Dec. 1, 2022
► Full Reference: M.-A. Frison-Roche, "Contrat de compliance, clauses de compliance", Chronique of Compliance Law, D.2022, p.2115-2117.
📝reac the article (this article is written in French)
► English summary of the article: Compliance Law is often seen only as an obligation to comply with regulations. Contract Law is masked by the study of texts and sanctions. Civil liability cases are beginning to highlight the commitments of companies, acts of will. It remains to discern the importance of contracts.
First, there is a specific contract: the "compliance contract". Its purpose is to provide a third party with a service, the means for the company to "comply" with the legal systems requirements ("contract of conformity"), and/or to enable the company to achieve the monumental goals that characterize Compliance Law (contract of compliance). The interpretation and the regime of these compliance contracts must be marked by the Compliance Law that permeates it. Secondly, there are a multitude of stipulations aimed at conformity and Compliance.
July 1, 2022
🎥La place de l'Intelligence artificielle dans le respect de la Compliance dans l'entreprise : la juste mesure ("Compliance, Artificial Intelligence and Business Management: the right measure"), in M. Mekki (coord.), 🧮L'intelligence artificielle et la gestion des entreprises ("Artificial Intelligence and Business Management")
► Full Reference: M.-A. Frison-Roche, "Compliance, Artificial Intelligence and Business Management: the right measure" ("Compliance, Intelligence artificielle et gestion des entreprises : la juste mesure"), participation to the Conference coordinated by Mustapha Mekki, L'intelligence artificielle et la gestion des entreprises. July 1st, 2022.
🎥 see the conference (in French)
consult the slides having been used as brief notes for deliver the lecture (inf French)
📝This work will be the basis for an article.
► Summary of the Lecture: Of the next European Regulation on artificial intelligence, the European Commission has a quite neutral conception of AI for obtaining a consensus between the Member States, while the Regulators and certain States have a more substantial conception of technology, wanting its power to be used to protect people, firstly from these new tools themselves, secondly from what is an amplification of the evils of the classic world, such as hate or misinformation. This is the reflection of two conceptions of Compliance.
Firstly, Compliance can be defined as neutral processes that increase the effectiveness of what would be the obligation for companies or their desire for efficient risk management (in particular the consideration of "legal risks") to prove being "conform" to all regulations that are applicable to itself and all persons to whom the firm is accountable. This is often referred to as the "compliance obligation" or "obligation of conformity".
This conception implies considerable practical consequences for the company which, in order to succeed in this "total exploit", would then have to resort to artificial intelligence tools constituting a "total and infallible solution", which mechanically generate for it the obligation to "know " all the "regulatory mass", to detect all "non-compliances", to conceive its relationship to the Law in terms of "risk of non-compliance", fully supported by Compliance by Design which could, without human intervention , eliminate legal risk and ensure "compliance total efficiency" in Ex Ante.
The "legal price" of this technological dream is extremely high because all the "regulatory" requirements will then be transformed into obligations of result, any failure generating liability. The Compliance probationary system will become overwhelming for the company, both in terms of burden of proof, means of proof, and transfers, without exemption from proof. Objective responsibilities for others will multiply. The "law of conformity" will multiply Ex Ante systemic penalties, the border with criminal law being less and less preserved.
It is essential to avoid this, both for businesses and for the Rule of Law. For this, we must use Artificial Intelligence to its proper extent: it may constitute a "massive aid", without ever claiming to be a total and infallible solution, because it is the human who must be at the center of the compliance system functioning thank to the firms and not the machinery.
For this, it is necessary to adopt a substantial conception of Compliance Law (and not a sort of Conformity Law or Obedience Law). It does not at all cover all the applicable regulations and it is not at all "neutral", being in no way a series of processes. This new branch of Law is substantially built on Monumental Goals. These are either of a negative nature (preventing a systemic crisis from happening, in many but specific perspectives: banking, financial, health, climate, etc.), or of a positive nature (building a better balance, in particular between human beings, in the company and beyond).
In this conception which appears more and more strongly, artificial intelligence finds its place, more modest. As Compliance Law is based on information, Artificial Intelligence is essential to capture it and make first connections, first stages for successive analyses, done by human beings, making what is essential: the commitment of the company, both by the leaders and by all those who are "embarked" by a "culture of Compliance" which is at both built and common.
This restores the required seal between Criminal Law and what can be asked of the mechanical use of Artificial Intelligence; this puts the obligation of means back as a principle. This restores the principal place to the lawyer and the compliance officer, so that the culture of compliance is articulated with the specificities of a sector and the identity of the company itself. Indeed, the culture of compliance being inseparable from a culture of values, Compliance by design requires a dual technique, both mathematical and legal culture. It is why European Compliance Law, because it is rooted in the European humanist tradition, is a model.
📘Frison-Roche, M.-A. (ed.), Compliance Monumental Goals, 2022
📘Frison-Roche, M.-A. (ed.), Compliance Jurisdictionalisation, 2022
📘Frison-Roche, M.-A. (ed.), Compliance Tools, 2021
📓Frison-Roche, M.-A., L'apport du Droit de la Compliance à la Gouvernance d'Internet, 2019
📕Frison-Roche, M.-A. (ed.), Pour une Europe de la Compliance, 2019
📕Frison-Roche, M.-A. (ed.), Régulation, Supervision, Compliance, 2017
📕 Frison-Roche, M.-A. (ed.), Internet, espace d'interrégulation, 2016
📝 Frison-Roche, M.-A., Compliance Monumental Goals, beating heart of Compliance law, 2022,
📝 Frison-Roche, M.-A., Role and Place of Companies in the Creation and Effectiveness of Compliance Law in Crisis, 2022
📝 Frison-Roche, M.-A., Assessment of Whistleblowing, and the duty of Vigilance, 2022
📝Frison-Roche, M.-A., Drawing up Risk Maps as an obligation and the paradox of he "compliance risks", 2021
April 21, 2021
► Full Reference: M.-A. Frison-Roche, "Dresser des cartographies des risques comme obligation et le paradoxe des "risques de conformité"" ("Drawing up risk maps as an obligation and the paradoxe of the "compliance risks""), in M.-A. Frison-Roche (ed.), Les outils de la Compliance, coll. "Régulations & Compliance", Journal of Regulation & Compliance (JoRC) and Dalloz, 2021, p. 53-62.
📝read the article (in French)
🚧read the bilingual Working Paper which is the basis of this article, with additional developments, technical references and hyperlinks
📕read a general presentation of the book, Les outils de la Compliance, in which this article is published
► Summary of the article (done by the Journal of Regulation & Compliance): There are few synthetic or theoretical studies on Risk Mapping even though it is in fact the Compliance central tool, perhaps because it is more a management tool than a legal one. Risk Mapping is often described but does not receive any other legal qualifications than being a "modality", suffering in this respect from an evil which affects the whole of Compliance, still little understood by Law, attention often so focused on the Ex Post (sanctions) while Compliance is by nature in the Ex Ante. Going from disarray to incomprehension, everyone can note the existence of "compliance risks" among the mapped risks, because if as so many affirm that it would be necessary to speak only of simple conformity as obedience, demonstrated in Ex Ante, to Law, how a sub-set of a tool would therefore have the same object as the set of Law that this tool serves ... This aporia can only be resolved if Compliance Law is defined substantially by its "monumental goals" which exceed obedience to regulations.
Consequently, Law taking up Risk Mapping, this mechanism may first appear as an ancillary obligation to the main obligation consisting in achieving "monumental goals". The ancillary obligation to draw up the maps is an obligation of result, while the main obligation to achieve the monumental goals is an obligation of means. These cartographies being very diverse and being only occasionally targeted by specific laws, it can also constitute only a legal fact or, through the play of various charters, a unilateral legal commitment. But it isnbecoming the basis of an autonomous legal obligation incumbent on enterprises in position to know certain risks, obligation referring to the existence of a subjective right tof knowing and measuring them ("right to be worried") which the third parties who are going to run them would hold, thus allowing them to choose to run them, or not.
Updated: Sept. 5, 2019 (Initial publication: April 30, 2019)
► Full Reference: M.-A. Frison-Roche, L'apport du Droit de la Compliance dans la Gouvernance d'Internet (The contribution of Compliance Law to the Internet Governance), Report asked by the French Government, published the 15th of July 2019, 139 p.
► Report Summary. Governing the Internet? Compliance Law can help.
Compliance Law is for the Policy Maker to aim for global goals that they require to be achieved by companies in a position to do so. In the digital space built on the sole principle of Liberty, the Politics must insert a second principle: the Person. The respect of this One, in balance with the Freedom, can be required by the Policy Maker via Compliance Law, which internalises this specific pretention in the digital companies. Liberalism and Humanism become the two pillars of Internet Governance.
The humanism of European Compliance Law then enriches US Compliance law. The crucial digital operators thus forced, like Facebook, YouTube, Google, etc., must then exercise powers only to better achieve these goals to protect persons (against hatred, inadequate exploitation of data, terrorism, violation of intellectual property, etc.). They must guarantee the rights of individuals, including intellectual property rights. To do this, they must be recognized as "second level regulators", supervised by Public Authorities.
This governance of the Internet by Compliance Law is ongoing. By the European Banking Union. By green finance. By the GDPR. We must force the line and give unity and simplicity that are still lacking, by infusing a political dimension to Compliance: the Person. The European Court of Justice has always done it. The European Commission through its DG Connect is ready.
► Plan of the Report (4 chapters): an ascertainment of the digitization of the world (1), the challenge of civilization that this constitutes (2), the relations of Compliance mechanisms as it should be conceived between Europe and the United States, not to mention that the world is not limited to them, with the concrete solutions that result from this (3) and concrete practical solutions to better organize an effective digital governance, inspired by what is particularly in the banking sector, and continuing what has already been done in Europe in the digital field, which has already made it exemplary and what it must continue, France can be force of proposal by the example (4).
💬 Read the interview published the 18 July 2019 : "Gouvernance d'Internet : un enjeu de civilisation" ( "Governing Internet: an Issue of Civilization"), given in French,
🏛 Presentation of the Report to the Conseil Supérieur de l'Audiovisuel- CSA (French Council of Audiovisual) on Septembre 5, by a discussion with its members presentation (in French)
💬 Read the Interview published the 20 December 2019 : "Le droit de la compliance pour réguler l'Internet" ("Compliance Law for regulate Internet"), given in French
read below the 54 propositions of the Report ⤵️