European Union: European Commission proposes EU standard contractual clauses for the procurement of high-risk AI systems

On 29 September 2023, the European Commission proposed standard contractual clauses (SCCs) for the procurement of high-risk artificial intelligence (AI) by public organizations, aligning with the proposed EU AI Act. The clauses would provide a structured legal framework for public authorities to use when procuring AI, ensuring that suppliers would meet regulatory obligations. The SCCs would be based on Chapter III of the AI Act, setting out supplier obligations on transparency, risk management, data governance, human oversight, and cybersecurity, and would require risk assessment, mitigation, and ongoing monitoring. AI suppliers would need to provide technical documentation, user instructions, logging capabilities, and compliance with record-keeping standards. Additionally, suppliers would ensure human oversight, enabling public organizations to monitor, interpret, and override AI systems, and would define rights to use data sets, including ownership, permitted use, and data retention or transfer conditions. The SCCs would mandate explainability, requiring suppliers to assist public organizations in understanding and interpreting AI decisions. Compliance would be enforced through audits, reporting requirements, and obligations to update risk assessments and transparency measures as AI systems evolve.