The future of artificial intelligence (AI) is at an inflection point with the mass-adoption of Generative AI. Comprising of Large Language Models (LLMs), transformers and other neural networks, Generative AI and Foundation Models can create new outputs based on raw data. These serve as building blocks for developing more complex and sophisticated models that have the potential to bring exponential benefits across a variety of use-cases, from commerce and cancer research to climate change.
In its current form, Generative AI is seeing widespread use across a variety of applications – from chatbots like ChatGPT, to synthetic audio, image, and video generators like DALL-E and Stable Diffusion. However, there is increasing concern that despite in-built safeguards, these models might be misused to proliferate mis/disinformation, create inappropriate content, and harvest huge quantities of personal data without informed consent.
With regulatory interest heightening, governments worldwide have accelerated efforts to understand and govern such models. In this blog, we examine some of these emerging regulatory approaches.
Key takeaways
Seeking to establish the world’s first comprehensive regulatory playbook on artificial intelligence with the EU AI Act, the European Union is actively integrating foundation models and generative AI into its legislation. In the Act's latest compromise text, which was jointly adopted by the European Parliament's Internal Market and Civil Liberties Committees on 11 May, lawmakers agreed to a tier-based approach for foundation models and generative AI. (Update: The European Parliament passed the draft Act on 14 June 2023)
Differentiating Foundation Models from broader General Purpose AIs, Members of the European Parliament (MEPs) introduced a new section (Article 28b) to the adopted text to specifically govern the former. This section directs providers of Foundation Models to integrate design, testing, data governance, cybersecurity, performance, and risk mitigation safeguards in their products before placing them on the market, such that foreseeable risks to health, safety, human rights, and democracy are mitigated. Further, the text mandates providers of such models to comply with European environmental standards and register their applications in a database which will be managed by the European Commission.
Also covered under the same section, Generative AI services will be subjected to stricter transparency obligations, with providers of such applications required to inform users when a piece of content is machine-generated, deploy adequate training and design safeguards, and publicly disclose a summary of copyrighted materials used to develop their models.
In addition to the EU AI Act, other efforts are being undertaken to regulate Generative AI applications. Data protection and privacy risks for instance, are being addressed through the GDPR. Just in April, Italy’s Data Protection Authority (DPA) – the Garante, restricted the use of ChatGPT in the country citing no legal basis for its data collection, ordering its maker OpenAI to implement privacy and age-verification safeguards. While OpenAI complied expeditiously, and the ban was subsequently lifted, this prompted parallel investigations from DPAs in Germany, France, and Ireland over the LLM’s data collection practices.
Finally, it is important to mention the EU’s mainstay legislation on problematic content – the Digital Services Act (DSA). Containing provisions to audit algorithms used in content moderation, the current iteration of the primary regulation does not cover Generative AI yet, creating what academics call a ‘dangerous regulatory gap’. However, it seems like the European Commission has taken note of this discrepancy by including generative models in its recent draft rules on auditing algorithms under the DSA. Ultimately, it will be interesting to see whether these regulations will complement each other to create a comprehensive governance regime that is able to keep pace with the rapidity of Generative AI.
On 11 April 2023, the United States’ National Telecommunications and Information Administration (NTIA) issued a request for public comments on creating ‘earned trust’ in AI systems. The NTIA aims to understand what kind of data is needed to conduct algorithmic audits and how regulators can ensure the responsible and ethical innovation of AI systems across all industries. This is in line with other regulatory efforts, such as the National Institute of Standards and Technology's (NIST) AI Risk Management Framework, recent industry commitments to participate in public assessments of Generative AI systems, and the Biden Administration's Blueprint for an AI Bill of Rights.
While there is currently no specific endeavour to govern Generative AI tools at the federal level, it is worth noting that US lawmakers have introduced several legislations covering a number of aspects of automated systems. In these, the Algorithmic Accountability Act leads the pack and if promulgated, would require covered entities to conduct annual impact assessments and audits overseen by the Federal Trade Commission. At present, Massachusetts stands out as the sole state that has introduced a bill aimed at regulating Generative AI. Bill S.31 was in fact, drafted using ChatGPT, and provides Operating Standards on privacy and algorithmic transparency that companies developing Generative AI models must adhere to.
On the same day as the NTIA’s announcement, China’s Cyberspace Administration (CAC) issued draft rules to regulate Generative AI providers. The Administrative Measures for Generative Artificial Intelligence Services seeks to govern Generative AI applications spanning across text, audio, video, and coding capabilities. Open for public comment until 10 May 2023, the draft covers measures on data governance, quality of training data, bias mitigation, and transparency that providers of Generative AI applications must adhere to. The draft specifically targets the issue of content moderation and requires concerned companies to ensure that synthetic content created must be in line with Chinese societal values, free of misleading information, and does not infringe intellectual property. Further, it directs providers to prevent discrimination in training data, deploy proactive filtering measures to remove inappropriate content, and employ labelling techniques to distinguish synthetic media in accordance with China’s Deep Synthesis Provisions.
The Draft also mandates all providers to perform a security assessment before releasing a Generative AI service to the public. In line with the CAC’s Assessment Provisions, this can be conducted independently or through a third-party entity and needs to meet conformity requirements established by the CAC on protection of personal information, identity verification and algorithmic transparency. Finally, providers are required to take measures to prevent their users from getting profiled or addicted to synthetic content and provide channels for swift grievance redressal.
Concerned with clamping down on innovation, India and the UK have taken a different approach to governing Generative AI – asserting the need for a light-touch regulatory regime. While India has currently ruled out the need for an AI-specific legislation, regulatory efforts in the UK seem to have taken steam with the Competition and Markets Authority (CMA) announcing an initial review of Foundation Models, which will help the antitrust regulator understand the AI market and what principles need to be adopted to ensure market competitiveness and consumer protection.
With new regulatory paradigms abound, it is crucial to prioritize the development of AI systems that prioritize ethical principles such as fairness and harm mitigation right from the outset. At Holistic AI, we have pioneered the field of AI ethics and have carried out over 1000 risk mitigations. Using our interdisciplinary approach that combines expertise from computer science, law, policy, ethics, and social science, we take a comprehensive approach to AI governance, risk, and compliance, ensuring that we understand both the technology and the context it is used in.
To find out more about how Holistic AI can help you, schedule a demo with us.
DISCLAIMER: This blog article is for informational purposes only. This blog article is not intended to, and does not, provide legal advice or a legal opinion. It is not a do-it-yourself guide to resolving legal issues or handling litigation. This blog article is not a substitute for experienced legal counsel and does not provide legal advice regarding any situation or employer.
Schedule a call with one of our experts
DISCLAIMER: The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the convenience of the reader, user or browser; Holistic AI does not recommend or endorse the contents of the third-party sites.
Readers of this website should contact their attorney to obtain advice with respect to any particular legal matter. No reader, user, or browser of this site should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client relationship between the reader, user, or browser and website authors, contributors, contributing law firms, or committee members and their respective employers.
The views expressed at, or through, this site are those of the individual authors writing in their individual capacities only – not those of their respective employers, Holistic AI, or committee/task force as a whole. All liability with respect to actions taken or not taken based on the contents of this site are hereby expressly disclaimed. The content on this posting is provided "as is;" no representations are made that the content is error-free.
