Artificial Intelligence as a Service: Legal Responsibilities, Liabilities, and Policy Challenges
Forthcoming in Computer Law & Security Review
61 Pages Posted: 29 Apr 2021 Last revised: 9 Jun 2021
Date Written: April 12, 2021
Artificial Intelligence as a Service ('AIaaS') will play a growing role in society's technical infrastructure, enabling, facilitating, and underpinning functionality in many applications. AIaaS providers therefore hold significant power at this infrastructural level. We assess providers’ position in EU law, focusing on assignment of controllership for AIaaS processing chains in data protection law and the availability to providers of protection from liability for customers’ illegal use of AIaaS. We argue that in data protection law, according to current practice, providers are often joint controllers with customers for aspects of the AIaaS processing chain. We further argue that providers lack protection from liability for customers’ illegal activity. More fundamentally, we conclude that the role of providers in customer’s application functionality – as well as the significant power asymmetries between providers and customers – challenges traditional understandings of roles and responsibilities in these complex, networked, dynamic processing environments. Finally, we set out some relevant issues for future regulation of AIaaS. In all, AIaaS requires attention from academics, policymakers, and regulators alike.
Keywords: cloud computing, artificial intelligence, data protection, intermediary liability, internet consolidation, internet regulation
Suggested Citation: Suggested Citation