What is the impact of the proposed directive on banks ?

(Translated by DeepL)

On September 28, 2022, the European Commission published its proposal for a directive adapting the rules on non-contractual civil liability to the field of artificial intelligence (P-DIA). It includes rules to facilitate access to evidence on high-risk artificial intelligence (AI) systems, so that claimants are able to prove the various requirements of an extra-contractual civil action under their national law. Could this proposal have a major impact on financial institutions employing artificial intelligence systems ?

The proposal in no way alters national rules on the burden of proof and its degree of plausibility, on fault and causation, or on the types of damage that can be compensated. This commentary follows on from the commentary on the draft European IA regulation (P-RIA) (commented in cdbf.ch/1181). The aim is to briefly present this proposal and analyze its potential impact in the field of financial services, particularly with regard to credit scoring, as well as its possible extraterritorial scope.

Art. 3 P-DIA provides that, at the request of the injured party, national courts would be able to order – from a supplier (cf. art. 3 par. 2 P-RIA) of a high-risk AI system, from any person subject to the obligations incumbent on the supplier under art. 24 or 28 P-RIA, or from a user (cf. art. 3 par. 4 P-RIA) – the disclosure of evidence or its preservation. The judge’s intervention would only be subsidiary, since a court injunction would only be granted if the defendant refused the plaintiff’s initial request for disclosure. This proposal therefore introduces an obligation of disclosure on the part of defendants, or at least a greater duty to cooperate. However, an examination of the plausibility of a claim must be carried out before ordering disclosure of relevant evidence. If the defendant refuses to comply with the judge’s injunction, the proposal presumes a breach of a duty of care under art. 4 par. 2 or 3 P-DIA, which the requested evidence was intended to prove.

Art. 4 P-DIA provides for a rebuttable presumption of a causal link between the defendant’s fault and the result produced by the AI system or its inability to produce a result. This presumption does not, however, establish strict liability for AI. This choice is left to the Member States. With regard to art. 4 par. 1 let. a P-DIA, the plaintiff would have to demonstrate that the defendant’s fault stems from a breach of a duty of care. To do this, the plaintiff would have to establish – in accordance with art. 4 par. 2 and 3 P-DIA – a breach of an obligation covered by the draft European regulation on AI (cf. in particular art. 10 par. 2 to 4, 13, 14, 15 and 16 P-RIA for suppliers and art. 29 P-RIA for users). The presumption provided for in art. 4 par. 1 P-DIA would not apply if the defendant is able to demonstrate that the plaintiff has reasonable access to sufficient expertise and evidence to prove the causal link.

With regard to the definitions used and the obligations which, in the event of non-compliance, lead to a presumption of causality, the proposed directive refers to the draft European regulation on AI. So, there is consistency in the legal regime proposed by the European Commission.

But what about financial services ? As a reminder, the draft European regulation on AI should only apply to credit scoring (see cdbf.ch/1181), subject to an extension of its scope by amending Annex 3 of the draft. The proposed directive could theoretically be applied to credit granting activities, insofar as a credit scoring AI system is used. A number of questions remain, however, since this proposal concerns extra-contractual liability claims. Two scenarios are conceivable. If the credit is granted on less advantageous terms due to a discriminatory bias of the AI system, this situation would be part of a contractual relationship, which would exclude the application of the proposal with regard to art. 1 par. 1 P-DIA. On the other hand, if credit is not granted because of a result produced by an AI system, and the person suffers damage as a result, the directive could apply. In fact, this situation would be part of an extra-contractual relationship, since no contractual relationship would be concluded between the parties. In this context, the question of damage becomes fundamental. In Switzerland, the notion of damage is restrictive. Like the national law of certain European Union member states, Swiss law does not recognize the loss of an opportunity as a compensable loss (cf. ATF 133 III 462). Furthermore, Swiss law compensates purely economic damage only if a standard of conduct designed to protect the injured party’s assets has been breached by the defendant.

Finally, unlike the draft European regulation on AI, the proposal does not provide for extraterritorial effect as such. Nevertheless, by virtue of articles 132 and 133 of the LDIP, the proposed directive could be applied in cross-border civil actions.

This proposal therefore facilitates access to means of proof and provides for a presumption of causality. The issue of access to evidence in an AI system is essential to ensure that plaintiffs and defendants are on an equal footing. However, this proposal should – in our view – only have a very limited scope in the financial services sector.