Accountability is a cornerstone of the governance of artificial intelligence (AI). However, it is often defined too imprecisely because its multifaceted nature and the sociotechnical structure of AI systems imply a variety of values, practices, and measures to which accountability in AI can refer. We address this lack of clarity by defining accountability in terms of answerability, identifying three conditions of possibility (authority recognition, interrogation, and limitation of power), and an architecture of seven features (context, range, agent, forum, standards, process, (...) and implications). We analyse this architecture through four accountability goals (compliance, report, oversight, and enforcement). We argue that these goals are often complementary and that policy-makers emphasise or prioritise some over others depending on the proactive or reactive use of accountability and the missions of AI governance. (shrink)

The complexity and emergent autonomy of Generative AI systems introduce challenges in predictability and legal compliance. This paper analyses some of the legal and regulatory implications of such challenges in the European Union context, focusing on four areas: liability, privacy, intellectual property, and cybersecurity. It examines the adequacy of the existing and proposed EU legislation, including the Artificial Intelligence Act (AIA), in addressing the challenges posed by Generative AI in general and LLMs in particular. The paper identifies potential gaps and (...) shortcomings in the EU legislative framework and proposes recommendations to ensure the safe and compliant deployment of generative models. (shrink)

The EU Artificial Intelligence Act (AIA) defines four risk categories for AI systems: unacceptable, high, limited, and minimal. However, it lacks a clear methodology for the assessment of these risks in concrete situations. Risks are broadly categorized based on the application areas of AI systems and ambiguous risk factors. This paper suggests a methodology for assessing AI risk magnitudes, focusing on the construction of real-world risk scenarios. To this scope, we propose to integrate the AIA with a framework developed by (...) the Intergovernmental Panel on Climate Change (IPCC) reports and related literature. This approach enables a nuanced analysis of AI risk by exploring the interplay between (a) risk determinants, (b) individual drivers of determinants, and (c) multiple risk types. We further refine the proposed methodology by applying a proportionality test to balance the competing values involved in AI risk assessment. Finally, we present three uses of this approach under the AIA: to implement the Regulation, to assess the significance of risks, and to develop internal risk management systems for AI deployers. (shrink)

The EU proposal for the Artificial Intelligence Act (AIA) defines four risk categories: unacceptable, high, limited, and minimal. However, as these categories statically depend on broad fields of application of AI, the risk magnitude may be wrongly estimated, and the AIA may not be enforced effectively. This problem is particularly challenging when it comes to regulating general-purpose AI (GPAI), which has versatile and often unpredictable applications. Recent amendments to the compromise text, though introducing context-specific assessments, remain insufficient. To address this, (...) we propose applying the risk categories to specific AI scenarios, rather than solely to fields of application, using a risk assessment model that integrates the AIA with the risk approach arising from the Intergovernmental Panel on Climate Change (IPCC) and related literature. This model enables the estimation of the magnitude of AI risk by considering the interaction between (a) risk determinants, (b) individual drivers of determinants, and (c) multiple risk types. We use large language models (LLMs) as an example. (shrink)

Regulation is nothing without enforcement. This particularly holds for the dynamic field of emerging technologies. Hence, this article has two ambitions. First, it explains how the EU´s new Artificial Intelligence Act (AIA) will be implemented and enforced by various institutional bodies, thus clarifying the governance framework of the AIA. Second, it proposes a normative model of governance, providing recommendations to ensure uniform and coordinated execution of the AIA and the fulfilment of the legislation. Taken together, the article explores how the (...) AIA may be implemented by national and EU institutional bodies, encompassing longstanding bodies, such as the European Commission, and those newly established under the AIA, such as the AI Office. It investigates their roles across supranational and national levels, emphasizing how EU regulations influence institutional structures and operations. These regulations may not only directly dictate the structural design of institutions but also indirectly request administrative capacities needed to enforce the AIA. (shrink)

The article argues that AI can enhance the measurement and implementation of democratic processes within political parties, known as Intra-Party Democracy (IPD). It identifies the limitations of traditional methods for measuring IPD, which often rely on formal parameters, self-reported data, and tools like surveys. Such limitations lead to partial data collection, rare updates, and significant resource demands. To address these issues, the article suggests that specific data management and Machine Learning techniques, such as natural language processing and sentiment analysis, can (...) improve the measurement and practice of IPD. (shrink)

This paper examines the debate on AI legal personhood, emphasizing the role of path dependencies in shaping current trajectories and prospects. Three primary path dependencies emerge: prevailing legal theories on personhood (singularist vs. clustered), the actual participation of AI in socio-digital institutions (instrumental vs. non-instrumental), and the impact of technological advancements. We argue that these factors dynamically interact, with technological optimism fostering broader attribution of the legal entitlements to AI entities and periods of scepticism narrowing such entitlements. Additional influences include (...) regulatory cross-linkages (e.g., data privacy, liability, cybersecurity) and historical legal precedents. Current regulatory frameworks, particularly in the EU, generally resist extending legal personhood to AI systems. Case law suggests that without explicit legislation, courts are unlikely to grant AI legal personhood on their own, although some authors suggest that the courts can do so. For this to happen, AI systems would first need to prove de facto legitimacy through sustained participation within socio-digital institutions. The chapter concludes by assessing near- and long-term prospects for legal personification, from generative AI and AI agents in the next 5–20 years to transformative possibilities such as AI integration with human cognition via Brain-Machine Interfaces in a more distant future. (shrink)

This chapter explores the influence of Artificial Intelligence (AI) on digital democracy, focusing on four main areas: citizenship, participation, representation, and the public sphere. It traces the evolution from electronic to virtual and network democracy, underscoring how each stage has broadened democratic engagement through technology. Focusing on digital citizenship, the chapter examines how AI can improve online engagement while posing privacy risks and fostering identity stereotyping. Regarding political participation, it highlights AI's dual role in mobilising civic actions and spreading misinformation. (...) Regarding representation, AI's involvement in electoral processes can enhance voter registration, e-voting, and the efficiency of result tabulation but raises concerns regarding privacy and public trust. Also, AI's predictive capabilities shift the dynamics of political competition, posing ethical questions about manipulation and the legitimacy of democracy. Finally, the chapter examines how integrating AI and digital technologies can facilitate democratic political advocacy and personalised communication. However, this also comes with higher risks of misinformation and targeted propaganda. (shrink)

L’articolo esamina la proposta europea di regolamento sull’intelligenza artificiale, AI Act (AIA). In particolare, esamina il modello di analisi e valutazione del rischio dei sistemi di IA. L’articolo identifica tre potenziali problemi di implementazione del regolamento: (1) la predeterminazione dei livelli di rischio, (2) la genericità del giudizio di significatività del rischio e (3) l’indeterminatezza della valutazione sull’impatto dei diritti fondamentali. Il saggio suggeriscealcune soluzioni per affrontare questi tre problemi.

This paper reviews the different meanings of vulnerability in the AI Act (AIA). We show that the AIA follows a rather established tradition of looking at vulnerability as a trait or a state of certain individuals and groups. It also includes a promising account of vulnerability as a relation but does not clarify if and how AI changes this relation. We spot the missing piece of the AIA: the lack of recognition that vulnerability is an inherent feature of all human-AI (...) interactions, varying in degree based on design choices and modes of interaction. Finally, we show how such a meaning of vulnerability may be incorporated into the AIA by interpreting the concept of “specific social situation” in Article 5 (b). (shrink)

Recommender Systems (RS) on digital platforms increasingly influence user behavior, raising ethical concerns, privacy risks, harmful content promotion, and diminished user autonomy. This article examines RS within the framework of regulations and lawsuits in the United States and advocates for legislation that can withstand constitutional scrutiny under First Amendment protections. We propose (re)framing RS-curated content as commercial speech, which is subject to lessened free speech protections. This approach provides a practical path for future legislation that would allow for effective oversight (...) of RS, particularly in areas of substantial public interest like child safety, national security, and misinformation. (shrink)

Regulation by design (RBD) is a growing research field that explores, develops, and criticises the regulative function of design. In this article, we provide a qualitative thematic synthesis of the existing literature. The aim is to explore and analyse RBD’s core features, practices, limitations, and related governance implications. To fulfil this aim, we examine the extant literature on RBD in the context of digital technologies. We start by identifying and structuring the core features of RBD, namely the goals, regulators, regulatees, (...) methods, and technologies. Building on that structure, we distinguish among three types of RBD practices: compliance by design, value creation by design, and optimisation by design. We then explore the challenges and limitations of RBD practices, which stem from risks associated with compliance by design, contextual limitations, or methodological uncertainty. Finally, we examine the governance implications of RBD and outline possible future directions of the research field and its practices. (shrink)

International regulation of autonomous weapon systems (AWS) is increasingly conceived as an exercise in risk management. This requires a shared approach for assessing the risks of AWS. This paper presents a structured approach to risk assessment and regulation for AWS, adapting a qualitative framework inspired by the Intergovernmental Panel on Climate Change (IPCC). It examines the interactions among key risk factors—determinants, drivers, and types—to evaluate the risk magnitude of AWS and establish risk tolerance thresholds through a risk matrix informed by (...) background knowledge of event likelihood and severity. Further, it proposes a methodology to assess community risk appetite, emphasizing that such assessments and resulting tolerance levels should be determined through deliberation in a multistakeholder forum. The paper highlights the complexities of applying risk-based regulations to AWS internationally, particularly the challenge of defining a global community for risk assessment and regulatory legitimization. (shrink)

In this paper, we provide an analysis of the concept of legal personality and discuss whether personality may be conferred on artificial intelligence systems (AIs). Legal personality will be presented as a doctrinal category that holds together bundles of rights and obligations; as a result, we first frame it as a node of inferential links between factual preconditions and legal effects. However, this inferentialist reading does not account for the ‘background reasons’ of legal personality, i.e., it does not explain why (...) we cluster different situations under this doctrinal category and how extra-legal information is integrated into it. We argue that one way to account for this background is to adopt a neoinstitutional perspective and to update the ontology of legal concepts with a further layer, the meta-institutional one. We finally argue that meta-institutional concepts can also support us in finding an equilibrium around the legal-policy choices that are involved in including (or not including) AIs among legal persons. (shrink)

The EU AI Act is the first step toward a comprehensive legal framework for AI. It introduces provisions for AI systems based on their risk levels in relation to fundamental rights. Providers of AI systems must conduct Conformity Assessments before market placement. Recent amendments added Fundamental Rights Impact Assessments for high-risk AI system users, focusing on compliance with EU and national laws, fundamental rights, and potential impacts on EU values. The paper suggests that automating business process compliance can help standardize (...) these assessments and outlines some methodological guidelines. (shrink)

Cancel culture is a form of societal self-defense that becomes prominent particularly during periods of substantial moral upheaval. It can lead to the polarization of incompatible viewpoints if it is indiscriminately demonized. In this brief editorial letter, I consider framing cancel culture as an essentially contested concept (ECC), according to the theory of Walter B. Gallie, with the aim of establishing a groundwork for a more productive discourse on it. In particular, I propose that intermediate agreements and principles of reasonableness (...) can help refocus the debate on cancel culture towards democratic discourse, without blanket justification for every instance. In this context, asserting that cancel culture is an ECC does not dismiss the potential of achieving consensus on its shared core meaning or societal role. Like other similar ECCs, such as democracy or rule of law, it highlights the importance of contestations in shaping our collective understanding of the concept. (shrink)

Deliberative democracy depends on carefully designed institutional frameworks-such as participant selection, facilitation methods, and decision-making mechanisms-that shape how deliberation occurs. However, determining which institutional design best suits a given context often proves difficult when relying solely on real-world observations or laboratory experiments, which can be resource-intensive and hard to replicate. To address these challenges, this paper explores Digital Twin (DT) technology as a regulatory sandbox for deliberative democracy. DTs enable researchers and policymakers to run "what-if" scenarios on varied deliberative designs (...) in a controlled virtual environment by creating dynamic, computer-based models that mirror real or synthetic data. This makes systematic analysis of the institutional design possible without the practical constraints of real-world or lab-based settings. The paper also discusses the limitations of this approach and outlines key considerations for future research. (shrink)