2023: The Time for Accountable AI is NOW

Partial extract from the original Linux Foundation / The Linux Foundation article at LF AI & Data’s blog 2023: The Time for Accountable AI is NOW — LFAI & Data (lfaidata.foundation), as part of the activities of the Trusted AI Committee.

Introduction

In the rapidly evolving landscape of Artificial Intelligence (AI), the buzz is louder than ever. Since our last exploration into the realm of accountable AI, the world has ridden the wave of Generative AI, with its potential and implications now a topic of global discourse. In this post, we take a deep dive into the key developments and trends in AI regulation, open-source technology’s role in the AI ecosystem, and the pressing need for clear guidelines that emphasize transparency and accountability.

As we explore these complex issues, our aim is to paint a vivid picture of where we stand today and where we need to head to foster a responsible, accountable, and effective AI ecosystem. Whether you’re a policymaker, an industry expert, an academic, or a curious observer, this post is designed to offer insights and spark conversations about the future of AI governance.

Catching up with Generative AI

It’s been eighteen months since our initial LF AI & Data blog about accountable AI (2022), and the case for responsible and accountable AI has become even more relevant today. The Generative AI wave has taken the world by storm, with discussions at all levels including politics, academia, industry, and regulators. Even the general public is coming to understand the power and implications of AI, thanks to increasingly accessible AI tools like ChatGPT.

In this context, we could affirm that the timing we anticipated last year for the AI awareness phase was pretty accurate. In a perfect scenario, 2021–22 was indeed the best period to start preparing an internal AI governance for the organizations. If that was the case for everyone, the first building blocks would have been already there, for adopting teams to analyze how to adopt Generative AI tools, based on a pre-established series of processes, internal Responsible AI (RAI) champions, etc. But reality is that the new era of Generative AI took most of the organizations unprepared, with a changing context that includes new AI regulations and causing inadvertent individual or societal harm. The 2023–2024 period is now the new window of opportunity for most of the companies to apply the technology to their internal AI governance, before AI accountability comes into play (for example, with monetary fines and/or personal C-Suite liability, same as EU’s GDPR)

What is new with AI regulations?

The level of progress we’ve seen could be seen as substantial or meager, depending on one’s perspective. The previous article compared Data Privacy regulations such as CCPA and GDPR with the upcoming AI regulation, as a way to anticipate the adoption and compliance process that companies will need to follow during the next few years. The reality is that the preparation of these regulations has taken some time, but now things are accelerating because most of the different players (e.g., policy makers, corporations, academia, general public, etc.) agree that regulation is crucial.

Part 1 mentioned the “very” European EU AI Act (because of its pro-regulation approach with forbidden cases and focus on fundamental rights) as the main reference, and it is indeed the first case at international level. What’s new here? The original 2021 draft document finally evolved and entered the review and amendments phase, with a major milestone in May 2023 when the mandate for draft negotiation finally started. Now there is a negotiation phase between the key EU stakeholders (Commission, Parlament, States) to agree on the final version of the regulation. At this point, it is already catching up with the latest Generative AI developments for which is including additional transparency measures for training data and content.

Meanwhile, the rest of the world is also taking steps towards AI regulations. There is a mounting pressure in the United States to create a Federal Law for artificial intelligence. Both academia and industry are calling for such regulation to be put in place, a sentiment reflected in a recent shared statement on AI risk.

Even more, both USA and EU are planning to quickly develop an international AI code of conduct, with no legal implications. Any company or individual subscribing to the code has no legal obligations, but just the willingness to adhere to it and do things in a proper way). This is a preliminary measure that may help while regulations get in place, and an interesting declaration of intentions with convergence between the American and the European principles.

We also see this trend in Canada with the current development of their AI and Data Act at the federal level, and the provincial Loi 25 in Quebec (which focuses on data protection, but includes measures for automated decision making), UK (and their opportunity to create a different flavor of what EU is doing with the AI Act), and China (including a new series of “interim measures for management of generative AI”). At the same time, there were some discussions for copyright-related topics regarding Generative AI, and the ability and right to collect proprietary data to train new massive models, including those from the US Copyright Office, and the precedent set by the Japanese Government to allow it.

It’s here that the importance of worldwide collaboration on potential global regulation of AI cannot be overstated. We need only look to the fragmented approach to privacy regulation as an example of how a lack of global coordination can lead to confusion and compliance challenges for companies operating across borders.

Different countries and regions implemented their privacy laws, such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA, now CPRA) in the United States. These varying regulations have created a complex tapestry of requirements that businesses must navigate, causing frustration, inefficiency, and potentially stifling innovation. The lack of harmony in privacy laws has arguably led to unnecessary complexity, without necessarily enhancing data privacy.

In the realm of AI regulation, we have an opportunity to learn from these experiences and strive for a more coordinated approach. A globally harmonized regulatory framework would offer clearer guidance for organizations, reduce administrative burden, and ultimately foster a healthy, responsible global AI ecosystem. As we move forward, international collaboration is crucial to ensure that the promise of AI can be realized without compromising the values we collectively uphold.

Meanwhile, there are a few interesting initiatives for AI regulations and accountability:

• Spain-EU’s first regulatory AI sandbox, starting this year https://portal.mineco.gob.es/RecursosNoticia/mineco/prensa/noticias/2022/20220627-PR_AI_Sandbox_EN.pdf
• Canada’s AI Certification Pilot, with Responsible AI Institute and Standards Council of Canada https://www.globenewswire.com/en/news-release/2022/05/26/2451528/0/en/Responsible-AI-Institute-and-Standards-Council-of-Canada-Launch-First-Artificial-Intelligence-Certification-Pilot.html
• ForHumanity’s AI Act Auditor training (free training, paid certification) https://forhumanity.center/certifications/exams/?v=920f83e594a1

Summarizing, a very evolving and challenging moment, but still leading to what we previously defined as the era of accountable AI. Same as GDPR and other data privacy regulations, companies will need to align and comply with all applicable AI regulations, depending on their geographic activities.