The Dutch Authority for Digital Infrastructure has published a design proposal for the Dutch national AI regulatory sandbox. A single multi-sectoral sandbox involving all relevant supervisors under the AI act would be created. The sandbox would answer both simple and expert questions and provide an extensive sandbox procedure with the relevant supervisors.
What: Policy orienting document
Impactscore: 5
For who: Policy Makers, Authorities, AI developers interested in the development of AI regulatory sandboxes
The Dutch Authority for Digital Infrastructure (Rijksdienst Digitale Infrastructuur or "RDI") has published a design proposal for the Dutch AI regulatory sandbox under the AI Act. The proposal was formulated in cooperation with several supervisory authorities and ministries, and coordinated by the ministry of Economic Affairs, the Autoriteit Persoonsgegevens (“AP”, the Dutch data protection authority). The proposal also considers the final advice on AI authorities published by Dutch authorities. The RDI notes that this proposal is still subject to change, particularly based on the implementing acts for AI regulatory sandboxes to be provided by the EU Commission.
The proposal sets out a series of starting points for the design of the sandbox. The design would use a single multi-sectoral sandbox environment that involves every relevant market surveillance authority ("market supervisors") under the AI Act. Each market supervisor would act in the sandbox in the same role and on the same topics as it acts for the general enforcement of the AI Act. Access to the sandbox would be provided through a single point of contact for providers. The sandbox would aim to support AI Act compliance through legal and technical advice without assisting providers in the actual implementation of the requirements of the AI Act. The sandbox also does not aim to provide physical or technical infrastructure.
In principle, and in so far as possible with available resources, any AI Act-related question would be able to be submitted to the sandbox. In addition to an extensive sandbox procedure for complex questions (described below), the sandbox will also answer simple questions that do not qualify for an extensive procedure and publish the answers to the public to contribute to the responsible development of AI systems. After a first operational period the sandbox could be adapted based on the lessons learned from that period.
As mentioned, the role of supervisors in the sandbox will match their role in the supervision of the AI Act. The competence of the supervisors will determine which question they will take on in the sandbox. Coordinating market surveillance authorities under the AI Act make up the core team for the sandbox procedure with sectoral and domain-specific supervisors (i.e. a supervisor with existing competences in a specific domain that allows it to supervise AI systems) pitching in when their domain knowledge is needed. Other supervisory authorities, such as for fundamental rights and data protection, would also be involved. It should be noted that the final role of fundamental rights protection authorities in the sandbox is not yet clear in the design. Finally, the design proposal also stresses that interdisciplinary expertise will be needed in the sandbox.
Relevant and viable questions would be submitted through a website and service desk containing information on the sandbox, the AI Act and all available, existing guidance. The sandbox would follow a layered approach in which a core team, consisting of the coordinating market supervisors, first addresses the questions received. If a question is considered relevant by the service desk (e.g. it meets the submission requirements), the core team would check if they can answer the question themselves. If the question needs to be answered by a sector- or domain specific supervisor, the core team assigns this question to the supervisor. The core team similarly assigns questions that qualify for the extensive sandbox procedure to the relevant market supervisor. The core team finally shares knowledge obtained during the duration of the sandbox and creates the yearly reporting for the sandbox.
Answers made directly by the core team are first made available for comments by other market supervisors before being sent back to the provider. For both expert questions and sandbox procedures the question would be referred to the relevant coordinating or sector-specific supervisors. Expert questions are then answered in writing, if needed, after contacting the provider.
An extensive sandbox procedure in the Dutch sandbox would address complex and societally relevant questions, while repeatedly communicating with the provider. The provider and involved supervisor(s) would draft a sandbox plan containing a minimum number of elements (goals, conditions, timeline, method, etc.). The plan can also further clarify the provider’s question. During the sandbox procedure, the provider receives legal and technical support from the supervisor(s) in the sandbox to test the AI system with the requirements of the AI Act. However, the sandbox would not allow the testing of technical specifications themselves nor allow exceptions to legal obligations. If the provider does not correct non-compliance with the legislation to the satisfaction of the supervisor, the sandbox procedure could be interrupted.
Upon completion of the sandbox, the relevant supervisor will create a final report detailing the activities, results and lessons learned as well as provide written proof of the activities performed. The lessons learned in the sandbox will be shared by the authorities, if possible, in anonymised form.
