12 novembre 2022

Publications

🚧Automated Compliance, a pertinent tool for Compliance Law, the whole

par Marie-Anne Frison-Roche

complianceTech®️. to read this working paper totally in English, click⤴️on the British flag

♾️ suivre Marie-Anne Frison-Roche sur LinkedIn

♾️ s'abonner à la Newsletter MAFR Regulation, Compliance, Law 

____

► Référence complète : M.-A. Frison-Roche, Automated Compliance, a pertinent tool for Compliance Law, the whole, document de travail, novembre 2022.

____

📝Ce document de travail sert de base à une participation à un débat sur "Automated Compliance : "the" solution or "a" solution?, qui déroule dans le Sommet global de Gaia-X  le 17 novembre 2022.  

____

►Résumé du document de travail : s'appuyant sur la présentation préalablement faite au débat par un membre de la Commission européenne, il s'agit de souligner trois éléments qui montrent que l' Automated Compliance (ou Compliance by design) est à la fois un outil central, mais qu'il n'est un outil du Droit de la Compliance dont il ne saurait remplir par sa seule performance technologique toutes les fonctions dans un Etat de Droit.

En premier lieu, l'Union européenne semble en difficulté lorsqu'elle veut tout à la fois bâtir un système juridique qui lui est propre sur la base de Lois dont chacune est la pièce d'un gigantesque puzzle pour obtenir une industrie pérenne et autonome dans une économie numérique mondiale totalement renouvelée, ce qui fait peser sur les entreprises une charge considérable d'intégration de toutes ces règles du jeu, tout en affirmant qu'il faut alléger la charge que la "réglementation" fait peser sur elles.

En second lieu, la meilleure solution pour résoudre cette ambition contradictoire est effectivement dans la technologique, les algorithmes intégrant directement les réglementations. Mais plus encore, l'ensemble de ces textes reposent sur une autonomie laissée en Ex Ante aux entreprises européennes pour s'organiser entre elles afin de concrétiser les "buts monumentaux" que l'Union européenne a décidé d'atteindre, dont la réalisation d'un cloud souverain est au centre.

Ainsi la distinction et l'articulation d'un "Droit de la Compliance", défini par ces "buts monumentaux", dont lequel l'intelligence artificielle est un outil, le "tout" (Compliance Law) et la "partie" (Automated Compliance) est essentielle.

En troisième lieu, cette distinction et articulation est non seulement bénéfice mais elle est obligatoire. En effet, même si le Droit de la Compliance constitue une branche du Droit, elle fonctionne dans le système juridique générale, qui ne fonctionne que par l'esprit des textes, les outils algorithmiques ne capturant que la lettre de ceux-ci. Ces tribunaux sont et seront au cœur du Droit de la Compliance, le cas Schrems l'a bien montré. C'est pourquoi la Technologie et le Droit doivent travailler ensemble, et davantage à l'avenir, notamment parce qu'un outil pour l'effectivité du Droit ne pourra jamais rendre compte de la vie même du système juridique.

________

🔓Lire ci-dessous les développements⤵️

 

Considering the position expressed by the European Commission for the future, it is easy to perceive  one fear and one hope, and I appreciated the solution suggested by the public autority itself ;

  • one fear : "how will companies be able to comply with all of it? "

 

  • one hope : "the compliance burden will be lower in the long term"

 

I. THE LEGAL SOLUTIO TO ARTICULATE THE NECESSARY AMBITION OF LESS COMPLIANCE BURDEN AND THE NECESSITY OF MORE REGULATORY REQUIREMENTS? 

It seems a paradox because the necessity for all companies to comply with so many regulatory requirements, with so many different, even opposite, goals (competition, protection of individuals, innovation, etc.), is a heavy burden. Will they manage to do so? Because the European Union legal system will continue to build this so ambitious and complex legal framework.

It could be a real difficulty, moreover, considering the other legal regulatory pieces of this puzzle burden on companies, such as the new European legislation on the extra-financial information📎!footnote-2780 or the corporate sustainability due diligence📎!footnote-2782, producing new regulatory compliance corporate duties. 

Necessarily, the burden is heavier and heavier📎!footnote-2783

How to achieve to alleviate the burden without alleviate the regulatory system?

 Indeed, the solution can only be in the technical tools built by companies themselves in Ex Ante, to organize a new and strong relationship between Law and Technology: an equal relation where Law accepts the benefit of the power of the technology, where Technology doesn't forget it produces only tools, not the legal system itself. 

These technological tools are all Ex-Ante, built by the compagnies themselves, because Compliance Law is an Ex-Ante branch of Law. 

We heard about smart contracts, as tools of Compliance Law, which is the adequate branch of Law for Gaia-X, as I said during the first summit of Gaia-X in 2020📎!footnote-2790

 

II. SMARTS CONTRACTS, LABELLING, COORDINATION, CONTROL, MEDIATION:  COMPLIANCE TOOLS TAKING THEIR SENS IN THE MORE GLOBAL COMPLIANCE LAW

On these different technological tools, see Martine Gouriet's work and Jakok Rehof's work. 

I would like to insist on what is Compliance Law. 

Because Automated Compliance, labelling, and so on, are very pertinent tools, but only tools. These tools take their place in this so ambition and coherent branche of Law: Compliance Law. 

In 2020, in the first summit of Gaia-X, I had the occasion to explain how Compliance Law is so adequate for Gaia-X to organise itself in the perspective of the Monumental Goal fixed by public authorities, such as the European Commission: the European Cloud for a powerful Europe📎!footnote-2786

Every technique, for instance labelling📎!footnote-2785, takes its sense, its spirit, by this monumental goal. 

Compliance Law is a new branch of Law, established when public authorities affirm in Ex Ante their will to achieve a "monumental goal"📎!footnote-2787, such as the construction of a European sovereign cloud!📎footnote-2789, protecting people, basis of an industrial and humanist project.

This Ex-Ante ambition is not specific to a sector: the data are not inside a specific sector Therefore, the legal tools are not strictly in the Regulatory Law (which is, by definition, the branch of Law inside sectors - Energy, Banking, Finance, Telecommunication, and so on), but the logic is yet the same. Building infrastructure, assuring durability, exchanging information, offering right of access, and so on, every characteristic of Regulatory Law is reproduced in Compliance Law.

 Because the project is a mix between industrial and humanist considerations, these monumental goals are internalized into the compagnies themselves, which are "in position" to realize these ambitions, here the construction of data exchange for the future of Europe, and people who live into. 

As in Regulatory Law, Compliance Law is built on infrastructure, trust, duration, sustainability, interoperability. 

As the European Union Law does, these Regulation and Compliance principles are articulated with Competition Law principles. The sectorial banking regulatory Law, sector where Compliance Law was born, is exemplary of that. 

To achieve this collective organisation for the benefice of Europe thank to the action of the industrial operators present into the organisation, the technology can assure the "conformity" of their action to the European requirement, in order to reach the monumental goals (the construction of the European cloud), justifying the articulation with Competition Law. 

 

III. AUTOMATED COMPLIANCE, PART OF THE WHOLE COMPLIANCE LAW, WHOSE SPIRIT IS GUARDED BY COURTS

These "Compliance Tools", such "smart contract" or "labelling", are very precious because they are Ex Ante. In comparison, Competition Law (even after the Digital Markets Act) remains in Ex Post, doesn't build structure, sanctions anti-competitive behaviors. We need to build an industrial Europe, Compliance Law is the adequate branch of Law for that, with its specific tools.

These Compliance tools will be fully effective in the future if they express not only the "conformity" to the regulations (the obedience of the companies to the Europe legal system) but also the contribution of the companies to the concretisation of the monumental goal📎!footnote-2788

Moreover, Compliance Law is not only an autonomous branch of Law, but of course it is not the whole legal system, as the simple addition of texts is not the legal system. 

Law doesn't live based on the letters of its texts, captured by algorithms.

Law lives by its spirit, united by courts through the interaction between all the branches of Law. 

This spirit is given by the courts and their institutional doctrine📎!footnote-2791, and so many diverse sources, which machines don't know.

For instance, Mister Schrems appears, and the legal system is changed. The Rule of Law implies that.

In the future, other Mister Schrems will appear before any court, national, or European, or foreign court (with an extraterritorial and systemic effect).

Indeed, in authoritarian legal systems, it is different and never courts will express the spirit of Law beyond its letters written by regulations.

But we are lucky, in the Rule of Law system, Law and Technology must use compliance firstly as a tool, thank to algorithms to secure in Ex Ante the action of entreprise , secondly as a branch of Law to assure the Rule of Law and the Due Process which is invented and maintained by courts daily.

____

 

1

European Union Corporate Sustainability Reporting Directive

2

European Union Corporate Sustainability Due Diligence. See its presentation by the European Commission. This text is a deep transformation of National Corporate Law by Compliance Law, through the "Vigilance Duty". See 🕴️A.-V. Le Fur., 📝Interest and "raison d'être" of the company: how do they fit with the Compliance Monumental Goals?, in ðŸ•´ï¸M.-A. Frison-Roche (ed.), ðŸ“˜Compliance Monumental Goals2022. 

3

Therefore, many firms ask to stop this European movement of Economic Regulatory by this legal puzzle. Mainly American digital companies ask that, assuming simple selfregulation would be a bette configuration. 

4

🕴️M.-A. Frison-Roche, 🎥Compliance Law, an adequate legal framework for Gaia-X, 2020. 

5

🕴️M.-A. Frison-Roche, 🎥Compliance Law, an adequate legal framework for Gaia-X, 2020. 

6

🕴️H. Tardieu, 🕴️M.-A. Frison-Roche, 🕴️M. Gouriet & 🕴️P. Gronlier, 📝Compliance and resulting consequence on the labelling framework of Gaia-X, 2022. 

7

🕴️M.-A. Frison-Roche (ed.), 📘Compliance Monumental Goals2022. 

8

🕴️H. Tardieu, Data Sovereignty and Compliancein ðŸ•´ï¸M.-A. Frison-Roche (ed.), ðŸ“˜Compliance Tools2021 ; ðŸ•´ï¸H. Tardieu & 🕴️B. Otto, "Digital Sovereignty, European Strength and the Data and Cloud Economy", 2021

9

🕴️H. Tardieu, Data Sovereignty and Compliancein ðŸ•´ï¸M.-A. Frison-Roche (ed.), ðŸ“˜Compliance Tools2021 ; ðŸ•´ï¸H. Tardieu & 🕴️B. Otto, "Digital Sovereignty, European Strength and the Data and Cloud Economy", 2021

10

The Monumental Goals give all the sense and the unity to the technical tools built by companies to achieve them. See 🕴️M.-A. Frison-Roche, 📝Compliance Monumental Goals, beating heart of Compliance Law,  in🕴️M.-A. Frison-Roche (ed.), 📘Compliance Monumental Goals2022. 

11

🕴️M.-A. Frison-Roche, Reinforce the Judge and the Attorney to impose Compliance Law as the characteristic of the Rule of Law, in ðŸ•´ï¸M.-A. Frison-Roche (ed.), Compliance Jurisdictionalisation, 2023.    

les commentaires sont désactivés pour cette fiche