The Next Phase of AI Regulation in the US and Abroad
July 19, 2019
Recent developments in the U.S. and on the international stage suggest we’re moving into a new phase in regulatory approaches to artificial intelligence (AI) – one where countries are moving forward on determining whether and how AI will be regulated within and across sectors.
AI can be broadly used in a range of applications from voice assistants to autonomous vehicles to medical diagnoses to credit and other financial decisions, and one big question is whether countries will adopt a “one size fits all” approach or one tailored to individual sectors. Despite the differences among
AI applications, both the U.S. and other countries have shown openness to adopting principles and standards across sectors. At the same time, in certain areas – like AI-powered facial recognition – lawmakers and regulators have pushed for more swift and sector-specific action.
Below we recap the current developments in AI regulation, and look at what is coming next. This includes international efforts that – as we have seen with the EU’s General Data Protection Regulation (GDPR) - can directly affect American companies and drive U.S. federal and state regulatory approaches. For further information, check out our latest podcast in which we discuss these developments in more detail.
Internationally, over the past few months, leading global inter-governmental organizations have issued public policy frameworks for AI, typically with input from a range of experts and stakeholders. These are intended to be models for use by governments and other parties around the world. The Organization for Economic Cooperation and Development – the OECD – adopted principles for “trustworthy” AI, first released in March and finalized at highest levels in May. These establish expectations for all actors who participate in the AI system lifecycle. The OECD is also developing practical guidance on ways to act consistently with these principles. And in June the G20 adopted the OECD framework with some variations on details.
Regional and national initiatives are also underway. The European Commission (EC) has conducted an extensive effort to develop ethics guidelines for AI that were released in April. Their implementation guidance is occurring through a pilot using an assessment list in which participants report on 130+ detailed questions as to their practices in this area. Just a few weeks ago, the expert group advising the EC on AI published a report on policy recommendations that includes a section on possible legislative changes to address AI.
Notably, against this backdrop, German Chancellor Angela Merkel recently called for “regulation” of AI along the lines of the GDPR. And the newly elected President of the European Commission, Ursula von der Leyen, has announced her intention to propose legislation on the “human and ethical implications” of AI within her first 100 days in office. The OECD and EC frameworks could provide roadmaps for national regulators intent on taking such action. AI is also an area in which many countries follow the lead of – or at least draw ideas – from the first countries to approach regulation. Indeed, information-sharing and other collaboration among countries on AI is already occurring regularly. At a hearing on international engagement and emerging technologies conducted by the Federal Trade Commission (FTC) in March, the FTC used AI as a timely case study, with panelists that included experts from other countries who expressed interest in heightened collaboration.
In the U.S., the National Institute of Standards and Commerce (NIST) at the Department of Commerce has proposed a federal AI engagement plan that calls for federal agencies to move forward on a range of AI standards, including some that can form the basis of a regulatory approach.
Under the Administration’s Executive Order on AI, released in February, NIST is required to release a plan for federal engagement on AI standards by August 10. NIST released a draft on July 2, with a comment deadline of July 19. The draft outlines a plan for development and use of standards to support deployment of “reliable, robust, and trustworthy systems that use AI technologies.”
While the NIST draft discusses a number of technical standards, it also sees a role for standards development being used to address substantive concerns around AI, such as safety, data quality, and explainability of AI decisions – though the draft is cautious about moving too quickly and not achieving sufficient consensus. In the category of standards “more primed for development,” it includes (among various relatively technical standards) data management, which encompasses data analytics, exchange, quality, and privacy, as well as “human interaction.” And other factors it considers to be at “formative stages” are AI safety, risk management, explainability, and security. It also suggests that ethical considerations may be incorporated into standards “tied tightly to the degree of risk to humans.”
Who will drive standards development? The NIST draft proposes that most of the domestic engagement on AI standard-setting will be driven by individual agencies, with a central coordinator at the National Science and Technology Council. And it heavily emphasizes the role of public-private partnerships, encouraging agencies and industry to work together where they can.
Beyond NIST, one area that has received significant scrutiny by a wide range of lawmakers is the use of AI in facial recognition. In May, the San Francisco Board of Supervisors voted to ban the use of facial recognition software by the police and other agencies. The city of Somerville, Massachusetts followed suit last month. On the federal level, Senators Roy Blunt (R-MO) and Brian Schatz (D-HI) released proposed legislation in March that generally would require notice and affirmative consent for collection and sharing of commercial facial recognition data, and require meaningful human review of decisions based on facial recognition technology is some circumstances. The draft legislation would also require companies making facial recognition technology available as an online service to set up an API to enable independent testing for accuracy and bias. Lawmakers continue to look at regulatory approaches to facial recognition that presage an approach to other technologies that use AI.
Overall, we expect AI regulatory approaches to advance on both the domestic and international fronts in the coming months. Stakeholder participation is key as lawmakers and regulators continue their discussions – and move beyond discussing to proposing potential laws or regulations. As with privacy law, input by industry participants before laws or regulations are passed will be critical in avoiding unintended consequences that can stifle beneficial AI innovation.