In part one of this mini blog series, Arbor Law’s Data Protection specialist Clara Westbrook discussed the legal, compliance and security issues you need to be aware of as you harness the ever evolving power of ChatGPT.
Let’s turn now to the laws surrounding the use of AI and its regulation.
At present there is no dedicated AI regulation but various laws, as touched upon above, are applicable to both the development and use of GAI.
There is currently an EU AI Regulation going through the European legislative process.
This is likely to come into force in early 2024. This law will be a regulation – which means that it will be directly applicable without the need for national implementing legislation.
The draft framework proposes a risk-based approach pursuant. AI activity is categorised between unacceptable, high, limited, and minimal categories, based on risk of harm to the health and safety of individuals. It is also categorised as such due to the extent to which the activity has an adverse impact on the rights and protections of individuals enshrined in the EU Charter of Fundamental Rights.
At one end of the scale, the AI regulation prohibits AI systems that pose an unacceptable risk to fundamental rights under the charter. AI systems identified as high risk will be subject to numerous onerous obligations before they can be placed on the market or used in the EU.
This includes implementing risk management systems which must be maintained for the lifecycle of the AI system, the implementation of data governance, human oversight, and requirements regarding accuracy, robustness and cybersecurity.
AI technology falling into the minimal-risk category will not be subject to restrictions on top of any relevant existing legislation. Failure to comply with the proposed regulation will result in significant fines of up to €30,000,000 or, for companies, up to 6% of total worldwide annual turnover. The EU Commission additionally proposes to establish a European AI Board comprising representatives from both the Commission and Member States.
In March 2023, after some delay, the UK government published its White Paper – ‘A pro-innovation approach to AI regulation‘, which sets out a framework for the UK’s approach to regulating AI.
The government decided not to legislate to create a single function to govern the regulation of AI. It elected to support existing regulators to develop a sector-focused, principles based approach. Regulators including the ICO, the CMA, the FCA, Ofcom, the Health and Safety Executive, and the Human Rights Commission will be required to consider the following five principles to build trust and provide clarity for innovation:
UK regulators will publish non-statutory guidance over the next year, which will also include practical tools like risk assessment templates, and standards.
The guidance will need to be pro-innovation, proportionate, trustworthy, adaptable, clear and collaborative, and underpinned by the following four core elements of the government’s AI framework:
The government also supports the findings of the Vallance Review published earlier in March, which looked at the approach to regulating emerging and digital technologies.
With regard to AI, Sir Patrick Vallance recommended:
While providing for a regulatory sandbox, the AI White Paper does not set out further policy on the relationship between IP and generative AI. However, we understand the Intellectual Property Office is working on a code of practice, expected to be ready by Summer 2023.
It’s important to review the possible use of ChatGPT within your organisation.
To help you do this, we’ve added the next steps from part one of ChatGPT: Legal, Compliance, and Security Issues, together with additional information regarding regulations.
While AI undeniably offers substantial advantages, it also presents hurdles.
It’s important to have expert support and an effective data strategy in place to maintain clear accountabilities and processes that cover how your business manages data.
At Arbor Law, our senior lawyers can help you navigate the complex and dynamic world of data protection. Receive legal advice on how best to manage the use of AI in your organisation and build effective strategies to ensure you are compliant.
Contact us to find out more information.