Home / Publications

Publications

Discover thought leadership and legal insights by our legal experts from across CMS. In our Expert Guides, written by CMS lawyers from across the jurisdictions where we operate, we provide you with in-depth legal research and insights that can be read both online and offline. You can also find Law-Now articles with focused legal analysis, commentary and insights to help you anticipate future challenges and much more.



Media type
Expertise
13/03/2024
General purpose AI models and measures in support of innovation
General purpose AI models (Currently Title VIIIA, Art. 52a-52e)The AI Act is founded on a risk based approach. This regulation, intended to be durable, initially wasn’t associated to the characteristics of any particular model or system, but to the risk associated with its intended use. This was the approach when the proposal of the AI Act was drafted and adopted by the European Commission on 22 April, 2021, when the proposal was discussed at the  Council of the European Union on 6 December, 2022. However, after the great global and historical success of generative AI tools in the months following the Commission’s proposal, the idea of regulating AI focusing only on its intended use seemed then insufficient. Then, in the 14 June 2023 draft, the concept of “foundation models” (much broader than generative AI) was introduced with associated regulation. During the negotiations in December 2023, some additional proposals were introduced regarding “very capable foundation models” and “general purpose AI systems built on foundation models and used at scale”. In the final version of the AI Act, there is no reference to “foundation models”, and instead the concept of “general purpose AI models and systems” was adopted. General Purpose AI models (Arts. 52a to 52e) are distinguished from general purpose AI systems (Arts. 28 and 63a). The General Purpose AI systems are based on General Purpose AI models: “when a general purpose AI model is integrated into or forms part of an AI system, this system should be considered a general purpose AI system” if it has the capability to serve a variety of purposes (Recital 60d). And, of course, General Purpose AI models are the result of the operation of AI systems that created them.“General purpose AI model” is defined in Article 3.44b as “an AI model (…) that displays significant generality and is capable to competently perform a wide range of distinct tasks regardless of the way the model is placed on the market and that can be integrated into a variety of downstream systems or applications”. The definition lacks quality (a model is “general purpose” if it “displays gen­er­al­ity”1Re­cit­al 60b contributes to clarify the concept saying that “generality” means the use of at least a billion of parameters, when the training of the model uses “a large amount of data using self-supervision at scale”. footnote) and has a remarkable capacity for expansion. Large generative AI models are an example of General Purpose AI models (Recital 60c). The obligations imposed to providers of General Purpose AI models are limited, provided that they don’t have systemic risk. Such obligations include (Art. 52c) (i) to draw up and keep up-to-date technical documentation (as described in Annex IXa) available to the national competent authorities, as well as to providers of AI systems who intend to integrate the General Purpose AI system in their AI systems, and (ii) to take some measures in order to respect EU copyright legislation, namely to put in place a policy to identify reservations of rights and to make publicly available a sufficiently detailed summary about the content used. Furthermore, they should have an authorised representative in the EU (Art. 52ca). The most important obligations are imposed in Article 52d to providers of General Purpose AI models with systemic risk. The definition of AI models with systemic risk is established in Article 52a in too broad and unsatisfactory terms: “high impact capabilities”. Fortunately, there is a presumption in Article 52a.2 that helps: “when the cumulative amount of compute used for its training measured in floating point operations (FLOPs) is greater than 10^25”. The main additional obligations imposed to General Purpose AI models with systemic risks are (i) to perform model evaluation (including adversarial testing), (ii) to assess and mitigate systemic risks at EU level, (iii), to document and report serious incidents and corrective measures, and (iv) to ensure an adequate level of cybersecurity. Finally, an “AI system” is “an AI system which is based on a General Purpose AI model, that has the capacity to serve a variety of purposes” (Art. 3.44e). If General Purpose AI systems can be used directly by deployers for at least one purpose that is classified as high-risk (Art. 57a and Art. 63a), an evaluation of compliance will need to be done.
12/03/2024
Prohibited AI practices and high-risk AI systems
Prohibited Artificial Intelligence practices (Currently Title II, Art. 5) 1. Introduction to the unacceptable risk category Article 5 categorises certain AI technologies as posing an “unacceptable risk” (Unacceptable Risk). Unlike other risk categories outlined in the AI Act, the use of AI technologies that fall within this category is strictly prohibited ("Prohibited AI Systems"). It is therefore necessary to distinguish between:those technologies that are clearly prohibited; andthose AI applications that are not clearly prohibited but may involve similar risks. The most challenging problem in practice is to ensure that activities, which are not prohibited, do not become Unacceptable Risk activities and therefore prohibited. 2. Unacceptable Risk: Prohibited AI practices Article 5 explicitly bans harmful AI practices: The first prohibition under Article 5 addresses systems that manipulate individuals or exploit their vulnerabilities, leading to physical or psychological harm. Accordingly, it would be prohibited to place on the market, put into services or use in the EU:AI systems designed to deceive, coerce or influence human behaviour in harmful ways; andAI tools that prey on an individual’s weaknesses, exacerbating their vulnerabilities. The second prohibition covers AI systems that exploit these vulnerabilities, even if harm is not immediate. Examples include:AI tools that compromise user privacy by collecting sensitive data without consent; andAI algorithms that perpetuate bias or discrimination against certain groups. The third prohibition focuses on the use of AI for social scoring. Social scoring systems assign scores to individuals based on their behaviour, affecting access to services, employment or other opportunities. Prohibited practices in­clude:AI-driv­en scoring mechanisms that lack transparency, fairness or accountability; andSystems that discriminate based on protected characteristics (e.g. race, gender, religion). The fourth prohibition covers biometric real-time identification in publicly accessible spaces for law enforcement purposes. This includes:AI systems that identify individuals without their knowledge or consent; andContinuous monitoring of people’s movements using biometric data. 3. Clearly listed: Best practices and compliance Transparency and accountability are essential in complying with the prohibitions under Article 5. Firms using AI must design and continuously test systems, be transparent about their intensions and avoid manipulative practices. They should also disclose AI systems functionality, data usage, and decision-making processes. Companies should conduct thorough impact assessments to identify unintended vulnerabilities and implement specific safeguards to prevent exploitation. This should form part of assessments of AI systems to understand their impact on individuals and society. Companies should develop clear guidelines for scoring systems to prevent the development of social scoring characteristics, and prioritise ethical design, fairness and non-dis­crim­in­a­tion. Privacy impact assessments should be pursued to ensure compliance with the various prohibitions. In particular, firms should be very careful using any real-time identification systems. In all cases, companies should maintain comprehensive records of AI system design, training, and deployment. Any critical decision made by AI systems should be overseen by a human. 4. Not clearly listed: Categorisation Unacceptable Risk AI systems cover systems that are deemed inherently harmful and are considered a threat to human safety, livelihoods, and rights In contrast, high-risk AI systems cover systems designed to be applied to specific use cases, including using AI for hiring and recruitment that may cause harm but are not inherently harmful. High risk AI systems are legal, but subject to important requirements under the AI Act. It is therefore crucial to determine the difference between high risk and unacceptable risk AI systems. In essence, any high risk activity can escalate to Unacceptable Risk under the following cir­cum­stances:Bi­as and Discrimination: if AI perpetuates bias or discriminates against protected groups. Privacy Violations: when AI systems compromise user privacy or misuse sensitive data. Psychological Harm: if AI manipulates individuals, causing psychological distress. AI systems that are able to perform generally applicable functions and are able to have multiple intended and unintended purposes (being General Purpose AI models) are not inherently prohibited under the AI Act, but must be used with care since in certain scenarios they lead to Unacceptable Risk activities. To assess whether a General Purpose AI Model poses an Unacceptable Risk, it is necessary to consider the context in which the model operates. If it influences critical decisions (e.g. hiring, credit scoring), perpetuates bias or discriminates, compromises user privacy (e.g. by collecting sensitive data without consent), the risk increases, and the model may need to be adapted. 5. Best practice and compliance While the AI Act provides examples of explicit prohibitions under the AI Act, it cannot cover all possible situations as the technology is, through updated versions and by definition, constantly evolving. As a guide, legal and compliance teams should ask the following questions when considering high- risk AI systems:Risk assessment:What is the evidence that the categorisation of the AI application is minimal, limited, high or Unacceptable Risk?Does the application in any circumstances use or act on sensitive data or influence critical de­cisions?Con­tex­tu­al analysis:Does the application operate in a sector that has a presumption of increased risk, for example, (a) financial services, or (b) healthcare?In what ways does the deployment of the application impact (a) individuals, and (b) society?Specific criteria:Can any decisions of the application be considered to give rise to manipulation, exploitation, discriminatory scoring, or biometric iden­ti­fic­a­tion?Does the application operate or have access to data that could give rise to the exploitation of subliminal techniques or vulnerabilities related to protracted characteristics, such as age or dis­ab­il­ity?Trans­par­ency and Documentation:In what ways is the AI system transparent about its inherent functioning and de­cision-mak­ing?In what ways does the user’s documentation of the design, training and deployment of the application demonstrate compliance with the various rules? 6. Conclusion Unacceptable Risk AI activities are those practices that pose inherent harm to people and are strictly forbidden under the AI Act. The potential for reputational damage and regulatory sanctions serve as strong deterrents for firms to avoid breaching these provisions of the AI Act. It is essential for companies to take proactive measures to ensure compliance and prevent harm to individuals and society.
11/03/2024
Looking ahead to the EU AI Act
Introduction The European Union is preparing for the imminent adoption of the world’s most significant legislation on Artificial Intelligence, solidifying its position as a pioneer among global legislators. This initiative aims to establish and reinforce the EU’s role as a premier hub for AI while ensuring that AI development remains focused on human-centered and trustworthy principles. To expedite the achievement of these goals, on 8 December 2023, after three days of debate, the European Parliament and the Council of the European Union finally reached a provisional agreement on the “Proposal for a Regulation laying down harmonised rules on artificial intelligence” (the so-called AI Act), which aims to ensure that AI systems placed on the European market are safe and respect the fundamental rights and values of the EU. Subsequent to this provisional agreement, technical refinement of the AI Act continued to finalise the regulation’s details and text. The final vote of the European Parliament on the AI Act will take place at 13 March 2024. Since the European Parliament's Committees on the Internal Market and Consumer Protection (IMCO) and on Civil Liberties, Justice and Home Affairs (LIBE) have endorsed overwhelmingly the proposed text, the approval of the European Parliament can be expected. After a long and complex journey that began in 2021 with the European Commission’s proposal of a draft AI Act, this new regulation is expected to be passed into law in spring 2024, once it has been approved by the European Parliament and the Council of the European Union . The AI Act aims to ensure that the marketing and use of AI systems and their outputs in the EU are consistent with fundamental rights under EU law, such as privacy, democracy, the rule of law and environmental sustainability. Adopting a dual approach, it outright prohibits AI systems deemed to pose unacceptable risks while imposing regulatory obligations on other AI systems and their outputs. The new regulation, which also aims to strike a fair balance between innovation and the protection of individuals, not only makes Europe a world leader in the regulation of this new technology, but also endeavours to create a legal framework that users of AI technologies will be able to comply with in order to make the most of this significant development opportunity. In this article we provide a first overview of the key points contained in the text of the AI Act1This article (including the relevant citations below) is based on the latest draft available on the Council’s website. The AI Act remains subject to possible further refinement, but not as regards content, and the text referred to for this article should be considered as the closest to the one that will be voted on by the EU Parliament. footnote that companies should be aware of in order to prepare for the implementing regulation.
25/01/2024
Emerging Europe M&A Report 2023/2024
Despite geopolitical tensions, fears of recession and strong inflationary pressures across the EU, as well as the fiscal tightening needed to contain them, M&A in the CEE region has remained reasonably buoyant. Findings from the CMS Emer­ging Europe M&A 2023/24 report, published in cooperation with EMIS, demonstrate the resilience of the Emerging Europe deals market as activity holds firm against a backdrop of geopolitical tensions and strong inflationary pressures. Welcome to the 2023/24 edition of the Emerging Europe report.
28/11/2023
International Digital Regulation Hub
Following the EU Commission plan “A Europe fit for the digital age”, we have witnessed a lot of digital regulations in the EU including DMA and DSA, AI Act, Data Act and there is still more to come. Whilst presenting companies with a tumultuous landscape to navigate, the legal obligations imposed also present opportunities to develop their business in a new digital framework safeguarding responsible business practices, fair competition and personal data. The CMS Digital Regulation Hub is home to our Digital Regulation Tracker Tool, providing an overview of the key regulatory instruments for area of law, sectors and business activities which are critical for decision makers as they adapt to the increasingly digital landscape. In addition to this unique tool, we explore the impact this tsunami of regulation is having for businesses across a variety of industries and how GCs can ride the waves to stay ahead of the curve. Our latest re­port il­lus­trates the key findings across Platforms, Content providers, Life Sciences & Healthcare, Energy & Infrastructure, Banking & Finance and Automotive industries. To discuss how to cope with the challenges of Digital Regulations and to explore the opportunities for your business, please contact one of our International experts.
06/11/2023
News in Sustainability Claims
Return to CMS Green Globe
26/10/2023
Global Life Sciences & Healthcare Forum 2023 – recordings & presentations
We were delighted to bring you this year’s Forum, “Blurring Boundaries - Exploring the convergence of life sciences and law”, from Amsterdam. The theme “Blurring Boundaries - Exploring the convergence of life sciences and law” aimed to:Uncover the latest breakthroughs: Dive into the forefront of life sciences advances, including biotechnology, genetics, pharmaceuticals, and medical devicesAddress the regulatory gap: Engage in interactive workshops to bridge the divide between rapid innovation and the development of legal frame­work­sNav­ig­ate global challenges: Explore the impact of globalisation, ethical considerations, privacy concerns, and societal implications on the life sciences sectorFoster collaboration: Connect with legal and scientific minds, exchange ideas, and build valuable re­la­tion­shipsP­resent­a­tions were delivered by fantastic industry speakers, including Annemiek Verkamman (Managing Director, Hollandbio), Charida Dorder (Member of the Dutch AI Coalition), Wouter Boon (Associate Professor, Utrecht University) and Marc Kaptein (Medical Director, Pfizer), as they shared their expertise, thoughts and insights on how the sector is “Blurring Boundaries”. We were also joined by Simon Neill (Senior Legal Director) at Johnson & John­son and Joep Rijnierse (Senior Medical Director) at Amgen in our workshops. This webpage has been designed to keep you updated on the Forum, our speakers, as well as provide you with the useful resources complementing the theme “Blurring Boundaries - Exploring the convergence of life sciences and law”. You will also find on this page details on how to stay connected with CMS through our upcoming webinar series, On the Pulse Webinar Series 2023 - Autumn (cms. law); free eAlert service, Law-Now; and social media channels.
24/10/2023
CMS European Energy Sector M&A and Investment Outlook 2024
As the world economy increasingly embraces the push towards decarbonisation, Europe has actively sought to place itself at the vanguard of the discussion on energy trans­ition. Op­por­tun­it­ies to deploy capital abound as power sources switch further towards offshore and onshore wind, solar, heat, hydrogen, battery storage, new networks, carbon capture, and industrial decarbonisation. The latter brings an interface with other sectors such as technology companies (with power hungry data centres a particular focus), real estate, low carbon transport and decarbonisation of industrial processes such as cement, glass and steel production. As much as it is difficult, complex and highly political, the energy transition is also a huge business opportunity. To reach net zero by 2050, the International Energy Agency (IEA) estimates that global investment in clean energy alone will need to increase from the USD390bn in the first half of 2023, to USD 1.3tn in 2030. Many commentators worried that Russia’s invasion of Ukraine would put back the transition and shift Europe back towards fossil fuels. While it appears to have resulted in a renewed political focus on energy security it has also laid bare the financial and political consequences of relying on oil & gas imports, giving further impetus to renewables as a secure form of energy. Europe has also sought to be a leading light on the concept of “reaching net zero”, with the European Union (EU) having set out its ambition, back in 2019, to become the world’s first major economic bloc to be climate-neutral by 2050. This has added momentum to energy investment and M&A over recent years – 2021 and 2022 saw the second and third highest annual aggregate values of Western European M&A in the sector on record, at USD 59.8bn and USD 53.7bn, respectively, bested only by the anomalously high total of USD 89.4bn logged in 2018. Energy M&A in the region has been more subdued in 2023, but our survey demonstrates that energy executives are gearing up for a more active dealmaking period, with most expecting more opportunities and anticipating increased levels of investment in the year ahead. Capital looks set to continue to flow primarily to renewable energy projects and related assets, with solar and batteries topping the list of attractive subsectors among our respondents. Consistent with this, South West Europe takes pole position as the most promising region for investment opportunities. But there are thorns among the roses. Our respondents are cognizant of the challenges in the energy market, with supply-chain volatility and commodity price increases emerging as a prominent concern. This is unsurprising after a period of dislocation following the pandemic and amid a time of rising global demand for renewable products and commodities. Persistent inflation and elevated interest rates, combined with an uncertain macroeconomic outlook, are raising investors’ concerns, with financing risk (including the increased cost of financing) also coming to the fore for respondents. Overall, while some sense a recent softening of the market due to these fundamentals, our survey paints a picture of steadily improving investor sentiment in Europe’s energy sector, laying the foundations for a busier period ahead for M&A activity.
11/10/2023
CMS DTx Legal Navigator
Assisting companies scale their digital therapeutics (DTx) internationally
14/09/2023
Energy Transition 2023
As the world seeks to balance energy security and affordability with the broadly agreed imperative to address carbon emissions, this report seeks to provide a timely update on how major oil and gas companies are navigating the energy transition based on an analysis of their published data.
13/09/2023
Turning the Corner? CMS European M&A Outlook 2024
We are pleased to share with you the 2024 edition of the European M&A Outlook, published by CMS in association with Mergermarket.
12/09/2023
CMS European Class Actions Report 2023
Data-driven insights into class action risk across Europe, a key concern for major corporates