Uncategorized

WCO,AEO and AI: Detailed report on the application of artificial intelligence and machine learing in customs

Giugno 13, 2025 /

The report “Detailed report on the application of artificial intelligence and machine learing in customs” published by WCO on March 2025 analysed the interactions between the advanced AI models and Customs.

From customs administration perspective, the process will decrease the neededor expected time thanks to the always increasing use of Large Language Models (LLMs), such as GPT-4 and LLaMA  extract insights from unstructured data, assist in risk profiling and streamline compliance checks. Additonally, AI-powered image recognization systems, based on deep learning, improve cargo scanning by identifying concealed items and anomalies in X-ray and scanning data.  The report shows that “ 3.3.1 Ensuring accountability and compliance . Validation of AI outputs: Customs officers can review AI-generated insights to ensure decisions align with legal and regulatory standards. While human validation helps maintain compliance, it should be supported by a robust integrity policy to mitigate risks of bias or corruption and uphold transparency in Customs operations.

Contextual understanding: Humans provide context that AI models may not fully grasp, such as geopolitical factors, cultural nuances or excepBonal circumstances affecting trade practices. This ensures that decisions are appropriate and take all relevant factors into consideration.

3.3.2 Enhancing trust and transparency

Building confidence in AI systems: Involving humans in the loop increases trust among stakeholders, as decisions are not solely made by automated systems, insisting a level of assurance in processes that include human judgment. However, integrity and transparency safeguards have to be instituted to ensure fair and unbiased decisions.

Transparent decision-making: AI-only decisions may lack transparency because complex models like neural networks operate as “black boxes”, making it difficult to trace how inputs lead to outputs. Without clear explanation, it becomes challenging to justify decisions, especially in legal and compliance contexts where accountability is required. HITL allows for explanaBons of how decisions are made, which is essential for transparency and accountability. Customs officers can provide rationales for actions taken, which is critical in legal and compliance contexts

***

From the economic operator standpoint, it is interesting to mention that opportunities of simplification and savings linked to the cloud-based AI for Customs operations. Indeed: “…Cloud-based AI, which provides services hosted via the Internet on remote servers, offers scalable processing power and data storage for AI applications. It has emerged as a significant trend, with an

increasing number of organizations adopting cloud platorms to develop, deploy and scale AI solutions…”.  This point should be the basis for a new questions or set of questions for the AEO questionnaire.

The compliance with the intellectual property rights is another crucial pillar of the analysis deployed by the WCO for which both customs administrations and economic operators which adopt AI/ML technologies, must compliance with data use regulations and Intellectual Property Rights (IPR) ones. This is parcularly important when handling sensitive trade information provided by traders as part of their legal obligations.  It is reported that: “Key consideraons for data use compliance include the following:

  • Legal basis: ensure that the use of trade data for AI/ML aligns with the legal basis under which

it was collected, not exceeding the original purpose’s scope.

  • Confidentiality: implement robust measures to prevent unauthorized access or disclosure of

sensitive information when using trade data for AI/ML.

  • Data protection: mitigate privacy risks by anonymizing or aggregating trade data before AI/ML

training, ensuring effective techniques to prevent re-identication.

  • Third-party involvement: when external vendors are involved, ensure data sharing complies with

data protection obligations through appropriate contractual clauses.

  • International compliance: adhere to provisions in international trade agreements and conventions regarding trade data use and protection.

***

From the EU customs and AI frameworks it is interesting to recall the annex to the “Communication to the Commission Approval of the content of the draft Communication from the Commission –Commission Guidelines on prohibited artificial intelligence practices established by Regulation (EU) 2024/1689 (AI Act)” [4.2.2025 C(2025) 884 final]  highlights the role plaid by the AI Act in harmonizing the rules for the placing on the market, putting into service, and use of artificial intelligence (‘AI’) in the Union.

This regulation follows a risk-based approach, classifying AI systems into four different risk categories:

(i) Unacceptable risk: AI systems posing unacceptable risks to fundamental rights and Union values are prohibited.

(ii) High risk: AI systems posing high risks to health, safety and fundamental rights are subject to a set of requirements and obligations.

(iii) Transparency risk: AI systems posing limited transparency risk are subject to transparency obligations;

(iv) Minimal to no risk: AI systems posing minimal to no risk are not regulated, but providers and deployers may voluntarily adhere to voluntary codes of conduct.

These Guidelines:

  1. aim to increase legal clarity and to provide insights into the Commission’s interpretation of the prohibitions in Article 5 ( which prohibits the placing on the EU market, putting into service, or use of certain AI systems for manipulative, exploitative, social control or surveillance practices, which by their inherent nature violate fundamental rights and Union values) AI Act with a view to ensuring their consistent, effective and uniform application;
  2. are non-binding because of any authoritative interpretation of the AI Act may ultimately only be given by the Court of Justice of the European Union (‘CJEU’).

In particular, article 5 of AI Act prohibits: Real-time remote biometric identification (‘RBI’), Biometric categorisation, Emotion recognition, Untargeted scraping to develop facial recognition databases, Individual criminal offence risk assessment and prediction, social scoring, Harmful exploitation of vulnerabilities, harmful manipulation and deception.

AI Act provides that the prohibition does not apply to AI systems used to support the human assessment of the involvement of an economic operator in a customs activity, which is already based on objective and verifiable facts directly linked to a (potential) criminal oer non-compliant activity.

At this regards, the guidelines of AI Act underline that AI systems used by custom authorities to assess the risk of goods entering the EU not complying with the legislation applicable at the border

To identify situations where a customs control should be carried out. Indeed, the AI system assesses objective and verifiable information provided to the customs related to the goods and their supply chains (value, classification, origin and other data). In certain cases, it may also process information about the prior involvement of the importer or exporter in irregularities related to import of goods, their affiliation to criminal organizations or a criminal record for drug trafficking. Such systems are out of scope of the prohibition because any prediction of a likelihood of a natural person to be involved in an import or export of illicit goods is not solely based on profiling, but on objective and verifiable information related to the goods and the importer or exporter’s prior involvement in criminal activity and subject to a human review to determine whether or not the situation requires a customs control or risk mitigation action.

For what is concerning the dual use items compliance, it is interensting to share the following sentences of the guidelines: “ Dual use: “ recital 24 AI Act clarifies that AI systems placed on the market or put into service for an excluded purpose, namely military, defence or national security, and for one or more non-excluded purposes, such as civilian or law enforcement purposes (so called ‘dual use’ systems), fall within the scope of the AI Act. Providers of those systems should ensure that they comply with the requirements in the AI Act”.

Finally, for AEO it is possible to say that AI will heavely impact of the following questions of the self assessment questionnaire (Annex 1° to TAXUD/B2/047/2011-REV6):

1.3.2 “a) How, and by whom, is the tariff classification of goods decided? b) What quality assurance measures do you take to ensure that tariff classifications are correct (e.g. checks, plausibility checks, internal working instructions, regular training)? c) Do you keep notes on these quality assurance measures? d) Do you regularly monitor the effectiveness of your quality assurance measures? e) What resources do you use for tariff classification (e.g. database of standing data on goods)”;

1.3.3 “a) How and by whom is the customs value established? b) What quality assurance measures do you take to ensure that the customs value is correctly established (e.g. checks, plausibility checks, internal working instructions, regular training, other means)? c) Do you regularly monitor the effectiveness of your quality assurance measures? d) Do you keep notes on these quality assurance measures?”;

1.3.4 “a) Give an overview of the preferential or non-preferential origin of the imported goods. b) What internal actions have you implemented to verify that the country of origin of the imported goods is declared correctly? c) Describe your approach in the issuing of proof of preferences and certificates of origin for exportation”;

1.3.5 “Do you deal in goods subject to anti-dumping duties or countervailing duties? If yes, provide details of the manufacturer(s) or countries outside the EU whose goods are subject to the above duties”.

3.5.1 “ Do you have documented procedures for verifying the accuracy of customs declarations, including those submitted on your behalf by, e.g., a customs agent or a freight forwarder? Yes/No. If yes please describe briefly the procedures.If no, do you verify the accuracy of customs declaration? Yes/No. If Yes in what way”

3.5.4 “ a) Are you dealing with goods subject to import and export licenses connected to prohibitions and restrictions? b) Are you dealing with goods subject to other import and export licenses? c) If yes, please specify which type of goods and if you have procedures in place for the handling those licenses”

3.7 protection of computers system and 3.8 “documentation security”.

Therefore, it will be very important to taking into account the impact of the AI in the company processes which directly or indirectly impact on the customs obligations; it implies that the internal procedures and monitoring should reflect the role held by the AI.

***

Finally, by focusing on the AEO, it is interesting to underline that the AEO (authorized economic operator) is a customs authorization[1] able to qualify its ower as “reliable”. This is an “unicum” inside the group of customs decisions that can be granted: inwards processing relief, outward processing relief, customs warehouse, temporay admission, end use and free trade zone and the approved exporter  allow the economic operator either to exercise the right to apply for a special regime or to declare the preferential origin status in the statement of origin instead by means of EUR.1 certificate. In other words, except for the authorized economic operator, the authorizations impact only on the objective element of the customs obligation (it means: the customs debt).

The AEO is released after an audit which covers all the internal produres and data[2] of the applicant that can directly and indirectly impact on the customs obligation.

An approach based on the risks assessment and management is required in all the phases of the AEO: from the audit performed by the competent customs offices to manteinance of the authorization. Indeed, already from the SAQ (self assessment questionnaire) it is recognizable this peculiarity.

But, the risks assessment and management needs an ongoing monitoring of the vital functions of the company organization not only from a customs standpoint but also under a tax, operational and managerial perspectives.

Starting from these guidelines, it is possible to go deeper with the role plaid by the monitoring in the management of the AEO.

Firstly, the AEO holder, regardless of its size organization, must delevolop an internal control and reporting system of the customs areas encompassed into the following perimiter:

  • the customs authorizations held by the economic operator evaluating their modifications and changes. In fact, the management of special regimes and other simplifications depends on customs decisions;
  • imported, produced and exported goods since various considerations related to the customs debt arise from these elements;
  • the organizational structure of the company in relation to the production methods starting from the definition of the good to its marketing;
  • the company organization chart analyzed based on training and information needs in customs matters.

In particular, the point regarding import, exported and manufactured goods should be scrutinized in order to check the quantity and quality of sanctions which should be analysed in comparison with the whole number of customs declarations lodged per year and the internal structure of the company organization.

it is important to give an important role to the monitoring of both the customs classification, origin and value management and the correctness of related documents and data; if from this monitoring arises any lack of knowledge, it is suitable to promote trainings and information on customs matters, corrective actions of processes and set up procedures.

In particular, the adoption of such a measures should be based on the risk audit and structured into four main stages: identification and prioritization of risks, determination of residual risks, reduction of residual risks to an acceptable level and communication of the audit results to the operator economic.

These phases are carried out as follows:

– establish the various activities of the economic operator to identify and prioritize risks, also examining the relevant security plan, if it exists, and the threat assessment, as well as the measures adopted and internal controls;

– confirm the economic operator’s management strategies and procedures and evaluate the controls to determine the audit of residual risks. Where necessary, verify these controls;

– manage any residual risks to bring them back to an acceptable level;

– inform the management and the involved people in sharing the results of the audit.

It is interesting to add that the artifical intelligence systems and techniques applied to the customs pillars (origin, value and classification) should be taken into account in all the phases of the AEO life-cycle: from the self assessment questionnaire (SAQ) to the ongoing monitoring.

Moreover, the monitoring should be cover any company business ruled by the excises regulations and linked to customs operations.

Finally, it is important to take into account that the scheme of trust and check trader, in accordance with the next EU discussions, will be, essentially, based on the reliability concept.