The rapid development and proliferation of artificial intelligence technology are two of the biggest challenges facing government regulators around the world. While the U.S. and China's approach to A.I. are still in the very early stages, the situation in Europe offers a valuable case study on regulating something as complex and fast-changing as A.I.
It’s now nearly two years since the European Commission proposed an “Artificial Intelligence Act” that is still grinding its way through the EU’s legislative process. On the one hand, this shows how inappropriately slow the A.I. regulation push is, given the breakneck speed at which the technology is developing and deploying. That said, the process’ drawn-out nature could in this case prove beneficial.
The Commission’s original proposal would ban things like the use of A.I.-based social scoring systems by public authorities, and systems that “manipulate persons through subliminal techniques beyond their consciousness.” It deems some A.I. systems “high risk” because of the threat they pose to safety or fundamental civil rights, and hits them with strict transparency, oversight, and security requirements—but the bill’s list of such systems is quite precise, including the likes of biometric identification systems and those used for managing critical infrastructure.
That original proposal doesn’t deal with more general-purpose A.I. systems (not to be confused with “artificial general intelligence”, a.k.a The Singularity) and the only time it references chatbots is when it says they would need just “minimum transparency obligations.” The release of OpenAI’s game-changing GPT technology and its ChatGPT front-end—and the coming onslaught of rival large language models from Google and Meta—has made this approach seem somewhat antiquated, and certainly not up to the task that regulators will face.
But the Commission is only one of the big three EU institutions that get to wrangle new legislation.
At the end of last year, the Council of the EU (the institution that represents the bloc’s national governments) published its preferred version of the bill. This version refers to general-purpose A.I. (GPAI) systems that could potentially be used in high-risk A.I. systems, saying they need to be regulated like high-risk systems themselves.
Obviously, this approach is extremely controversial, with critics arguing the Council’s definition of GPAI—“A.I. systems that are intended by the provider to perform generally applicable functions, such as image/speech recognition, and in a plurality of contexts”—is too fuzzy, and the obligations too laden with legal liabilities for open-source A.I. projects.
Yesterday, the lawmakers who are leading the European Parliament’s scrutiny of the bill presented their take on the GPAI subject. According to Euractiv, which reported on their proposals, the parliament’s A.I. Act “rapporteurs”—the Romanian liberal Dragoș Tudorache and the Italian social-democrat Brando Benifei—would define GPAI as “an A.I. system that is trained on broad data at scale, is designed for generality of output, and can be adapted to a wide range of tasks.”
This would very much cover the likes of the just-released GPT-4, requiring OpenAI to submit to external audits of the system’s performance, predictability, and safety—and even its interpretability. GPAI providers would need to document the risks they cannot mitigate. They would have to identify and mitigate potential biases in the datasets on which their large language models are trained. The rapporteurs’ proposals even include the creation of international A.I. compliance benchmarks. What’s more, a company that distributes or deploys a GPAI and that substantially modifies it, would be seen as a provider of a high-risk A.I. system, and have to comply with all the above. That would presumably include the likes of Microsoft, OpenAI’s deep-pocketed partner.
With Council and Parliament being on roughly the same page regarding general-purpose A.I.—and with EU tech rules being so globally influential—it does seem like meaningful A.I. regulation is coming, at least in Europe. The question is how quickly it will arrive, and how much the landscape might have further shifted by that point. Getting the wording right will be essential if the law is to be relevant by the time it comes into force.
Want to send thoughts or suggestions to Data Sheet? Drop a line here.
David Meyer
Data Sheet’s daily news section was written and curated by Andrea Guzman.
