The advent of emerging technologies has appreciably impacted all aspects of daily life, leaving lingering questions about their legal implications, whilst raising concerns about the risks they pose to fundamental rights. In light of these challenges and with the aim of making legitimate and safe use of the potential offered by said technologies, Greek Law 4961/2022 on ‘Emerging information and communication technologies, strengthening digital governance and other provisions’ (hereinafter the ‘new Law’) has been recently introduced.
Touching upon contemporary developments of new technologies, including artificial intelligence (‘AI’), the Internet of Things (‘IoT’), Blockchain and Distributed Ledger Technology (‘DLT’), smart contracts, as well as 3D printing, the new Law introduces these concepts in the Greek legal framework and constitutes a primary, but high level – in view of the forthcoming and more detailed EU legislation on the same topics – endeavour to set forth the basic legal principles relating to the above technologies. The key provisions introduced with the new Law are briefly presented below.
Artificial Intelligence
Part A of the new Law sets forth the framework within which both public bodies and private entities may use AI technologies in the exercise of their public powers and during their course of business respectively.
Regarding public bodies, it is stipulated that the use of AI systems in the decision-making process or the issuance of an act affecting the rights of a natural or legal person, is permitted only on condition that such use is expressly prescribed in a specific statutory provision including appropriate safeguards for the protection of said rights. Before making use of AI systems, public bodies are obliged to conduct an algorithmic impact assessment(‘AIA’), which shall, indicatively, include the intended purpose of the use, the type of decisions made and acts issued with the use of AI systems, the technical specifications of said systems, the risks which may arise for the rights and the legitimate interests of natural and legal persons affected by the decisions and/or acts, as well as the expected benefits to society at large in relation to the potential risks that may result from the use of AI system. Further obligations are set out for public bodies, including the compliance with transparency requirements by disclosing to the general public information relating to the operation of AI systems, and the maintenance of a register of the AI systems they make use of. In any event, the persons affected by the decision taken or the act adopted must be informed in an intelligible and easily accessible form of the parameters on which the decision or the act was based.
As far as private entities are concerned, when they make use of AI systems liable to influence any decision-making about an employee or prospective employee, they shall provide them with adequate information, including, as a minimum, the parameters which the decision is based on, while ensuring that the principle of equal treatment and non-discrimination in the workplace are being respected.
According to the new Law, additional obligations are stipulated for Medium-sized1 and Large Entities2, which shall maintain an electronic register of the AI systems they use either in the context of consumer profiling or in the context of the assessment of any of their employees or associates – natural persons, as well as establish and maintain an ethical data use policy, including information on the measures and the procedures on data ethics when using AI systems.
It is noted that the new Law contains no definition of ‘AI systems’ nor a risk classification similar to the EU’s pending AI Act.3 Hence, it follows that it applies to all AI systems and technologies, unless further specified in view of the adoption of the EU AI Act.
The provisions relating to the use of AI systems will enter into force on January 1, 2023.
Other provisions relating to emerging technologies
Part B of the new Law sets out a number of provisions linked to the use of technologies which have emerged and have been developed exponentially in recent years, including:
Internet of Things.4 In order to ensure an increased level of cybersecurity during the life cycle of devices using IoT technology, all actors involved, including manufacturers, importers and distributors, as well as operators of IoT devices, need to comply with a series of security safeguards and monitoring obligations preventing unauthorised third parties from tampering with the use of or their performance. IoT devices must be accompanied with a compliance declaration issued by the manufacturer and instructions regarding the safe installation, configuration and operation according to the intended use of IoT device together with a list of potential risks. Further technical specifications will be introduced by virtue of Ministerial Decisions to be issued on these matters.
The provisions regarding IoT will enter into force on March 1, 2023.
Distributed Ledger Technology, Blockchain and Smart Contracts. Recording of data and transactions taking place via Blockchain or other DLTs, as well as the ability to conclude smart contracts are now expressly recognised by virtue of the new Law. As regards their invalidity, nullity, and the pre-contractual liability relating thereto, the new Law refers to the provisions of the Greek Civil Code which directly apply to Blockchain, DLTs, and smart contracts. Furthermore, regarding the evidential nature of the latter, the law equates them with ‘documents’ within the meaning of the Greek Code of Civil Procedure, provided that an expert’s report is submitted, explaining the content of the smart contract in plain language.
It is worth noting that the new Law does not distinguish between public (open) and (closed) private blockchain or DLT networks. In absence of such an express distinction, it is inferred that the material scope of the new Law covers both cases.
3D Printing. The new Law further brings about certain amendments to the Greek Copyright Law (Law 2121/1993) and introduces new provisions to resolve several issues pertaining to 3D printing technologies. Firstly, it is clarified that digital computer aided design files (‘CAD Files’) are protected under the Copyright Law as works of speech, on condition that they contain a source code.
Furthermore, a prohibition is introduced on the use, hosting, and sharing of digital models5, virtual designs or standard triangle language (‘STL’) digital files on online platforms used for 3D printing, without the prior consent of their rightsholder, while an obligation of online platforms to introduce notice-and-takedown procedures concerning the above is expressly set forth.
According to the new Law, it is further provided that digital models and files related to 3D printing, 3D printed objects and 3D scanners and printers are recognised as ‘goods’ within the meaning of the Greek Consumer Protection Law and the liability their creators and sellers bear for any defects is regulated by the provisions of said law.
Final note
It is noted that the new Law constitutes a rather positive and necessary step towards the digital transformation of the country and the full integration of the emerging technologies. Nevertheless, the compendious – and by no means exhaustive – approach adopted in regulating these emerging technologies may potentially generate further issues, especially in view of the ever-increasing use that these new technologies are recently witnessing worldwide, with Greece being no exception.
1 According to Law 4308/2014, an entity is classified as a ‘Medium-sized Entity’ if it does not exceed the thresholds of at least two of the following three criteria: (a) aggregate assets: EUR 20,000,000, (b) net turnover: EUR 40,000,000, (c) annual average number of employees: 250.
2 Accordingly, pursuant to the above Law, an entity falls under the ‘Large Entity’ if it exceeds at least two of the thresholds mentioned above in note 1.
3 Proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on Artificial Intelligence (Artificial Intelligence Act) and amending certain Union legislative acts, COM/2021/206 final.
4 The new Law defines IoT as ‘any technology which: (a) allows devices or a group of interconnected or interrelated devices to perform, through their connection to the Internet, based on a software, automatic processing of digital data, including the technology relating to the interconnection of physical objects, in particular devices, vehicles and buildings, with electronic components, software, sensors, actuators, radio links and network connections; and (b) allows the collection and exchange of digital data to provide a variety of services to users, with or without human intervention’.
5 ‘Digital model’ is defined in the new Law as ‘the digital three-dimensional format of the object to be printed, comprising the design data contained in the digital design file. In terms of its computational dimension, the digital model shall include: (a) its source code, if it is developed from scratch by the programmer, or (b) its design dimension only, without source code, if the design model is created by scanning a physical object’.
© Logaras Law (2023). All contents on this website, including logos, trademarks, texts, newsletters and articles (hereinafter the “Contents”), are protected under intellectual property law. Except where otherwise stated, use, downloading, reproduction and distribution in whatever form and by whatever medium (including Internet) for whole or part of the Contents available on this website and newsletter is not authorized.