Navigating the Future: The EU AI Act and the UK’s AI Regulation Bill

In a landscape dominated by technological advancements, the spotlight is on AI legislation as the European Parliament and Council of the EU reached a significant political agreement on the European Union Artificial Intelligence (AI) Act. Simultaneously, the UK Artificial Intelligence (Regulation) Bill has emerged as a key player, setting the stage for transformative changes in the realm of AI. Let’s delve into the details of these developments and explore the potential shifts in the UK’s principles-based approach towards legislation.

EU AI Act: A Glimpse into the Future

While the final text of the EU AI Act is not yet available, key elements are expected to bring about substantial changes:

1. Transparency Requirements: ‘General purpose AI models,’ including renowned ones like ChatGPT, will face transparency requirements. This two-tier approach mandates technical documentation availability for all models, with additional obligations for ‘high impact’ models posing a ‘systemic risk.’
2. High-Risk AI Applications: Those with significant risk factors will be required to conduct a ‘fundamental rights impact assessment’ before implementation.
3. Biometric Identification and Facial Recognition: The Act might permit the use of ‘remote biometric identification’ and ‘automated facial recognition’ systems for specific law enforcement purposes.

The expected timeline suggests that the EU AI Act could become law in the summer of 2024, gradually taking effect over the subsequent two years.

UK’s Pro-Innovation Stance: A Shift in Approach?

In March 2023, the UK outlined its ‘pro-innovation’ approach to AI regulation in the government’s AI white paper. Initially signalling no new legislation, the UK leaned towards a principles-based approach, relying on existing laws and sector-based guidance.

Recent developments, however, paint a different picture. The introduction of the UK Artificial Intelligence (Regulation) Bill, an unusual Private Members’ Bill, challenges the initial narrative. This bill aims to regulate AI technology through the creation of a dedicated AI authority and the transformation of AI principles from the white paper into legislative form.

Key provisions include:

1. Regulatory Obligations: The AI authority must consider principles of safety, security, transparency, fairness, accountability, governance, and contestability.
2. Business Compliance: Businesses deploying AI systems must be transparent, compliant with applicable laws, and ensure inclusivity, non-discrimination, accessibility, and reusability.
3. Regulatory Sandboxes: Introduction of regulatory sandboxes for testing AI applications.
4. Designated AI Officers: A new role overseeing AI compliance, akin to data protection officers.
5. Transparency Requirements: AI developers must provide warnings, labels, and records of third-party data and intellectual property used in training AI systems.

UK’s Strategic Wait-and-See Approach

Despite these legislative strides, Michelle Donelan, Secretary of State for Science, Innovation, and Technology, signalled a cautious stance. Acknowledging the rapid pace of technological evolution, she mentioned that the UK government will wait for the right time to legislate on AI, with more announcements expected in the new year.

One critical consideration is whether the UK will establish a new central regulator for AI or upskill existing regulators to avoid duplication. The government’s focus on preventing oversight gaps reinforces the need for a thoughtful and strategic approach.

Looking Ahead: A Dynamic Regulatory Landscape

As both the EU and the UK navigate the complexities of AI regulation, businesses must prepare for potential impacts. Key steps include:

1. AI Assessment: Identify AI solutions in use, understanding their intended purposes.
2. Supply Chain Positioning: Consider the role within the AI supply chain to grasp compliance obligations and risks.
3. Training and Bias Evaluation: Scrutinise how AI solutions are trained, addressing gaps in training data to mitigate inherent biases.
4. Risk Assessment: Document risk assessments aligned with the EU AI Act’s classifications and the UK white paper principles.
5. Compliance Integration: Integrate AI compliance with other factors, including data protection, GDPR, privacy laws, and intellectual property considerations.

In a landscape marked by regulatory dynamism, vigilance and proactive readiness will be the linchpin for businesses navigating the future of AI regulation in both the EU and the UK. Stay tuned for updates as the regulatory landscape continues to evolve.

If you have any queries or would like further information, please visit our website or get in touch via email at [email protected].