July 22, 2020
Despite the global pandemic, lawmakers have continued their efforts to regulate systems using artificial intelligence (“AI”), although progress has notably slowed in the second quarter of 2020. Nonetheless, we observed a steady stream of proposed federal legislation seeking to bolster research of and development in AI, cybersecurity, data protection, and science and technology more broadly. These bills primarily sound in national policy measures and privacy rules that indirectly bear on AI, the use of AI during interviews, facial recognition, and legislative efforts to create commissions to study AI and develop future regulatory approaches. In addition, proposed legislation has also been increasingly focused on establishing standards, guidelines, and best practices for researchers and industry leaders alike. While many federal bills languish in Congress, a state-based patchwork of laws continues to deepen its roots and grow.
Table of Contents
I. U.S. Federal Legislation & Policy
II. State Legislation And Regulation
IV. European Commission’s Assessment List for Trustworthy AI
On June 4, 2020, House Representatives Anna G. Eshoo (D-CA), Anthony Gonzalez (R-OH), and Mikie Sherrill (D-NJ) introduced the National AI Research Resource Task Force Act in the House and Senators Rob Portman (R-OH), and Martin Heinrich (D-NM) introduced the Act in the Senate. The overarching purpose of the bill is to “convene a group of technical experts across academia, government, and industry to develop a detailed plan for how the U.S. can build, deploy, govern, and sustain a national AI research cloud.”
The bill would establish a task force composed of twelve members selected from among technical experts in artificial intelligence—4 from the federal government, 4 from higher education, and 4 from private organizations. The task force would “develop a coordinated roadmap and implementation plan for establishing and sustaining a national artificial intelligence research resource,” creating a plan for ownership and administration of artificial intelligence as well as a model for governance and oversight. The bill emphasizes the importance of: (a) assessing and finding solutions to barriers to the dissemination and use of high-quality government data sets; (b) assessing security requirements and recommending a framework for managing access controls; (c) assessing privacy and civil liberties requirements; and (d) developing a plan for sustaining the national AI research resource. The task force would produce an initial report within 6 months of being appointed and a final report within 3 months thereafter.
On March 12, 2020, Representatives Eddie Bernice Johnson (D-TX) and Frank Lucas (R-OK) of the U.S. House Committee on Science, Space, and Technology introduced the NAIIA, a bipartisan federal bill aimed at establishing “a federal initiative to accelerate and coordinate Federal investments and facilitate new public-private partnerships in research, standards, and education in artificial intelligence.” The bill is co-sponsored by fourteen members of the House Committee on Science, Space, and Technology.
The text of the bill notes that “[t]here is a lack of standards and benchmarking for artificial intelligence systems that academia can use to evaluate the performance of these systems before and after deployment.” To that end, the bill establishes a National Artificial Intelligence Initiative to evaluate AI initiatives and U.S. competitiveness. The bill also allocates $1.2 billion between 2021 and 2025 to carry out an AI research and development program, $4.8 billion to the National Science Foundation, and $391 million to the National Institute of Standards and Technology to create performance benchmarks for AI systems, a framework to assess the trustworthiness of AI systems, and data sharing best practices. These programs would provide AI developers with guidelines for designing AI systems and inform future legislation and regulatory actions.
On January 28, 2020, Representative Frank Lucas (R-OK) and 12 Republican cosponsors, introduced the SALTA, a bill broadly focused on “invest[ing] in basic scientific research and support technology innovation for the economic and national security of the United States.” Representative Lucas emphasized the underlying need for this legislation stemmed from the growing competition from China, which has increased its public research and development funding, as well as the generational challenge of global warming. The purpose of the bill is to “ensure the continued leadership of the United States in science and technology” through several key efforts with respect to the development of AI and the Internet of Things (“IoT”).
The bill would have the National Institute of Standards and Technology (“NIST”) promote U.S. “innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve Americans’ quality of life.” NIST would have a key role in “a broad range of cutting-edge scientific endeavors” including machine learning, AI, cybersecurity, and quantum science and engineering. In addition, the Secretary of Energy would be tasked with “supporting the development of artificial intelligence and data science,” which would include “the implementation of scientific testing to support the development of trustworthy and safe artificial intelligence and data systems” as well as “the development and publication of new cybersecurity tools, encryption methods, and best practices for artificial intelligence and data science.”
The bill would implement a similar approach to IoT and require the Secretary of Energy to “support the expanded connectivity, interoperability, and security of interconnected systems and other aspects of the internet of things” by developing new tools and technologies, convening experts to develop recommendations for standards, guidelines, and best practices, and publishing new cybersecurity tools, encryption methods, and best practices for IoT security.
On February 12, 2020, Senator Jeff Merkley (D-OR) introduced the Ethical Use of Facial Recognition Act, co-sponsored by Senator Cory Booker (D-NJ). The bill would prohibit any federal officer, employee, or contractor from engaging in particular activities with respect to facial recognition technology without a warrant until a congressional commission recommends rules to govern the use and limitations of facial recognition technology for government and commercial uses. The prohibited activities include: setting up a camera to be used with facial recognition, accessing or using information obtain from facial recognition, or importing facial recognition to identify an individual in the U.S. Victims of violations of the bill would be permitted to bring a civil action for injunctive or declaratory relief in federal court. The bill would also prohibit state or local governments from investing in, purchasing, or obtaining images from facial recognition technology.
On June 17, 2020, Senators Martin Heinrich (D-NM) and Rob Portman (R-Ohio), co-founders of the Senate AI Caucus, introduced the bipartisan “Artificial Intelligence for the Armed Forces Act” to help strengthen the Department of Defense’s (DoD) AI capacity by bolstering the number of AI and cyber professionals within it.
The bill would require the Director of the Joint AI Center to report directly to the Secretary of Defense. In addition, the Secretary of Defense would be tasked with developing a training and certification program to better enable the DoD’s human resources workforce to recruit AI and cyber professionals, as well as issuing guidance on how the DoD can better use its authority to onboard AI professionals.
On June 1, 2020, a bipartisan bill titled Exposure Notification Privacy Act (“ENPA”), S. 3861, was introduced by Senators Maria Cantwell (D-WA) and Bill Cassidy (R-LA) and co-sponsored by Senator Amy Klobuchar (D-MN). The ENPA aims to regulate contact tracing apps in the wake of efforts to combat the spread of COVID-19. Two similar acts were introduced in April and May of this year, but were not bipartisan. Health, privacy, and technology experts and advocacy groups have supported the ENPA.
On June 12, 2020, the Financial Industry Regulatory Authority (“FINRA”), released a white paper on artificial intelligence defining the scope of AI as it pertains to the securities industry, identifying areas in which broker-dealers are evaluating or using AI, and regulatory considerations for AI-based tools. FINRA’s intent was for the white paper to serve as a starting point for an ongoing dialogue about the use of AI in the securities industry. Accordingly, FINRA requested comments on all areas covered by the paper.
The key areas in which the white paper contemplates AI being deployed are customer communications, investment processes, operational functions such as compliance and risk management, and administrative functions. FINRA notes that firms employing AI-based applications may “benefit from reviewing and updating their model risk management frameworks to address the new and unique challenges AI models may pose.” Notably, FINRA Rule 3110 requires firms to supervise activities relating to AI applications to ensure that the functions and outputs of the application are properly understood and in line with the firm’s legal and compliance requirements. In addition, FINRA Rule 2010 requires firms to observe high standards of commercial honor and just and equitable principles of trade in the context of their AI applications. As such, FINRA recommends that firms review their data for potential biases and adopt data quality benchmarks and metrics as part of a comprehensive data governance strategy. We stand ready to assist companies interested in providing comments to FINRA or with respect to the implementation of data governance strategies.
A.B. 2269, “the Automated Decision Systems Accountability Act of 2020,” continues to progress through the California state legislature. The bill would require any business that uses an “automated decision system” (“ADS”) to “continually test for biases during the development and usage of the ADS, conduct an ADS impact assessment on its program or device to determine whether the ADS has a disproportionate adverse impact on a protected class ….” ADS is defined broadly as “a computational process, including one derived from machine learning, statistics, or other data processing or artificial intelligence techniques, that makes a decision or facilitates human decision making, that impacts persons.” If the bill passes, businesses would need to “examine if the ADS in question serves reasonable objectives and furthers a legitimate interest” compared to non-AI alternatives and include those conclusions in its impact assessment. The assessment would also need to be summarized and reported to the California Department of Business Oversight. On April 24, the bill was referred to the Committee on Privacy and Consumer Protection. We will continue to monitor A.B. 2269’s progress, since it has potentially significant consequences for a wide range of companies given that the definition of ADS, as it is currently defined, potentially implicates any computational process with an output that “impacts persons.”
A.B. 3119, the “Minimization of Consumer Data Processing Act,” seeks to revise the California Consumer Privacy Act (“CCPA”) by broadening the CCPA definition of “sell” “to mean sharing for monetary or other valuable consideration.” On May 4, 2020 the Committee on Privacy and Consumer Protection released an amended version of the bill. “Share” under the bill would be defined broadly, including “renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means ….” This broad scope could shift AI technologies within the purview of the CCPA, even if they do not think they “sell” consumer information in the traditional sense. The bill, if enacted, would also flip the consumer right to opt-out into a requirement for businesses to obtain opt-in consent from consumers, meaning that a business would not be permitted to share a consumer’s personal information unless she has specifically opted-in and consented to that sharing. We will closely monitor this bill, which has the potential to grant additional rights to consumers—and additional obligations to companies—under CCPA.
Like other states, Massachusetts has recently renewed its efforts to study AI. Bills S.B. 1876 and H.B. 2701 will create a 20-member commission, which will be tasked with “studying and making recommendations relative to the use by the commonwealth of automated decision systems that may affect human welfare, including but not limited to the legal rights and privileges of individuals.” The bill aims to make the state government’s use of AI more transparent to ensure that “individuals are aware of the use of the systems and understand their related … rights.” On May 11, 2020 the Committee on House Rules recommended the bill ought to pass and referred it to the House Committee on Ways and Means. If the bill passes, the commission will deliver its findings publically to the governor this December.
On May 5, 2020, Maryland passed H.B. 1202, banning the use of “a facial recognition service for the purpose of creating a facial template during an applicant’s interview for employment,” unless the interviewee signs a waiver. The bill’s definitions of the technology is directly aimed at AI: “’facial template’ means the machine–interpretable pattern of facial features that is extracted from one or more images ….” The legislation appears to address a concern for potential hiring discrimination that may be borne out of these automated systems, akin to Illinois’ Artificial Intelligence Video Interview Act (effective January 1, 2020), or “AI Video Act,” which similarly required applicants to be notified and consent to the use of AI video analysis during interviews.
At the beginning of this quarter, Washington Governor Jay Inslee approved S.B. 6280, which would curb governmental use of facial recognition. The new law requires bias testing, training to safeguard against potential abuses, and disclosure when the state of Washington or its localities would employ facial recognition. Governor Inslee also partially vetoed the law, eliminating a provision which would establish a legislative task force that would provide recommendations regarding the potential abuses, safeguards, and efficacy of facial recognition services. Businesses have less than a year to comply as the law becomes effective on July 1, 2021.
As federal lawmakers focus on the response to the COVID-19 pandemic and other pressing issues, time is running out to pass a comprehensive AV bill in the current Congressional term. Although AVs are proving useful during the crisis to deliver food and medical supplies, there does not appear to be concerted effort to push legislation forward at the moment, even though the House Energy and Commerce and the Senate Commerce Committees have been working since last year to draft and distribute bill texts to stakeholders for feedback. Some lawmakers, however, concerned with China’s pace of advancement, are turning to industry groups for help. On May 12, 2020, Senate Commerce Committee Chairman Roger Wicker (R-Miss.) and House Energy and Commerce Committee ranking member Rep. Greg Walden (R-Ore.) sent a letter to industry groups emphasizing that China is using the COVID-19 crisis to “gain the upper hand in automotive innovation” and requesting input on how Congress could help to advance self-driving cars.
On June 15, 2020, NHTSA announced a new Department initiative to improve the safety and testing transparency of AVs, the Automated Vehicle Transparency and Engagement for Safe Testing (AV TEST) Initiative. Nine companies and eight states have agreed to participate in this voluntary initiative so far. The participating companies are Beep, Cruise, Fiat Chrysler Automobiles, Local Motors, Navya, Nuro, Toyota, Uber, and Waymo. The states are California, Florida, Maryland, Michigan, Ohio, Pennsylvania, Texas, and Utah.
The purpose of the AV TEST Initiative is to share information concerning the safe development and testing of AVs. In addition to “creating a formal platform for Federal, State, and local government to coordinate and share information in a standard way,” the Department is also creating a public-facing platform where companies and governments can choose to share on-road testing locations and testing activity data, such as vehicle types and uses, dates, frequency, vehicle counts, and routes. The Department is also planning to host nationwide meetings in a bid to promote public engagement and understanding of AVs.
Although the AV TEST Initiative may provide welcome centralization, some safety advocates are critical of the Department’s voluntary approach and failure to develop minimum performance standards.
NHTSA released research findings on twelve FMVSS related to vehicles with automated driving systems—6 crash avoidance standards and 6 crashworthiness standards. Specifically, the project evaluated options regarding technical translations of FMVSS, including the performance requirements and the test procedures, and related Office of Vehicle Safety Compliance (OVSC) test procedures, that may impact regulatory compliance of vehicles equipped with automated driving systems. The report evaluated the regulatory text and test procedures with the goal of identifying possible options to remove regulatory barriers for the compliance verification of ADS-dedicated vehicles (ADS-DVs) that lack manually operated driving controls. The regulatory barriers considered are those that pose unintended and unnecessary regulatory barriers, because the technical translation process does not change the performance standards of the FMVSS being considered.
The FCC granted Applied Information, Inc. (“Applied”) a nationwide Intelligent Transportation Service (ITS) license in the 5.9 GHz spectrum band that authorizes Applied to provide DSRC for the infrastructure and in vehicles. The license enables Applied to provide vehicle to infrastructure (V2I) connected vehicle communications for the transportation infrastructure, including traffic signals, school zone safety beacons and other electronic traffic control and information devices.
At the state level, Washington’s HB 2676, which establishes minimum requirements for the testing of autonomous vehicles, went into effect on June 11, 2020. The bill requires companies testing AVs in Washington to report certain data regarding those tests to the state’s Department of Licensing and to carry $5 million minimum in umbrella liability insurance.
As we noted in our 2019 Artificial Intelligence and Automated Systems Annual Legal Review, in April 2019, the EC released a report from its “High-Level Expert Group on Artificial Intelligence” (“AI HLEG”): the EU “Ethics Guidelines for Trustworthy AI” (“Ethics Guidelines”). The Ethics Guidelines lay out seven ethical principles “that must be respected in the development, deployment, and use of AI systems.”
On the July 17, 2020, the AI HLEG presented its final “Assessment List for Trustworthy AI,” a tool intended to help companies “self-assess” and identify the risks of AI systems they develop, deploy or procure, and implement the Ethics Guidelines in order to mitigate those risks. A previous version of the Assessment List was included in the April 2019 Ethics Guidelines, and this final Assessment List represents an amended version following a piloting process in which over 350 stakeholders participated. The Assessment List is designed as a flexible framework that companies can adapt to their particular needs and the sector they operate in in order to minimize specific risks an AI system might generate. The Assessment List proposes a tailored series of self-assessment questions for each of the seven principles for trustworthy AI set out in the AI HLEG’s Ethics Guidelines (Human Agency and Oversight; Technical Robustness and Safety; Privacy and Data Governance; Transparency; Diversity, Non-Discrimination and Fairness; Societal and Environmental Well-being; and Accountability. The AI HLEG recommends that the tool be used by a “multidisciplinary team.”
Prior to self-assessment, the AI HLEG also recommends that organizations perform a fundamental rights impact assessment (“FRIA”) to establish whether the artificial intelligence system respects the fundamental rights of the EU Charter of Fundamental Rights and the European Convention on Human Rights. As noted in our February 2020 legal update “EU Proposal on Artificial Intelligence Regulation Released,” the EC is also currently developing its own comprehensive legislation and policies, focused on “trustworthy AI,” to govern AI at EU level, and we will continue to closely monitor developments in this space.
 H.R. 7096 (2020), available here; S. 3890 (2020), available here.
 Congresswoman Anna G. Eshoo, Preeminent Universities and Leading Tech Companies Announce Support for Bipartisan, Bicameral Bill to Develop National AI Research Cloud (June 29, 2020), available at https://eshoo.house.gov/media/press-releases/preeminent-universities-and-leading-tech-companies-announce-support-bipartisan.
 The bill has gained the support of leading technology firms and research universities including: IBM, Microsoft, Amazon Web Services, Google, Mozilla, OpenAI, Johns Hopkins University, University of Pennsylvania, Carnegie Mellon University, and Princeton University.
 H.R. 6216, National Artificial Intelligence Initiative Act of 2020, available at https://science.house.gov/imo/media/doc/AI_initiative_SST.pdf.
 House Committee on Science, H.R. 6216, the National Artificial Intelligence Initiative Act of, 2020, available at https://science.house.gov/imo/media/doc/AI%20One%20Pager_clean.pdf.
 Comm. Sci. Space & Tech., Lucas Introduces Comprehensive Legislation to Secure American Leadership in Science and Technology (Jan. 29, 2020), available at https://republicans-science.house.gov/news/press-releases/lucas-introduces-comprehensive-legislation-secure-american-leadership-science.
 S. 3284, available at https://www.congress.gov/bill/116th-congress/senate-bill/3284.
 Martin Heinrich, Heinrich, Portman Introduce Bipartisan Legislation to Strengthen Department of Defense’s Artificial Intelligence Capacity (June 17, 2020), available here.
 S. 3861, Exposure Notifications Privacy Act, available here.
 See S. 3663, COVID-19 Consumer Data Protection Act; S. 3749, Public Health Emergency Privacy Act.
 See Maria Cantwell, Cantwell, Cassidy, and Klobuchar Introduce Bipartisan Legislation to Protect Consumer Privacy, Promote Public Health for COVID-19 Exposure Notification Apps (June 1, 2020), available at https://www.cantwell.senate.gov/news/press-releases/cantwell-cassidy-and-klobuchar-introduce-bipartisan-legislation-to-protect-consumer-privacy-promote-public-health-for-covid-19-exposure-notification-apps.
 FINRA, Artificial Intelligence (AI) in the Securities Industry (June 20), available at https://www.finra.org/sites/default/files/2020-06/ai-report-061020.pdf.
 Note also that the California Consumer Privacy Act (“CCPA”), California’s omnibus privacy law, became enforceable on July 1, 2020. While not directly focused on AI, automated systems enterprises that transact with personal information should monitor whether they fall within the purview of the California law. For more information on legal developments with respect to data privacy, please see Gibson Dunn’s recent and forthcoming legal updates on CCPA, and on a new proposed privacy law, the California Privacy Rights Act (“CPRA”).
 A.B. 2269, 2019-2020 Reg. Sess. (Cal. 2020).
 A.B. 3119, 2019-2020 Reg. Sess. (Cal. 2020).
 H.B. 2701 (May 11, 2020), available at https://malegislature.gov/Bills/191/H2701.
 For more details, please see Gibson Dunn’s Artificial Intelligence and Automated Systems Legal Update (1Q20).
Letter from Jay Inslee, Governor of the State of Washington, to The Senate of the State of Washington (March 31, 2020), available at https://crmpublicwebservice.des.wa.gov/bats/attachment/vetomessage/559a6f89-9b73-ea11-8168-005056ba278b#page=1.
 Maggie Miller, Action on Driverless Cars Hits Speed Bump as Congress Focuses on Pandemic (May 20, 2020), available at https://thehill.com/policy/technology/498863-action-on-driverless-cars-hits-speed-bump-as-congress-focuses-on-pandemic.
 Letter from Roger Wicker and Greg Walden to Industry Groups (May 12, 2020), available at https://republicans-energycommerce.house.gov/wp-content/uploads/2020/05/Wicker-Walden-letter-to-Auto-Stakeholders-5-12-2020.pdf.
 U.S. Dep’t of Transp., U.S. Transportation Secretary Elaine L. Chao Announces First Participants in New Automated Vehicle Initiative to Improve Safety, Testing, and Public Engagement (June 15, 2020), available at https://www.nhtsa.gov/press-releases/participants-automated-vehicle-transparency-and-engagement-for-safe-testing-initiative.
 U.S. Dep’t of Transp., AV TEST Initiative, available at https://www.nhtsa.gov/automated-vehicles-safety/av-test.
 U.S. Dep’t of Transp., AV TEST Initiative Launch Remarks (June 15, 2020), available at https://www.nhtsa.gov/speeches-presentations/av-test-initiative-launch-remarks
 See, e.g., Keith Laing, Michigan, Fiat Chrysler Join Federal Self-Driving Car Initiative, The Detroit News (June 15, 2020), available at https://www.detroitnews.com/story/business/autos/2020/06/15/michigan-fiat-chrysler-join-federal-self-driving-car-initiative/3194309001/
 Blanco, M., Chaka, M., Stowe, L., Gabler, H. C., Weinstein, K., Gibbons, R. B., Fitchett, V. L. (2020, April). FMVSS considerations for vehicles with automated driving systems: Volume 1 (Report No. DOT HS 812 796). National Highway Traffic Safety Administration, available at https://www.nhtsa.gov/sites/nhtsa.dot.gov/files/documents/ads-dv_fmvss_vol1-042320-v8-tag.pdf.
 FCC Grants Applied Information Nationwide License for Connected Vehicle DSRC Radio Operation, Business Wire (June 3, 2020), available at https://www.businesswire.com/news/home/20200603005457/en/FCC-Grants-Applied-Information-Nationwide-License-Connected
 HB 2676, Washington State Legislature, available at https://apps.leg.wa.gov/billsummary/?BillNumber=2676&Year=2020&Initiative=false.
 AI HLEG, Ethics Guidelines for Trustworthy AI, Guidelines (Apr. 8, 2019), available at https://ec.europa.eu/newsroom/dae/document.cfm?doc_id=60419.
 AI HLEG, Assessment List for Trustworthy Artificial Intelligence (ALTAI) for Self-Assessment (Jul. 17 2020), available at https://ec.europa.eu/digital-single-market/en/news/assessment-list-trustworthy-artificial-intelligence-altai-self-assessment.
The following Gibson Dunn lawyers prepared this client update: H. Mark Lyon, Frances Waldmann, Haley Morrisson, Tony Bedel, and Emily Lamm.
Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Artificial Intelligence and Automated Systems Group, or the following authors:
H. Mark Lyon – Palo Alto (+1 650-849-5307, firstname.lastname@example.org)
Frances A. Waldmann – Los Angeles (+1 213-229-7914,email@example.com)
Please also feel free to contact any of the following practice group members:
Artificial Intelligence and Automated Systems Group:
H. Mark Lyon – Chair, Palo Alto (+1 650-849-5307, firstname.lastname@example.org)
J. Alan Bannister – New York (+1 212-351-2310, email@example.com)
Ari Lanin – Los Angeles (+1 310-552-8581, firstname.lastname@example.org)
Robson Lee – Singapore (+65 6507 3684, email@example.com)
Carrie M. LeRoy – Palo Alto (+1 650-849-5337, firstname.lastname@example.org)
Alexander H. Southwell – New York (+1 212-351-3981, email@example.com)
Christopher T. Timura – Washington, D.C. (+1 202-887-3690, firstname.lastname@example.org)
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, email@example.com)
Michael Walther – Munich (+49 89 189 33 180, firstname.lastname@example.org)
© 2020 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.