FAQ on the topic of Artificial Intelligence

The cutting-edge technology of artificial intelligence is changing our lives and the way we work. This gives rise to a variety of questions. What is artificial intelligence? What needs to be considered when developing it? Which already existing regulations need to be complied with in the context of artificial intelligence?

The team from PwC Legal has compiled relevant information for you. Learn more about artificial intelligence and the already existing regulations here in our FAQs.

Contact our team

Artificial Intelligence: the legal perspective


What is meant by artificial intelligence?

There is currently no uniform definition for the term “artificial intelligence” (AI). In general, the term is understood as the ability of a machine to imitate human abilities such as logical thinking, learning, planning and creativity.

AI accesses huge amounts of data for this purpose. The access to this data is crucial, primarily because it can be used to train the algorithms of the AI. In this way, AI is not only enabled to solve complex tasks, but also to further develop itself.

The EU Commission, which is currently working on the so-called AI Regulation (“AI Act”) – meaning an EU-wide framework for regulating AI – uses the term “AI system” for legal purposes. Put briefly, the EU Commission understands the term AI system to mean software that uses certain technologies, such as machine learning, in order to generate output such as content, predictions, recommendations or decisions, to serve objectives defined by humans. Since this definition used by the EU Commission is rather broad, it results also in a broad scope of application for the proposed AI Regulation.


What needs to be considered when developing artificial intelligence?

The basis for the development of AI applications is data. Since AI requires a large amount of data, data protection in particular is important in the development of AI.

Key requirements for the secure handling of data are set out in the General Data Protection Regulation (“GDPR”). According to the EU plans, the regulatory requirements of the new AI Regulation, which is currently being prepared at the EU level, will exist in parallel to the GDPR in the future. With respect to personal data, strict guidelines must be followed, in particular the principles of data minimization, data accuracy and purpose limitation in data processing.

Regarding purpose limitation, personal data may only be used for the pre-defined purposes, which ensures that the data is not misused. If data from a different application is used (further) for the development of AI, due care must be taken to check whether the purpose still covers this. An appropriate legal basis is required for processing data, including in the context of AI, a consent of the person affected or prevailing legitimate interest of the responsible party.

With regard to AI applications, the information obligations in the case of automated decision making, the special provisions for decision-making processes based exclusively on automatic processing including profiling, the requirements for the quality of the data used and the documentation requirements are particularly relevant.

When training the AI, e.g. through machine learning, it is especially important to ensure that no copyright infringements occur through the use of the material provided to the AI (such as images, songs, videos). Copyright Law has the strict purpose of protection from unauthorised copying. Since there is no general exception for machine learning, AI providers must check whether an authorisation to use copyrighted materials exists. If not, there is a risk of restraining orders and claims for damages.


Which regulatory requirements need to be observed?

A variety of measures are currently being prepared at EU level. On the one hand, the European Commission is working on the so-called AI Regulation (AI Act). In addition, an AI Liability Directive is to be issued and amendments are to be made to the already existing Product Liability Directive. These three proposals are part of an EU package of measures to support the introduction of trustworthy AI.


The AI Regulation is a regulatory framework with a broad scope. The regulation is intended to apply to everyone along the AI value chain, particularly the providers and users of AI.

Since the AI Regulation takes a risk-based approach, the higher the risks associated with the AI system, the more stringent the conditions of use and obligations become. For example, AI systems are prohibited that pose a clear threat to human safety, livelihoods and rights, such as social scoring (AI systems that for example enable public institutions to evaluate people’s social behaviour, or applications that manipulate human behaviour).

If an AI system is associated with a high risk, for instance because it is used in a specific sensitive environment (e.g. healthcare, schooling or vocational training, administration of justice), then it is a high-risk system. Such high-risk systems are not prohibited, but they are subject to strict requirements, such as the mandatory establishment of a risk management system, record-keeping obligations, and undergoing specified conformity assessments. AI systems that are associated with only minimal risks (such as chatbots) are not subject to such strict requirements, but to transparency obligations.
The AI Liability Directive is intended to supplement national legislation on fault-based liability in the individual EU Member States, since the currently existing national liability provisions are not designed to cover liability claims in the context of AI applications. In the event of fault-based liability claims, the injured party must prove his claims (in particular the fault of the injuring party, causal link, etc.).

However, in the context of AI, it may be difficult for the injured party to meet this burden of proof.. The AI Liability Directive therefore focuses on easing the burden of proof with regard to damages caused by AI. According to the new provisions, the burden of proof is to be eased for the injured parties by defining presumption rules.

By introducing the presumption of a causal link, it becomes easier for the injured party to argue that damages were caused by a certain fault or failure of the injuring party. It is then up to the injuring party to challenge this presumption. In addition, injured parties get better access to evidence that is in the possession of companies or providers. Injured parties can for example demand disclosure of evidence in court if it is a case of high-risk AI.
The amendment of the Product Liability Directive is intended to modernise no-fault liability. The new definitions in the Product Liability Directive expressly state that software – which includes AI – is a “product” for the purposes of the directive and can therefore trigger liability. Moreover, the amendments to the Product Liability Directive ease the burden of proof, similar to the AI Liability Directive.


Which liability risks arise?

There are not yet special provisions for liability in connection with AI. Therefore, the existing general civil liability provisions apply, which are not designed for AI liability.

However, taking current developments into account – particularly the AI Liability Directive currently under preparation at the EU level and the planned amendments to the Product Liability Directive – liability law will be modernized.

For further details about the proposed AI Liability Directive and the intended amendments to the Product Liability Directive, we refer you to our comments in #3.


Is the output generated by an AI application eligible for protection?

Thanks to technological progress in the area of AI, it is possible to generate results and outcomes with the aid of AI applications that have a certain originality or individuality. According to the current legal situation, computer programs are no legal entities. Since copyright law speaks of “proprietary intellectual creations” that are to be understood as created by humans, the AI cannot itself be the creator of the work it produces (e.g. images, songs, films). According to current understanding in Austrian literature, only a product of the human mind can be protected by copyright. Even if the AI itself cannot be considered the creator, according to prevailing legal opinion it cannot be ruled out that – depending on the individual case and the respective AI application – people behind the AI (e.g. programmers or users) can become the creators of the outcome generated by AI.

Please note: This article is for general information only and does not constitute legal advice by PwC Legal oehner & partner rechtsanwaelte gmbh. The article cannot be regarded as a substitute for individual legal advice. PwC Legal oehner & partner rechtsanwaelte gmbh assumes no liability of any kind for the content and correctness of the article.

Status: 12.06.2023

Dr. Christian Öhner, LL.M.

Managing Partner, PwC Legal*

+43 664 326 1616


Dr. Dominik Pflug, LL.M., MSc

Director, PwC Legal*

+43 664 888 55 208