For Further Information Contact:
UK Update: Deviation for innovation? Government reveals proposed approach to AI regulation
15/08/2022On 18 July 2022, the UK Government published its policy paper on artificial intelligence (“AI”) regulation. This follows on from the National AI Strategy and sets out its intended approach.
There is a general consensus that the field of AI should be regulated, but this is complicated by AI’s rapid development and the range of uses and sectors, which has led to a perceived difficulty in creating an all-encompassing law. This has led to debate about the correct approach to regulation.
Despite the apparent hurdles, the European Commission has recently published its draft regulation (which covers AI as a whole). Its approach is risk-based, with some systems being banned outright, and others strictly regulated. There is the introduction of fines and supervisory authorities, along the line of GDPR. Some commentators have suggested that this approach is onerous and may stifle innovation.
In the UK, governance of AI currently sits uneasily with traditional law, and with a range of different regulators. Particularly in light of the draft EU AI regulation, there had been much discussion around how the UK may approach regulation in practice, including the extent to which it would deviate from the European approach. The policy paper attempts to address this.
There has also been discussion around ethical considerations and using these as guiding principles, with various solutions proposed. Many have argued that using high level principles rather than more rigid legislation may allow for greater flexibility and foster innovation, though there are questions around enforceability.
In this blog we look at the proposed UK approach, its deviation from the EU and what happens next for the industry.
Defining AI and scoping regulation
One of the key issues when regulating AI is the difficulty in defining what is meant by the term. The EU draft regulation notably contains a broad definition which is intended to be future-proof. The policy paper notes that this approach is centred on product safety, but suggests that it does not capture the full application of AI and its regulatory implications, potentially hindering innovation.
The UK policy paper has stopped short of a definition, but has identified two key characteristics to set the scope of UK regulation: the adaptiveness of the technology (i.e. learning through instructions); and autonomy from humans.
“Pro-Innovation” approach
The policy paper indicates that the UK approach is intended to be “pro-innovation” but with security, safety and fundamental values in mind, based on the following elements:
- Context-Specific – Different applications require particular approaches.
- Pro-Innovation & Risk-Based – Regulators to focus on genuine, harmful risks to foster innovation.
- Coherent – A simple, clear, predictable, and stable system required.
- Proportionate & Adaptable – Regulators to look at lighter enforcement.
This deviates from the European approach and arguably lacks “teeth”, with a focus on allowing innovation and less onerous enforcement, with context being key, which the paper recognises risks less uniform regulation.
Cross-sectoral principles
In addition to the contextual approach, the paper suggests that there will be cross-sectoral principles, applicable to all regulators. These are:
- Ensure AI is used safely – safety relevant to their sector.
- Ensure that AI is technically secure and functions as designed – consumer confidence in reliability.
- Make sure that AI is appropriately transparent and explainable – decision-making is easily understood by users.
- Embed considerations of fairness into AI – outcomes should be justifiable.
- Define legal persons’ responsibility for AI governance – accountability for outcomes with human oversight.
- Clarify routes to redress or contestability – clear measures to contest outcomes.
These are relatively high level principles and reflect many of the ethical and practical issues which have been identified by regulators and in literature. The question will of course be how this will be achieved in practice.
Implementation and next steps
The policy paper indicates that the Government is still at an early stage of considering how best to implement its approach to regulation. However, the initial proposal is that the cross-sectoral principles will be introduced through regulators, but not given a statutory footing, with this being kept under review.
The policy paper recognises that there may be a need for legislation in the future. However, the expectation is that legislation would be introduced “by exception” where it is the only viable risk to address high-impact risk.
More detail on the approach will come through a forthcoming white paper and public consultation, expected in late 2022. In the meantime, there is a 10 week call for views and evidence in relation to the Government’s proposed approach which closes on 26 September 2022.
What next?
The policy paper lacks specific detail but indicates a direction of travel towards a “principles” based regulatory environment. This could, of course, change following the responses and white paper.
As with all principles-based regulation, there will be questions around consistency and the strength of enforcement. Some will not be satisfied that the Government’s approach provides an adequate deterrent for bad behaviour, or protection to individuals. However, it does arguably provide greater flexibility (compared to the EU approach) and allow for sector regulators to deal with their particular subjects, and focus on the main harms, against a set of core principles. That said, even with the more onerous approach, some commentators suggested that regulators would have discretion on enforcement, with the EU regulation giving tools for regulators to use, something not yet fully addressed by the UK.
The deviation from the more detailed and onerous EU approach is the most notable aspect of the policy paper. While this lighter regulatory approach is perhaps unsurprising given the rhetoric around Brexit, it remains to be seen how the two approaches will work together in practice. Given that a number of systems providers will operate in the UK and EU, it is likely that they need to comply with the EU regime in any event. As with many areas, we will follow with interest the post-Brexit reality.
By Burness Paull LLP, Scotland, a Transatlantic Law International Affiliated Firm.
For further information or for any assistance please contact ukscotland@transatlanticlaw.com
Disclaimer: Transatlantic Law International Limited is a UK registered limited liability company providing international business and legal solutions through its own resources and the expertise of over 105 affiliated independent law firms in over 95 countries worldwide. This article is for background information only and provided in the context of the applicable law when published and does not constitute legal advice and cannot be relied on as such for any matter. Legal advice may be provided subject to the retention of Transatlantic Law International Limited’s services and its governing terms and conditions of service. Transatlantic Law International Limited, based at 42 Brook Street, London W1K 5DB, United Kingdom, is registered with Companies House, Reg Nr. 361484, with its registered address at 83 Cambridge Street, London SW1V 4PS, United Kingdom.