Danilo Krivokapić, Director, SHARE Foundation

The accession of Western Balkan countries to the EU’s Digital Single Market, together with the previous harmonising of regulations governing this area, could bring benefits to both the EU and the region, and could further encourage the EU integration process

Serbia’s institutional framework is harmonised with European regulations to a certain extent, but we are still lacking a lot, says SHARE Foundation Director Danilo Krivokapić.

In accordance with the EU Association Agreement, Serbia is obliged to harmonise its regulations, the most significant example of which is the Personal Data Protection Act, which is almost a word for word transcription of the General Data Protection Regulation (GDPR). Serbia has also adopted its Law on Information Security, which is harmonised with the first version of the Directive on Network Information Security (NIS Directive), while the new Draft of this law, presented during summer 2023, aims to harmonise regulations with the latest version of the EU regulatory framework, the so-called NIS2 Directive.

“And yet, numerous challenges still remain ahead, given that the EU recently began implementing two important regulations – on digital services and digital markets – that represent a completely new legal model for managing the digital space,” says Krivokapić.

The Regulation on Artificial Intelligence, which was adopted on 13th March, after a long lengthy in the European Parliament, is no less important.

“These are extremely important regulations for the applying of digital technologies, and how Serbia approaches harmonisation with them will determine not only the possibility of our companies entering the EU and global digital markets, but also the protecting of the basic rights of our citizens in the digital space,” explains our interlocutor.

What are the benefits and dangers of deregulating/reregulating the digital space?

— I think that can be seen clearly in the example of the EU, which has really become a leader in the regulating of the digital space. It seems that, on the one hand, this has caused a slowdown among European companies when it comes to development and innovation, which wasn’t the case in countries with significantly more liberal rules, such as the U.S. and China, which are undoubtedly today’s leaders in the development of digital technologies. On the other hand, we can talk about the “Brussels effect”, particularly when it comes to data protection rules following the GDPR’s adoption. That regulation set a high standard of protection at the global level, and numerous countries are today being guided by that standard, with many of them having adopted regulations with a view to the GDPR. This advanced market functioning, with the uniformity of rules significantly raising the level of legal certainty and improving the protection of citizens in the EU and around the world. When it comes to Serbia, I don’t think the right question to ask is how detailed our rules on digital space will be, but rather what our country really can and should control.

Do EU candidate countries today have time/space to wait when it comes to harmonising with European acts, in the way they do with other regulations, or do they have an interest in accelerating that process?

— I believe that our region needs to harmonise with EU regulations governing the digital space as quickly as possible. Considering the complexity of digital infrastructure, and especially the challenges of managing the entire digital ecosystem, I currently don’t see another model that would enable our companies to easily access foreign markets while simultaneously ensuring the protection of our citizens in the digital space. In this sense, I think that we need to follow the EU model, which has a significantly greater influence on the global scene. If we hesitate excessively, we could develop the wrong strategic directions that it could prove costly to correct in the future.

Serbia Badly Needs a Law on Artificial Intelligence That Mirrors the Model of the Recently Adopted EU Regulation

Given that the European integration process has slowed down significantly in this region, with serious accession fatigue on all sides, I think that the accession of Western Balkan countries to the EU’s Digital Single Market – naturally with the previous harmonising of regulations governing this area – could bring benefits to both the EU and the region, and could further encourage the EU integration process.

As is the case with the GDPR, could Serbia merely transcribe the text of the European AI Act and incorporate it into its own legislation, or does the national context have its own specificities?

— The transcribing of the European regulation on data protection had some extremely positive points. We were among the world’s first countries to adopt the new personal data protection model, with which it became easier for domestic and foreign companies operating in Serbia to comply with the new legal framework, particularly bearing in mind that the EU has a significantly more developed legal framework in this field, which eases the interpreting of new and unfamiliar rules. It likewise guaranteed the highest level of rights for our citizens. On the other hand, simply transcribing the rules without taking into consideration the domestic legal framework did lead to certain contradictory and unclear rules, together with the introducing of institutes that it currently isn’t possible to apply in Serbia. It is also a major mistake that the level of the fines does not correspond with the penalties prescribed by the GDPR – fines exceeding a billion euros have already been imposed in EU countries, while the highest penalty prescribed by our law totals approximately 16,000 euros. This might sound like a great relief for companies, but in essence it makes these rules easy to breach, given that penalties for noncompliance do not have a significant impact on operations.

It seems to me that we badly need a law on artificial intelligence that mirrors the model of the recently adopted EU regulation. That model is horizontal and based on risk assessment, which in my opinion leaves ample room for research and development, while ensuring a high level of legal certainty. Of course, it is necessary for such a law to be tailored to suit the domestic legal framework in order for us to avoid inconsistencies, but also to harmonise the penal policy with the EU in order for maximally ensure its implementation.

What key challenges will businesses and start-ups in Serbia face when it comes to implementing this new framework?

— There are certainly numerous challenges, considering that regulations are becoming an increasingly complex legal matter, both on domestic and foreign markets. This entails high costs of harmonising with the new rules and investing in administrative capacities to ensure internal processes adhere to the new regulation. I think that understanding the ethical dilemmas in the development of new technologies and the impact of technology on society is something that it is no longer possible to avoid in the development of start-ups and businesses. That’s also precisely why we have such a complex regulation.

These challenges are all particularly evident when domestic businesses start collaborating with international partners, primarily from the EU. GDPR compliance is today a standard that’s simply implied, because otherwise companies are exposed to a serious risk of being sanctioned and facing high fines. Given the trend in the adopting of new regulations, we can expect ever more numerous demands to harmonise and comply with ethical rules.