obligations set out in this paragraph are limited to disclosure of the existence of such generated or manipulated content in an appropriate manner that does not hamper the display or enjoyment of the work.
4. Uvajalci sistema UI, ki ustvarja ali prireja slikovno, zvočno ali video vsebino, ki je globoki ponaredek, morajo razkriti, da je bila vsebina umetno ustvarjena ali prirejena. Ta obveznost se ne uporablja, kadar je uporaba zakonsko dovoljena za odkrivanje, preprečevanje, preiskovanje ali pregon kaznivih dejanj. Kadar je vsebina del očitno umetniškega, ustvarjalnega, satiričnega, fiktivnega ali podobnega dela ali programa, so obveznosti glede preglednosti iz tega odstavka omejene na razkritje obstoja take ustvarjene ali prirejene vsebine na ustrezen način, ki ne ovira prikazovanja ali uživanja dela.
Deployers of an AI system that generates or manipulates text which is published with the purpose of informing the public on matters of public interest shall disclose that the text has been artificially generated or manipulated. This obligation shall not apply where the use is authorised by law to detect, prevent, investigate or prosecute criminal offences or where the AI-generated content has undergone a process of human review or editorial control and where a natural or legal person holds editorial responsibility for the publication of the content.
Uvajalci sistema UI, ki ustvarja ali prireja besedilo, ki se objavi z namenom obveščanja javnosti o zadevah javnega interesa, morajo razkriti, da je bilo besedilo umetno ustvarjeno ali prirejeno. Ta obveznost se ne uporablja, kadar je uporaba zakonsko dovoljena za odkrivanje, preprečevanje, preiskovanje ali pregon kaznivih dejanj ali kadar je bila vsebina, ustvarjena z UI, predmet človeške preverbe ali uredniškega pregleda in kadar ima fizična ali pravna oseba uredniško odgovornost za objavo vsebine.
5. The information referred to in paragraphs 1 to 4 shall be provided to the natural persons concerned in a clear and distinguishable manner at the latest at the time of the first interaction or exposure. The information shall conform to the applicable accessibility requirements.
5. Informacije iz odstavkov 1 do 4 se dajo na voljo zadevnim fizičnim osebam na jasen in razpoznaven način ter najpozneje ob prvi interakciji ali izpostavljenosti. Informacije morajo biti skladne z veljavnimi zahtevami glede dostopnosti.
6. Paragraphs 1 to 4 shall not affect the requirements and obligations set out in Chapter III, and shall be without prejudice to other transparency obligations laid down in Union or national law for deployers of AI systems.
6. Odstavki 1 do 4 ne vplivajo na zahteve in obveznosti iz poglavja III in ne posegajo v druge obveznosti glede preglednosti, ki so za uvajalce sistemov UI določene v pravu Unije ali nacionalnem pravu.
7. The AI Office shall encourage and facilitate the drawing up of codes of practice at Union level to facilitate the effective implementation of the obligations regarding the detection and labelling of artificially generated or manipulated content. The Commission may adopt implementing acts to approve those codes of practice in accordance with the procedure laid down in Article 56 (6). If it deems the code is not adequate, the Commission may adopt an implementing act specifying common rules for the implementation of those obligations in accordance with the examination procedure laid down in Article 98(2).
7. Urad za UI spodbuja in olajšuje pripravo kodeksov prakse na ravni Unije, da se omogoči učinkovito izvajanje obveznosti glede odkrivanja in označevanja umetno ustvarjenih ali prirejenih vsebin. Komisija lahko sprejme izvedbene akte za odobritev teh kodeksov prakse v skladu s postopkom iz člena 56(6). Če meni, da kodeks ni ustrezen, lahko Komisija sprejme izvedbeni akt, s katerim določi skupna pravila za izvajanje navedenih obveznosti v skladu s postopkom pregleda iz člena 98(2).
1. Where a general-purpose AI model meets the condition referred to in Article 51(1), point (a), the relevant provider shall notify the Commission without delay and in any event within two weeks after that requirement is met or it becomes known that it will be met. That notification shall include the information necessary to demonstrate that the relevant requirement has been met. If the Commission becomes aware of a general-purpose AI model presenting systemic risks of which it has not been notified, it may decide to designate it as a model with systemic risk.
1. Kadar model UI za splošne namene izpolnjuje pogoj iz člena 51(1), točka (a), zadevni ponudnik o tem nemudoma, v vsakem primeru pa v dveh tednih po izpolnitvi te zahteve ali po tem, ko je znano, da bo izpolnjena, uradno obvesti Komisijo. To uradno obvestilo vključuje informacije, iz katerih je razvidno, da je ustrezna zahteva izpolnjena. Če Komisija ugotovi, da model UI za splošne namene predstavlja sistemska tveganja, o katerih ni bila uradno obveščena, se lahko odloči, da ga bo označila za model s sistemskim tveganjem.
2. The provider of a general-purpose AI model that meets the condition referred to in Article 51(1), point (a), may present, with its notification, sufficiently substantiated arguments to demonstrate that, exceptionally, although it meets that requirement, the general-purpose AI model does not present, due to its specific characteristics, systemic risks and therefore should not be classified as a general-purpose AI model with systemic risk.
2. Ponudnik modela UI za splošne namene, ki izpolnjuje pogoj iz člena 51(1), točka (a), lahko ob uradnem obvestilu predloži dovolj utemeljene argumente, s katerimi dokaže, da model UI za splošne namene izjemoma, čeprav izpolnjuje navedeno zahtevo, zaradi svojih posebnih značilnosti ne predstavlja sistemskih tveganj in zato ne bi smel biti razvrščen kot model UI za splošne namene s sistemskim tveganjem.
3. Where the Commission concludes that the arguments submitted pursuant to paragraph 2 are not sufficiently substantiated and the relevant provider was not able to demonstrate that the general-purpose AI model does not present, due to its specific characteristics, systemic risks, it shall reject those arguments, and the general-purpose AI model shall be considered to be a general-purpose AI model with systemic risk.
3. Kadar Komisija ugotovi, da argumenti, predloženi na podlagi odstavka 2, niso dovolj utemeljeni in da zadevni ponudnik ni mogel dokazati, da model UI za splošne namene zaradi svojih posebnih značilnosti ne predstavlja sistemskih tveganj, te argumente zavrne, model UI za splošne namene pa se šteje za model UI za splošne namene s sistemskim tveganjem.
4. The Commission may designate a general-purpose AI model as presenting systemic risks, ex officio or following a qualified alert from the scientific panel pursuant to Article 90(1), point (a), on the basis of criteria set out in Annex XIII.
4. Komisija lahko na podlagi meril iz Priloge XIII po uradni dolžnosti ali na podlagi kvalificiranega opozorila znanstvenega odbora na podlagi člena 90(1), točka (a), model UI za splošne namene označi za model, ki predstavlja sistemska tveganja.
The Commission is empowered to adopt delegated acts in accordance with Article 97 in order to amend Annex XIII by specifying and updating the criteria set out in that Annex.
Na Komisijo se prenese pooblastilo za sprejemanje delegiranih aktov v skladu s členom 97, da spremeni Prilogo XIII, s tem da določi in posodobi merila iz navedene priloge.
5. Upon a reasoned request of a provider whose model has been designated as a general-purpose AI model with systemic risk pursuant to paragraph 4, the Commission shall take the request into account and may decide to reassess whether the general-purpose AI model can still be considered to present systemic risks on the basis of the criteria set out in Annex XIII. Such a request shall contain objective, detailed and new reasons that have arisen since the designation decision. Providers may request reassessment at the earliest six months after the designation decision. Where the Commission, following its reassessment, decides to maintain the designation as a general-purpose AI model with systemic risk, providers may request reassessment at the earliest six months after that decision.
5. Komisija na obrazloženo zahtevo ponudnika, katerega model je bil označen za model UI za splošne namene s sistemskim tveganjem na podlagi odstavka 4, upošteva zahtevo in se lahko odloči, da ponovno oceni, ali se lahko za model UI za splošne namene še vedno šteje, da predstavlja sistemska tveganja na podlagi meril iz Priloge XIII. Taka zahteva vsebuje objektivne, podrobne in nove razloge, ki so se pojavili po odločitvi glede označitve. Ponudniki ponovne ocene ne morejo zahtevati prej kot šest mesecev po odločitvi glede označitve. Kadar se Komisija po ponovni oceni odloči, da bo ohranila označitev modela UI za splošne namene s sistemskim tveganjem, ponudniki ponovne zahteve ne morejo zahtevati prej kot šest mesecev po tej odločitvi.
6. The Commission shall ensure that a list of general-purpose AI models with systemic risk is published and shall keep that list up to date, without prejudice to the need to observe and protect intellectual property rights and confidential business information or trade secrets in accordance with Union and national law.
6. Komisija zagotovi objavo seznama modelov UI za splošne namene s sistemskim tveganjem in ga posodablja, ne da bi pri tem posegala v potrebo po spoštovanju in varstvu pravic intelektualne lastnine in zaupnih poslovnih informacij ali poslovnih skrivnosti v skladu s pravom Unije in nacionalnim pravom.
Obligations for providers of general-purpose AI models
Obveznosti, naložene ponudnikom modelov UI za splošne namene
1. Providers of general-purpose AI models shall:
1. Ponudniki modelov UI za splošne namene:
(a)
draw up and keep up-to-date the technical documentation of the model, including its training and testing process and the results of its evaluation, which shall contain, at a minimum, the information set out in Annex XI for the purpose of providing it, upon request, to the AI Office and the national competent authorities;
(a)
pripravijo in posodabljajo tehnično dokumentacijo modela, vključno s postopkom učenja in testiranja ter rezultati njegovega ocenjevanja, ki vsebuje vsaj informacije iz Priloge XI, da se na zahtevo predloži Uradu za UI in pristojnim nacionalnim organom;
(b)
draw up, keep up-to-date and make available information and documentation to providers of AI systems who intend to integrate the general-purpose AI model into their AI systems. Without prejudice to the need to observe and protect intellectual property rights and confidential business information or trade secrets in accordance with Union and national law, the information and documentation shall:
(b)
pripravijo, posodabljajo in dajejo na voljo informacije in dokumentacijo za ponudnike sistemov UI, ki nameravajo model UI za splošne namene integrirati v svoje sisteme UI. Brez poseganja v potrebo po spoštovanju in varstvu pravic intelektualne lastnine in zaupnih poslovnih informacij ali poslovnih skrivnosti v skladu s pravom Unije in nacionalnim pravom informacije in dokumentacija:
(i)
enable providers of AI systems to have a good understanding of the capabilities and limitations of the general-purpose AI model and to comply with their obligations pursuant to this Regulation; and
(i)
ponudnikom sistemov UI omogočajo, da dobro razumejo zmogljivosti in omejitve modela UI za splošne namene ter izpolnjujejo svoje obveznosti na podlagi te uredbe, ter
(ii)
contain, at a minimum, the elements set out in Annex XII;
(ii)
vsebujejo vsaj elemente iz Priloge XII;
(c)
put in place a policy to comply with Union law on copyright and related rights, and in particular to identify and comply with, including through state-of-the-art technologies, a reservation of rights expressed pursuant to Article 4(3) of Directive (EU) 2019/790;
(c)
vzpostavijo politiko za doseganje skladnosti s pravom Unije o avtorskih in sorodnih pravicah, zlasti za opredelitev in spoštovanje, tudi z najsodobnejšimi tehnologijami, pridržanj pravic, izraženih na podlagi člena 4(3) Direktive (EU) 2019/790;
(d)
draw up and make publicly available a sufficiently detailed summary about the content used for training of the general-purpose AI model, according to a template provided by the AI Office.
(d)
v skladu s predlogo, ki jo zagotovi Urad za UI, pripravijo in objavijo dovolj podroben povzetek vsebine, ki se uporablja za učenje modela UI za splošne namene.
2. The obligations set out in paragraph 1, points (a) and (b), shall not apply to providers of AI models that are released under a free and open-source licence that allows for the access, usage, modification, and distribution of the model, and whose parameters, including the weights, the information on the model architecture, and the information on model usage, are made publicly available. This exception shall not apply to general-purpose AI models with systemic risks.
2. Obveznosti iz odstavka 1, točki (a) in (b), ne veljajo za ponudnike modelov UI, ki so bili objavljeni na podlagi proste in odprtokodne licence, ki omogoča dostop do modela, njegovo uporabo, spreminjanje in distribucijo ter katere parametri, vključno z utežmi, informacijami o strukturi modela in informacijami o uporabi modela, so javno dostopni. Ta izjema se ne uporablja za modele UI za splošne namene s sistemskimi tveganji.
3. Providers of general-purpose AI models shall cooperate as necessary with the Commission and the national competent authorities in the exercise of their competences and powers pursuant to this Regulation.
3. Ponudniki modelov UI za splošne namene pri izvajanju svojih pristojnosti in pooblastil na podlagi te uredbe po potrebi sodelujejo s Komisijo in pristojnimi nacionalnimi organi.
4. Providers of general-purpose AI models may rely on codes of practice within the meaning of Article 56 to demonstrate compliance with the obligations set out in paragraph 1 of this Article, until a harmonised standard is published. Compliance with European harmonised standards grants providers the presumption of conformity to the extent that those standards cover those obligations. Providers of general-purpose AI models who do not adhere to an approved code of practice or do not comply with a European harmonised standard shall demonstrate alternative adequate means of compliance for assessment by the Commission.
4. Ponudniki modelov UI za splošne namene se lahko do objave harmoniziranega standarda zanašajo na kodekse prakse v smislu člena 56, da dokažejo skladnost z obveznostmi iz odstavka 1 tega člena. Izpolnjevanje evropskih harmoniziranih standardov zagotavlja ponudnikom domnevo o skladnosti, kadar ti standardi zajemajo te obveznosti. Ponudniki modelov UI za splošne namene, ki ne upoštevajo odobrenega kodeksa prakse ali ne izpolnjujejo evropskega harmoniziranega standarda, dokažejo, da imajo druge ustrezne načine za zagotavljanje skladnosti, ki jih oceni Komisija.
5. For the purpose of facilitating compliance with Annex XI, in particular points 2 (d) and (e) thereof, the Commission is empowered to adopt delegated acts in accordance with Article 97 to detail measurement and calculation methodologies with a view to allowing for comparable and verifiable documentation.
5. Da se olajša skladnost s Prilogo XI, zlasti s točko 2(d) in (e) navedene priloge, se na Komisijo prenese pooblastilo za sprejemanje delegiranih aktov v skladu s členom 97, v katerih se podrobno opredelijo metodologije merjenja in izračunavanja, da se omogoči primerljiva in preverljiva dokumentacija.
6. The Commission is empowered to adopt delegated acts in accordance with Article 97(2) to amend Annexes XI and XII in light of evolving technological developments.
6. Na Komisijo se prenese pooblastilo za sprejemanje delegiranih aktov v skladu s členom 97(2) za spremembo prilog XI in XII glede na hiter tehnološki razvoj.
7. Any information or documentation obtained pursuant to this Article, including trade secrets, shall be treated in accordance with the confidentiality obligations set out in Article 78.
7. Vse informacije ali dokumentacija, pridobljene na podlagi tega člena, vključno s poslovnimi skrivnostmi, se obravnavajo v skladu z obveznostmi glede zaupnosti iz člena 78.
Authorised representatives of providers of general-purpose AI models
Pooblaščeni zastopniki ponudnikov modelov UI za splošne namene
1. Prior to placing a general-purpose AI model on the Union market, providers established in third countries shall, by written mandate, appoint an authorised representative which is established in the Union.
1. Ponudniki s sedežem v tretji državi pred dajanjem modela UI za splošne namene na trg Unije s pisnim pooblastilom imenujejo pooblaščenega zastopnika s sedežem v Uniji.
2. The provider shall enable its authorised representative to perform the tasks specified in the mandate received from the provider.
2. Ponudnik svojemu pooblaščenemu zastopniku omogoči, da opravlja naloge, določene v pooblastilu, ki ga prejme od ponudnika.
3. The authorised representative shall perform the tasks specified in the mandate received from the provider. It shall provide a copy of the mandate to the AI Office upon request, in one of the official languages of the institutions of the Union. For the purposes of this Regulation, the mandate shall empower the authorised representative to carry out the following tasks:
3. Pooblaščeni zastopnik opravlja naloge, določene v pooblastilu, ki ga prejme od ponudnika. Uradu za UI na njegovo zahtevo predloži izvod pooblastila, in sicer v enem od uradnih jezikov institucij Unije. Za namene te uredbe pooblastilo pooblaščenemu zastopniku omogoča, da opravlja naslednje naloge:
(a)
verify that the technical documentation specified in Annex XI has been drawn up and all obligations referred to in Article 53 and, where applicable, Article 55 have been fulfilled by the provider;
(a)
preveri, ali je bila tehnična dokumentacija, določena v Prilogi XI, pripravljena in ali je ponudnik izpolnil vse obveznosti iz člena 53 in, kadar je ustrezno, člena 55;
(b)
keep a copy of the technical documentation specified in Annex XI at the disposal of the AI Office and national competent authorities, for a period of 10 years after the general-purpose AI model has been placed on the market, and the contact details of the provider that appointed the authorised representative;
(b)
hrani izvod tehnične dokumentacije, določene v Prilogi XI, da je za obdobje 10 let po tem, ko je bil model UI za splošne namene dan na trg, na voljo Uradu za UI in pristojnim nacionalnim organom, ter kontaktne podatke ponudnika, ki je imenoval pooblaščenega zastopnika;
(c)
provide the AI Office, upon a reasoned request, with all the information and documentation, including that referred to in point (b), necessary to demonstrate compliance with the obligations in this Chapter;
(c)
Uradu za UI na obrazloženo zahtevo zagotovi vse informacije in dokumentacijo, vključno s tistimi iz točke (b), s katerimi dokaže, da izpolnjuje obveznosti iz tega poglavja;
(d)
cooperate with the AI Office and competent authorities, upon a reasoned request, in any action they take in relation to the general-purpose AI model, including when the model is integrated into AI systems placed on the market or put into service in the Union.
(d)
na obrazloženo zahtevo sodeluje z Uradom za UI in pristojnimi nacionalnimi organi pri vseh ukrepih, ki jih slednji sprejmejo v zvezi z modelom UI za splošne namene s sistemskimi tveganji, tudi kadar je model vključen v sisteme UI, dane na trg ali v uporabo v Uniji.
4. The mandate shall empower the authorised representative to be addressed, in addition to or instead of the provider, by the AI Office or the competent authorities, on all issues related to ensuring compliance with this Regulation.
4. Na podlagi pooblastila je pooblaščeni zastopnik pooblaščen, da lahko Urad za UI ali pristojni organi nanj, poleg ponudnika ali namesto njega, naslovijo vsa vprašanja, povezana z zagotavljanjem skladnosti s to uredbo.
5. The authorised representative shall terminate the mandate if it considers or has reason to consider the provider to be acting contrary to its obligations pursuant to this Regulation. In such a case, it shall also immediately inform the AI Office about the termination of the mandate and the reasons therefor.
5. Pooblaščeni zastopnik odpove pooblastilo, če meni ali utemeljeno domneva, da ponudnik ravna v nasprotju s svojimi obveznostmi na podlagi te uredbe. V takem primeru tudi nemudoma obvesti Urad za UI o odpovedi pooblastila in o razlogih zanjo.
6. The obligation set out in this Article shall not apply to providers of general-purpose AI models that are released under a free and open-source licence that allows for the access, usage, modification, and distribution of the model, and whose parameters, including the weights, the information on the model architecture, and the information on model usage, are made publicly available, unless the general-purpose AI models present systemic risks.
6. Obveznost iz tega člena ne velja za ponudnike modelov UI za splošne namene, ki so bili objavljeni na podlagi proste in odprtokodne licence, ki omogoča dostop do modela, njegovo uporabo, spreminjanje in distribucijo ter katere parametri, vključno z utežmi, informacijami o strukturi modela in informacijami o uporabi modela, so javno dostopni, razen če modeli UI za splošne namene predstavljajo sistemska tveganja.
1. The AI Office shall encourage and facilitate the drawing up of codes of practice at Union level in order to contribute to the proper application of this Regulation, taking into account international approaches.
1. Urad za UI spodbuja in olajšuje pripravo kodeksov prakse na ravni Unije, da bi prispeval k pravilni uporabi te uredbe ob upoštevanju mednarodnih pristopov.
2. The AI Office and the Board shall aim to ensure that the codes of practice cover at least the obligations provided for in Articles 53 and 55, including the following issues:
2. Urad za UI in Odbor si prizadevata zagotoviti, da kodeksi prakse zajemajo vsaj obveznosti iz členov 53 in 55, vključno z naslednjimi elementi:
(a)
the means to ensure that the information referred to in Article 53(1), points (a) and (b), is kept up to date in light of market and technological developments;
(a)
načini za zagotavljanje, da se informacije iz člena 53(1), točki (a) in (b), posodabljajo glede na tržni in tehnološki razvoj;
(b)
the adequate level of detail for the summary about the content used for training;
(b)
ustrezno ravnjo podrobnosti za povzetek o vsebini, ki se uporablja za učenje;
(c)
the identification of the type and nature of the systemic risks at Union level, including their sources, where appropriate;
(c)
opredelitvijo vrste in narave sistemskih tveganj na ravni Unije, po potrebi vključno z njihovimi viri;
(d)
the measures, procedures and modalities for the assessment and management of the systemic risks at Union level, including the documentation thereof, which shall be proportionate to the risks, take into consideration their severity and probability and take into account the specific challenges of tackling those risks in light of the possible ways in which such risks may emerge and materialise along the AI value chain.
(d)
ukrepi, postopki in načini za oceno in obvladovanje sistemskih tveganj na ravni Unije, vključno s pripadajočo dokumentacijo, ki so sorazmerni s tveganji, upoštevajo njihovo resnost in verjetnost ter upoštevajo posebne izzive pri obvladovanju teh tveganj glede na možne načine, na katere se lahko taka tveganja pojavijo in udejanijo vzdolž verige vrednosti UI.
3. The AI Office may invite all providers of general-purpose AI models, as well as relevant national competent authorities, to participate in the drawing-up of codes of practice. Civil society organisations, industry, academia and other relevant stakeholders, such as downstream providers and independent experts, may support the process.
3. Urad za UI lahko k sodelovanju pri pripravi kodeksov prakse povabi vse ponudnike modelov UI za splošne namene in ustrezne pristojne nacionalne organe. V procesu lahko sodelujejo organizacije civilne družbe, industrija, akademski krogi in drugi ustrezni deležniki, kot so ponudniki nižje v verigi in neodvisni strokovnjaki.
4. The AI Office and the Board shall aim to ensure that the codes of practice clearly set out their specific objectives and contain commitments or measures, including key performance indicators as appropriate, to ensure the achievement of those objectives, and that they take due account of the needs and interests of all interested parties, including affected persons, at Union level.
4. Urad za UI in Odbor si prizadevata zagotoviti, da kodeksi prakse jasno določajo njune posebne cilje in vsebujejo zaveze ali ukrepe, po potrebi tudi ključne kazalnike uspešnosti, da se zagotovi doseganje teh ciljev, ter da so v njih ustrezno upoštevani potrebe in interesi vseh zainteresiranih strani na ravni Unije, tudi oseb, ki jih to zadeva.
5. The AI Office shall aim to ensure that participants to the codes of practice report regularly to the AI Office on the implementation of the commitments and the measures taken and their outcomes, including as measured against the key performance indicators as appropriate. Key performance indicators and reporting commitments shall reflect differences in size and capacity between various participants.
5. Urad za UI si prizadeva zagotoviti, da mu sodelujoči pri kodeksu prakse redno poročajo o uresničevanju zavez in sprejetih ukrepov ter posledičnih rezultatih, po potrebi tudi glede na ključne kazalnike uspešnosti. V ključnih kazalnikih uspešnosti in obveznostih poročanja se odražajo razlike v velikosti in zmogljivosti različnih sodelujočih.
6. The AI Office and the Board shall regularly monitor and evaluate the achievement of the objectives of the codes of practice by the participants and their contribution to the proper application of this Regulation. The AI Office and the Board shall assess whether the codes of practice cover the obligations provided for in Articles 53 and 55, and shall regularly monitor and evaluate the achievement of their objectives. They shall publish their assessment of the adequacy of the codes of practice.
6. Urad za UI in Odbor redno spremljata in ocenjujeta, kako sodelujoči dosegajo cilje kodeksov prakse in kako prispevajo k pravilni uporabi te uredbe. Urad za UI in Odbor ocenita, ali kodeksi prakse zajemajo obveznosti iz členov 53 in 55, ter redno spremljata in ocenjujeta doseganje ciljev v zvezi s tem. Svojo oceno ustreznosti kodeksov prakse objavita.
The Commission may, by way of an implementing act, approve a code of practice and give it a general validity within the Union. That implementing act shall be adopted in accordance with the examination procedure referred to in Article 98(2).
Komisija lahko z izvedbenim aktom odobri kodeks prakse in mu da splošno veljavnost v Uniji. Ta izvedbeni akt se sprejme v skladu s postopkom pregleda iz člena 98(2).
7. The AI Office may invite all providers of general-purpose AI models to adhere to the codes of practice. For providers of general-purpose AI models not presenting systemic risks this adherence may be limited to the obligations provided for in Article 53, unless they declare explicitly their interest to join the full code.
7. Urad za UI lahko povabi vse ponudnike modelov UI za splošne namene, da pristopijo h kodeksom prakse. Za ponudnike modelov UI za splošne namene, ki ne predstavljajo sistemskih tveganj, je pristop lahko omejen na obveznosti iz člena 53, razen če izrecno izrazijo svoj interes za pristop k celotnemu kodeksu.
8. The AI Office shall, as appropriate, also encourage and facilitate the review and adaptation of the codes of practice, in particular in light of emerging standards. The AI Office shall assist in the assessment of available standards.
8. Urad za UI po potrebi spodbuja in olajšuje pregled in prilagoditev kodeksov prakse, zlasti glede na nastajajoče standarde. Urad za UI pomaga ocenjevati razpoložljive standarde.
9. Codes of practice shall be ready at the latest by 2 May 2025. The AI Office shall take the necessary steps, including inviting providers pursuant to paragraph 7.
9. Kodeksi prakse se pripravijo najpozneje do 2. maja 2025. Urad za UI sprejme potrebne ukrepe, vključno s povabilom ponudnikom na podlagi odstavka 7.
If, by 2 August 2025, a code of practice cannot be finalised, or if the AI Office deems it is not adequate following its assessment under paragraph 6 of this Article, the Commission may provide, by means of implementing acts, common rules for the implementation of the obligations provided for in Articles 53 and 55, including the issues set out in paragraph 2 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 98(2).
Če kodeksa prakse do 2. avgusta 2025 ni mogoče dokončati ali če Urad za UI na podlagi svoje ocene na podlagi odstavka 6 tega člena meni, da ni ustrezen, lahko Komisija z izvedbenimi akti določi skupna pravila za izvajanje obveznosti iz členov 53 in 55, vključno z elementi iz odstavka 2 tega člena. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 98(2).
Regulativni peskovniki za UI
1. Member States shall ensure that their competent authorities establish at least one AI regulatory sandbox at national level, which shall be operational by 2 August 2026. That sandbox may also be established jointly with the competent authorities of other Member States. The Commission may provide technical support, advice and tools for the establishment and operation of AI regulatory sandboxes.
1. Države članice zagotovijo, da njihovi pristojni organi na nacionalni ravni vzpostavijo vsaj en regulativni peskovnik za UI, ki začne delovati najpozneje 2. avgusta 2026. Ta peskovnik se lahko vzpostavi skupaj s pristojnimi organi drugih držav članic. Komisija lahko za vzpostavitev in delovanje regulativnih peskovnikov za UI zagotovi tehnično podporo, svetovanje in orodja.
The obligation under the first subparagraph may also be fulfilled by participating in an existing sandbox in so far as that participation provides an equivalent level of national coverage for the participating Member States.
Obveznost iz prvega pododstavka se lahko izpolni tudi s sodelovanjem v obstoječem peskovniku, če tako sodelovanje zagotavlja enakovredno nacionalno zastopanost sodelujočih držav članic.
2. Additional AI regulatory sandboxes at regional or local level, or established jointly with the competent authorities of other Member States may also be established.
2. Na regionalni ali lokalni ravni ali skupaj s pristojnimi organi drugih držav članic se lahko vzpostavijo tudi dodatni regulativni peskovniki za UI.
3. The European Data Protection Supervisor may also establish an AI regulatory sandbox for Union institutions, bodies, offices and agencies, and may exercise the roles and the tasks of national competent authorities in accordance with this Chapter.
3. Evropski nadzornik za varstvo podatkov lahko vzpostavi tudi regulativni peskovnik za UI za institucije, organe, urade in agencije Unije ter lahko opravlja vloge in naloge pristojnih nacionalnih organov v skladu s tem poglavjem.
4. Member States shall ensure that the competent authorities referred to in paragraphs 1 and 2 allocate sufficient resources to comply with this Article effectively and in a timely manner. Where appropriate, national competent authorities shall cooperate with other relevant authorities, and may allow for the involvement of other actors within the AI ecosystem. This Article shall not affect other regulatory sandboxes established under Union or national law. Member States shall ensure an appropriate level of cooperation between the authorities supervising those other sandboxes and the national competent authorities.
4. Države članice zagotovijo, da pristojni organi iz odstavkov 1 in 2 dodelijo zadostna sredstva za učinkovito in pravočasno izpolnjevanje tega člena. Kadar je primerno, pristojni nacionalni organi sodelujejo z drugimi ustreznimi organi in lahko dopustijo udeleženost drugih akterjev ekosistema UI. Ta člen ne vpliva na druge regulativne peskovnike, vzpostavljene na podlagi prava Unije ali nacionalnega prava. Države članice zagotovijo ustrezno raven sodelovanja med organi, ki nadzorujejo te druge peskovnike, in pristojnimi nacionalnimi organi.
5. AI regulatory sandboxes established under paragraph 1 shall provide for a controlled environment that fosters innovation and facilitates the development, training, testing and validation of innovative AI systems for a limited time before their being placed on the market or put into service pursuant to a specific sandbox plan agreed between the providers or prospective providers and the competent authority. Such sandboxes may include testing in real world conditions supervised therein.
5. Regulativni peskovniki za UI, vzpostavljeni na podlagi odstavka 1, zagotavljajo nadzorovano okolje, ki spodbuja inovacije ter omogoča razvoj, učenje, testiranje in validacijo inovativnih sistemov UI za določen čas, preden se dajo na trg ali v uporabo, v skladu s posebnim načrtom peskovnika, o katerem se dogovorijo ponudniki ali potencialni ponudniki in pristojni organ. Taki peskovniki lahko vključujejo testiranje v realnih razmerah, ki se v njih nadzoruje.
6. Competent authorities shall provide, as appropriate, guidance, supervision and support within the AI regulatory sandbox with a view to identifying risks, in particular to fundamental rights, health and safety, testing, mitigation measures, and their effectiveness in relation to the obligations and requirements of this Regulation and, where relevant, other Union and national law supervised within the sandbox.
6. Pristojni organi v regulativnem peskovniku za UI po potrebi zagotovijo smernice, nadzor in podporo, kar zadeva opredeljevanje tveganja – zlasti za temeljne pravice, zdravje in varnost –, testiranje, ukrepe za zmanjšanje tveganj in njihovo učinkovitost glede na obveznosti in zahteve iz te uredbe ter po potrebi iz drugega prava Unije in nacionalnega prava, katerih upoštevanje se nadzoruje v peskovniku.
7. Competent authorities shall provide providers and prospective providers participating in the AI regulatory sandbox with guidance on regulatory expectations and how to fulfil the requirements and obligations set out in this Regulation.
7. Pristojni organi ponudnikom in potencialnim ponudnikom, ki sodelujejo v regulativnem peskovniku za UI, zagotovijo smernice o regulativnih pričakovanjih ter o tem, kako izpolniti zahteve in obveznosti iz te uredbe.
Upon request of the provider or prospective provider of the AI system, the competent authority shall provide a written proof of the activities successfully carried out in the sandbox. The competent authority shall also provide an exit report detailing the activities carried out in the sandbox and the related results and learning outcomes. Providers may use such documentation to demonstrate their compliance with this Regulation through the conformity assessment process or relevant market surveillance activities. In this regard, the exit reports and the written proof provided by the national competent authority shall be taken positively into account by market surveillance authorities and notified bodies, with a view to accelerating conformity assessment procedures to a reasonable extent.
Pristojni organ na zahtevo ponudnika ali potencialnega ponudnika sistema UI predloži pisno dokazilo o dejavnostih, ki so bile uspešno izvedene v peskovniku. Predloži tudi poročilo o izstopu, v katerem podrobno opiše dejavnosti, izvedene v peskovniku, ter povezane rezultate in učne izide. Ponudniki lahko tako dokumentacijo uporabijo za to, da s postopkom ugotavljanja skladnosti ali z ustreznimi dejavnostmi nadzora trga dokažejo skladnost s to uredbo. V zvezi s tem organi za nadzor trga in priglašeni organi pozitivno upoštevajo poročila o izstopu in pisna dokazila, ki jih predloži pristojni nacionalni organ, da bi v razumni meri pospešili postopke ugotavljanja skladnosti.
8. Subject to the confidentiality provisions in Article 78, and with the agreement of the provider or prospective provider, the Commission and the Board shall be authorised to access the exit reports and shall take them into account, as appropriate, when exercising their tasks under this Regulation. If both the provider or prospective provider and the national competent authority explicitly agree, the exit report may be made publicly available through the single information platform referred to in this Article.
8. Komisija in Odbor sta ob upoštevanju določb o zaupnosti iz člena 78 in s soglasjem ponudnika ali potencialnega ponudnika pooblaščena za dostop do poročil o izstopu in jih, če je to primerno, upoštevata pri izvajanju svojih nalog na podlagi te uredbe. Če se ponudnik ali potencialni ponudnik in pristojni nacionalni organ izrecno strinjata, se lahko poročilo o izstopu objavi na enotni informacijski platformi iz tega člena.
9. The establishment of AI regulatory sandboxes shall aim to contribute to the following objectives:
9. Namen vzpostavitve regulativnih peskovnikov za UI je prispevati k naslednjim ciljem:
(a)
improving legal certainty to achieve regulatory compliance with this Regulation or, where relevant, other applicable Union and national law;
(a)
izboljšanju pravne varnosti, da se doseže regulativna skladnost s to uredbo ali po potrebi z drugim veljavnim pravom Unije in nacionalnim pravom;
(b)
supporting the sharing of best practices through cooperation with the authorities involved in the AI regulatory sandbox;
(b)
podpiranju izmenjave najboljših praks s sodelovanjem z organi, vključenimi v regulativni peskovnik za UI;
(c)
fostering innovation and competitiveness and facilitating the development of an AI ecosystem;
(c)
spodbujanju inovacij in konkurenčnosti ter olajšanju razvoja ekosistema UI;
(d)
contributing to evidence-based regulatory learning;
(d)
prispevanju k regulativnemu učenju, ki temelji na dokazih;
(e)
facilitating and accelerating access to the Union market for AI systems, in particular when provided by SMEs, including start-ups.
(e)
olajšanju in pospešitvi dostopa sistemov UI do trga Unije, zlasti če so njihovi ponudniki MSP, vključno z zagonskimi podjetji.
10. National competent authorities shall ensure that, to the extent the innovative AI systems involve the processing of personal data or otherwise fall under the supervisory remit of other national authorities or competent authorities providing or supporting access to data, the national data protection authorities and those other national or competent authorities are associated with the operation of the AI regulatory sandbox and involved in the supervision of those aspects to the extent of their respective tasks and powers.
10. Če inovativni sistemi UI vključujejo obdelavo osebnih podatkov ali kako drugače spadajo v nadzorno pristojnost drugih nacionalnih organov ali pristojnih organov, ki zagotavljajo ali podpirajo dostop do podatkov, nacionalni pristojni organi zagotovijo, da so nacionalni organi za varstvo podatkov in ti drugi nacionalni ali pristojni organi povezani z delovanjem regulativnega peskovnika za UI in vključeni v nadzor omenjenih vidikov v okviru svojih nalog in pooblastil.
11. The AI regulatory sandboxes shall not affect the supervisory or corrective powers of the competent authorities supervising the sandboxes, including at regional or local level. Any significant risks to health and safety and fundamental rights identified during the development and testing of such AI systems shall result in an adequate mitigation. National competent authorities shall have the power to temporarily or permanently suspend the testing process, or the participation in the sandbox if no effective mitigation is possible, and shall inform the AI Office of such decision. National competent authorities shall exercise their supervisory powers within the limits of the relevant law, using their discretionary powers when implementing legal provisions in respect of a specific AI regulatory sandbox project, with the objective of supporting innovation in AI in the Union.
11. Regulativni peskovniki za UI ne vplivajo na pooblastila pristojnih organov, ki nadzirajo peskovnike, za nadzor ali popravne ukrepe, tudi na regionalni ali lokalni ravni ne. Vsa pomembna tveganja za zdravje in varnost ter temeljne pravice, prepoznana med razvojem in testiranjem takih sistemov UI, se ustrezno zmanjšajo. Nacionalni pristojni organi so pooblaščeni, da začasno ali trajno prekinejo postopek testiranja ali sodelovanje v peskovniku, če tveganj ni mogoče učinkovito zmanjšati, in o taki odločitvi obvestijo Urad za UI. Nacionalni pristojni organi svoja nadzorna pooblastila izvajajo v mejah ustreznega prava in pri izvajanju pravnih določb v zvezi z določenim projektom peskovnika za UI uporabljajo svoja diskrecijska pooblastila, da bi podprli inovacije na področju UI v Uniji.
12. Providers and prospective providers participating in the AI regulatory sandbox shall remain liable under applicable Union and national liability law for any damage inflicted on third parties as a result of the experimentation taking place in the sandbox. However, provided that the prospective providers observe the specific plan and the terms and conditions for their participation and follow in good faith the guidance given by the national competent authority, no administrative fines shall be imposed by the authorities for infringements of this Regulation. Where other competent authorities responsible for other Union and national law were actively involved in the supervision of the AI system in the sandbox and provided guidance for compliance, no administrative fines shall be imposed regarding that law.
12. Ponudniki in potencialni ponudniki, ki sodelujejo v regulativnem peskovniku za UI, so na podlagi veljavnega prava Unije in nacionalnega prava o odgovornosti še naprej odgovorni za škodo, povzročeno tretjim osebam zaradi eksperimentov, ki se izvajajo v peskovniku. Kadar pa potencialni ponudniki spoštujejo posebni načrt in pogoje za sodelovanje ter v dobri veri sledijo smernicam nacionalnih pristojnih organov, organi ne naložijo upravnih kazni za kršitev te uredbe. Kadar so bili v nadzor sistema UI v peskovniku dejavno vključeni drugi pristojni organi, odgovorni za drugo pravo Unije in nacionalno pravo, in so zagotovili smernice za skladnost, se v zvezi s tem pravom ne naložijo upravne kazni.
13. The AI regulatory sandboxes shall be designed and implemented in such a way that, where relevant, they facilitate cross-border cooperation between national competent authorities.
13. Regulativni peskovniki za UI so zasnovani in se izvajajo tako, da po potrebi olajšujejo čezmejno sodelovanje med pristojnimi nacionalnimi organi.
14. National competent authorities shall coordinate their activities and cooperate within the framework of the Board.
14. Nacionalni pristojni organi usklajujejo svoje dejavnosti in sodelujejo v okviru Odbora.
15. National competent authorities shall inform the AI Office and the Board of the establishment of a sandbox, and may ask them for support and guidance. The AI Office shall make publicly available a list of planned and existing sandboxes and keep it up to date in order to encourage more interaction in the AI regulatory sandboxes and cross-border cooperation.
15. Pristojni nacionalni organi o vzpostavitvi peskovnika obvestijo Urad za UI in Odbor ter ju lahko zaprosijo za podporo in smernice. Urad za UI objavi seznam načrtovanih in obstoječih peskovnikov ter ga posodablja, da bi spodbudil večjo interakcijo v regulativnih peskovnikih za UI in čezmejno sodelovanje.
16. National competent authorities shall submit annual reports to the AI Office and to the Board, from one year after the establishment of the AI regulatory sandbox and every year thereafter until its termination, and a final report. Those reports shall provide information on the progress and results of the implementation of those sandboxes, including best practices, incidents, lessons learnt and recommendations on their setup and, where relevant, on the application and possible revision of this Regulation, including its delegated and implementing acts, and on the application of other Union law supervised by the competent authorities within the sandbox. The national competent authorities shall make those annual reports or abstracts thereof available to the public, online. The Commission shall, where appropriate, take the annual reports into account when exercising its tasks under this Regulation.
16. Pristojni nacionalni organi Uradu za UI in Odboru predložijo letna poročila, najprej eno leto po vzpostavitvi regulativnega peskovnika za UI, nato pa vsako leto do njegove ukinitve, tako kot tudi končno poročilo. Ta poročila vsebujejo informacije o napredku in rezultatih izvajanja teh peskovnikov, vključno z najboljšimi praksami, incidenti, pridobljenimi izkušnjami in priporočili o njihovi vzpostavitvi ter po potrebi o uporabi in morebitni reviziji te uredbe, vključno s povezanimi delegiranimi in izvedbenimi akti, in o uporabi drugega prava Unije, ki ga v peskovniku nadzorujejo pristojni organi. Pristojni nacionalni organi ta letna poročila ali njihove povzetke objavijo na spletu. Komisija pri izvajanju svojih nalog na podlagi te uredbe, kadar je primerno, upošteva ta letna poročila.
17. The Commission shall develop a single and dedicated interface containing all relevant information related to AI regulatory sandboxes to allow stakeholders to interact with AI regulatory sandboxes and to raise enquiries with competent authorities, and to seek non-binding guidance on the conformity of innovative products, services, business models embedding AI technologies, in accordance with Article 62(1), point (c). The Commission shall proactively coordinate with national competent authorities, where relevant.
17. Komisija razvije enotni in namenski vmesnik, ki vsebuje vse ustrezne informacije v zvezi z regulativnimi peskovniki za UI, da bi lahko deležniki vstopali v interakcijo z regulativnimi peskovniki za UI in vlagali poizvedbe pri pristojnih organih ter zaprošali za nezavezujoče smernice glede skladnosti inovativnih proizvodov, storitev in poslovnih modelov, ki vključujejo tehnologije UI, v skladu s členom 62(1), točka (c). Komisija se po potrebi proaktivno usklajuje s pristojnimi nacionalnimi organi.
Detailed arrangements for, and functioning of, AI regulatory sandboxes
Podrobnosti v zvezi z regulativnimi peskovniki za UI in njihovo delovanje
1. In order to avoid fragmentation across the Union, the Commission shall adopt implementing acts specifying the detailed arrangements for the establishment, development, implementation, operation and supervision of the AI regulatory sandboxes. The implementing acts shall include common principles on the following issues:
1. Da bi se izognili razdrobljenosti po Uniji, Komisija sprejme izvedbene akte, v katerih določi podrobnosti za vzpostavitev, razvoj, izvajanje, delovanje in nadzor regulativnih peskovnikov za UI. Ti izvedbeni akti med drugim vsebujejo skupna načela o naslednjih elementih:
(a)
eligibility and selection criteria for participation in the AI regulatory sandbox;
(a)
merilih za upravičenost in izbor za sodelovanje v regulativnem peskovniku za UI;
(b)
procedures for the application, participation, monitoring, exiting from and termination of the AI regulatory sandbox, including the sandbox plan and the exit report;
(b)
postopkih za vlogo, sodelovanje, spremljanje, izstop iz regulativnega peskovnika za UI in njegovo prenehanje, vključno z načrtom peskovnika in poročilom o izstopu;
(c)
the terms and conditions applicable to the participants.
(c)
pogojih, ki veljajo za udeležence.
Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 98(2).
Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 98(2).
2. The implementing acts referred to in paragraph 1 shall ensure:
2. Z izvedbenim aktom iz odstavka 1 se zagotovi:
(a)
that AI regulatory sandboxes are open to any applying provider or prospective provider of an AI system who fulfils eligibility and selection criteria, which shall be transparent and fair, and that national competent authorities inform applicants of their decision within three months of the application;
(a)
da so regulativni peskovniki za UI odprti za vse ponudnike in potencialne ponudnike sistema UI, ki izpolnjujejo pregledna in pravična merila za upravičenost in izbor, in da pristojni nacionalni organi vlagatelje obvestijo o svoji odločitvi v treh mesecih od vložitve vloge;
(b)
that AI regulatory sandboxes allow broad and equal access and keep up with demand for participation; providers and prospective providers may also submit applications in partnerships with deployers and other relevant third parties;
(b)
da regulativni peskovniki za UI omogočajo širok in enak dostop ter sledijo povpraševanju po sodelovanju; ponudniki ali potencialni ponudniki lahko vloge predložijo tudi v partnerstvih z uvajalci in drugimi ustreznimi tretjimi osebami;
(c)
that the detailed arrangements for, and conditions concerning AI regulatory sandboxes support, to the best extent possible, flexibility for national competent authorities to establish and operate their AI regulatory sandboxes;
(c)
da se s podrobnostmi in pogoji v zvezi z regulativnimi peskovniki za UI v največji možni meri podpira prožnost, ki pristojnim nacionalnim organom omogoča vzpostavitev in upravljanje njihovih regulativnih peskovnikov za UI;
(d)
that access to the AI regulatory sandboxes is free of charge for SMEs, including start-ups, without prejudice to exceptional costs that national competent authorities may recover in a fair and proportionate manner;
(d)
da je dostop do regulativnih peskovnikov za UI za MSP, vključno z zagonskimi podjetji, brezplačen, brez poseganja v izredne stroške, ki jih lahko pristojni nacionalni organi izterjajo na pošten in sorazmeren način;
(e)
that they facilitate providers and prospective providers, by means of the learning outcomes of the AI regulatory sandboxes, in complying with conformity assessment obligations under this Regulation and the voluntary application of the codes of conduct referred to in Article 95;
(e)
da se ponudnikom ali potencialnim ponudnikom z učnimi izidi regulativnih peskovnikov za UI pomaga pri izpolnjevanju obveznosti glede ugotavljanja skladnosti iz te uredbe in prostovoljni uporabi kodeksov ravnanja iz člena 95;
(f)
that AI regulatory sandboxes facilitate the involvement of other relevant actors within the AI ecosystem, such as notified bodies and standardisation organisations, SMEs, including start-ups, enterprises, innovators, testing and experimentation facilities, research and experimentation labs and European Digital Innovation Hubs, centres of excellence, individual researchers, in order to allow and facilitate cooperation with the public and private sectors;
(f)
da regulativni peskovniki za UI olajšujejo vključevanje drugih ustreznih akterjev v ekosistem UI, na primer priglašenih organov in organizacij za standardizacijo, MSP, vključno z zagonskimi podjetji, podjetij, inovatorjev, centrov za testiranje in eksperimentiranje, raziskovalnih in eksperimentalnih laboratorijev ter evropskih vozlišč za digitalne inovacije, centrov odličnosti, posameznih raziskovalcev, da bi omogočili in olajšali sodelovanje z javnim in zasebnimi sektorji;
(g)
that procedures, processes and administrative requirements for application, selection, participation and exiting the AI regulatory sandbox are simple, easily intelligible, and clearly communicated in order to facilitate the participation of SMEs, including start-ups, with limited legal and administrative capacities and are streamlined across the Union, in order to avoid fragmentation and that participation in an AI regulatory sandbox established by a Member State, or by the European Data Protection Supervisor is mutually and uniformly recognised and carries the same legal effects across the Union;
(g)
da so postopki, procesi in upravne zahteve za vlogo, izbiro, sodelovanje in izstop iz regulativnega peskovnika za UI preprosti, lahko razumljivi in jasno predstavljeni, da bi olajšali udeležbo MSP, vključno z zagonskimi podjetji, z omejenimi pravnimi in upravnimi zmogljivostmi, ter da so racionalizirani po vsej Uniji, da bi preprečili razdrobljenost in da bi bila udeležba v regulativnem peskovniku za UI, ki ga vzpostavi država članica ali evropski nadzornik za varstvo podatkov, vzajemno in enotno priznana ter da bi imela enake pravne učinke po vsej Uniji;
(h)
that participation in the AI regulatory sandbox is limited to a period that is appropriate to the complexity and scale of the project and that may be extended by the national competent authority;
(h)
da je sodelovanje v regulativnem peskovniku za UI omejeno na obdobje, ki je primerno glede na kompleksnost in obseg projekta in ki ga lahko pristojni nacionalni organ podaljša;
(i)
that AI regulatory sandboxes facilitate the development of tools and infrastructure for testing, benchmarking, assessing and explaining dimensions of AI systems relevant for regulatory learning, such as accuracy, robustness and cybersecurity, as well as measures to mitigate risks to fundamental rights and society at large.
(i)
da regulativni peskovniki za UI olajšujejo razvoj orodij in infrastrukture za testiranje, primerjalno analizo, ocenjevanje in razlago razsežnosti sistemov UI, ki so pomembne za regulativno učenje, na primer točnosti, robustnosti in kibernetske varnosti, pa tudi ukrepov za zmanjšanje tveganj, kar zadeva temeljne pravice in družbo na splošno.
3. Prospective providers in the AI regulatory sandboxes, in particular SMEs and start-ups, shall be directed, where relevant, to pre-deployment services such as guidance on the implementation of this Regulation, to other value-adding services such as help with standardisation documents and certification, testing and experimentation facilities, European Digital Innovation Hubs and centres of excellence.
3. Potencialni ponudniki v regulativnih peskovnikih za UI, zlasti MSP in zagonska podjetja, so po potrebi usmerjeni k storitvam pred uvedbo, kot so smernice o izvajanju te uredbe, k drugim storitvam z dodano vrednostjo, kot so pomoč pri dokumentih za standardizacijo in certificiranju, centri za testiranje in eksperimentiranje, evropska vozlišča za digitalne inovacije in centri odličnosti.
4. Where national competent authorities consider authorising testing in real world conditions supervised within the framework of an AI regulatory sandbox to be established under this Article, they shall specifically agree the terms and conditions of such testing and, in particular, the appropriate safeguards with the participants, with a view to protecting fundamental rights, health and safety. Where appropriate, they shall cooperate with other national competent authorities with a view to ensuring consistent practices across the Union.
4. Kadar pristojni nacionalni organi presojajo o odobritvi testiranja v realnih razmerah, ki se nadzoruje v okviru regulativnega peskovnika za UI, ki se vzpostavi na podlagi tega člena, se z udeleženci izrecno dogovorijo o pogojih takega testiranja in zlasti o ustreznih zaščitnih ukrepih za varovanje temeljnih pravic, zdravja in varnosti. Kadar je primerno, sodelujejo z drugimi pristojnimi nacionalnimi organi, da bi zagotovili dosledne prakse po vsej Uniji.
Further processing of personal data for developing certain AI systems in the public interest in the AI regulatory sandbox
Nadaljnja obdelava osebnih podatkov za razvoj določenih sistemov UI v javnem interesu v regulativnem peskovniku za UI
1. In the AI regulatory sandbox, personal data lawfully collected for other purposes may be processed solely for the purpose of developing, training and testing certain AI systems in the sandbox when all of the following conditions are met:
1. V regulativnem peskovniku za UI se osebni podatki, zakonito zbrani za druge namene, lahko obdelujejo izključno za namene razvoja, učenja in testiranja nekaterih sistemov UI v peskovniku, če so izpolnjeni vsi naslednji pogoji:
(a)
AI systems shall be developed for safeguarding substantial public interest by a public authority or another natural or legal person and in one or more of the following areas:
(a)
javni organ ali druga fizična ali pravna oseba razvije sisteme UI za zaščito bistvenega javnega interesa na enem ali več naslednjih področjih:
(i)
public safety and public health, including disease detection, diagnosis prevention, control and treatment and improvement of health care systems;
(i)
javna varnost in javno zdravje, vključno z odkrivanjem, diagnosticiranjem, preprečevanjem, obvladovanjem in zdravljenjem bolezni ter izboljšanjem sistemov zdravstvenega varstva;
(ii)
a high level of protection and improvement of the quality of the environment, protection of biodiversity, protection against pollution, green transition measures, climate change mitigation and adaptation measures;
(ii)
visoka raven varstva in izboljšanje kakovosti okolja, ohranjanje biotske raznovrstnosti, varstvo pred onesnaževanjem, ukrepi za zeleni prehod ter blažitev podnebnih sprememb in prilagajanje nanje;
(iii)
energy sustainability;
(iii)
trajnostna energija;
(iv)
safety and resilience of transport systems and mobility, critical infrastructure and networks;
(iv)
varnost in odpornost prometnih sistemov in mobilnosti, kritične infrastrukture in omrežij;
(v)
efficiency and quality of public administration and public services;
(v)
učinkovitost in kakovost javne uprave in javnih storitev;
(b)
the data processed are necessary for complying with one or more of the requirements referred to in Chapter III, Section 2 where those requirements cannot effectively be fulfilled by processing anonymised, synthetic or other non-personal data;
(b)
obdelani podatki so potrebni za izpolnjevanje ene ali več zahtev iz poglavja III, oddelek 2, kadar teh zahtev ni mogoče učinkovito izpolniti z obdelavo anonimiziranih, sintetičnih ali drugih neosebnih podatkov;
(c)
there are effective monitoring mechanisms to identify if any high risks to the rights and freedoms of the data subjects, as referred to in Article 35 of Regulation (EU) 2016/679 and in Article 39 of Regulation (EU) 2018/1725, may arise during the sandbox experimentation, as well as response mechanisms to promptly mitigate those risks and, where necessary, stop the processing;
(c)
obstajajo učinkoviti mehanizmi za spremljanje, s katerimi se ugotovi, ali se med eksperimentiranjem v peskovniku lahko pojavijo velika tveganja za pravice in svoboščine posameznikov, na katere se nanašajo osebni podatki, kot je navedeno v členu 35 Uredbe (EU) 2016/679 in členu 39 Uredbe (EU) 2018/1725, ter mehanizmi za odzivanje, s katerimi se ta tveganja nemudoma zmanjšajo in se po potrebi ustavi obdelava;
(d)
any personal data to be processed in the context of the sandbox are in a functionally separate, isolated and protected data processing environment under the control of the prospective provider and only authorised persons have access to those data;
(d)
vsi osebni podatki, ki se obdelujejo v okviru peskovnika, so v funkcionalno ločenem, izoliranem in zaščitenem okolju za obdelavo podatkov pod nadzorom potencialnih ponudnikov, dostop do teh podatkov pa imajo le pooblaščene osebe;
(e)
providers can further share the originally collected data only in accordance with Union data protection law; any personal data created in the sandbox cannot be shared outside the sandbox;
(e)
ponudniki lahko prvotno zbrane podatke delijo naprej le v skladu s pravom Unije o varstvu podatkov; osebnih podatkov ustvarjenih v peskovniku, ni mogoče deliti zunaj peskovnika;
(f)
any processing of personal data in the context of the sandbox neither leads to measures or decisions affecting the data subjects nor does it affect the application of their rights laid down in Union law on the protection of personal data;
(f)
nobena obdelava osebnih podatkov v okviru peskovnika ne sme biti podlaga za sprejetje ukrepov ali odločitev, ki bi vplivali na posameznike, na katere se nanašajo osebni podatki, niti ne sme vplivati na uveljavljanje njihovih pravic, določenih v pravu Unije o varstvu osebnih podatkov;
(g)
any personal data processed in the context of the sandbox are protected by means of appropriate technical and organisational measures and deleted once the participation in the sandbox has terminated or the personal data has reached the end of its retention period;
(g)
vsi osebni podatki, obdelani v okviru peskovnika, so zaščiteni z ustreznimi tehničnimi in organizacijskimi ukrepi in se izbrišejo, ko se sodelovanje v peskovniku konča ali ko se izteče obdobje hrambe osebnih podatkov;
(h)
the logs of the processing of personal data in the context of the sandbox are kept for the duration of the participation in the sandbox, unless provided otherwise by Union or national law;
(h)
dnevniki obdelave osebnih podatkov v okviru peskovnika se hranijo ves čas trajanja sodelovanja v peskovniku, razen če je v pravu Unije ali nacionalnem pravu določeno drugače;
(i)
a complete and detailed description of the process and rationale behind the training, testing and validation of the AI system is kept together with the testing results as part of the technical documentation referred to in Annex IV;
(i)
celovit in podroben opis postopka in logike, na katerih temeljijo učenje, testiranje in validacijo sistema UI, se skupaj z rezultati testiranja hrani kot del tehnične dokumentacije iz Priloge IV;
(j)
a short summary of the AI project developed in the sandbox, its objectives and expected results is published on the website of the competent authorities; this obligation shall not cover sensitive operational data in relation to the activities of law enforcement, border control, immigration or asylum authorities.
(j)
kratek povzetek projekta UI, razvitega v peskovniku, njegovi cilji in pričakovani rezultati so objavljeni na spletišču pristojnih organov; ta obveznost ne zajema občutljivih operativnih podatkov v zvezi z dejavnostmi organov za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj, organov mejne kontrole in organov, pristojnih za priseljevanje, ali azilnih organov.
2. For the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and preventing threats to public security, under the control and responsibility of law enforcement authorities, the processing of personal data in AI regulatory sandboxes shall be based on a specific Union or national law and subject to the same cumulative conditions as referred to in paragraph 1.
2. Za namene preprečevanja, preiskovanja, odkrivanja ali pregona kaznivih dejanj ali izvrševanja kazenskih sankcij, vključno z varovanjem pred grožnjami javni varnosti in njihovim preprečevanjem, pod nadzorom in odgovornostjo organov za preprečevanje, odkrivanje in preiskovanje kaznivih dejanj obdelava osebnih podatkov v regulativnih peskovnikih za UI temelji na posebnem pravu Unije ali nacionalnem pravu in zanjo veljajo enaki kumulativni pogoji, kot so navedeni v odstavku 1.
3. Paragraph 1 is without prejudice to Union or national law which excludes processing of personal data for other purposes than those explicitly mentioned in that law, as well as to Union or national law laying down the basis for the processing of personal data which is necessary for the purpose of developing, testing or training of innovative AI systems or any other legal basis, in compliance with Union law on the protection of personal data.
3. Odstavek 1 ne posega v pravo Unije ali nacionalno pravo, ki izključuje obdelavo osebnih podatkov za druge namene, kot so izrecno navedeni v tem pravu, pa tudi ne v pravo Unije ali nacionalno pravo, ki določa podlago za obdelavo osebnih podatkov, potrebno za namene razvoja, testiranja ali učenja inovativnih sistemov UI, ali katero koli drugo pravno podlago, skladno s pravom Unije o varstvu osebnih podatkov.
Testing of high-risk AI systems in real world conditions outside AI regulatory sandboxes
Testiranje visokotveganih sistemov UI v realnih razmerah zunaj regulativnih peskovnikov za UI
1. Testing of high-risk AI systems in real world conditions outside AI regulatory sandboxes may be conducted by providers or prospective providers of high-risk AI systems listed in Annex III, in accordance with this Article and the real-world testing plan referred to in this Article, without prejudice to the prohibitions under Article 5.
1. Testiranje visokotveganih sistemov UI v realnih razmerah zunaj regulativnih peskovnikov za UI lahko izvajajo ponudniki ali potencialni ponudniki visokotveganih sistemov UI s seznama v Prilogi III v skladu s tem členom in načrtom testiranja v realnih razmerah iz tega člena, brez poseganja v prepovedi na podlagi člena 5.
The Commission shall, by means of implementing acts, specify the detailed elements of the real-world testing plan. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 98(2).
Komisija z izvedbenimi akti določi podrobne elemente načrta testiranja v realnih razmerah. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 98(2).
This paragraph shall be without prejudice to Union or national law on the testing in real world conditions of high-risk AI systems related to products covered by Union harmonisation legislation listed in Annex I.
Ta odstavek ne posega v pravo Unije ali nacionalno pravo za testiranje visokotveganih sistemov UI, povezanih s proizvodi, zajetimi v harmonizacijski zakonodaji Unije iz Priloge I, v realnih razmerah.
2. Providers or prospective providers may conduct testing of high-risk AI systems referred to in Annex III in real world conditions at any time before the placing on the market or the putting into service of the AI system on their own or in partnership with one or more deployers or prospective deployers.
2. Ponudniki ali potencialni ponudniki lahko testiranje visokotveganih sistemov UI iz Priloge III v realnih razmerah izvedejo kadar koli, preden dajo sistem UI na trg ali v uporabo, bodisi sami bodisi v partnerstvu z enim ali več uvajalci ali potencialnimi uvajalci.
3. The testing of high-risk AI systems in real world conditions under this Article shall be without prejudice to any ethical review that is required by Union or national law.
3. Testiranje visokotveganih sistemov UI v realnih razmerah na podlagi tega člena ne posega v nobeno etično presojo, ki se zahteva v skladu s pravom Unije ali nacionalnim pravom.
4. Providers or prospective providers may conduct the testing in real world conditions only where all of the following conditions are met:
4. Ponudniki ali potencialni ponudniki lahko testiranje v realnih razmerah izvajajo le, kadar so izpolnjeni vsi naslednji pogoji:
(a)
the provider or prospective provider has drawn up a real-world testing plan and submitted it to the market surveillance authority in the Member State where the testing in real world conditions is to be conducted;
(a)
ponudnik ali potencialni ponudnik je pripravil načrt testiranja v realnih razmerah in ga predložil organu za nadzor trga v državi članici, v kateri se bo testiranje v realnih razmerah izvajalo;
(b)
the market surveillance authority in the Member State where the testing in real world conditions is to be conducted has approved the testing in real world conditions and the real-world testing plan; where the market surveillance authority has not provided an answer within 30 days, the testing in real world conditions and the real-world testing plan shall be understood to have been approved; where national law does not provide for a tacit approval, the testing in real world conditions shall remain subject to an authorisation;
(b)
organ za nadzor trga v državi članici, v kateri se testiranje v realnih razmerah izvaja, je odobril testiranje v realnih razmerah in načrt testiranja v realnih razmerah; kadar organ za nadzor trga ne odgovori v 30 dneh, se šteje, da sta testiranje v realnih razmerah in načrt testiranja v realnih razmerah odobrena; kadar nacionalno pravo ne določa tihe odobritve, je za testiranje v realnih razmerah še naprej potrebno dovoljenje;
(c)
the provider or prospective provider, with the exception of providers or prospective providers of high-risk AI systems referred to in points 1, 6 and 7 of Annex III in the areas of law enforcement, migration, asylum and border control management, and high-risk AI systems referred to in point 2 of Annex III has registered the testing in real world conditions in accordance with Article 71(4) with a Union-wide unique single identification number and with the information specified in Annex IX; the provider or prospective provider of high-risk AI systems referred to in points 1, 6 and 7 of Annex III in the areas of law enforcement, migration, asylum and border control management, has registered the testing in real-world conditions in the secure non-public section of the EU database according to Article 49(4), point (d), with a Union-wide unique single identification number and with the information specified therein; the provider or prospective provider of high-risk AI systems referred to in point 2 of Annex III has registered the testing in real-world conditions in accordance with Article 49(5);
(c)
ponudnik ali potencialni ponudnik, z izjemo ponudnikov ali potencialnih ponudnikov visokotveganih sistemov UI iz Priloge III, točke 1, 6 in 7, na področju preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, migracij, azila in upravljanja nadzora meja ter visokotveganih sistemov UI iz Priloge III, točka 2, je registriral testiranje v realnih razmerah v skladu s členom 71(4) z vseevropsko enotno identifikacijsko številko in informacijami, določenimi v Prilogi IX; ponudnik ali potencialni ponudnik visokotveganih sistemov UI iz točk 1, 6 in 7 Priloge III je na področjih preprečevanja, odkrivanja in preiskovanja kaznivih dejanj, migracij, azila in upravljanja mejnega nadzora registriral testiranje v realnih razmerah v varnem nejavnem delu podatkovne zbirke EU skladno s členom 49(4), točka (d), z vseevropsko enotno identifikacijsko številko in informacijami, določenimi v njej; ponudnik ali potencialni ponudnik visokotveganih sistemov UI iz točke 2 Priloge III je registriral testiranje v realnih razmerah v skladu s členom 49(5);
(d)
the provider or prospective provider conducting the testing in real world conditions is established in the Union or has appointed a legal representative who is established in the Union;
(d)
ponudnik ali potencialni ponudnik, ki izvaja testiranje v realnih razmerah, ima sedež v Uniji ali je imenoval pravnega zastopnika, ki ima sedež v Uniji;
(e)
data collected and processed for the purpose of the testing in real world conditions shall be transferred to third countries only provided that appropriate and applicable safeguards under Union law are implemented;
(e)
podatki, zbrani in obdelani za namen testiranja v realnih razmerah, se v tretje države prenesejo le, če se izvajajo ustrezni in veljavni zaščitni ukrepi na podlagi prava Unije;