Book review of Moisés Barrio Andrés (dir.): “El Reglamento Europeo de Inteligencia Artificial”, Valencia, Editorial Tirant lo Blanch, 2024, pp. 220, ISBN Paper: 9788410713031, ISBN Ebook: 9788410713048

Book review of Moisés Barrio Andrés (dir.): “El Reglamento Europeo de Inteligencia Artificial”, Valencia, Editorial Tirant lo Blanch, 2024, pp. 220, ISBN Paper: 9788410713031, ISBN Ebook: 9788410713048
“El Reglamento Europeo de Inteligencia Artificial” offers a comprehensive and practical exploration of the new European Union AI Act (RIA or AI Act), expertly edited by Moisés Barrio Andrés. This ambitious work aims to present a unified legal framework for the entire EU, governing the development, market introduction, operation, and use of artificial intelligence systems. Its primary goal is to provide all sectors - public and private - that make use of IA with an overview of the Regulation in order to act within the framework of this European Union text. The idea is to encourage the adoption of AI that is human-centered and trustworthy, while ensuring a high level of protection for public health, safety, and fundamental rights.
This book not only explains the legal implications of the regulation but also helps identify development opportunities and risk factors for both private and public sectors where AI is deployed. With clear and structured guidance, it offers practical insights for advising organizations on the use of AI products and services. After an introductory chapter by Moisés Barrio Andrés, the text is systematically organized, making it accessible for readers. The book is particularly valuable for AI operators in the EU, providing detailed analysis of the AI Act’s dual requirements: ex ante obligations, which must be fulfilled before AI systems enter the market, and ex post obligations, which require ongoing monitoring throughout the system’s lifecycle.
The main objective of the book on “The European Artificial Intelligence Regulation” is to present and explain in plain language the EU’s central goal of creating a legal framework that fosters the responsible development, deployment, and use of artificial intelligence (AI) systems while safeguarding fundamental rights, health, and safety. Each chapter contributes to building a comprehensive understanding of the regulation by addressing different dimensions of AI governance, but they all serve this overarching purpose.
Chapter I by Moisés Barrio Andrés, professor of digital law, arbitrator and counsel to the Council of State, sets the foundation by explaining the concept of AI as well as the core objectives and scope of the regulation. It establishes the need for regulating AI systems in the EU and introduces the risk-based classification of AI, which underpins the entire regulatory framework. This chapter presents the categories of AI (prohibited, high-risk, limited-risk, and minimal-risk) and contours of each of them, with a focus on generative AI, introducing the fundamental principle that AI must be human-centered and trustworthy, protecting users’ rights, such as public health, safety, and fundamental rights. On some points Barrio Andrés is critical of the legislation. For instance, in his opinion, the AI Act's (RIA) definition still presents challenges, with key concepts and thresholds remaining unclear. A major issue is the lack of clarity around the levels of autonomy required for AI systems, with further guidance needed to define the minimum standard. Additionally, the RIA introduces an element of “design intent,” raising questions about whether a system qualifies as AI based on its creator's intentions, rather than its actual behavior. In contrast, the OECD's definition focuses on how an AI system functions in practice, offering a clearer and more straightforward approach (pp. 37-38).
The following chapter written in co-authorship by Luis Míguez Macho and Marcos Torres Carlos builds on the risk-based approach introduced in Chapter I by focusing specifically on the two most critical categories: prohibited AI systems and high-risk AI systems, examining their scope, justification, and possible exceptions. It explains why certain AI practices are banned due to the threats they pose to human rights and safety. It also delves into the detailed requirements for high-risk systems, including risk management, transparency, data governance, and human oversight. Obligations for providers, importers, distributors, and deployment managers are highlighted, as well as procedures for assessing the impact on fundamental rights and the conformity of such systems. This chapter reinforces the importance of mitigating risks associated with AI deployment and ensuring compliance with the regulation. Both authors offer a generally positive evaluation of the section of the regulation under review, particularly endorsing the criteria used to identify prohibited practices and the stringent requirements for high-risk AI systems. They argue that these standards are “reasonable given the current state of technology and align with international ethical norms for AI use.” However, their conclusions also include some critiques. Notably, the regulation lacks clarity and accessibility for legal, technological, and economic stakeholders in the AI sector, particularly regarding critical issues such as what is the regime to be established in critical matters and when independent external entities will need to conduct conformity assessments. (p. 85)
The shift to systems with lower levels of risk, namely general-purpose AI (GPAI) models, along with systems that pose limited or minimal risk becomes the subject of the study of the third chapter of the book by Carmen Muñoz García, Associate Professor of Civil Law at Complutense University of Madrid, Co-chair of AI-Section of the Spanish Hub of ELI and a member of ENIA Chair on AI: Challenges and Risks. It highlights the importance of transparency and the need for regulatory frameworks for these systems, while also addressing the obligations of providers, especially those that manage models with systemic risks. Technical requirements and codes of best practices are presented to help standardize obligations. This part of the book shows that even less risky AI systems still require oversight to ensure that they are developed and deployed responsibly. Hence the importance of the exhaustive study carried out by the author, which shows the decisive classification of the models, according to the greater or lesser risk that they generate, the detailed exegesis of the regulatory framework approved in the EU for these models (articles 51 to 56 and annexes XI, XII and XIII), and the unquestionable value of the codes of good practice (different from the codes of conduct), to promote a homogenization or uniformity of the obligations of the provider of the IA models, and to favor their compliance. Finally, the emergence of ChatGPT, in just a few months, led to a complete revision of the proposed Regulation initiated by the European Commission in 2021. The chapter constitutes the first study on the subject matter and shows the analysis of the regulatory iter until reaching a definitive regulation in June 2024. It underlines the relevance that these models, so much in need of their own regulation, have been acquiring in the RIA.
Chapter IV by Vanessa Jiménez Serranía, Assistant Professor of Commercial Law at Salamanca University, focuses on supporting innovation, ensuring that while the EU creates a strict regulatory framework for AI, it also promotes technological advancement. This chapter emphasizes the balance between governance and fostering innovation through regulatory sandboxes, AI literacy, and open-source initiatives. It also highlights the importance of data governance and intellectual property as key components of the regulatory framework. Innovation support measures ensure that the regulation doesn’t stifle AI growth but promotes it in a controlled and responsible manner. The chapter also explains the roles of European governance bodies, including the AI Office, the European AI Committee, and national authorities. As a curiosity, the author references the newly established Spanish Agency for AI Supervision (Agencia Española de Supervisión de la IA), created by the Spanish Ministry of Digital Transformation and Public Function. She explains that this new public body, which begins operations in A Coruña ahead of the European mandate for a regulatory AI institution, aims to be “the voice” of Spain on the international stage for the development of responsible AI technology. (pp. 136-138).
Quick move to the chapter V by Margarita Castilla Barea, full professor of civil law at Cadiz University, brings as to the world of vigilance. The author addresses post-market surveillance, information exchange on serious incidents, and market oversight, emphasizing that AI systems require ongoing monitoring even after they are deployed. The regulation doesn’t end once AI systems are in use; continuous vigilance is necessary to prevent harm and ensure that AI systems function as intended. It outlines the powers of authorities in charge of protecting fundamental rights and describes applicable procedures when AI systems present risks. This chapter also discusses codes of conduct and European Commission’s guidelines, which provide flexibility for adapting to emerging technologies while maintaining accountability. At the end of the chapter, the author offers some critical insight of this part of the RIA. Building on previous observations (see the opinion of the authors of the chapter II), Castilla Barea argues that the regulation lacks clarity and there is room for improvement in terms of legislative technique. She points out that the chapter structure is not always well-justified and highlights instances of unnecessary repetition across sections, suggesting that these could be more effectively consolidated for better coherence and readability. Notably absent is the wealth of examples that typically enrich the recitals of other pan-European regulations and directives. The author suggests that dedicating additional time to refining the approved version of the AI Regulation (RIA) would significantly elevate the quality of the final text. (pp. 198-199)
And last but not least, the chapter VI by Joaquín Delgado Martín, Magistrate of the Criminal Chamber of the Audiencia Nacional (National Court), focuses on enforcement through the sanctioning regime, which ensures that stakeholders who violate the regulation face penalties. This chapter explains the different types of infractions (classified as minor, serious, and very serious), and their corresponding consequences, ensuring compliance with the regulation. It also discusses the responsibilities of different stakeholders, including startups and public sector entities, as well as the procedures for imposing sanctions and the rights to defense and judicial review. The sanctioning regime reinforces the seriousness of the regulation’s requirements, showing that failing to meet legal obligations will result in real consequences, thereby incentivizing responsible AI practices.
In summary, the book with an apparent and coherent thread running through the six chapters described above, conveys the EU’s mission to create a balanced and forward-thinking regulatory environment for AI that promotes innovation while protecting fundamental rights. The regulation ensures that AI systems are developed responsibly, deployed safely, and monitored continuously, all while maintaining trust in AI technologies and ensuring that they benefit society as a whole. Each chapter builds upon this shared objective, from defining the scope and classifications of AI systems to enforcing compliance and encouraging innovation within the boundaries of ethical and safe AI development. This insightful work serves as an essential resource for those navigating the complex legal landscape of AI in the European Union. It provides practical insights into the AI Act’s legal framework and explains how it affects various stakeholders involved in AI development and implementation across the European Union. With contributions from experts in law, technology, and policy, the book outlines the risks, opportunities, and ethical considerations associated with AI systems. It’s an essential resource for anyone who wants to grasp how AI will be regulated in Europe and the implications for innovation and society.
As the editor of the book points out, “this book aims to highlight and bring the reader closer to the new features of the RIA in a simple and accessible manner, while providing tools in the absence of a body of doctrine and case law interpreting its content”. (p. 20)