Beta

Source: OJ L, 2024/1689, 12.7.2024

EN

Article 58 Detailed arrangements for, and functioning of, AI regulatory sandboxes

    1. In order to avoid fragmentation across the Union, the Commission shall adopt implementing acts specifying the detailed arrangements for the establishment, development, implementation, operation and supervision of the AI regulatory sandboxes. The implementing acts shall include common principles on the following issues:

      1. eligibility and selection criteria for participation in the AI regulatory sandbox;

      2. procedures for the application, participation, monitoring, exiting from and termination of the AI regulatory sandbox, including the sandbox plan and the exit report;

      3. the terms and conditions applicable to the participants.

    2. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 98(2).

    1. The implementing acts referred to in paragraph 1 shall ensure:

      1. that AI regulatory sandboxes are open to any applying provider or prospective provider of an AI system who fulfils eligibility and selection criteria, which shall be transparent and fair, and that national competent authoritiesas defined in Article 46 inform applicants of their decision within three months of the application;

      2. that AI regulatory sandboxes allow broad and equal access and keep up with demand for participation; providers and prospective providers may also submit applications in partnerships with deployers and other relevant third parties;

      3. that the detailed arrangements for, and conditions concerning AI regulatory sandboxes support, to the best extent possible, flexibility for national competent authoritiesas defined in Article 46 to establish and operate their AI regulatory sandboxes;

      4. that access to the AI regulatory sandboxes is free of charge for SMEs, including start-ups, without prejudice to exceptional costs that national competent authoritiesas defined in Article 46 may recover in a fair and proportionate manner;

      5. that they facilitate providers and prospective providers, by means of the learning outcomes of the AI regulatory sandboxes, in complying with conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; obligations under this Regulation and the voluntary application of the codes of conduct referred to in Article 95;

      6. that AI regulatory sandboxes facilitate the involvement of other relevant actors within the AI ecosystem, such as notified bodies means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; and standardisation organisations, SMEs, including start-ups, enterprises, innovators, testing and experimentation facilities, research and experimentation labs and European Digital Innovation Hubs, centres of excellence, individual researchers, in order to allow and facilitate cooperation with the public and private sectors;

      7. that procedures, processes and administrative requirements for application, selection, participation and exiting the AI regulatory sandbox are simple, easily intelligible, and clearly communicated in order to facilitate the participation of SMEs, including start-ups, with limited legal and administrative capacities and are streamlined across the Union, in order to avoid fragmentation and that participation in an AI regulatory sandbox established by a Member State, or by the European Data Protection Supervisor is mutually and uniformly recognised and carries the same legal effects across the Union;

      8. that participation in the AI regulatory sandbox is limited to a period that is appropriate to the complexity and scale of the project and that may be extended by the national competent authorityas defined in Article 46;

      9. that AI regulatory sandboxes facilitate the development of tools and infrastructure for testing, benchmarking, assessing and explaining dimensions of AI systems relevant for regulatory learning, such as accuracy, robustness and cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881;, as well as measures to mitigate risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; to fundamental rights and society at large.

    1. Prospective providers in the AI regulatory sandboxes, in particular SMEs and start-ups, shall be directed, where relevant, to pre-deployment services such as guidance on the implementation of this Regulation, to other value-adding services such as help with standardisation documents and certification, testing and experimentation facilities, European Digital Innovation Hubs and centres of excellence.

    1. Where national competent authoritiesas defined in Article 46 consider authorising testing in real world conditions supervised within the framework of an AI regulatory sandbox to be established under this Article, they shall specifically agree the terms and conditions of such testing and, in particular, the appropriate safeguards with the participants, with a view to protecting fundamental rights, health and safety. Where appropriate, they shall cooperate with other national competent authoritiesas defined in Article 46 with a view to ensuring consistent practices across the Union.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod