The Council of Ministers today approved the bill for an ethical, inclusive and beneficial use of artificial intelligence (AI), which aims to bring order to the practical application of these technologies and tools. The regulations adapt to our legislation what is established in the European Regulation on Artificial Intelligence, agreed by the community institutions on December 8, 2023 and, from a “humanistic and guaranteeing” perspective, according to the minister spokesperson, Elma Saiz.
“It is a debate that affects the present and the future of everything,” the Minister of Digital Transformation and Public Service, Óscar López, later assured. This organic law establishes responsibility for AI providers and those who incorporate these systems. Thus, if a company deploys a system prohibited in the EU, the legal responsibility lies not only with those who deploy it, but also with those who use it, according to ministry sources. The law also establishes the obligation of human supervision of the models, “something that is at the heart of all debates,” said the minister.
The text of the law incorporates into the Spanish legal system the sanctions for non-compliance provided for by the European Regulation, which range between 6,000 euros in mild cases (not cooperating with the authority or failure to correct the information provided) and 35 million and/or 7% of global turnover in very serious cases (prohibited uses of AI). One of the new features of the law, which was not initially provided for in European regulations, is the prohibition of deepfakesor hyperrealistic videos, of a sexual nature and of the generation or alteration of child pornography with AI. The EU agreed this month on the simplified text of the digital regulations on which Brussels is working. The deepfakes non-sexual will remain legal, but must be marked “in a clear and distinguishable manner at the latest on the occasion of the first interaction or exposure,” according to the European standard.
AI content tagging
This labeling must begin to be applied from next August 2. How exactly should it be done? According to ministry sources, the letters AI (English acronym for artificial intelligence) should be seen in one of the corners of the synthetic images. In the case of videos, that same watermark must be visible at all times. As for audios, that seal must be displayed in the application that distributes them (for example, Spotify) or an audio warning must be incorporated.
Who will monitor compliance? The management and processing of biometric data will be the responsibility of the Spanish Data Protection Agency (AEPD), although the AI systems that may affect the application of justice will be the responsibility of the General Council of the Judiciary.
The rest of the cases will be studied by Aesia. Based in A Coruña, the organization plans to have 50 analysts before the end of the year, who will have to review the adequacy of different AI applications to the regulations. So far, Aesia has not found that any system classified as prohibited operates in Spain.
Transparency of algorithms, responsibility of managers and protection of minors are, López has insisted, core issues of this standard. “It is a civilizational debate, about moving forward or backward,” the minister insisted. “When we talk about a reliable AI model that protects the rights of citizens, we are the most advanced country in the world,” said López, before listing the Government’s initiatives in this area.
“That is why a vision like the one the Pope conveyed yesterday is very welcome,” said López in reference to . “A vision that protects human rights, with which we feel fully identified,” said the minister when presenting this law, in contrast to “the big technoligarchs,” who are “against regulation, data protection and the protection of minors.”
On the way to Rome and the meeting with the Pope, a shared conviction: either we put progress at the service of the people, or the future will be the condemnation of entire generations.
The encyclical ‘Magnifica Humanitas’ by Leo XIV challenges us all. AI is not neutral, and power…
— Pedro Sánchez (@sanchezcastejon)
The bill, which reaches the Council of Ministers one year after the preliminary draft was presented and after subjecting it to a period of allegations and public information, must now begin its parliamentary processing. The objective is to obtain the final green light before December 2027, the date until which the application of . The labeling of synthetic content, however, will be mandatory from August 2, although, when this does not happen, the company responsible cannot be sanctioned (this will happen from the moment the law comes into force).
Adaptation of the European framework
The European AI Regulation, considered the most advanced in the world on this matter, classifies the different AI applications based on the risk involved in their use and establishes different requirements and obligations. These range from unrestricted use (for example, a filter spam or a content recommender) until total ban. These more serious cases refer to those applications “that transcend a person’s consciousness or deliberately manipulative techniques”, those that exploit their vulnerabilities or those that infer people’s emotions, race or political opinions.
Between both extremes are the so-called “high risk” technologies, subject to permanent supervision. Those are the ones that Aesia monitors. Remote biometric identification systems, biometric categorization systems or emotion recognition fall into this category. Also systems that affect the security of critical infrastructure and those related to education (behavioral assessment, admission and examination systems), employment (personnel selection) and the provision of essential public services, law enforcement or migration management.
The Regulation also establishes that periodic reports must be made to update this classification, so that, when new applications not contemplated in the document arise, it is determined which category they fall into (unrestricted use, use subject to restrictions or prohibition).
The same thing happened, for example, with generative AI, the technology behind tools like ChatGPT: its emergence occurred when the negotiation of the regulations was already very advanced. It was discussed whether to make specific mention of it or not. Finally, it was included and established that the so-called foundational models will have to meet transparency criteria, such as specifying whether a text, a song or a photograph has been generated through AI, as well as guaranteeing that the data that has been used to train the systems respects copyright.
No fines to the Administration
One of the aspects of the law most criticized during the consultation phase is the fact that . The regulation leaves it to the discretion of each Member State to establish what type of sanctions apply in that case. In Spain, the law approved today only provides for “reprimands”, “warnings” and “disciplinary actions”. That is to say, misuse by the Police of a prohibited technology, such as real-time remote biometric identification systems, would only entail a wake-up call, compared to the fines of up to 35 million euros that would be imposed on a private company.
The text of the law approved today does not incorporate new developments in this sense: there will still be no fines for the Administration in case it exceeds the use of dangerous systems.
