Detailed overview
The Council of Europe adopted the Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law. It was opened for signature on 5 September 2024 and is described by the Council of Europe as the first legally binding international treaty on artificial intelligence.
Relationship to the EU AI Act
The Convention is different from the EU AI Act. The EU AI Act is a market regulation with direct compliance duties for AI providers, deployers and other operators. The Council of Europe Convention is a treaty that requires signatory states to make sure that AI lifecycle activities are compatible with human rights, democracy and the rule of law.
Scope and substance
The Convention covers the full AI lifecycle, including design, development, deployment, use and decommissioning. It requires states to address AI in a way that protects human dignity, autonomy, equality, non-discrimination, privacy, personal-data protection, transparency, oversight, accountability, reliability and safe innovation. These concepts are important because they influence how national AI laws are likely to develop in European states that are not part of the EU AI Act framework.
The Convention also requires safeguards for persons affected by AI. These may include documentation of relevant information, notice that a person is interacting with AI, the ability to challenge certain AI-influenced decisions, complaint mechanisms and procedural guarantees. The Convention also requires risk and impact assessments and measures to prevent or reduce AI-related risks.
Effect on companies
The Convention does not create one direct fine table for companies. Its effect depends on how each state implements it through domestic law.
It is especially relevant for non-EU European jurisdictions, such as the United Kingdom and Switzerland, because it gives those countries a treaty-based AI framework without copying the EU AI Act in full.
Practical requirements & details
Sourced from the Council of Europe Framework Convention on AI, Human Rights, Democracy and the Rule of Law (CETS No. 225), opened for signature 5 Sept 2024 in Vilnius.
Scope and structure
- Binds signatory states — not companies directly. Covers AI activities of public authorities and, where Parties so determine, private actors.
- Covers the entire AI lifecycle: design, development, deployment, use and decommissioning.
- Parties may apply the Convention to private-sector AI activities directly or take "other appropriate measures" to address risks — the practical effect depends on domestic implementation.
Substantive principles (Chapter III)
- Human dignity and individual autonomy (Art. 7).
- Equality and non-discrimination (Art. 10).
- Privacy and personal-data protection (Art. 11).
- Transparency and oversight (Art. 8).
- Accountability and responsibility (Art. 9).
- Reliability (Art. 12).
- Safe innovation (Art. 13) — including via controlled testing environments (sandboxes).
Safeguards for affected persons (Chapter IV)
- Documentation of relevant information about the AI system.
- Notice that a person is interacting with AI (Art. 15) — unless obvious from context.
- Ability to challenge certain AI-influenced decisions and obtain effective remedies (Art. 14).
- Procedural guarantees and complaint mechanisms.
Risk and impact assessments (Chapter V)
- Parties must adopt or maintain measures for identification, assessment, prevention and mitigation of AI-related risks throughout the lifecycle.
- Includes consideration of human-rights, democracy and rule-of-law impacts — not only safety or data protection.
Effect on companies
- No direct fine table. Effect depends on each state's domestic implementation.
- Especially relevant for non-EU European jurisdictions (UK, Switzerland, Norway, etc.) and signatories from other regions (US, Canada, Japan, Israel) where the Convention shapes future domestic AI governance.