Innovation Law Insights
16 May 2024Artificial Intelligence
Insuring the unpredictability: The challenges of AI risk insurability
AI is rapidly permeating various economic sectors. From financial services and insurance to life sciences and encompassing industries as diverse as retail, industrials, real estate, media and sports, AI is reshaping traditional paradigms and marking a shift in how enterprises operate and innovate.
In financial services, AI technologies are being deployed to boost customer service capabilities, streamline credit assessments, and strengthen fraud detection mechanisms. Similarly, AI models are transforming insurance operations in claims processing, underwriting, customer service, and risk assessment, enhancing decision-making and resource management. In life sciences, AI enables groundbreaking advances in research and development, facilitating personalized patient care and innovating diagnostic and treatment methods. Industrials are also harnessing the power of AI to optimize operational efficiency and improve organizational resilience against market fluctuations and disruptions.
According to DLA Piper’s Global AI Governance Report from last September, large and medium-sized business are rapidly embracing AI, with 96% of organizations rolling out AI in some way and at least four projects live in each company. The report also reveals that 83% of companies have a defined AI strategy, and 86% of those have incorporated guidelines to steer their AI initiatives. This indicates a strong commitment to responsible AI adoption. But the report also suggests that while companies are taking steps towards compliant and ethical AI use, it will take more than these measures to address the scale of issues raised by AI.
Benefits and risks of AI in the insurance sector
Despite the transformative potential of AI to change business practices and drive unprecedented value creation, the path to AI integration is full of potential pitfalls. The EU AI Act has yet to be finally adopted and companies will have 24 months (with a few exceptions) after it comes into force to comply. But the existing legislation and sector regulations already pose several challenges on the route to AI corporate implementation, and the risk of issues, fines, investigations, and legal actions is significant.
One serious challenge is the lack of transparency, especially in complex deep learning models, such as LLMs (Large Language Models). This opacity makes it difficult for users to understand how AI systems make decisions, fostering distrust and resistance to adoption. It could also hinder efforts to identify and rectify biases in AI algorithms, as stakeholders might have problems in scrutinizing the underlying decision-making processes. Additionally, the absence of transparency poses challenges to regulatory compliance and ethical oversight, as it becomes more challenging to assess whether AI systems abide by laws, regulations, and standards.
AI systems have the potential to propagate societal biases, resulting in discriminatory outcomes. This occurs when the data used for training AI models mirrors societal prejudices, including those rooted in race, gender, or socioeconomic status. If the training data exhibit bias, the AI system might internalize and perpetuate these biases in its decision-making processes. For instance, in the insurance sector, if historical data used to train an AI-based risk assessment tool demonstrates a bias against certain demographic groups, the AI system could unconsciously perpetuate this bias by unfairly pricing policies or denying coverage to individuals from those groups, exacerbating existing disparities in access to insurance.
Further issues regard data privacy and cybersecurity. AI systems rely on extensive datasets to train their algorithms and enhance performance. These datasets hold a wide array of information, and may include personal data like names, addresses, financial information, and sensitive information like medical records and social security numbers. Collecting and processing this data raise significant concerns, such as the risk of data breaches and unauthorized access to personal information. In addition to the data privacy risks, implementing
AI systems may entail specific vulnerabilities and threats, including potential breaches, data manipulation, adversarial attacks, and the exploitation of AI models for malicious purposes.
AI also brings about some challenges to intellectual property (IP), particularly regarding training AI algorithms on third-party datasets and protecting AI-generated outputs. Training AI algorithms using proprietary datasets owned by third parties carries the risk of infringing their IP rights, potentially leading to legal disputes involving copyright, trade secrets, or other IP rights. Questions also arise about the protectability of AI-generated outputs, such as software code, text, images, or other content. Determining whether the AI output can be protected through IP and defining the boundaries of protection can be complex, especially when it involves combining and transforming existing works.
All these risks may expose companies adopting AI to severe liability towards their customers, partners, and stakeholders. To mitigate these risks – aside from the requirements and obligations that will apply under the AI Act – companies should implement robust internal policies and guidelines to govern AI systems’ development, deployment and usage. Additionally, they should incorporate contractual safeguards into agreements with third-party providers and stakeholders to outline responsibilities and liabilities related to AI usage. Technical measures, such as encryption, access controls, and anomaly detection, should be employed to protect data and AI systems from breaches and unauthorized access. Regular security audits and vulnerability assessments can help identify and mitigate potential weaknesses in AI systems and infrastructure. Implementing organizational measures, such as regular employee training and awareness programs, can create a culture of accountability and compliance with regulatory requirements and ethical standards in AI deployment.
Insuring the unpredictable
On top of these measures, companies from various industries are assessing with their brokers whether the risks stemming from using AI systems are covered by their existing insurance or must be addressed with new policies.
Although some existing policies (such as PL/PI insurance, cyber and third-party liability) may cover some AI risks, there are significant gaps that require rethinking of existing policies and possible creation of new solutions depending on specific situations.
Risk assessment is the basis of the insurance contract. A risk can be insured if:
- it causes definitive loss taking place at a specific time, in a specific place, and arising from certain specific causes;
- the loss caused is accidental;
- losses are predictable (predictability allows evaluating frequency and severability);
- underwriters can provide affordable premiums.
Carrying out an accurate risk assessment is fundamental both for underwriters and for insureds. On one hand, underwriters can exclude or limit certain specific risks and insureds. On the other hand, they can shape the best cover for them against specific claims.
In case of AI liability, risk assessment is a new frontier to be explored. Insurance is not a static concept: it could be very difficult to appraise the aggravation or reduction of the risks, since risks can change rapidly.
The first policies currently available on the market granting coverage against third-party risks for AI provide a range of solutions to adapt existing insurance to AI challenges such as:
- specific exclusions
- consistent deductibles
- co-insurance risk-taking
- specific coverage limits/sub-limits which can transform unquantifiable underlying risks into known maximum exposures
In the future, some risks currently covered could be no longer be insurable, at least not without a higher premium.
At the same time, some risks currently left without cover could become better understood and affordably insurable. More risks than previously could be eligible for coverage on reasonable terms, based on tailor-made evaluations.
The EU could provide more precise indications. The EU has intervened with a proposal for a Directive (the AI Directive), with the aim of harmonizing the liability regime in case of damages caused by AI systems; and a proposal for a Regulation (the AI Act), which mainly aims at preventing damages.
Article 6 of the AI Directive states that the EU will consider imposing compulsory insurance cover. But Article 6 doesn’t clarify who would be subject to this obligation. Companies that use AI? Companies that produce AI systems? The companies that sell AI systems? All of them?
Carriers using AI
The use of AI by insurance companies themselves will also help:
- implement the risk assessment. It’s likely that insurance will shift from its current state of “assess and indemnify” to “predict and prevent,” transforming every aspect of the insurance industry;
- differentiate risks more precisely;
- detect insurance fraud faster;
- accelerate claims handling and management;
- require affordable premiums.
As a consequence of the implementation of the risk assessment, according to various operators, the use of AI by insurance companies will allow the expansion of the services in:
- cybersecurity insurance
- blockchain integration
- climate risk assessment
In Italy the legislator has recently introduced mandatory insurance against catastrophic events. An accurate and prompt assessment of the risk with AI will be essential to respond efficiently to the demand of insureds.
Nowadays using AI in claims handling is a concrete reality in the motor and property insurance world. Insureds can notify a claim providing all photos of the damage to be indemnified with a simple click from their phone and get immediate assistance for repairing them.
AI is already also used to manage claims: various insurtech companies recently created software providing a summary of judicial pleadings and a quick analysis of the claim, speeding up the relevant management for claims handlers.
Keys takeaways
- AI has benefits and risks
- Insurability depends on understanding the risk
- Using AI could create new risks to be insured
- New insurance products are expected to cover risks that were considered uninsurable in the past
- Insurance companies using AI will:
- help differentiate risks;
- create more tailor-made insurance solutions;
- help detect insurance fraud;
- create affordable premiums;
- speed up the claims handling process;
- implement cybersecurity insurance, blockchain integration and climate risk assessment.
Authors: Giacomo Lusardi, Karin Tayel, Andrea Olivieri
Data Protection and Cybersecurity
Transposition of the NIS2 Directive: What's new?
The NIS2 Directive, published in December 2022, introduces onerous cybersecurity obligations for numerous companies. Its transposition in each EU Member State is slated for completion by 17 October 2024.
The last few years have seen an exponential increase in cyber risk. And national and European lawmakers have been prompted to raise defences against possible cyberattacks. The NIS2 Directive, an evolution from its predecessor, Directive NIS1, aims to increase security systems of an ever-increasing number of sectors against cyber attacks.
Nevertheless, the European legislator has opted for a Directive that will have to be transposed (and potentially supplemented) by national legislators to be applicable in individual Member States.
Transposition of the NIS2 Directive in EU Member States
Some European states have already taken steps in this direction. Croatia and Hungary stand as the sole EU states that have, so far, published their transposing legislation.
Other EU States are currently engaged in (or have recently completed) a public consultation phase. For instance, Belgium’s Prime Minister has instructed the Belgian Cybersecurity Center to conduct a public consultation on the preliminary draft law transposing the Directive. The same is happening in Finland and Slovenia.
Meanwhile, others, like Germany and Latvia, have published first drafts of transposing legislation but have not yet adopted the final text.
It appears evident that many EU Member States have yet to initiate the adoption of appropriate transposition provisions, or at least, there’s no official information to that effect as of now.
What’s happening in Italy?
As for Italy, the Italian Parliament has delegated the implementation of the NIS2 Directive to the government through the European Delegation Law No. 15/2024 (the Delegation Law). While no details have surfaced regarding the content of the legislative decree that will then transpose the NIS2 Directive, Articles 1 and 3 of the Delegation Law outline the general criteria for the government to adhere to in transposing the Directive.
Under these provisions, the government will have to adopt the legislative decree implementing the Directive no later than four months before the transposition deadline specified in the Directive itself. This effectively sets a target deadline by – at the latest – mid-June 2024 for the government to publish the new regulatory text. From the moment the legislative decree transposing the Directive comes into force, the government will have a 24-months window to introduce supplementary and corrective provisions. Both the transposing legislation and any supplementary and corrective provisions must not exceed the minimum regulatory standards mandated by the Directive itself.
That said, the government's task is complex. The Delegation Law also envisages the need to establish a transitional regime for entities that are already subject to the provisions of the NIS1 Directive. These entities include:
• Operators of Essential Services (OSEs) – identified with a national list of names to date consisting of about 465 companies • Digital Service Providers (FSDs) – encompassing e-commerce operators, from search engines to cloud computing So it’s reasonable to assume that, especially for these companies, we’ll see a reordering of Italian cyber regulations but also the introduction of a grace period for some companies.The legislation transposing the NIS2 Directive will also have to review the sanctions regime and the supervisory framework of the relevant authorities, potentially introducing litigation-defensive tools, such as the notice to comply.
In light of these developments, all that remains is to await further updates, with the expectations that the wait will be brief. Stay tuned!
Author: Giulia Zappaterra
Intellectual Property
PGI and fashion: New perspectives for protecting craft products
If the term “Protected Geographical Indication” (PGI) has so far evoked flavours and food and wine traditions and the culinary treasures of our territory, we may soon associate it with a surprisingly different field: that of fashion and handicrafts.
On 16 November 2023, Regulation (EU) 2023/2411 (the Regulation) on the protection of geographical indications for handicrafts and industrial products entered into force. It marks a significant step forward for the EU in protecting intellectual property and offering new opportunities for the uniform enhancement and protection of the excellence and uniqueness of European and non-European production heritage in Europe.
The new regulation extends the scope of PGIs, which were previously reserved for agricultural products, foodstuffs, wines and spirits. They now include craft and industrial products with a quality or reputation linked to the area of production. Applications for recognition under the new regulation will be possible from 1 December 2025. In the meantime, producers will be able to assess whether their products meet the criteria set out in the regulation and to identify any registered trademarks that may be an obstacle to obtaining this status.
There’s no doubt that the Regulation opens up new prospects for our economy. Emblematic products of Italian craftsmanship and industry, such as Carrara marble, Maniago knives, Murano glass, Valenza gold, Como textiles or Santa Croce sull'Arno leather, could be recognised and protected at European level. They will benefit from enhanced protection to safeguard their authenticity and quality against imitations and counterfeiting.
As is already the case for agri-food products, wines and spirits, it is expected that the protection of artisanal and industrial products through PGIs will stimulate international demand for authentic and PGI-certified Italian products, increasing exports and, consequently, boosting the country's economy.
The EU aims to ensure that, through PGIs, consumers will be made aware of the production processes, raw materials and specific skills used in the products (which will necessarily be closely linked to their geographical area of origin). This approach is linked to the objective of strengthening confidence in Made in Italy in contexts where, often, the lack of transparency in the production chain threatens its integrity.
One such context is the fashion industry, where production practices and the origin of products can sometimes be ambiguous. The new regulation could lead to a greater valorisation of the high standards of Italian fashion products, effectively combating the problem of counterfeiting and improving the global perception of Made in Italy.
Regulatory Harmony: Intersections between the Regulations and the Law on Made in Italy
The entry into force of Law no. 206 of 27 December 2023 "Organic provisions for the valorisation, promotion and protection of ‘Made in Italy’” (Made in Italy Law), started a new chapter in the valorisation, promotion and protection of Made in Italy. The legislator's objective is twofold: to safeguard Italian cultural identity and to stimulate national economic growth, both at home and abroad. In this sense, the legislation has been adapted to the standards and rules of the EU's single market, ensuring consistency and compatibility with EU directives.
The Made in Italy Law is not only a fundamental starting point for the new regulation, but also a key tool for identifying and protecting Italian artisan and industrial products that currently lack adequate protection. It also provides funding for producer associations to draw up production specifications to ensure quality standards that guarantee the authenticity and excellence of Italian artisan products, in accordance with the provisions of the Regulation.
The legislation also has the specific objective of protecting and promoting quality handicraft products, such as Italian fabrics, laces and bobbin lace, which are an essential part of the country's cultural heritage and manufacturing tradition. It recognises the importance of preserving ancient traditions and supporting the master craftsmen who hand them down.
The Ministry, as the leading and responsible body, has started a process of analysis and reorganisation to identify the competent body for managing geographical indications for craft and industrial products. At the moment, however, neither the organisational unit nor the specific office in charge of this delicate matter has been defined. It will be responsible for managing any oppositions in the national phase and interacting directly with the EUIPO to get protection at EU level.
With the Made in Italy Law, Italy has woven a new thread of craftsmanship excellence on the international scene. Italy is preparing to create a sustainable and brilliant future in which cultural diversity is the connective tissue and quality craftsmanship is the jewel in the crown.
Weaves of the world: Geographical indications in the protection of textiles, from Asia to Africa
It’s clear the EU has for a long time not done enough to protect the cultural heritage represented by crafts, a key element in the identity and history of its nations. Only France, on its own initiative, anticipated the need to protect this sector in 2014 by extending the protection of geographical indications to craft products such as Limoges porcelain, renowned for its quality and craftsmanship.
In contrast, countries like India have recognised the importance of protecting their traditional textiles since 2003 through the Geographical Indications of Goods Registration & Protection Act, 1999. This has allowed the registration of up to 484 GIs, adding value to products like Pochampalli ikat, Chanderi sarees, Mysore traditional paintings and Banaras zardozi. This protection has not only recognised the economic and cultural value of Indian handicrafts, but has also improved the living standards of artisans, increased the price and authenticity of products, and attracted more tourists and buyers.
But there are many countries that have been trying to protect their traditional knowledge through geographical indications for some time. Examples include Kashmiri cashmere, famous for its exceptional quality and softness, one of the most sought-after luxury fabrics in the world. Or Indonesia, with its batik, a fabric dyeing technique that uses wax to create intricate patterns. Another interesting example is Ghana's Kente, which came under the spotlight after a famous French fashion house used a very similar fabric during Paris Men's Fashion Week 2021. Kente is a traditional fabric known for its bright colours and intricate designs, which are important cultural symbols for Ghanaian communities. The fashion house's move has been criticised for failing to pay homage to Ghana's rich culture and for not involving local artisans in its production.
In Europe, the recent introduction of PGI protection for handcrafted products such as fabrics, laces and bobbin lace are an unprecedented opportunity that Italian fashion companies in particular should not hesitate to take advantage of.
Enhance brand reputation: PGI protection for handicraft products in the fashion industry
The protection of PGIs provided for by the new regulation not only gives a seal of authenticity and quality to these handicrafts, but also offers a very powerful tool for expanding and strengthening brand reputation, allowing companies to emerge on the international fashion scene with a distinctive and unmistakable profile.
First of all, the protection of PGIs on handmade textiles will allow fashion companies to express a deep connection with Italy's rich traditions and craftsmanship, establishing a reputation for excellence and refinement. This tangible link to Italian authenticity and cultural heritage will not only enhance brand perception, but also ignite an emotional connection with the public, generating trust and long-term brand loyalty. Protection will also provide an unprecedented opportunity to differentiate the brand on a global scale.
Given that these Italian textiles are not yet protected at EU level, fashion companies can anticipate and prepare to take advantage of this future prospect to emerge as pioneers in luxury and sustainable fashion. This distinctiveness will not only attract demanding and sophisticated clientele, but also project an image of exclusivity and prestige that will further enhance the brand.
Finally, the introduction of PGI protection for artisanal textile products can be a useful means of promoting environmental and social sustainability in the fashion industry. Companies that commit to using materials from specific Italian regions and respecting local craft techniques and traditions will be able to communicate a strong commitment to preserving the environment and supporting local communities. This responsible and ethical approach would not only enhance brand reputation but also meet the growing expectations of today's consumers, who are increasingly aware of environmental and social issues.
Fully exploiting the potential of PGIs for Italian handcrafted textiles in fashion is an imperative for companies wishing to strengthen their brand reputation. This protection offers a valuable opportunity to communicate authenticity, quality and uniqueness, differentiating the brand in the competitive international fashion landscape. Companies that embrace this opportunity with passion and commitment will be able to strengthen their reputation and consolidate their position as leaders in the fashion industry, while helping to promote values of sustainability and corporate social responsibility.
It remains to be seen which fashion companies will choose the path of innovation and use PGIs to differentiate themselves in the marketplace.
Authors: Maria Rita Cormaci, Miriam Romeo
Technology Media and Telecommunications
AGCom Communication Markets Monitoring System for 2023
On 29 April, the Italian Communications Authority (AGCom) published the first Communications Monitoring Report (Osservatorio) for 2024, which contains data related to 2023.
The data included in the Communications Monitoring Report shows that during the last quarter of 2023 there was a marginal decrease in overall accesses for fixed networks quantifiable at 16,000 units. On an annual basis, there have been 127,000 accesses less compared to the previous corresponding period of 2022; as of December 2022, the total accesses to the fixed network were approximately 20.23 million, while in December 2023 there were 20.11 million. Compared to December 2019 – when the networks were approximately 17.8 million – there was an increase in access to fixed network of 330,000 units.
The traditional lines based on copper technologies decreased by approximately 186,000 units – ie by 3.8% in respect to the total – on a quarterly basis; by approximately 798,000 units compared to December 2022 (with a reduction of approximately 5.72 million accesses in the last four years).
Regarding the networks based on technologies other than copper, compared to December 2022, there’s been a slight decrease, of 4.6%, in the number of accesses on FTTC network (Fiber To The Cabinet), totalling approximately 9.79 million accesses in December 2023. Accesses to FTTH (Fiber To The Home) technology network increased by approximately 978,000 units annually (with a growth of 26.9%), reaching approximately 4.30 million accesses by the end of December 2023. Also FWA (Fixed Wireless Access) lines have increased by almost 150,000 units in the past year (and therefore 7.6% compared to December 2022) and reached 2.11 million lines by the end of December 2023.
As of December 2023, the total broadband lines amounted to approximately 18.95 million, remaining substantially unchanged on an annual basis and registering a slight increase – 22,000 lines – on a quarterly basis.
As stated in the press release related to the Communication Monitoring Report, the tendencies have led to a significant increase in performance in terms of connection speed of the electronic communication services; the lines with speed equal to or greater than 100 Mbit/s at the end of December 2023 accounted for 73.4% of the total, compared to 40.3% in December 2019. The marketed lines with a transmissive capacity above 1 Gigabit/s has increased from 3.2% to 22.2% in the last three years.
At the same time, the upward trend in data consumption is confirmed: the overall volume of data consumed daily in 2023 increased by 15.6% compared to December 2022 and by 120% compared to the corresponding period in 2019. This is reflected in individual consumption data concerning each line of the fixed broadband network: the daily traffic recorded for each broadband line has more than doubled in the last four years, from a daily average of 4.23 GB in 2019 to 8.52 GB in 2023 for each line.
With regard to the mobile network segment, as of December 2023, the total number of SIM cards (both human, ie voice only, voice+data, and data only that involve human interaction; and M2M, ie machine-to-machine) was 108.5 million (with an increase of approximately 1.3 million on an annual basis (1.2%)). M2M SIMs increased by 1.2 million units in one year, while, in the same timeframe, the number of human SIMs increase by 60,000 units (for a total of 78.5 million human SIMs as of the end of December 2023, with 13.5% belonging to business customers and the remaining 86.5% to consumers).
As described by AGCom, there are approximately 58.6 million human SIMs that generated data traffic in the last quarter of 2023, a value exceeding approximately 2 million units compared to the corresponding value in 2022. The average daily individual consumption for the period ranging from January to December 2023 is estimated at approximately 0.78 GB, an increase of 21.1% compared to 2022 and over 230% from the corresponding period in 2019, when it was estimated at 0.23 GB.
Authors: Massimo D’Andrea, Flaminia Perna, Matilde Losa
Innovation Law Insights is compiled by the professionals at the law firm DLA Piper under the coordination of Arianna Angilletta, Matteo Antonelli, Edoardo Bardelli, Carolina Battistella, Carlotta Busani, Giorgia Carneri, Maria Rita Cormaci, Camila Crisci, Cristina Criscuoli, Tamara D’Angeli, Chiara D’Onofrio, Federico Maria Di Vizio, Enila Elezi, Alessandra Faranda, Nadia Feola, Laura Gastaldi, Vincenzo Giuffré, Nicola Landolfi, Giacomo Lusardi, Valentina Mazza, Lara Mastrangelo, Maria Chiara Meneghetti, Deborah Paracchini, Maria Vittoria Pessina, Tommaso Ricci, Miriam Romeo, Rebecca Rossi, Roxana Smeria, Massimiliano Tiberio, Giulia Zappaterra.
Articles concerning Telecommunications are curated by Massimo D’Andrea, Flaminia Perna e Matilde Losa.
For further information on the topics covered, please contact the partners Giulio Coraggio, Marco de Morpurgo, Gualtiero Dragotti, Alessandro Ferrari, Roberto Valenti, Elena Varese, Alessandro Boso Caretta, Ginevra Righini.
If you no longer wish to receive Innovation Law Insights or would like to subscribe, please email Silvia Molignani.
