In July, Amazon, Google, Meta, Microsoft, OpenAI, Anthropic, and Inflection (seven of the largest Artificial Intelligence (AI) companies in the US) signed a non-binding agreement to develop AI responsibly. They promised to:
- Run internal and external security testing of their AI systems before their release.
- Share information about managing AI risks across the industry and with governments, civil society, and academia.
- Invest in cybersecurity and insider threat safeguards.
- Facilitate third-party discovery and reporting of vulnerabilities in their AI systems.
- Develop robust technical mechanisms to ensure users know when content is AI-generated.
- Publicly report on their AI systems’ capabilities, limitations, and appropriate and inappropriate uses.
- Prioritizing research on the societal risks AI systems can pose.
- Develop and deploy systems that help address society’s greatest challenges.
However, as we mentioned, the agreement is non-binding. Which raises the question: what, if any, AI regulation do we have in the US? Let’s dive in.
Federal AI Regulation in the US
No comprehensive AI regulation exists at the federal level. However, the government is considering the issue seriously. It is taking small steps forward in policy development – particularly as it relates to bias – and has prioritized engaging with AI leaders.
President Biden also has signed the Blueprint for an AI Bill of Rights. The document outlines five principles to guide the design, use, and deployment of automated systems in the US. They are:
- Safe and effective systems
- Algorithmic discrimination protections
- Data privacy
- Notice and explanation
- Human alternatives, consideration, and fallback.
However, the Blueprint is only a guide – it is not enforceable.
In terms of AI enforcement, some federal laws and regulations apply to AI. For instance, AI tools that exhibit hiring bias are an enforcement priority. And the US Copyright Office has issued rulings and guidance about AI-generated content. Its position, generally, is that there must be some creative contribution from a human actor for the content to be subject to copyright.
State AI Regulation in the US
No US state has enacted a comprehensive law regulating AI.
At present, all states with a comprehensive privacy law (except Utah) include a limited right against automated decision-making. State privacy laws may also limit data processing and retention in certain circumstances.
A Look Around the World: AI Regulation in Europe
Europe has proposed a comprehensive AI Act that classifies AI systems based on the risk they pose. Its focus is on improving data quality, transparency, human oversight, and accountability. The proposed AI Act is not yet law.
AI Regulation in Canada
Canada’s proposed regulations would require businesses to ensure their AI systems are safe and fair. It proposes to promote accountability in terms of identifying and mitigating the risks AI systems pose and requiring businesses to ensure users understand the uses and limitations of the AI systems.
Key Takeaways for US Businesses
Outside of the regulations that touch upon AI (including privacy, security, and employment laws), businesses are largely left to their own devices regarding AI from a compliance perspective. Through the business lens, it may pay to adopt some AI governance internally.
- Thoroughly reviewing any AI or automated decision systems you put in place for potential risks and monitoring them. It’s worthwhile to maintain a database that ranks the risks and outlines a framework for the point at which you should take steps to reduce the risk AI poses.
- Being transparent about your use of AI systems in internal and external facing materials.
- Ensuring that human oversight is involved in anything generated or decided by AI.
If you need assistance developing your AI governance, reach out. Our attorneys would love to help.
The materials available at this website are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem. Use of and access to this website or any of the e-mail links contained within the site do not create an attorney-client relationship between CGL and the user or browser. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.