Europe’s AI Sandboxes: Navigating Regulatory Evolution

Regulatory experimentation through combinations of soft law, hard law, and novel collaboration approaches is gaining ground in the increasingly busy field of technology regulation [1]. The EU’s proposed AI Act1 [2] includes several measures to protect innovation, of which sandboxes are one. Sandboxes are a kind of regulatory experimentation, however, the term sandbox is also used in computer science to describe an isolated environment used for testing or analysis [3]. Sandboxes conjure up an image of a physical environment, with the walls of the sandpit preventing uncontrolled effects. However, in reality they are mostly a legal construct, rather than a physical space. Exactly where sandboxes are physically hosted and operated is not clear at present2 . The regulatory sandboxes envisaged by the AI Act are the largest such regulatory experiment ever attempted. While there is no requirement for AI providers or deployers to utilise sandboxes, there are benefits for both regulators and innovators. This report defines and describes sandboxes from a regulator and an innovators perspective, analyses their history andmodalities, explains how the EU’sAIAct envisages sandboxes, identifies potential areas of innovation that could assist with the delivery of sandboxes, and analyses the potential impact of the sandboxes. It also points to differences between the Commission proposal and the Parliament proposal, which have significant differences. The differences are also listed in an appendix, section 7.3. It ends with an illustrative case study of how an AI sandbox could work in the context of a common financial services use case