1. Member States shall ensure that their competent authorities establish at least one AI regulatory sandbox at national level, which shall be operational 24 months after entry into force. This sandbox may also be established jointly with one or several other Member States’ competent authorities. The Commission may provide technical support, advice and tools for the establishment and operation of AI regulatory sandboxes. The obligation established in previous paragraph can also be fulfilled by participation in an existing sandbox insofar as this participation provides equivalent level of national coverage for the participating Member States.
1a. Additional AI regulatory sandboxes at regional or local levels or jointly with other Member States’ competent authorities may also be established.
1b. The European Data Protection Supervisor may also establish an AI regulatory sandbox for the EU institutions, bodies and agencies and exercise the roles and the tasks of national competent authorities in accordance with this chapter.
1c. Member States shall ensure that competent authorities referred to in paragraphs 1 and 1a allocate sufficient resources to comply with this Article effectively and in a timely manner. Where appropriate, national competent authorities shall cooperate with other relevant authorities and may allow for the involvement of other actors within the AI ecosystem. This Article shall not affect other regulatory sandboxes established under national or Union law. Member States shall ensure an appropriate level of cooperation between the authorities supervising those other sandboxes and the national competent authorities.
1d. AI regulatory sandboxes established under Article 53(1) of this Regulation shall, in accordance with Articles 53 and 53a, provide for a controlled environment that fosters innovation and facilitates the development, training, testing and validation of innovative AI systems for a limited time before their placement on the market or putting into service pursuant to a specific sandbox plan agreed between the prospective providers and the competent authority. Such regulatory sandboxes may include testing in real world conditions supervised in the sandbox.
1e. Competent authorities shall provide, as appropriate, guidance, supervision and support within the sandbox with a view to identifying risks, in particular to fundamental rights, health and safety, testing, mitigation measures, and their effectiveness in relation to the obligations and requirements of this Regulation and, where relevant, other Union and Member States legislation supervised within the sandbox.
1f. Competent authorities shall provide providers and prospective providers with guidance on regulatory expectations and how to fulfil the requirements and obligations set out in this Regulation. Upon request of the provider or prospective provider of the AI system, the competent authority shall provide a written proof of the activities successfully carried out in the sandbox. The competent authority shall also provide an exit report detailing the activities carried out in the sandbox and the related results and learning outcomes. Providers may use such documentation to demonstrate the compliance with this Regulation through the conformity assessment process or relevant market surveillance activities. In this regard, the exit reports and the written proof provided by the national competent authority shall be taken positively into account by market surveillance authorities and notified bodies, with a view to accelerate conformity assessment procedures to a reasonable extent. 1fa Subject to the confidentiality provisions in Article 70 and with the agreement of the sandbox provider/prospective provider, the European Commission and the Board shall be authorised to access the exit reports and shall take them into account, as appropriate, when exercising their tasks under this Regulation. If both provider and prospective provider and the national competent authority explicitly agree to this, the exit report can be made publicly available through the single information platform referred to in this article.
1g. The establishment of AI regulatory sandboxes shall aim to contribute to the following objectives:
a) improve legal certainty to achieve regulatory compliance with this Regulation or, where relevant, other applicable Union and Member States legislation;
b) support the sharing of best practices through cooperation with the authorities involved in the AI regulatory sandbox;
c) foster innovation and competitiveness and facilitate the development of an AI ecosystem;
d) contribute to evidence-based regulatory learning;
e) facilitate and accelerate access to the Union market for AI systems, in particular when provided by small and medium-sized enterprises (SMEs), including start-ups.
2. National competent authorities shall ensure that, to the extent the innovative AI systems involve the processing of personal data or otherwise fall under the supervisory remit of other national authorities or competent authorities providing or supporting access to data, the national data protection authorities, and those other national authorities are associated to the operation of the AI regulatory sandbox and involved in the supervision of those aspects to the extent of their respective tasks and powers, as applicable.
3. The AI regulatory sandboxes shall not affect the supervisory and corrective powers of the competent authorities supervising the sandboxes, including at regional or local level. Any significant risks to health and safety and fundamental rights identified during the development and testing of such AI systems shall result in an adequate mitigation. National competent authorities shall have the power to temporarily or permanently suspend the testing process, or participation in the sandbox if no effective mitigation is possible and inform the AI Office of such decision. National competent authorities shall exercise their supervisory powers within the limits of the relevant legislation, using their discretionary powers when implementing legal provisions to a specific AI sandbox project, with the objective of supporting innovation in AI in the Union.
4. Providers and prospective providers in the AI regulatory sandbox shall remain liable under applicable Union and Member States liability legislation for any damage inflicted on third parties as a result of the experimentation taking place in the sandbox. However, provided that the prospective provider(s) respect the specific plan and the terms and conditions for their participation and follow in good faith the guidance given by the national competent authority, no administrative fines shall be imposed by the authorities for infringements of this Regulation. To the extent that other competent authorities responsible for other Union and Member States’ legislation have been actively involved in the supervision of the AI system in the sandbox and have provided guidance for compliance, no administrative fines shall be imposed regarding that legislation.
4b. The AI regulatory sandboxes shall be designed and implemented in such a way that, where relevant, they facilitate cross-border cooperation between national competent authorities.
5. National competent authorities shall coordinate their activities and cooperate within the framework of the Board.
5a. National competent authorities shall inform the AI Office and the Board of the establishment of a sandbox and may ask for support and guidance. A list of planned and existing AI sandboxes shall be made publicly available by the AI Office and kept up to date in order to encourage more interaction in the regulatory sandboxes and cross-border cooperation.
5b. National competent authorities shall submit to the AI Office and to the Board, annual reports, starting one year after the establishment of the AI regulatory sandbox and then every year until its termination and a final report. Those reports shall provide information on the progress and results of the implementation of those sandboxes, including best practices, incidents, lessons learnt and recommendations on their setup and, where relevant, on the application and possible revision of this Regulation, including its delegated and implementing acts, and other Union law supervised within the sandbox. Those annual reports or abstracts thereof shall be made available to the public, online. The Commission shall, where appropriate, take the annual reports into account when exercising their tasks under this Regulation.
6. The Commission shall develop a single and dedicated interface containing all relevant information related to sandboxes to allow stakeholders to interact with regulatory sandboxes and to raise enquiries with competent authorities, and to seek non-binding guidance on the conformity of innovative products, services, business models embedding AI technologies, in accordance with Article 55(1)(c). The Commission shall proactively coordinate with national competent authorities, where relevant. Article 53A Modalities and functioning of AI regulatory sandboxes In order to avoid fragmentation across the Union, the Commission shall adopt a an implementing act detailing the modalities for the establishment, development, implementation, operation and supervision of the AI regulatory sandboxes. The implementing act shall include common principles on the following issues:
a) eligibility and selection for participation in the AI regulatory sandbox;
b) procedure for the application, participation, monitoring, exiting from and termination of the AI regulatory sandbox, including the sandbox plan and the exit report;
c) the terms and conditions applicable to the participants. The implementing acts shall ensure that:
a) regulatory sandboxes are open to any applying prospective provider of an AI system who fulfils eligibility and selection criteria. The criteria for accessing to the regulatory sandbox are transparent and fair and establishing authorities inform applicants of their decision within 3 months of the application;
b) regulatory sandboxes allow broad and equal access and keep up with demand for participation; prospective providers may also submit applications in partnerships with users and other relevant third parties;
c) the modalities and conditions concerning regulatory sandboxes shall to the best extent possible support flexibility for national competent authorities to establish and operate their AI regulatory sandboxes;
d) access to the AI regulatory sandboxes is free of charge for SMEs and start-ups without prejudice to exceptional costs that national competent authorities may recover in a fair and proportionate manner;
e) they facilitate prospective providers, by means of the learning outcomes of the sandboxes, to conduct the conformity assessment obligations of this Regulation or the voluntary application of the codes of conduct referred to in Article 69;
f) regulatory sandboxes facilitate the involvement of other relevant actors within the AI ecosystem, such as notified bodies and standardisation organisations (SMEs, start-ups, enterprises, innovators, testing and experimentation facilities, research and experimentation labs and digital innovation hubs, centers of excellence, individual researchers), in order to allow and facilitate cooperation with the public and private sector;
g) procedures, processes and administrative requirements for application, selection, participation and exiting the sandbox are simple, easily intelligible, clearly communicated in order to facilitate the participation of SMEs and start-ups with limited legal and administrative capacities and are streamlined across the Union, in order to avoid fragmentation and that participation in a regulatory sandbox established by a Member State, or by the EDPS is mutually and uniformly recognised and carries the same legal effects across the Union;
h) participation in the AI regulatory sandbox is limited to a period that is appropriate to the complexity and scale of the project. This period may be extended by the national competent authority;
i) the sandboxes shall facilitate the development of tools and infrastructure for testing, benchmarking, assessing and explaining dimensions of AI systems relevant for regulatory learning , such as accuracy, robustness and cybersecurity as well as measures to mitigate risks to fundamental rights,[environment] and the society at large.
3. Prospective providers in the sandboxes, in particular SMEs and start-ups, shall be directed, where relevant, to pre-deployment services such as guidance on the implementation of this Regulation, to other value-adding services such as help with standardisation documents and certification, Testing & Experimentation Facilities, Digital Hubs, Centres of Excellence, and [EU benchmarking capabilities].
4. When national competent authorities consider authorising testing in real world conditions supervised within the framework of an AI regulatory sandbox established under this Article, they shall specifically agree with the participants on the terms and conditions of such testing and in particular on the appropriate safeguards with the view to protect fundamental rights, health and safety. Where appropriate, they shall cooperate with other national competent authorities with a view to ensure consistent practices across the Union.