Dec. 1, 2022
Publications : Chronicles MAFR - Compliance Law
► Référence générale : M.-A. Frison-Roche, "Contrat de compliance, clauses de compliance", Chronique de Droit de la Compliance, D.2022, p.2115-2117.
► Présentation de l'article : L’on ne voit souvent dans le droit de la compliance que l’obligation de se conformer à la réglementation. Le droit des obligations en est comme masqué par l’étude des textes et des sanctions. Les cas de responsabilité civile commencent à faire ressortir les engagements des entreprises, actes de volonté. Reste à discerner l’importance des contrats. En premier lieu, existe un contrat spécifique : le « contrat de compliance ». Il a pour objet la fourniture par un tiers d’une prestation, les moyens pour l’entreprise de « se conformer » à la loi, ou/et de permettre à celle-ci d’atteindre les buts monumentaux qui caractérise le droit de la compliance. L’interprétation et le régime du contrat de compliance doit être marqué par le Droit de la compliance qui l’imprègne. En second lieu, des multitudes de clauses visent la conformité et la compliance.
📚Lire les autres articles publiés dans la chronique de Droit de la Compliance publiées au Recueil Dalloz.
July 1, 2022
🎥La place de l'Intelligence artificielle dans le respect de la Compliance dans l'entreprise : la juste mesure ("Compliance, Artificial Intelligence and Business Management: the right measure"), in Mekki, M. (coord.), 📅L'intelligence artificielle et la gestion des entreprises ("Artificial Intelligence and Business Management")
► Full Reference: Frison-Roche, M.-A. Compliance, Artificial Intelligence and Business Management: the right measure ("Compliance, Intelligence artificielle et gestion des entreprises : la juste mesure"), participation to the Conference coordinated by Mustapha Mekki, L'intelligence artificielle et la gestion des entreprises. July 1st, 2022.
🎥 see the conference (in French)
consult the slides having been used as brief notes for deliver the lecture (inf French)
📝This work will be the basis for an article.
► Summary of the Lecture: Of the next European Regulation on artificial intelligence, the European Commission has a quite neutral conception of AI for obtaining a consensus between the Member States, while the Regulators and certain States have a more substantial conception of technology, wanting its power to be used to protect people, firstly from these new tools themselves, secondly from what is an amplification of the evils of the classic world, such as hate or misinformation. This is the reflection of two conceptions of Compliance.
Firstly, Compliance can be defined as neutral processes that increase the effectiveness of what would be the obligation for companies or their desire for efficient risk management (in particular the consideration of "legal risks") to prove being "conform" to all regulations that are applicable to itself and all persons to whom the firm is accountable. This is often referred to as the "compliance obligation" or "obligation of conformity".
This conception implies considerable practical consequences for the company which, in order to succeed in this "total exploit", would then have to resort to artificial intelligence tools constituting a "total and infallible solution", which mechanically generate for it the obligation to "know " all the "regulatory mass", to detect all "non-compliances", to conceive its relationship to the Law in terms of "risk of non-compliance", fully supported by Compliance by Design which could, without human intervention , eliminate legal risk and ensure "compliance total efficiency" in Ex Ante.
The "legal price" of this technological dream is extremely high because all the "regulatory" requirements will then be transformed into obligations of result, any failure generating liability. The Compliance probationary system will become overwhelming for the company, both in terms of burden of proof, means of proof, and transfers, without exemption from proof. Objective responsibilities for others will multiply. The "law of conformity" will multiply Ex Ante systemic penalties, the border with criminal law being less and less preserved.
It is essential to avoid this, both for businesses and for the Rule of Law. For this, we must use Artificial Intelligence to its proper extent: it may constitute a "massive aid", without ever claiming to be a total and infallible solution, because it is the human who must be at the center of the compliance system functioning thank to the firms and not the machinery.
For this, it is necessary to adopt a substantial conception of Compliance Law (and not a sort of Conformity Law or Obedience Law). It does not at all cover all the applicable regulations and it is not at all "neutral", being in no way a series of processes. This new branch of Law is substantially built on Monumental Goals. These are either of a negative nature (preventing a systemic crisis from happening, in many but specific perspectives: banking, financial, health, climate, etc.), or of a positive nature (building a better balance, in particular between human beings, in the company and beyond).
In this conception which appears more and more strongly, artificial intelligence finds its place, more modest. As Compliance Law is based on information, Artificial Intelligence is essential to capture it and make first connections, first stages for successive analyses, done by human beings, making what is essential: the commitment of the company, both by the leaders and by all those who are "embarked" by a "culture of Compliance" which is at both built and common.
This restores the required seal between Criminal Law and what can be asked of the mechanical use of Artificial Intelligence; this puts the obligation of means back as a principle. This restores the principal place to the lawyer and the compliance officer, so that the culture of compliance is articulated with the specificities of a sector and the identity of the company itself. Indeed, the culture of compliance being inseparable from a culture of values, Compliance by design requires a dual technique, both mathematical and legal culture. It is why European Compliance Law, because it is rooted in the European humanist tradition, is a model.
📘Frison-Roche, M.-A. (ed.), Compliance Monumental Goals, 2022
📘Frison-Roche, M.-A. (ed.), Compliance Jurisdictionalisation, 2022
📘Frison-Roche, M.-A. (ed.), Compliance Tools, 2021
📓Frison-Roche, M.-A., L'apport du Droit de la Compliance à la Gouvernance d'Internet, 2019
📕Frison-Roche, M.-A. (ed.), Pour une Europe de la Compliance, 2019
📕Frison-Roche, M.-A. (ed.), Régulation, Supervision, Compliance, 2017
📕 Frison-Roche, M.-A. (ed.), Internet, espace d'interrégulation, 2016
📝 Frison-Roche, M.-A., Compliance Monumental Goals, beating heart of Compliance law, 2022,
📝 Frison-Roche, M.-A., Role and Place of Companies in the Creation and Effectiveness of Compliance Law in Crisis, 2022
📝 Frison-Roche, M.-A., Assessment of Whistleblowing, and the duty of Vigilance, 2022
📝Frison-Roche, M.-A., Drawing up Risk Maps as an obligation and the paradox of he "compliance risks", 2021
Updated: Sept. 5, 2019 (Initial publication: April 30, 2019)
► Full Reference: M.-A. Frison-Roche, L'apport du Droit de la Compliance dans la Gouvernance d'Internet (The contribution of Compliance Law to the Internet Governance), Report asked by the French Government, published the 15th of July 2019, 139 p.
► Report Summary. Governing the Internet? Compliance Law can help.
Compliance Law is for the Policy Maker to aim for global goals that they require to be achieved by companies in a position to do so. In the digital space built on the sole principle of Liberty, the Politics must insert a second principle: the Person. The respect of this One, in balance with the Freedom, can be required by the Policy Maker via Compliance Law, which internalises this specific pretention in the digital companies. Liberalism and Humanism become the two pillars of Internet Governance.
The humanism of European Compliance Law then enriches US Compliance law. The crucial digital operators thus forced, like Facebook, YouTube, Google, etc., must then exercise powers only to better achieve these goals to protect persons (against hatred, inadequate exploitation of data, terrorism, violation of intellectual property, etc.). They must guarantee the rights of individuals, including intellectual property rights. To do this, they must be recognized as "second level regulators", supervised by Public Authorities.
This governance of the Internet by Compliance Law is ongoing. By the European Banking Union. By green finance. By the GDPR. We must force the line and give unity and simplicity that are still lacking, by infusing a political dimension to Compliance: the Person. The European Court of Justice has always done it. The European Commission through its DG Connect is ready.
► Plan of the Report (4 chapters): an ascertainment of the digitization of the world (1), the challenge of civilization that this constitutes (2), the relations of Compliance mechanisms as it should be conceived between Europe and the United States, not to mention that the world is not limited to them, with the concrete solutions that result from this (3) and concrete practical solutions to better organize an effective digital governance, inspired by what is particularly in the banking sector, and continuing what has already been done in Europe in the digital field, which has already made it exemplary and what it must continue, France can be force of proposal by the example (4).
💬 Read the interview published the 18 July 2019 : "Gouvernance d'Internet : un enjeu de civilisation" ( "Governing Internet: an Issue of Civilization"), given in French,
🏛 Presentation of the Report to the Conseil Supérieur de l'Audiovisuel- CSA (French Council of Audiovisual) on Septembre 5, by a discussion with its members presentation (in French)
💬 Read the Interview published the 20 December 2019 : "Le droit de la compliance pour réguler l'Internet" ("Compliance Law for regulate Internet"), given in French
read below the 54 propositions of the Report ⤵️