August 11, 2021
After a busy start to the year, regulatory and policy developments related to Artificial Intelligence and Automated Systems (“AI”) have continued apace in the second quarter of 2021. Unlike the comprehensive regulatory framework proposed by the European Union (“EU”) in April 2021,[1] more specific regulatory guidelines in the U.S. are still being proposed on an agency-by-agency basis. President Biden has so far sought to amplify the emerging U.S. AI strategy by continuing to grow the national research and monitoring infrastructure kick-started by the 2019 Trump Executive Order[2] and remain focused on innovation and competition with China in transformative innovations like AI, superconductors, and robotics. Most recently, the U.S. Innovation and Competition Act of 2021—sweeping, bipartisan R&D and science-policy legislation—moved rapidly through the Senate.
While there has been no major shift away from the previous “hands off” regulatory approach at the federal level, we are closely monitoring efforts by the federal government and enforcers such as the FTC to make fairness and transparency central tenets of U.S. AI policy. Overarching restrictions or bans on specific AI use cases have not yet been passed at the federal level, but we anticipate (at the very least) further guidance that insists upon greater transparency and explainability to address concerns about algorithmic discrimination and bias, and, in the near term, increased regulation and enforcement of narrow AI applications such as facial recognition technology.
Our 2Q21 Artificial Intelligence and Automated Systems Legal Update focuses on these key regulatory efforts, and also examines other policy developments within the U.S. and EU that may be of interest to domestic and international companies alike.[3]
________________________
I. U.S. NATIONAL POLICY & REGULATORY DEVELOPMENTS
- Senate Passes Bipartisan U.S. Innovation and Competition Act (S. 1260) to Bolster Tech Competitiveness with China
- U.S. Launches National AI Research Resource Task Force and National Artificial Intelligence Advisory Committee
- Understanding “Trustworthy” AI: NIST Proposes Model to Measure and Enhance User Trust in AI Systems
- GAO Publishes Report “Artificial Intelligence: An Accountability Framework for Federal Agencies and Other Entities”
II. EU POLICY & REGULATORY DEVELOPMENTS
A. EDPB & EDPS Call for Ban on Use of AI for Facial Recognition in Publicly Accessible Spaces
________________________
On June 8, 2021, the U.S. Senate voted 68-32 to approve the U.S. Innovation and Competition Act (S. 1260), intended to grow the boost the country’s ability to compete with Chinese technology by investing more than $200 billion into U.S. scientific and technological innovation over the next five years, listing artificial intelligence, machine learning, and autonomy as “key technology focus areas.”[4] $80 billion is earmarked for research into AI, robotics, and biotechnology. Among various other programs and activities, the bill establishes a Directorate for Technology and Innovation in the National Science Foundation (“NSF”) and bolsters scientific research, development pipelines, creates grants, and aims to foster agreements between private companies and research universities to encourage technological breakthroughs.
The Act also includes provisions labelled as the “Advancing American AI Act,”[5] intended to “encourage agency artificial intelligence-related programs and initiatives that enhance the competitiveness of the United States” while ensuring AI deployment “align[s] with the values of the United States, including the protection of privacy, civil rights, and civil liberties.”[6] The AI-specific provisions mandate that the Director of the Office for Management and Budget (“OMB”) shall develop principles and policies for the use of AI in government, taking into consideration the NSCAI report, the December 3, 2020 Executive Order “Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government,” and the input of various interagency councils and experts.[7]
On January 1, 2021, President Trump signed the National Defense Authorization Act (“NDAA”) for Fiscal Year 2021 into law, which included the National AI Initiative Act of 2020 (the “Act”). The Act established the National AI Initiative, creating a coordinated program across the federal government to accelerate AI research and application to support economic prosperity, national security, and advance AI leadership in the U.S.[8] In addition to creating the Initiative, the Act also established the National AI Research Resource Task Force (the “Task Force”), convening a group of technical experts across academia, government and industry to assess and provide recommendations on the feasibility and advisability of establishing a National AI Research Resource (“NAIRR”).
On June 10, 2021, the White House Office of Science and Technology Policy (“OSTP”) and the NSF formed the Task Force pursuant to the requirements in the NDAA.[9] The Task Force will develop a coordinated roadmap and implementation plan for establishing and sustaining a NAIRR, a national research cloud to provide researchers with access to computational resources, high-quality data sets, educational tools and user support to facilitate opportunities for AI research and development. The roadmap and plan will also include a model for governance and oversight, technical capabilities and an assessment of privacy and civil liberties, among other contents. Finally, the Task Force will submit two reports to Congress to present its findings, conclusions and recommendations—an interim report in May 2022 and a final report in November 2022. The Task Force includes 10 AI experts from the public sector, private sector, and academia, including DefinedCrowd CEO Daniela Braga, Google Cloud AI chief Andrew Moore, and Stanford University’s Fei-Fei Li. Lynne Parker, assistant director of AI for the OSTP, will co-chair the effort, along with Erwin Gianchandani, senior adviser at the NSF. A request for information (“RFI”) will be posted in the Federal Register to gather public input on the development and implementation of the NAIRR.
The Biden administration also announced the establishment of the National AI Advisory Committee, which is tasked with providing recommendations on various topics related to AI, including the current state of U.S. economic competitiveness and leadership, research and development, and commercial application. [10] Additionally, the Advisory Committee will assess the management, coordination and activities of the National AI Initiative, and societal, ethical, legal, safety and security matters, among other considerations. An RFI will be posted in the Federal Register to call for nominations of qualified experts to help develop recommendations on these issues, including perspectives from labor, education, research, startup businesses and more.
In June 2021 the National Institute of Standards and Technology (“NIST”), tasked by the Trump administration to develop standards and measures for AI, released its report of how to identify and manage biases in AI technology.[11] NIST is accepting comments on the document until September 10, 2021 (extended from the original deadline of August 5, 2021), and the authors will use the public’s responses to help shape the agenda of several collaborative virtual events NIST will hold in coming months.
In June 2021, the U.S. Government Accountability Office (“GAO”) published a report identifying key practices to help ensure accountability and responsible AI use by federal agencies and other entities involved in the design, development, deployment, and continuous monitoring of AI systems. In its executive summary, the agency notes that these practices are necessary as a result of the particular challenges faced by government agencies seeking to regulate AI, such as the need for expertise, limited access to key information due to commercial procurement of AI systems, as well as a limited understanding of how an AI system makes decisions.[12]
The report identifies four key focus areas: (1) organization and algorithmic governance; (2) system performance; (3) documenting and analyzing the data used to develop and operate an AI system; and (4) continuous monitoring and assessment of the system to ensure reliability and relevance over time.[13]
The key monitoring practices identified by the GAO are particularly relevant to organizations and companies seeking to implement governance and compliance programs for AI-based systems and develop metrics for assessing the performance of the system. The GAO report notes that monitoring is a critical tool for several reasons: first, it is necessary to continually analyze the performance of an AI model and document findings to determine whether the results are as expected, and second, monitoring is key where a system is either being scaled or expanded, or where applicable laws, programmatic objectives, and the operational environment change over time.[14]
On May 19, 2021, Senators Rob Portman (R-OH) and Martin Heinrich (D-NM), introduced the bipartisan Artificial Intelligence Capabilities and Transparency (“AICT”) Act.[15] AICT would provide increased transparency for the government’s AI systems, and is based primarily on recommendations promulgated by the National Security Commission on AI (“NSCAI”) in April 2021.[16] It would establish a Chief Digital Recruiting Officer within the Department of Defense, the Department of Energy, and the Intelligence Community to identify digital talent needs and recruit personnel, and recommends that the NSF should establish focus areas in AI safety and AI ethics as a part of establishing new, federally funded National Artificial Intelligence Institutes.
The AICT bill was accompanied by the Artificial Intelligence for the Military (AIM) Act.[17] The AICT Act would establish a pilot AI development and prototyping fund within the Department of Defense aimed at developing AI-enabled technologies for the military’s operational needs, and would develop a resourcing plan for the DOD to enable development, testing, fielding, and updating of AI-powered applications.[18]
As we have noted previously, companies using algorithms, automated processes, and/or AI-enabled applications are now squarely on the radar of both federal and state regulators and lawmakers focused on addressing algorithmic accountability and transparency from a consumer protection perspective.[19] The past quarter again saw a wave of proposed privacy-related federal and state regulation and lawsuits indicative of the trend for stricter regulation and enforcement with respect to the use of AI applications that impact consumer rights and the privacy implications of AI. As a result, companies developing and using AI are certain to be focused on these issues in the coming months, and will be tackling how to balance these requirements with further development of their technologies. We recommend that companies developing or deploying automated decision-making adopt an “ethics by design” approach and review and strengthen internal governance, diligence and compliance policies.
On June 15, 2021, Senators Edward Markey (D-Mass.), Jeff Merkley (D-Ore), Bernie Sanders (II-Vt.), Elizabeth Warren (D-Mass.), and Ron Wyden (D-Ore.), and Representatives Pramila Jayapal (D-Wash.), Ayanna Pressley, (D-Mass.), and Rashida Tlaib, (D-Mich.), reintroduced the Facial Recognition and Biometric Technology Moratorium Act, which would prohibit agencies from using facial recognition technology and other biometric tech—including voice recognition, gate recognition, and recognition of other immutable physical characteristics—by federal entities, and block federal funds for biometric surveillance systems.[20] As we previously reported, a similar bill was introduced in both houses in the previous Congress but did not progress ut of committee.[21]
The legislation, which is endorsed by the ACLU and numerous other civil rights organizations, also provides a private right of action for individuals whose biometric data is used in violation of the Act (enforced by state Attorneys General), and seeks to limit local entities’ use of biometric technologies by tying receipt of federal grant funding to localized bans on biometric technology. Any biometric data collected in violation of the bill’s provisions would also be banned from use in judicial proceedings.
On May 27, 2021, Senator Edward J. Markey (D-Mass.) and Congresswoman Doris Matsui (CA-06) introduced the Algorithmic Justice and Online Platform Transparency Act of 2021 to prohibit harmful algorithms, increase transparency into websites’ content amplification and moderation practices, and commission a cross-government investigation into discriminatory algorithmic processes across the national economy.[22] The Act would prohibit algorithmic processes on online platforms that discriminate on the basis of race, age, gender, ability and other protected characteristics. In addition, it would establish a safety and effectiveness standard for algorithms and require online platforms to describe algorithmic processes in plain language to users and maintain detailed records of these processes for review by the FTC.
On June 22, 2021, the House voted 325-103 to approve the Consumer Safety Technology Act, or AI for Consumer Product Safety Act (H.R. 3723), which requires the Consumer Product Safety Commission to create a pilot program that uses AI to explore consumer safety questions such as injury trends, product hazards, recalled products or products that should not be imported into the U.S.[23] This is the second time the Consumer Safety Technology Act has passed the House. Last year, after clearing the House, the bill did not progress in the Senate after being referred to the Committee on Commerce, Science and Transportation.[24]
In June 2021, Senator Kirsten Gillibrand (D-NY) introduced the Data Protection Act of 2021, which would create an independent federal agency to protect consumer data and privacy.[25] The main focus of the agency would be to protect individuals’ privacy related to the collection, use, and processing of personal data.[26] The bill defines “automated decisions system” as “a computational process, including one derived from machine learning, statistics, or other data processing or artificial intelligence techniques, that makes a decision, or facilitates human decision making.”[27] Moreover, using “automated decision system processing” is a “high-risk data practice” requiring an impact evaluation after deployment and a risk assessment on the system’s development and design, including a detailed description of the practice including design, methodology, training data, and purpose, as well as any disparate impacts and privacy harms.[28]
The second quarter of 2021 saw new legislative proposals relating to the safe deployment of autonomous vehicles (“AVs”). As we previously reported, federal regulation of CAVs has so far faltered in Congress, leaving the U.S. without a federal regulatory framework while the development of autonomous vehicle technology advances. In June 2021, Representative Bob Latta (R-OH-5) again re-introduced the Safely Ensuring Lives Future Deployment and Research Act (“SELF DRIVE Act”) (H.R. 3711), which would create a federal framework to assist agencies and industries to deploy AVs around the country and establish a Highly Automated Vehicle Advisory Council within the National Highway Traffic Safety Administration (“NHTSA”). Representative Latta had previously introduced the bill in September 23, 2020 and in previous sessions.[29]
Also in June 2021, the Department of Transportation (“DOT”) released its “Spring Regulatory Agenda,” and proposed that the NHTSA establish rigorous testing standards for AVs as well as a national incident database to document crashes involving AVs.[30] The DOT indicated that there will be opportunities for public comments on the proposals, and we stand ready to assist companies who wish to participate with submitting such comments.
Further, NHTSA issued a Standing General Order on June 29, 2021 requiring manufacturers and operators of vehicles equipped with certain automated driving systems (“ADS”)[31] to report certain crashes to NHTSA to enable the agency to exercise oversight of potential safety defects in AVs operating on publicly accessible roads.[32]
Finally, NHTSA extended the period for public comments in response to its Advance Notice of Proposed Rulemaking (“ANPRM”), “Framework for Automated Driving System Safety,” until April 9, 2021.[33] The ANPRM acknowledged that the NHTSA’s previous AV-related regulatory notices “have focused more on the design of the vehicles that may be equipped with an ADS—not necessarily on the performance of the ADS itself.”[34] To that end, the NHTSA sought input on how to approach a performance evaluation of ADS through a safety framework, and specifically whether any test procedure for any Federal Motor Vehicle Safety Standard (“FMVSS”) should be replaced, repealed, or modified, for reasons other than for considerations relevant only to ADS. NHTSA noted that “[a]lthough the establishment of an FMVSS for ADS may be premature, it is appropriate to begin to consider how NHTSA may properly use its regulatory authority to encourage a focus on safety as ADS technology continues to develop,” emphasizing that its approach will focus on flexible “performance-oriented approaches and metrics” over rule-specific design characteristics or other technical requirements.[35]
On April 21, 2021, the European Commission (“EC”) presented its much-anticipated comprehensive draft of an AI Regulation (also referred to as the “Artificial Intelligence Act”).[36] It remains uncertain when and in which form the Artificial Intelligence Act will come into force, but recent developments underscore that the EC has set the tone for upcoming policy debates with this ambitious new proposal. We stand ready to assist clients with navigating the potential issues raised by the proposed EU regulations as we continue to closelymonitor developments in that regard.
On June 21, 2021, the European Data Protection Board (“EDPB”) and European Data Protection Supervisor (“EDPS”) published a joint Opinion calling for a general ban on “any use of AI for automated recognition of human features in publicly accessible spaces, such as recognition of faces, gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioral signals, in any context.”[37]
In their Opinion, the EDPB and the EDPS welcomed the risk-based approach underpinning the EC’s proposed AI Regulation and emphasized that it has important data protection implications. The Opinion also notes the role of the EDPS—designated by the EC’s AI Regulation as the competent authority and the market surveillance authority for the supervision of the EU institutions—should be further clarified.[38] Notably, the Opinion also recommended “a ban on AI systems using biometrics to categorize individuals into clusters based on ethnicity, gender, political or sexual orientation, or other grounds on which discrimination is prohibited under Article 21 of the Charter of Fundamental Rights.”
Further, the EDPB and the EDPS noted that they “consider that the use of AI to infer emotions of a natural person is highly undesirable and should be prohibited, except for very specified cases, such as some health purposes, where the patient emotion recognition is important, and that the use of AI for any type of social scoring should be prohibited.”
________________________
[1] For more information on the EU’s proposed regulations, please see our Artificial Intelligence and Automated Systems Legal Update (1Q21).
[2] For more details, please see our previous alerts: Fourth Quarter and 2020 Annual Review of Artificial Intelligence and Automated Systems; and President Trump Issues Executive Order on “Maintaining American Leadership in Artificial Intelligence.”
[3] Note also, for example, the Government of Canada’s “Consultation on a Modern Copyright Framework for Artificial Intelligence and the Internet of Things.” The consultation seeks public comment on the interplay between copyright, AI, and the “Internet of Things.” With respect to AI, the consultation paper covers three potential areas of reform: (1) text and data mining (TDM), also known as “Big Data”; (2) authorship and ownership of works generated by AI; and (3) copyright infringement and liability regarding AI. With respect to IoT, the paper outlines twin concerns of repair and interoperability of IoT devices. The comment period is open until September 17, 2021. There have also been several recent policy developments in the UK, including the Government’s “Ethics, Transparency and Accountability Framework for Automated Decision-Making” (available here), and the UK Information Commissioner’s Opinion and accompanying blog post on “The Use of Live Facial Recognition Technology in Public Places.”
[4] S. 1260, 117th Cong. (2021).
[7] Id., §4204. For more details on the NSCAI report and 2020 Executive Order, please see our Fourth Quarter and 2020 Annual Review of Artificial Intelligence and Automated Systems.
[9] The White House, Press Release, The Biden Administration Launches the National Artificial Intelligence Research Resource Task Force (June 10, 2021), available at https://www.whitehouse.gov/ostp/news-updates/2021/06/10/the-biden-administration-launches-the-national-artificial-intelligence-research-resource-task-force/.
[11] Draft NIST Special Publication 1270, A Proposal for Identifying and Managing Bias in Artificial Intelligence (June 2021), available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1270-draft.pdf?_sm_au_=iHVbf0FFbP1SMrKRFcVTvKQkcK8MG.
[12] U.S. Government Accountability Office, Artificial Intelligence: An Accountability Framework for Federal Agencies and Other Entities, Highlights of GAO-21-519SP, available at https://www.gao.gov/assets/gao-21-519sp-highlights.pdf.
[14] U.S. Government Accountability Office, Artificial Intelligence: An Accountability Framework for Federal Agencies and Other Entities, Full Report GAO-21-519SP, available at https://www.gao.gov/assets/gao-21-519sp.pdf.
[15] S. 1705, 117th Cong. (2021); see also Press Release, Senator Martin Heinrich, ‘Heinrich, Portman Announce Bipartisan Artificial Intelligence Bills To Boost AI-Ready National Security Personnel, Increase Governmental Transparency’ (May 12, 2021), available at https://www.heinrich.senate.gov/press-releases/heinrich-portman-announce-bipartisan-artificial-intelligence-bills-to-boost-ai-ready-national-security-personnel-increase-governmental-transparency.
[16] For more information, please see our Artificial Intelligence and Automated Systems Legal Update (1Q21).
[17] S. 1776, 117th Cong. (2021).
[18] S. 1705, 117th Cong. (2021).
[19] See our Artificial Intelligence and Automated Systems Legal Update (1Q21).
[20] S. _, 117th Cong. (2021); see also Press Release, Senators Markey, Merkley Lead Colleagues on Legislation to Ban Government Use of Facial Recognition, Other Biometric Technology (June 15, 2021), available at https://www.markey.senate.gov/news/press-releases/senators-markey-merkley-lead-colleagues-on-legislation-to-ban-government-use-of-facial-recognition-other-biometric-technology.
[21] For more details, please see our previous alerts: Fourth Quarter and 2020 Annual Review of Artificial Intelligence and Automated Systems.
[22] S. 1896, 117th Cong. (2021); see also Press Release, Senator Markey, Rep. Matsui Introduce Legislation to Combat Harmful Algorithms and Create New Online Transparency Regime (May 27, 2021), available at https://www.markey.senate.gov/news/press-releases/senator-markey-rep-matsui-introduce-legislation-to-combat-harmful-algorithms-and-create-new-online-transparency-regime.
[23] H.R. 3723, 117th Cong. (2021).
[24] Elise Hansen, House Clears Bill To Study Crypto And Consumer Protection, Law360 (June 23, 2021), available at https://www.law360.com/articles/1396110/house-clears-bill-to-study-crypto-and-consumer-protection.
[25] S. 2134, 117th Cong. (2021); see also Press Release, Office of U.S. Senator Kirsten Gillibrand, Press Release, Gillibrand Introduces New And Improved Consumer Watchdog Agency To Give Americans Control Over Their Data (June 17, 2021), available at https://www.gillibrand.senate.gov/news/press/release/gillibrand-introduces-new-and-improved-consumer-watchdog-agency-to-give-americans-control-over-their-data.
[26] Under the proposed legislation, “personal data” is defined as “electronic data that, alone or in combination with other data—(A) identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, household, or device; or (B) could be used to determine that an individual or household is part of a protected class.” Data Protection Act of 2021, S. 2134, 117th Cong. § 2(16) (2021).
[28] Id., § 2(11)-(13) (2021).
[29] As we addressed in previous legal updates, the House previously passed the SELF DRIVE Act (H.R. 3388) by voice vote in September 2017, but its companion bill (the American Vision for Safer Transportation through Advancement of Revolutionary Technologies (“AV START”) Act (S. 1885)) stalled in the Senate. For more details, see our Fourth Quarter and 2020 Annual Review of Artificial Intelligence and Automated Systems.
[30] U.S. Department of Transportation, Press Release, U.S. Department of Transportation Releases Spring Regulatory Agenda (June 11, 2021), available at https://www.transportation.gov/briefing-room/us-department-transportation-releases-spring-regulatory-agenda.
[31] For a full description of the Society of Automotive Engineers (“SAE”) levels of driving automation, see SAE J3016 Taxonomy and Definitions for Terms Related to Driving Automation Systems for On-Road Motor Vehicles (April 2021), available at https://www.nhtsa.gov/technology-innovation/automated-vehicles-safety#topic-road-self-driving.
[32] See NHTSA, Standing General Order on Crash Reporting for Levels of Driving Automation 2-5, available at https://www.nhtsa.gov/laws-regulations/standing-general-order-crash-reporting-levels-driving-automation-2-5.
[33] 49 CFR 571, available at https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/ads_safety_principles_anprm_website_version.pdf
[36] For a fulsome analysis of the draft AI Regulation, please see our Artificial Intelligence and Automated Systems Legal Update (1Q21).
[37] Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence, available at https://edpb.europa.eu/system/files/2021-06/edpb-edps_joint_opinion_ai_regulation_en.pdf.
[38] EDPS, Press Release, EDPB & EDPS Call For Ban on Use of AI For Automated Recognition of Human Features in Publicly Accessible Spaces, and Some Other Uses of AI That Can Lead to Unfair Discrimination (June 21, 2021), available at https://edps.europa.eu/press-publications/press-news/press-releases/2021/edpb-edps-call-ban-use-ai-automated-recognition_en?_sm_au_=iHVWn7njFDrbjJK3FcVTvKQkcK8MG.
The following Gibson Dunn lawyers prepared this client update: H. Mark Lyon, Frances Waldmann, Samantha Abrams-Widdicombe, Tony Bedel, Emily Lamm, Prachi Mistry, and Derik Rao.
Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Artificial Intelligence and Automated Systems Group, or the following authors:
H. Mark Lyon – Palo Alto (+1 650-849-5307, [email protected])
Frances A. Waldmann – Los Angeles (+1 213-229-7914,[email protected])
Please also feel free to contact any of the following practice group members:
Artificial Intelligence and Automated Systems Group:
H. Mark Lyon – Chair, Palo Alto (+1 650-849-5307, [email protected])
J. Alan Bannister – New York (+1 212-351-2310, [email protected])
Patrick Doris – London (+44 (0)20 7071 4276, [email protected])
Kai Gesing – Munich (+49 89 189 33 180, [email protected])
Ari Lanin – Los Angeles (+1 310-552-8581, [email protected])
Robson Lee – Singapore (+65 6507 3684, [email protected])
Carrie M. LeRoy – Palo Alto (+1 650-849-5337, [email protected])
Alexander H. Southwell – New York (+1 212-351-3981, [email protected])
Christopher T. Timura – Washington, D.C. (+1 202-887-3690, [email protected])
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, [email protected])
Michael Walther – Munich (+49 89 189 33 180, [email protected])
© 2021 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.