For decades, Belgium has shown great ambition to deploy networks and connectivity, digitise administration and empower citizens with digital tools, whilst paying careful attention to the human rights and social implications of such changes. The deployment of AI is no different. For instance, the use of big data and AI for law enforcement purposes, or for social security and healthcare (not least in the context of the COVID-19 crisis), stirred much policy debate and controversy.

The most relevant provisions of the Belgian constitution that must be kept in mind in relation to the deployment and use of AI, are, among others: 

• Articles 10 and 11, which recognise that all Belgian men and women are equal, and lay down the prohibition of any discriminatory practice. 
• Articles 12 to 15, which provide for the right to a fair trial and to the effective protection of a judge. The constitution also recognises a right to transparency of the administration, which is the basis for freedom of information legislation and can include a right to transparency of algorithms used by the administration. 
• Article 22, which provides for the right to respect for private and family life, subject only to limitations or interferences set by law and providing for suitable safeguards. This is the cornerstone of data protection laws in Belgium, with respect to government as well as private sector organisations. 

Belgium is part of many international organisations and hence its legal system incorporates the rights and obligations laid down in many international conventions for the safeguard of fundamental rights. This includes, notably, the European Convention on Human Rights, the EU Charter of Fundamental Rights, the UN International Covenants on Civil and Political Rights, and the conventions and guidelines issued by the Council of Europe. 

The implications of automated data processing for human rights and fundamental freedoms were highlighted in two court cases dealt with by the Constitutional Court, both of which were also submitted to the European Court of Justice to issue a preliminary ruling. They illustrate that Belgian courts exercise a close scrutiny over legal frameworks and AI technologies that purport to process data on a large scale with the potential for severe human rights implications.

Firstly, in a judgment of 22 April 2021, the Constitutional Court annulled legal provisions on the retention of electronic communications metadata. The provisions were found to be illegal, because they allowed for the general and indiscriminate retention of several categories of traffic and location data for purposes such as the preservation of national security or the fight against crime, but without making a necessary distinction on the basis of the type of information to be retained, nor of the severity of the criminal offences justifying the need for such a vast and general retention of data (Const. Court, 22 April 2021, 57/2021, B.15 et seq.). 

Secondly, the Constitutional Court had to rule on a challenge to the validity of an act on the processing of data related to flight passengers, and referred several questions to the European Court of Justice. One aspect of the challenge is interesting for AI systems, in that it questioned the admissibility of automated processing to detect possible frauds. In a judgment of 21 June 2022, the ECJ expressed severe concerns about such automated processing, in particular as it seemed to trigger a lot of false positives, and opened up the possibility of data mining using an unrestricted number of databases rather than databases solely determined to be actually relevant. Specifically, the court stressed that automated processing could only happen on the basis of pre-established criteria, which excluded the use of AI techniques, such as machine learning, on the basis of their inherent opacity (i.e., that they do not enable an effective understanding of their functioning or the parameters leading to a certain output or proposed machine-based decision (see ECJ, 21 June 2022, Ligue des Droits Humains, C-817/18, paragraph 194)).

Belgium is part of the international system of protection of intellectual property rights, such as the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) and the WIPO treaties on copyright, as well as European Union regulations, directives and conventions which also form part of the Belgian corpus juris. 

Under Articles XI.1 et seq. of the Belgian Code of Economic Law, inspired by the European Patent Convention (EPC), computer programs as such, mere presentations of information, discoveries, methods for performing mental acts and mathematical methods (such as pure algorithms) are excluded subject-matter. However, a loose interpretation of the “as such” requirement prevails, so that computer-implemented inventions can be patented subject to the claimed invention being technical and the technical features being novel and inventive. Belgian courts tend to follow the approach of the Boards of Appeal of the European Patent Office, although the case law that specifically deals with patent protection for computer-implemented invention is relatively scarce. 

In terms of ownership, Belgian law in its current state provides that the right to a patent belongs to the inventor or its assignee, which means that the exclusive right cannot be attributed to “a machine”. 

A currently undeveloped area of the law concerns the requirement for the invention to be described in sufficiently clear and comprehensive terms, such that the person skilled in the art can carry out the invention. Because of the specifics of AI, questions arise as to how best to “describe” an invention, its underlying algorithms, and its training datasets. At the European Patent Office (EPO) stage where patent applications are filed and examined, guidance has been developed (see https://www.osborneclarke.com/insights/updated-epo-examination-guidelines-address-ai-accelerated-oppositions-and-antibody-claims) and practitioners are developing pragmatic ways to address these challenges, but such applications will still need to pass the test of courts. 

Computer programs that embody algorithms and machine learning or other AI techniques will likely be regarded as copyrightable works and enjoy protection in Belgium, given the low threshold set for originality, although no distinction is made in copyright between trained and untrained machine learning systems (which can be critical as often there is great commercial value in systems that have been extensively trained). However, often times, a combination with the sui generis rights of database makers will be possible, in relation to the investment made in obtaining, verifying or presenting a collection of data used by the program to generate their outputs. General copyright can also vest in ancillary elements such as the graphical user interface, and certain aspects of the so-called preparatory design material that sits at the intersection of copyright and trade secrets protection (see below). 

In Belgian copyright law, no specific legal provision applies to works entirely generated by machine or by AI systems. As a result, uncertainty prevails, as to the protection of AI generated works. It is argued that in the current state of the law, where an output is entirely created by a machine learning algorithm, the mere selection or provision of data as input, cannot in itself be sufficient to grant copyright protection to the user.

Belgian law grants copyright protection to the authors of any work, i.e., the individuals who perform the creative acts. The limited exception of software copyright being legally presumed to be assigned to the employer does not eliminate the need for carefully crafted and comprehensive written transfer agreements to be concluded in order to create legal certainty as to the ownership of copyrights at large. 

Articles XI.332/1 et seq. of the Code of Economic Law govern the protection of trade secrets. Unlike intellectual property rights, trade secrets are not a class of assets, but a legally protected interest in order to complement the protection afforded by patents, copyrights and the like. Trade secrets only apply in relation to information that can be demonstrated to be:

• secret; 
• of a commercial value because of its secrecy; and
• the result or the subject matter of reasonable measures to keep it secret. 

In other words, trade secret protection is an ideal candidate to protect some aspects of AI systems, in particular in relation to methods of conception or of operation, data structures, abstract algorithms, datasets used for training (where not suitable for database protection), “trained” outputs and validating and testing purposes. Those aspects of proprietary information fall outside the scope of classical intellectual property rights but can be critical for the successful deployment of AI systems. Practitioners will note that in addition to organisational and technical measures to ensure the confidentiality of trade secrets, contractual undertakings are also paramount and need to be embedded from the very inception of any AI project. One must pay the greatest attention to a sound definition of the subject matter of the confidentiality, the measures to protect that information, and the (limited) authorised scope or purposes in respect of which confidential information may be used. 

See Section 3.2 below.

Under Belgian law, data is regarded as a piece of information, an intangible that is not the subject matter of proprietary or exclusive rights. As a rule, the holder of a dataset can freely decide whether or not to share or use it, or to let third parties access and use it, upon terms the holder deems fit. However, general contract law and competition law can limit or expand the holder’s ability to impose terms of its choice. For instance, abuse of right, good faith, contract interpretation or specific legal provisions protecting small and medium-sized businesses can play a role in that respect.

See the European Union chapter for details about the application of GDPR in the context of AI systems. 

Interestingly, the Belgian data protection authority issued a decision that may impact AI Systems. A bank was using payment transaction data for the purposes of creating models for personalised rebates designed to apply to third-party products. One of the debated issues was whether the bank could rely on a legitimate interest as a legal basis to justify the processing of existing data for the new purpose of creating models, exceeding the customers’ legitimate expectations. The Data Protection Authority found that the bank did not infringe the GDPR provisions when developing its models for price reductions, it being noted, however, that the utilisation of such models to actually send rebate proposals was still subject to prior consent of the bank’s customers (see www.autoriteprotectiondonnees.be/publications/decision-quant-au-fond-n0-46-2024.pdf).

The federal state and the regions and communities have each implemented the EU open data directives at their own level, often by the setting up of license templates for the re-use. There are administrative means of redress when a public authority refuses to let candidates re-use public sector information or tries to impose terms that go beyond what appears to be necessary or proportionate. One area that is under development is the making available of case law from the various Belgian courts. Similarly in other areas the government has taken several initiatives to make datasets available and promote their re-use.

Specific provisions of copyright law also promote open access in the context of scientific research, such as the exceptions to enable text and data mining, or the right for any author of a scientific article to make his or her work freely available for the public six or 12 months after its publication. 

N/A

Articles 10 and 11 of the Constitution are the foundation for Belgian law on prohibition of discriminatory practices, and they are implemented by several pieces of legislation at federal and state level. The most important is the Anti-Discrimination Act of 10 May 2007, which lays down the principle that any discrimination on the basis of one of the listed criteria is a direct discrimination and must be justified objectively on the basis of a legitimate goal and that the means to achieve the same goal must be both proportionate and necessary. The listed criteria reflect traditional categories of protected criteria as they include sex, race, religion, sexual orientation, but also expand the scope of the Act as they also comprise birth, fortune, language, state of health, disability or social origin. The Act applies both to the public and private sector, and covers a wide variety of areas or access to a wide range of goods and services. It will typically apply to insurance or financial services, workforce management and/or selection. 

On 18 April 2024, the Belgian Parliament approved a law establishing a framework for the cybersecurity of network and information systems of general interest for public security, thereby transposing the NIS2 Directive into Belgian law (referred to as the “NIS2 Law”). The NIS2 Law is set to enter into force on 17 October 2024. Belgium has decided to take advantage extending the list of entities subject to NIS2 requirements. In fact, its NIS2 Law includes an ability to extend the list of applicable entities to additional sectors and sub-sectors, as well as further extensions by royal decree. In addition, specific entities may be added by decision of the Belgian regulator.

Belgium has extended the list of risk management measures and information obligations. As a result, entities subject to the Belgian NIS2 Law will be required to take new risk management measures and comply with additional information obligations for the purpose of establishing a solid security policy. To ensure compliance, the relevant authority must be identified and important entities should carry out a pre-assessment on a voluntary basis (mandatory for essential entities). Administrative actions, as well as fines, are within scope.

Royal Decree (of 9 June 2024) has now been adopted, providing further details on the implementation of the NIS2 Law. This decree specifies the additional sectors and sub-sectors that are included under the NIS2 obligations and outlines the specific risk management measures and information obligations that must be adhered to by the entities. It also specifically designates the Centre for Cybersecurity Belgium (CCB) as the national cybersecurity authority for Belgium. 

Market abuse and unfair practices in general are governed by Title VI of the Code of Economic Law. With respect to consumers, the law prohibits any unfair, deceptive or manipulative practices. It prescribes transparency as to the content of products and services. These legal provisions do not specifically address AI systems or services. 

Belgium has adopted a specific set of rules to protect small and medium-sized business in dealings with large corporations or companies having a significant market share that often enables them to dictate contractual terms. The regime is similar to the regulation of unfair contract terms for consumers. It can typically make void boilerplate provisions such as limitation or exclusion of liability for AI systems or products. 

Belgium will be subject to EU Regulation 2024/1689 (the EU Artificial Intelligence Act) directly, as a member of the European Union (see the EU chapter for further details).

With respect to regulation, the Belgian Government adopted a Royal decree on tests with automated vehicles in March 2018. It paves the way for the development of fully autonomous vehicles, as it allows the use of automated vehicles on the road for testing purposes and under restricted conditions.

The Belgian AI strategy, drawn up by the Belgian federal government as an AI “convergence plan” (see www.bosa.belgium.be/en/themes/digital-administration/digital-strategy-and-policy/national-convergence-plan-development), and approved by the Council of Ministers on 28 October 2022, emphasises the need to ensure a reliable, safe and trustworthy AI development by establishing a legal and regulatory framework that encourages innovation while respecting the fundamental rights and freedoms of citizens.

8.1. Who is liable for damages and what are the risks? 

Enforcement risks can come from the regulator as well as from competitors or individual users making a complaint. Given the innovative nature of AI, private claims or motions from competitors appear more likely at this stage. In terms of damages, Belgian law applies a civil law system that is based on a principle of the comprehensive compensation of damages of all kind, for any negligence or tort without which the damage would not have occurred. Contractual limitations and exclusions are admissible but can be challenged in court as to their exact scope or validity. Businesses should note that in 2023 the Civil Code was revamped and the rules on liability and contractual limitations have been amended. Therefore, it is advisable to consider the implication of these new rules in combination with the new EU AI Act obligations and their application alongside the so-called ‘AI value chain’ (see the EU chapter).

8.2. How can I know how to comply? 

There is currently no closed “check-list” approach possible for AI systems or products to comply with Belgian legislation, especially given the open-ended nature of data protection and anti-discrimination laws. In addition to the sectoral or specific legislation, an internal impact assessment exercise, which factors in the requirements of data protection and anti-discrimination laws, appears to be a good use of one’s time. It will help shape the discussions and show a willingness to anticipate risks and potential harms and to mitigate them. 

8.3. What is the best approach to protect my investment in AI? 

It is always advisable to explore the patentability of any AI project upfront, to avoid losing the momentum and to prepare strategically. Given that copyright protection applies without the need for any formality, it is paramount for the employer to obtain a written assignment or transfer of all copyrights in due form. The written assignment must cover ancillary aspects such as trade secrets and proprietary information. In summary, a combination of anticipation, contractual measures and operational preparedness to ensure confidentiality and secrecy of information, is money well-spent.