Last time, we continued our “nuts and bolts” series of artificial intelligence (AI) for legal professionals with a look at three recent American Bar Association (ABA) resolutions regarding AI.
Laws and regulations regarding AI are continually evolving with many countries around the world still lacking comprehensive AI regulations. However, there are several existing frameworks and guidelines, as well as recent developments regarding AI regulations that have been or are expected to be passed. In this post, we will discuss some of the current AI regulations that exist, as well as some resources to stay current as the AI regulation landscape changes.
Landscape of Global AI Legislation
Several jurisdictions around the world are active regarding AI governance legislation, including the European Union and United States. Here is the current landscape of AI legislation for those jurisdictions:
EU AI Act: After more than 2 1/2 years of work, European Union policymakers agreed on landmark AI regulations in December 2023. The law, called the Artificial Intelligence Act (AI Act), is intended to be “a flagship legislative initiative with the potential to foster the development and uptake of safe and trustworthy AI across the EU’s single market by both private and public actors. The main idea is to regulate AI based on the latter’s capacity to cause harm to society following a ‘risk-based’ approach: the higher the risk, the stricter the rules.”
According to a release from the Council of the European Union, the main new elements of the provisional agreement are as follows:
- rules on high-impact general-purpose AI models that can cause systemic risk in the future, as well as on high-risk AI systems
- a revised system of governance with some enforcement powers at EU level
- extension of the list of prohibitions but with the possibility to use remote biometric identification by law enforcement authorities in public spaces, subject to safeguards
- better protection of rights through the obligation for deployers of high-risk AI systems to conduct a fundamental rights impact assessment prior to putting an AI system into use.
However, many aspects of the policy are not expected to take effect for 12 to 24 months, a considerable length of time for AI development.
The U.S. hasn’t enacted comprehensive AI regulation yet, but several frameworks and guidelines do exist to provide some level of guidance. They include:
- Executive Order on AI: In October 2023, the White House issued an executive order on AI, touted as “the most sweeping actions ever taken to protect Americans from the potential risks of AI systems”. It requires that developers share their safety test results with the U.S. government, promotes development of standards, tools, and tests to help ensure that AI systems are safe, secure, and trustworthy, and is designed to protect Americans from AI-enabled fraud and other risks.
- AI Training Act (Passed in October 2022): Requires the Office of Management and Budget (OMB) to establish or otherwise provide an artificial intelligence (AI) training program for the acquisition workforce of executive agencies.
- Algorithmic Accountability Act of 2022: Requires certain businesses that use automated decision systems to make critical decisions to study and report about the impact of those systems on consumers.
- National AI Commission Act (June 2023): Bill designed to establish a national artificial intelligence commission.
It should also be noted that many of the recently passed comprehensive data privacy laws were passed and enacted (in part) to address the impact of AI and automation algorithms on personal data. So, the GDPR in Europe – as well as current active comprehensive U.S. data privacy laws in California, Virginia, Colorado, Connecticut, Utah and comprehensive U.S. data privacy laws going into effect in Oregon, Texas, Montana, Iowa, Delaware, Tennessee and Indiana – are also important to know, as they have AI implications as well.
In addition to the EU and U.S., several other jurisdictions have AI regulations that have either been passed or are being considered. They include: Brazil, Canada, China (here and here) and South Korea (note: translations to English are not official translations).
Two Key Resources for Keeping Current on AI Regulations
As we said, laws and regulations regarding AI are continually evolving – this blog post could be out of date next week! With that in mind, here are two key resources for keeping current on AI policies and regulations:
- OECD AI Policy Observatory (OCED.AI): The OECD AI Policy Observatory (OCED.AI) is a live repository of over 800 AI policy initiatives from 69 countries, territories, and the EU. It combines resources from across the OECD and its partners from all stakeholder groups. The repository facilitates dialogue and provides multidisciplinary, evidence-based policy analysis and data on AI’s areas of impact. The site also contains information about other AI resources too, such as working groups, AI principles, trends and data, AI terms & concepts, and other AI observatories and repositories.
- Global AI Legislation Tracker: This tracker from the International Association of Privacy Professionals (IAPP) identifies legislative policy and related developments in a subset of jurisdictions. While it is not globally comprehensive, nor does it include all AI initiatives within each jurisdiction (given the rapid and widespread policymaking in this space), this tracker offers brief commentary on the wider AI context in specific jurisdictions, including the EU and U.S.
You could write an entire book on AI regulations in terms of where they stand today and where they are headed. Jurisdictions all over the world are looking to apply regulations to AI that help manage the risks of AI without significantly restricting the potential benefits of this fast-growing technological area. It’s a difficult undertaking to achieve that balance to the satisfaction of everybody, which is why comprehensive regulations on AI have been slow to come. Regardless, the regulation efforts are ongoing, so it’s important to stay informed not only on which laws and regulations are being passed, but also which ones are in the works.
Next time, we’ll discuss current AI use cases that have been proven effective for legal and eDiscovery tasks.
For more regarding Cimplifi specialized expertise regarding AI & machine learning, click here.
In case you missed the previous blogs in this series, you can catch up here:
We invite you to stay informed and join the conversation about AI. If you have questions, insights, or thoughts to share, please don’t hesitate to reach out.