This study addresses the evolving legal challenges in regulating civil liability for damages caused by artificial intelligence (AI) systems, proposing a novel solution rooted in the functional integration of two key European legislative instruments: the AI Act (Regulation (EU) 2024/1689) and the eIDAS 2 Regulation (Regulation (EU) 2024/1183), revising the previous eIDAS 1 (Regulation (EU) No 910/2014). While the AI Act marks a significant advancement by introducing a dynamic liability framework - particularly through Article 25, which reallocates responsibility within the AI value chain based on substantive modifications made to high-risk systems - arguably it still falls short in addressing the evidentiary complexities inherent to decentralized and opaque AI architectures. Specifically, the fragmented nature of the AI ecosystem, characterized by multiple actors operating at different stages of system development and deployment, generates substantial obstacles to the attribution and certification of liability. This work argues that the cryptographic identification, electronic attestation, and traceability mechanisms embedded in eIDAS 2 can effectively complement the AI Act’s accountability framework. Central to this perspective are the European Digital Identity Wallet (EUDI Wallet) and Electronic Attribute Attestations, which, if systematically integrated into AI governance, could ensure authenticated operator identification, immutable logs of substantive system changes, and certified documentation of professional qualifications and technical interventions. Such tools not only enhance evidentiary integrity, but would also enable the concrete operationalisation of the presumptions of causation that the proposed AI Liability Directive had envisioned, thereby reducing the burden of proof on injured parties. Through this integration, the paper envisions a robust legal-technological architecture that enhances legal certainty and reinforces human accountability across the AI value chain. The proposed model requires coordinated regulatory harmonisation and the development of interoperable technical standards, yet it holds the promise of transforming litigation involving AI systems, fostering the development of risk-based insurance mechanisms, and promoting trustworthy innovation aligned with fundamental rights. Ultimately, the paper positions the eIDAS 2 framework not merely as a tool for digital identification, but as a foundational infrastructure for the evidentiary management and traceability necessary to support an effective and fair system of AI liability in the European Union.
The functional integration between eIDAS 2 and the AI Act: An innovative solution for traceability and accountability in the artificial intelligence value chain
de Caria Riccardo
;Piovano Alessandro
2025-01-01
Abstract
This study addresses the evolving legal challenges in regulating civil liability for damages caused by artificial intelligence (AI) systems, proposing a novel solution rooted in the functional integration of two key European legislative instruments: the AI Act (Regulation (EU) 2024/1689) and the eIDAS 2 Regulation (Regulation (EU) 2024/1183), revising the previous eIDAS 1 (Regulation (EU) No 910/2014). While the AI Act marks a significant advancement by introducing a dynamic liability framework - particularly through Article 25, which reallocates responsibility within the AI value chain based on substantive modifications made to high-risk systems - arguably it still falls short in addressing the evidentiary complexities inherent to decentralized and opaque AI architectures. Specifically, the fragmented nature of the AI ecosystem, characterized by multiple actors operating at different stages of system development and deployment, generates substantial obstacles to the attribution and certification of liability. This work argues that the cryptographic identification, electronic attestation, and traceability mechanisms embedded in eIDAS 2 can effectively complement the AI Act’s accountability framework. Central to this perspective are the European Digital Identity Wallet (EUDI Wallet) and Electronic Attribute Attestations, which, if systematically integrated into AI governance, could ensure authenticated operator identification, immutable logs of substantive system changes, and certified documentation of professional qualifications and technical interventions. Such tools not only enhance evidentiary integrity, but would also enable the concrete operationalisation of the presumptions of causation that the proposed AI Liability Directive had envisioned, thereby reducing the burden of proof on injured parties. Through this integration, the paper envisions a robust legal-technological architecture that enhances legal certainty and reinforces human accountability across the AI value chain. The proposed model requires coordinated regulatory harmonisation and the development of interoperable technical standards, yet it holds the promise of transforming litigation involving AI systems, fostering the development of risk-based insurance mechanisms, and promoting trustworthy innovation aligned with fundamental rights. Ultimately, the paper positions the eIDAS 2 framework not merely as a tool for digital identification, but as a foundational infrastructure for the evidentiary management and traceability necessary to support an effective and fair system of AI liability in the European Union.
| File | Dimensione | Formato | |
|---|---|---|---|
|
de Caria - Piovano, THE FUNCTIONAL INTEGRATION BETWEEN EIDAS 2 AND THE AI ACT.docx
Accesso riservato
Descrizione: postprint
Tipo di file:
POSTPRINT (VERSIONE FINALE DELL’AUTORE)
Dimensione
316.13 kB
Formato
Microsoft Word XML
|
316.13 kB | Microsoft Word XML | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
