‘The EU’s Artificial Intelligence Act (‘AI Act’) delegates key regulatory functions to harmonised socio-technical standards developed by private bodies under the New Legislative Framework (‘NLF’). While this promises efficiency and flexibility, it raises legitimacy concerns – especially given the AI Act’s fundamental rights objectives. This article critically examines the legal basis and governance structure of the standardisation process, focusing on the roles of CEN, CENELEC, and international cooperation with ISO/IEC. It assesses the inclusiveness, transparency, and accountability of these processes, highlighting risks of over-delegation in areas touching constitutional values. Applying a framework of input, output, and throughput legitimacy, it identifies procedural gaps and analyses the implications of the CJEU’s 2024 landmark Public.Resource.Org judgment on access to standards. It concludes with proposals aimed at improving the legal and normative legitimacy of future standardisation in AI, arguing that AI governance depends not only on technical quality but also on democratic accountability and rights-based alignment.’
Link: https://www.tandfonline.com/doi/full/10.1080/13600834.2025.2570966#abstract
AI Update 