Objective

This policy brief intends to highlight crucial decisions that await policy makers in Belgium particularly regarding the relevant Belgian authorities for the enforcement of the AI Act as well as the (im)permissibility for the legislator to create rules regarding topics in-and outside the scope of the AI Act. The policy brief does not contain an in-depth analysis of the various provisions of the AI Act and only discusses the provisions relevant for Belgian policy makers. Where an action must be taken or a procedure must be put in place by the AI Act, but such an action or procedure is already in place due to other legislation, the paper will not (or only concisely) expand on these provisions. This is particularly relevant for the provisions regarding market surveillance authorities, which are also regulated by the Regulation on Market Surveillance and compliance of products (Regulation 2019/1020).

Structure

The policy brief has two main elements. In the third part, we discuss the legal background of the AI Act (i.e. a harmonisation measure under art. 114 TFEU) and how this interacts with the provisions on the scope of application of the AI Act, and the EU and member state competences. We focus on identifying the extent to which national policy initiatives related to topics covered by the AI Act are still possible. In the fourth part, we delve into the topic of national AI supervision and enforcement. This supervision and enforcement involves several authorities with distinct tasks and has to take into account the sectoral approach used in Annex I and III AI Act. We explain the different types of authorities involved and identify which (existing) authorities can be designated under the AI Act for supervising the prohibited and high-risk AI systems and the AI systems subject to specific transparency requirements.

Below, we highlight some key findings and concerns.

Scope of Application

• As the AI Act is a harmonisation measure, it has a significant impact on the permissibility of adopting other or additional national rules regarding AI systems. Whereas there is still ample room for rules regarding the development and use of AI for military, defence and national security purposes, this is different for e.g. additional rules for AI systems released under free and open-source licences or regarding personal, non-professional use of AI systems. The situation is less clear when it comes to the permissibility of adopting different or additional rules in the field of scientific research and development using AI or general AI research, testing or development. This is due to fact that research and technological development policy is shared, parallel competence between the EU and its member states.

Authorities

• With regards to notifying authorities, we recommend that the Belgian legislator designates the existing authorities currently already acting as notifying authorities under the specific product harmonisation legislation mentioned in Section A, Annex I of the AI Act also as notifying authorities under the AI Act. This enables continuity for the current notifying authorities and notified bodies without creating excessive difficulties in the interpretation of the AI Act's requirements for high-risk AI systems since notifying authorities primarily evaluate conformity assessment bodies (as opposed to evaluating AI systems). There is no need to designate notifying authorities for high-risk AI systems under Annex III AI Act.
• On the topic of market surveillance authorities, we recommend that the Belgian legislator prioritises legal certainty and a uniform, consistent interpretation of the AI Act. This can be achieved by centralizing market surveillance as much as possible in a single market surveillance authority, while enabling cooperation and knowledge sharing between that authority and product-specific authorities under the existing product harmonisation legislation mentioned in Annex I AI Act. For Annex III, we recommend that the Belgian federal data protection authority is designated as the market surveillance authority for biometrics, migration and administration of justice. Depending on the legislator's judgement, Annex III high-risk AI systems related to law enforcement can also be surveilled by the data protection authority or, alternatively, the COC can be designated as the competent authority for this topic. For the remaining categories of high-risk AI systems under Annex III, our recommendation is again to make a central market surveillance authority competent, supported by sector-specific authorities providing sector-specific knowledge. We recommend that the FPS Economy is designated for the role of central market surveillance authority. If this suggestion to centralise market surveillance is not followed, we recommend that the various product- and sector-specific market surveillance authorities sufficiently coordinate to ensure a shared, baseline interpretation of the AI Act's requirements for the sake of legal certainty for the various stakeholders.
• The supervision of prohibited AI practices is not explicitly regulated in the AI Act. We recommend including this supervision in the competence of the designated market surveillance authorities for the AI Act. Concretely, prohibited AI practices which are closely tied to consumer protection can be overseen by the FPS Economy. Prohibited AI practices closely tied to personal data processing can be overseen by the Belgian federal data protection authority (or the COC when there is a link with law enforcement).
• The supervision of AI systems with increased transparency obligations is also not explicitly assigned to an authority by the AI Act. We recommend allowing all designated market surveillance authorities, as well as all authorities competent for the enforcement of the DSA, to enforce these increased transparency obligations. This is due to the potential overlap of DSA obligations with the increased transparency AI Act obligations, as well as to accommodate for the expectations of affected persons regarding the authority to which they could submit a related complaint.
• Finally, regarding national public authorities or bodies supervising fundamental rights and their power to request documentation created under the AI Act to fulfil their mandate, we recommend that Belgium lists as many of these authorities and bodies as possible in its notification to the Commission. Since the power to request documentation is automatically given to the respective public authorities or bodies by the AI Act, this increased transparency will be especially useful for AI providers. Furthermore, we highly recommend establishing communication lines and cooperation procedures between these national public authorities and designated market surveillance authorities to the benefit of both authorities’ enforcement efforts.