This paper focuses on the AI risk management framework that applies to tax authorities under the EU and US legal systems. In recent years, the development of AI has entered the field of tax administration, revolutionizing the planning and operational tasks of tax authorities. In this scenario, it is crucial that taxpayers are not unduly exposed to any risk of harm arising from the unsafe implementation of AI by tax authorities. In this regard, the EU legal framework – with the GDPR and the recent AI Act – and the US legal framework – with the recent Executive Order on the development of Safe, Secure, and Trustworthy AI – provide valuable sources of risk-based obligations that could adequately address the risks of AI in the tax domain.
On the EU side, the GDPR and AI Act have a complementary approach – a “rights-based approach” in the case of the GDPR, and a “risk-based approach” in the case of the AI Act – and an overlapping scope of application. In the field of AI risk management, the potential overlap between the GDPR and the AI Act may provide valuable indications for adapting the GDPR-based risk management framework to the realm of AI, and, at the same time, for interpreting the scope of the AI Act in light of the rights provided under the GDPR. On the US side, the risk management obligations stemming from the Executive Order on Safe AI draw from the recent developments in AI regulation in the EU, providing measures that have a similar scope to the requirements of the AI Act. From this perspective, we discuss that the EU and US approaches to AI regulation are slowly aligning and are similarly able to address the risks arising from the use of AI in the tax domain – such as, particularly, the risks concerning AI-enabled discrimination and human-AI interaction. However, both in the EU and the US, it is unclear whether the risk management framework provided by these regulations can effectively extend to tax authorities. Except for the GDPR, the AI Act and the Executive Order seem to consider tax-related AI systems at a lower risk class compared to other categories of “high-risk” or “risk-impacting” AI systems. The misalignment in the classification of tax-related AI systems could jeopardize the application of the AI risk management framework provided in these regulations, and consequently, expose taxpayers to significant risks of harm.
For this reason, we argue that the risks concerning the use of AI in tax administration, and the benefits that could derive from the adoption of a risk management framework inspired by these three regulations, should convince EU and US lawmakers to adopt a precautionary and uniform approach to the risk categorization of tax-related AI systems. Particularly, lawmakers should locate tax-related AI systems among the pool of high-risk and rights-impacting systems for the purposes of the AI Act and the Executive Order, for the better interest of taxpayers in the EU and the US.