ESBG provides input on technical negotiations of the Artificial Intelligence Act

In Q4 of 2022, ESBG staff was invited to three stakeholder info sessions on the technical negotiations on the Artificial Intelligence Act, organized by the offices of MEP Voss (EPP, LIBE Shadow/JURI Opinion), MEP Clune (EPP, LIBE Shadow), and MEP Maydell (EPP, ITRE Opinion). During these info sessions, stakeholders were updated about the articles discussed during the technical meetings that took place in the Parliament and invited to provide concrete input on concrete issues.

The definition of AI remains a highly debated issue. According to ESBG members, the proposed definition is currently too broad. ESBG members argued for a narrow scope, since a scope that is too broad could potentially include more traditional software systems that should not fall under the scope of the proposal The definition of AI needs to take into account the different levels of autonomy and explainability of the system, as well as the level of control and human participation. Furthermore, it must contain the ability to learn and reason as central element.
Stakeholders were also asked for concrete examples of overlap with other pieces of legislation, also of sector-specific legislation. ESBG pointed out a number of articles where overlap with other legislation, notably the GDPR exists. There has also been discussion on the high-risk classification, extraterritorial applications, cooperation mechanisms, and access to data. Therefore, ESBG provided input on those matters as well.

related


Crypto-asset Activities: WSBI-ESBG calls for a more consistent regulatory approach

The Financial Stability Board (FSB) which is an international body that monitors and makes recommendations about the global financial system published a proposed framework for International Regulation of Crypto-asset Activities on 11 October 2022. The said framework sets out a) the key issues and challenges in developing a comprehensive and consistent regulatory approach that captures all types of crypto-asset activities that could rise to financial stability risks; b) policy initiatives at the jurisdictional and international levels; c) the FSB’s proposed approach for establishing a comprehensive framework.

The FSB  reports that crypto-assets and markets must be subject to effective regulation and oversight commensurate with the risks they pose. Crypto-asset markets are fast evolving and could reach a point where they represent a threat to global financial stability due to their scale, structural vulnerabilities and increasing interconnectedness with the traditional financial system.

WSBI-ESBG, for its part, welcomed the initiative of addressing the above-mentioned crucial issues and replied to the call for feedback on this consultative document on a proposed framework for International Regulation of Crypto-asset Activities, in particular calling for a more measured regulatory approach between the several players (i.e.; financial institutions, issuers, and providers of crypto assets) and for consistency between regulations and requirements applicable to traditional finance and crypto-based finance.

Finally, members underlined the importance of having a clear and dynamic regulatory approach to avoid confusion on the categorization of crypto-assets (i.e.; stablecoins, global stablecoins, digital assets), and the need for a higher consistency between local and international regulations.

related


Call for clarification on the Artificial Intelligence Liability Directive

On 28 September, the European Commission published its proposal for the Artificial Intelligence Liability Directive which  complements and modernises the EU civil liability framework by introducing for the first time rules specific to damages caused by AI systems. 

The purpose is to lay down uniform rules in case of damages caused by AI systems and to establish broader protection for victims. The Directive is applicable to both individuals and businesses. The new rules will, for instance, make it easier to obtain compensation if someone has been discriminated against in a recruitment process involving AI technology.

It is proposed that five years after the entry into force of the AI Liability Directive, the Commission will assess the need for no-fault liability rules for AI-related claims if necessary.

Consequently, on 3 October, the Commission enabled relevant stakeholders to provide feedback on the proposed AI Liability Directive. All feedback to be received will be summarised by the Commission and presented to the Parliament and Council with the aim of feeding into the legislative debate.

As part of its mandate, ESBG replied to the Commission’s call for feedback on 2 December. In its response, ESBG supports the protection of consumers as well as adapting liability rules to the digital age, thereby setting out a framework for excellence and trust in AI.

However, ESBG understands from the proposed Directive that the presumption of a causal link in the case of fault is mainly a matter of “non-compliance of due diligence duties”. In this context, ESBG calls for clarification on what could be considered as non-compliance of due diligence duties. In particular, ESBG questions whether the presence of bias or discrimination could be considered a noncompliance of due diligence duties. Furthermore, clarification is necessary on what tools are available to providers and users of AI systems to refute the causal link.

Finally, as the AILD is a directive, members stress the importance to take the cultural and legal differences between member states into account when implementing. Different application across member states can lead to regulatory arbitrage where firms choose where to be domiciled according to the member states legislative application. Therefore, the directive should be aligned with the Rome I Regulation and the Rome II Regulation regarding the conflict of laws on the law applicable to non-contractual obligations.

related


Call for clear scope of applicability of the Cyber Resilience Act

On 14 November, ESBG submitted its input to the European Commission’s call for feedback on the proposed Cyber Resilience Act, which was published in September. All feedback received will be summarised by the Commission and presented to the European Parliament and Council with the aim of feeding into the legislative debate.

On 15 September, the Commission published a proposal for a Cyber Resilience Act, which aims to protect consumers and businesses from products with inadequate security features. The Cyber Resilience Act introduces mandatory cybersecurity requirements for products with digital elements. It will ensure that digital products, such as wireless and wired products and software, are more secure for consumers across the EU. In addition to increasing the responsibility of manufacturers by obliging them to provide security support and software updates to address identified vulnerabilities, it will enable consumers to have sufficient information about the cybersecurity of the products they buy and use.

In the position paper, ESBG members welcome the Commission proposal and support the goal of only having secure software on the internal market. However, members believe that the Cyber Resilience Act leaves too much room for interpretation regarding its scope of applicability and therefore proposes that the Commission should make a clear scope-statement that would dissolve any uncertainty whether the software developed, operated, or marketed by financial institutions is in scope of this Act.

In addition, there are vertical initiatives that already regulate the cyber-resilience of hardware and software products used by certain sectors. This is the case of the Digital Operational Resilience Act (DORA) for the financial sector, a regulatory framework specifically designed and developed to ensure the digital operational resilience of the financial sector. Extending the scope of the Cyber Resilience Act to products manufactured by credit institutions may place additional burdens onto banks, on top of the already existing tight regulatory corset.

related


ESBG keeps a close eye on prudential treatment of crypto assets

On 30 September 2022, ESBG responded to the second public consultation of the Basel Committee on Banking Supervision (BCBS) on the prudential treatment of banks' crypto asset exposures, which is built on the proposals in the first consultation issued in June 2021.

The basic structure of the proposal in the first consultation is maintained, with crypto assets divided into two broad groups: Group 1 includes those that are eligible for treatment under the existing Basel Framework with some modifications. Group 2, on the other hand, includes unbacked crypto asset and stable coins with ineffective stabilisation mechanisms, which are subject to a new conservative prudential treatment.

In the response to the second consultation in 2022, we advocated for the removal of the technological risk add-on from the proposed prudential framework.

The first reason for this would be the principle of technological neutrality. The regulation should focus on regulating the services but not the applicable technology in order not to prevent the adoption of a specific technology and to neither prefer nor prejudice a specific business model or service provider. Secondly, technological risk already exists in all asset classes. If persistent technological risks are detected, the supervisor could require actions for their mitigation or apply a Pillar 2 Requirement (P2R) surcharge. Finally, a common surcharge of capital would reduce institutions’ incentives to mitigate inherent risk.

Downloads

OCTOBER 2022 | TOPICS: Prudential, Supervision and Resolution | Public Consultation | Crypto Assests | Basel Framework | Technology Neutrality

related


Digital euro: ESBG’s response to the European Commission targeted consultation

ESBG stated the need to further assess exactly what gaps in the payments system could be filled by the introduction of a digital euro, and to analyse how the existing solutions could be adjusted to enhance their value to the customer. This in its response to the European Commission targeted consultation on June 15. We highlighted the financial education challenges ahead, which will be key to address in order to continue building the customers’ confidence in the financial sector.

The response also stated that ESBG and its members are in favour of limits to individual holdings of digital euro – ideally in the form of €1,500 cap. It elaborated that a higher limit might cause a deposit outflow that would not be manageable for most banking business models in the EU and would likely force banks to de-leverage massively. The negative impact of this on balance sheet would be particularly severe for savings and retail banks that currently have little to no access to market funding. The deposit outflow would not only impact liquidity, but also the volume of credit provision of deposit-intense banks, which in the past kept the lending stable even in crisis times.

For a digital euro to be successful, it must provide a user-friendly onboarding process and it should be secure, easy to access and use, and adapted to the public. It would also require the acceptance of both the consumers and merchants. Finally, However, any measure aimed at introducing mandatory acceptance – and any eventual exemption – should be carefully assessed and designed at EU level to avoid affecting the level playing field between different means of payment and crowd-out the existing solutions.

related


ESBG welcomes horizontal cybersecurity requirements for digital products

The European Commission launched a public consultation in March to gather views from a wide range of stakeholders to help shaping the Cyber Resilience Act, a regulation on horizontal cybersecurity requirements for digital products and ancillary services. As a response to this public consultation on the Cyber Resilience Act, ESBG submitted its position to the European Commission on 18 May. The ESBG position focuses on the following aspects: I) Cybersecurity of digital products and the users of digital products; II) Improving the cybersecurity of digital products; and III) Stakeholder impact of potential regulatory measures.

Digital products and ancillary services create opportunities for EU economies and societies but they also lead to new challenges because when everything is connected a cybersecurity incident can affect an entire system, and thus disrupt economic and social activities. The initiative for a Cyber Resilience Act aims to address market needs and protect consumers from insecure products by introducing common cybersecurity rules for manufacturers and vendors of tangible and intangible digital products and ancillary services.

On the whole, ESBG welcomes the European Commission’s Cyber Resilience Act as the level of risk of cybersecurity incidents affecting digital products has increased during the last five years. The overall level of cybersecurity of digital products marketed in the European Union could be improved. Subjecting certain products marketed in the Union to cybersecurity requirements would be effective (e.g. hardware or software products subject to higher cybersecurity risks).

Moreover, ESBG members believe that leaving it to hardware manufacturers and software developers to demonstrate compliance with security requirements is insufficient. It would be more valuable to have the opinion of a third party based on a control framework.

All feedback received will be taken into account as the Commission further develops and fine-tunes this initiative, that is tentatively scheduled for the third quarter of 2022. Input will help the Commission analyse cybersecurity-related problems associated with the digital products markets, explore possible ways forward and assess the impact of different types of interventions.

related


An open data economy should be multilateral and cross-sectoral

ESBG submitted its position to the European Commission on the proposed Data Act on 12 May. ESBG welcomed the Commission’s data strategy and its commitment to create a single market for data that will constitute a potential source of growth and innovation.

We believe that a European approach to data is essential to ensure competitiveness, avoid fragmentation of national regulations, and benefit from a scale effect. Moreover, ESBG members stressed that the horizontal regulatory approach is crucial to establish the key rules and principles for all sectors as, in our view, an open data economy should be multilateral and cross-sectoral.

The European Commission published its proposal for the Data Act in February and opened this call for feedback in March. The proposal clarifies who can use, access, and share data generated in the EU across all economic sectors, and on what terms. The Data Act aims to provide a harmonised framework for data sharing, conditions for access by public bodies, international data transfers, cloud switching, and interoperability.

The Data Act is based on the results of an open public consultation that the European Commission carried out in 2021, to which ESBG responded in September. It is the second main legislative initiative directly related to data, following the recent adoption of the Data Governance Act, which aimed to increase trust and facilitate data sharing across the EU and between sectors.

related


ECB announces members of Digital Euro Market Advisory Group

ECB appoints 30 senior business professionals with proven experience. Members to advise Eurosystem on design and distribution of potential digital euro. Meetings of group to be held at least quarterly, starting in November 2021.

25 October 2021 – The European Central Bank (ECB) has today announced the members of the Market Advisory Group for the digital euro project.

The Eurosystem’s High-Level Task Force on Central Bank Digital Currency called for expressions of interest on 14 July, following the Governing Council’s approval of the digital euro project investigation phase. After assessing applications, the selection committee appointed 30 senior business professionals with proven experience and a broad understanding of the euro area retail payments market.

“I am pleased that many high-quality experts from the private sector are willing to contribute to the digital euro project”, says ECB Board Member Fabio Panetta, Chair of the High-Level Task Force.

“Their expertise will facilitate the integration of prospective users’ and distributors’ views on a digital euro during the investigation phase.”

Members of the Market Advisory Group will act in a personal capacity, advising the Eurosystem on the design and distribution of a potential digital euro from an industry perspective, and on how a digital euro could add value for all players in the euro area’s diverse payments ecosystem. A representative from the European Commission and representatives from Eurosystem national central banks will also participate in the group.

Meetings are to be held at least quarterly, starting in November 2021, and written consultations will be organised between meetings. The issues identified will also be considered in the Eurosystem’s established forum for institutional dialogue on retail payments, the Euro Retail Payments Board (ERPB). The ERPB consists of high-level representatives of industry associations and represents a wide range of stakeholders. In addition, the Eurosystem will engage with the public and merchants through dedicated surveys (e.g. of focus groups) and will continue to hold technical workshops with the industry.

Members of the Digital Euro Market Advisory Group:

Aleksander Kurtevski, Managing Director, Bankart
Alessandro De Cristofaro, Director Digital Innovation Strategy, CRIF
Antonio Macías Vecino, Head of Payments Discipline, BBVA
Axel Schaefer, Payment Regulation and Innovation Specialist, Ingka Group (IKEA)
Cristian Cengher, Product Owner Cross Border Payments, Erste Group Bank AG
Cyril Vignet, Project Manager Innovation, Banque Populaire Caisse d’Epargne
Diederik Bruggink, Head of Payments and Innovation, European Savings and Retail Banking Group
Etienne Goosse, Director General, European Payments Council
Fanny Solano, Director Digital and Retail Regulation, Transparency and Implementation, CaixaBank
Fernando Rodríguez Ferrer, Head of Business Development, Bizum
Gerard Hartsink, Chairman, ICC DSI Industry Advisory Board
Inga Mullins, CEO, Fluency
Jens Holeczek, Head of Digital Payment Unit, National Association of German Cooperative Banks
Jochen Siegert, Managing Director, Global Head of Asset Platforms, Deutsche Bank AG
Nicolas Kozakiewicz, Chief Innovation Officer, Worldline
Nilixa Devlukia, CEO, Payments Solved
Nils Beier, Managing Director, Accenture Strategy & Consulting
Paul Le Manh, Advisor to CEO, EPI Interim Company
Piet Mallekoote, Former CEO, Dutch Payments Association
Régis Folbaum, Head of Payments, La Banque Postale
Roberto Catanzaro, Chief Strategy and Transformation Officer, Nexi Group
Ruth McCarthy, Managing Director, FEXCO Corporate Payments
Sean Mullaney, Head of Payment Engineering, EMEA Payments, Stripe
Silvia Attanasio, Head of Innovation, Associazione Bancaria Italiana
Sofia Lindh Possne, Senior Advisor, Group Regulatory Affairs, Swedbank
Stefano Favale, Head of Global Transaction Banking, Intesa Sanpaolo
Teresa Mesquita, Chief Marketing and Product Officer, SIBS Forward Payment Solutions
Valdis Bergs, Chairman of the Board, Mobilly sia
Ville Sointu, Head of Emerging Technologies, Nordea
Yves Blavet, Open Banking Director, Société Générale

related


On the European Commission's Artificial Intelligence Act

The Commission aims to turn Europe into the global hub for trustworthy Artificial Intelligence. If we share this idea on the principle, it should be recognised that this is a risky bet.

The European Commission published a proposal for an Artificial Intelligence (AI) Act at the end of April. In parallel, it has set up a public consultation for stakeholders to provide feedback on the draft text, which ended on 6 August.

AI technology has only slowly began arriving on the market and as applications become more sophisticated, they will likely often become very unpredictable in their development. To ensure legal certainty, a level playing field and no obstacles to innovation, a clear definition of artificial intelligence is needed. This would cover the Commission work, as well as national data protection authorities, the Council of Europe initiative, and the OECD framework on classifying AI systems. ESBG members very much welcome the proposed technology-neutral and future-proof definition of AI, and the Commission’s risk-based approach to enable a proportionate regulation.

The Commission aims to turn Europe into the global hub for trustworthy Artificial Intelligence. If we of course share this idea on the principle, it should be recognised that this is a risky bet. Indeed, if European values are not ultimately adopted on an international scale, non-European solutions are potentially more efficient because they have been developed in less restrictive regulatory environments and could compete with European solutions.

With regards to the acceptance of data usage, members would like to use real datasets instead of the Commission proposed ‘synthetic’ datasets. These would mimic real life situations and allow AI training in a realistic setting, without the risk of second order bias (e.g., ethnicity indication based on living area or income).

We also believe that there should be a provision in the draft text to protect European AI developers and users at international level. AI does not discriminate against physical locations, and many different countries across the world have different interpretations of copyright and liability when it comes to AI applications.

Finally, we call for clarity on the scope of the text when it comes to biometric identification of natural persons. It is not yet clear if financial services firms and their providers, who rely on biometric identification to onboard customers remotely (and comply with KYC – know your customer requirements) will be included in the scope of the full set of requirements in the AI regulation.

We support the Commission in its efforts to create a clear legal framework for artificial intelligence which does not inhibit innovation and at the same time provides security for all market participants. We are particularly pleased with the Commission’s philosophical approach to promoting “digitalisation with a human face”. We believe that trustworthy AI in cooperation with human expertise will be of great value to European society. We particularly emphasise the interaction between man and machine. We firmly believe that both humans and machines are irreplaceable. However, we must ensure that new regulation does not inadvertently cripple our markets, dampen innovation and opportunities.

Download

FULL REPORT

related