On 29 September 2023, the European Commission published a proposal for standard contractual clauses (SCCs) for the procurement of non-high-risk artificial intelligence (AI) by public organisations, aligning with the proposed EU AI Act. The SCCs would establish supplier obligations for transparency, risk management, data governance, human oversight, and cybersecurity, recommending risk assessment, mitigation, and ongoing monitoring to promote trustworthy AI procurement. These clauses would provide a flexible legal framework for public authorities, even for systems not classified as high-risk under the AI Act. AI suppliers would be encouraged to provide technical documentation, user instructions, logging capabilities, and record-keeping practices while ensuring human oversight to allow public organisations to monitor and interpret AI systems. Additionally, suppliers should define rights to use data sets, including ownership, permitted use, and data retention or transfer conditions, with compliance supported through voluntary audits, reporting mechanisms, and transparency measures.
Original source