EU: AI Act: Council Legal Service says police cooperation legal basis "is not justified"


The Council Legal Service (CLS) is of the opinion that one of the legal bases used in the proposed Artificial Intelligence Act - an EU treaty provision governing police cooperation measures - "is not justified", and the Act can only rely on provisions relating to the internal market and data protection.

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

The CLS opinion (pdf) was published on 12 September and covers two different points.

Police cooperation

The looks first at the use of Article 87(2) of the Treaty on the Functioning of the European Union:

"Article 87

1. The Union shall establish police cooperation involving all the Member States' competent authorities, including police, customs and other specialised law enforcement services in relation to the prevention, detection and investigation of criminal offences.

2. For the purposes of paragraph 1, the European Parliament and the Council, acting in accordance with the ordinary legislative procedure, may establish measures concerning:

(a) the collection, storage, processing, analysis and exchange of relevant information;

(b) support for the training of staff, and cooperation on the exchange of staff, on equipment and on research into crime-detection;

(c) common investigative techniques in relation to the detection of serious forms of organised crime.


The paper explains that "the fact that law enforcement authorities or those acting on their behalf may be among the providers or users of such AI systems is not sufficient to justify recourse to the legal basis of Article 87 TFEU."

Indeed, "[n]one of the stated aims of the proposed Regulation refers to ensuring public security objectives."

Although law enforcement authorities may use AI systems, this is not the main concern of the AI Act proposal, which:

"...follows an internal market logic by setting out a ‘product safety framework’ constructed around a set of four risk categories. It imposes requirements for market entrance and certification of High-Risk AI Systems through a mandatory CE-marking procedure."

While the proposal contains rules on the use of remote biometric identification systems in public spaces and provisions on high-risk systems that would cover law enforcement authorities, the CLS argues that these:

"...are not directly linked to a public security objective. On the contrary, the proposal responds to the main concerns related to how AI systems affect health, safety and fundamental rights. Therefore, the relevant provisions are directly linked to the objective of ensuring a level playing field in the placing on the market/putting into service or use of AI systems in the internal market, while protecting the health, safety and fundamental rights of users."


"...the main objective of the proposed Regulation is to improve the functioning of the internal market within the meaning of Article 114 TFEU and the objectives referred to in Article 67 TFEU are only indirectly and incidentally linked to that main objective."

This means that:

"......a distinction should be made, in line with the Court’s case law, between on the one hand, the intended aim of the proposed Regulation which is not to regulate the use of AI systems by law enforcement authorities and, on the other hand, the effects it may indirectly produce which are irrelevant for the purpose of analysing the appropriateness of the legal basis."

The notes goes on to clarify further:

"The proposed Regulation thus contains harmonised rules on the placing on the market, the putting into service and use of AI systems whether they are used by private operators or public authorities including, incidentally , law enforcement and judicial authorities."

The CLS therefore concludes that:

"Article 87(2) TFEU, in particular its point (a), is not an appropriate legal basis for the proposed Regulation. The rules in the proposal neither promote nor impede the collection, storage, processing, analysis and exchange of relevant information. Simply, when such activities are performed by law enforcement authorities, a number of non-specific, harmonised conditions will need to be respected to safeguard users’ rights. Similarly, the stated aims of the proposed Regulation do not include the development of common investigative techniques. The proposed requirements concerning the use of high-risk AI systems are not specific to the JHA area, and they do not concern police cooperation stricto sensu as defined in the TFEU." [emphasis added]


"Article 114 TFEU is the only appropriate legal basis for harmonised rules on high-risk AI systems, including those used by law enforcement and judicial authorities, and any JHA legal basis in Title V of Part Three of the TFEU, such as Article 87 TFEU with respect to those harmonised rules, is neither justified nor appropriate."

Data protection

Article 16 TFEU is also included in the proposal as a legal basis:

"Article 16

1. Everyone has the right to the protection of personal data concerning them.

2. The European Parliament and the Council, acting in accordance with the ordinary legislative procedure, shall lay down the rules relating to the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data. Compliance with these rules shall be subject to the control of independent authorities."

On this point, the CLS says:

" appears that the provisions placing restrictions on the processing of biometric personal data in a complementary manner (as compared to the LED Directive) pursue the objective of protecting personal data by laying down appropriate safeguards. Such an objective is inextricably linked to the objective of the provisions falling within the ambit of Article 114 TFEU, without one being secondary and indirect in relation to the other... Such a specific AI system containing appropriate personal data protection safeguards is therefore inextricably linked to the overall objective of improving the functioning of the internal market and is not secondary or indirect in relation to the latter. The proposed Regulation should thus be governed by a dual basis in accordance with the relevant case law."


Further reading

Image: Not4rthur, CC BY-SA 2.0

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error