On 17 May 2024, the Council of Europe adopted the Framework Convention on artificial intelligence and human rights, democracy, and the rule of law. This marks the world’s first international legally binding treaty focused on regulating AI systems with respect to human rights, democracy, and the rule of law. It encourages innovation and advancement in AI while addressing the potential risks to human rights, democracy, and the rule of law. To ensure its relevance over time, the framework is designed to be technology-neutral.

Background

The negotiations began in September 2022, under the guidance of the Committee on AI (CAI), a body established by the Council of Europe. The European Commission, negotiating on behalf of the EU, the 46 Council of Europe Member States, and 11 non-member states (the USA, Canada, Mexico, Japan, Israel, Australia, Argentina, Peru, Uruguay, Costa Rica and the Holy See) participated in these negotiations. Input from 68 international stakeholders, including some civil society groups, academia, industry, and other global organizations, helped ensure a comprehensive and inclusive negotiation process. This broad involvement highlights the global nature of the challenges and the opportunities posed by AI systems.

Key highlights

The Convention offers some cornerstones for a legal framework that governs AI systems throughout their lifecycle to ensure compatibility with human rights, democracy, and the rule of law. It covers AI systems used both in public and private sectors. Recognizing the global differences in legal systems, the Convention offers parties two different ways of complying with its principles and obligations towards privacte actors. Parties can either opt to be directly obliged by the relevant convention provisions or, as an alternative, implement other measures to comply with the Convention's provisions.

The Convention includes a number of key concepts, such as:

- Human-centric AI: In particular, the Convention underscores the importance of aligning AI systems with human rights, democracy, and the rule of law.

- Risk-based approach: To manage AI risks effectively, the convention introduces transparency and oversight requirements tailored to specific risks and contexts. The parties are required to provide measures to identify and prevent possible risks, including the potential need for a ban or other measures on AI systems that could pose incompatibilities with human rights.

- Accountability and remedies: The parties should ensure accountability and responsibility for possible negative effects stemming from AI use. In addition, victims of human rights violations due to AI must have access to effective legal remedies and procedural safeguards.

- Regulatory sandboxes for safe innovation: Parties should enable developing, experimenting, and testing AI systems in controlled environments under the supervision of their competent authorities.

- Oversight mechanisms: The Convention requires the establishment of oversight by independent bodies to ensure compliance with the Convention.

- Implementation and follow-up: A follow-up mechanism is included in order to ensure the effective enforcement and implementation of the Convention’s standards.

While there are certain exemptions for national security and research, these activities are still expected to respect international law and democratic principles. However, matters of national defense are outside the scope of the Convention.

Compatibility with the EU AI Act

The European Commission played a significant role in shaping the Convention, resulting in the consistency of the convention with the EU AI Act. Both the Convention and the EU AI Act share key principles, including a risk-based approach, transparency and oversight requirements, measures ensuring accountability and responsibility, measures fostering equality and non-discrimination, and the provision of effective remedies. This consistency ensures that European Union member states can smoothly integrate the Convention’s standards. As the Convention largely overlaps with several principles included in the EU AI Act, it promotes a more harmonized approach to the use of AI. The Convention also reinforces the significance of the OECD’s proposed definition of AI systems. The alignment on definitions is notable, as it aids to establish common ground, facilitating interoperability across different AI governance frameworks globally.

Looking ahead: the road to effective AI governance

The Convention has already been ratified by Andorra, Georgia, Iceland, Norway, the Republic of Moldova, San Marino, the United Kingdom, as well as Israel, the United States, and the European Union. This means that many of the leading AI-producing countries, such as the United States, the United Kingdom and Israel, are now aligning with principles similar to those in the EU AI Act. The Framework Convention is an important step forward in the global dialogue on AI governance, as well as a notable example of consensus by diverse stakeholders on a rapidly evolving technological issue. Ultimately, the success of the Framework Convention in meeting its objectives depends on the commitment of the parties to uphold and implement its principles in their own legal systems. As AI technology continues to evolve at a rapid pace, harmonizing global strategies to AI governance will be essential for maximizing its potential benefits while mitigating its risks.