The United Kingdom recently published a white paper detailing its “pro-innovation” approach to AI. The UK Department for Science, Innovation and Technology (DSIT) and the Office for Artificial Intelligence published evidence outlining the regulatory framework options for AI governance, which is to regulate AI through the existing regulatory members of the Digital Regulation Cooperation Forum (DRCF). The DRCF is meant to rely on the UK’s existing regulatory framework to develop appropriate guidance on key issues like algorithmic bias, safety and privacy. The DRCF comprises the Competition and Markets Authority, the Information Commissioner’s Office, Ofcom and the Financial Conduct Authority.
- The UK published an AI Regulation Policy white paper, which sets out plans for a risk-based, adaptable regulatory framework
- The UK addresses copyright concerns in AI under existing copyright laws
The UK AI Regulation Policy white paper sets out plans for a risk-based, adaptable regulatory framework. The white paper confirms that five cross-sectoral principles will initially form a non-statutory framework for AI. The UK government may in the future decide to introduce a statutory duty on the DRCF regulators.
- Appropriate transparency and explainability – parties directly affected by the use of an AI system should be able to access sufficient information to be able to enforce their rights, including how the AI system works and how it makes decisions. Bearing in mind that the logic and decision-making in AI systems cannot always be explained meaningfully, the level of explainability should be appropriate to the context, including the level of risk.
- Safety, security and robustness – regulators may need to consider technical standards, for example, addressing testing and data quality.
- Accountability and governance – regulators will need to determine who is accountable for compliance with existing regulations and principles, and provide guidance on how to demonstrate accountability.
- Contestability and redress – those affected should be able to contest an AI decision or outcome that is harmful or creates material risk of harm.
- Fairness – AI systems should not undermine legal rights, discriminate unfairly against individuals or create unfair market outcomes.
The UK recently published a “Pro-Innovation Regulation of Technologies Review,” by Sir Patrick Vallance, which discusses issues of copyright in AI under the Copyright, Designs and Patents Act 1988 (CDPA). The general rule is that the first owner of copyright will be the creator, except if the work is made in the course of employment. Under the CDPA, certain acts related to copyright-protected works are permitted, such as text and data mining. TDM can be used for AI input since it can be used to train AI by analyzing large amounts of information. This permitted act is limited, however, and allows the making of copies of TDM for non-commercial research. This permitted act allows computation analysis of copyright-protected works, but for purposes of AI, any use of such copyright-protected works could only be for non-commercial research. The AI recommendations suggest a code of practice that should be published later this year and a wait-and-see approach to legislative changes based on developments with a view to an international harmonized approach.
The UK’s position in relation to data that includes personal information is quite different. There is no copyright or IP rights in personal data (relevant laws are the UK Data Protection Act 2018 and the UK GDPR). The UK’s regulator, the Information Commissioner’s Office (ICO), has taken a keen interest in AI and has issued guidance on AI and data protection. The guidance covers requirements for fairness in AI and provides a road map to data protection compliance for developers and users of generative AI. Any use of personal data in AI will require compliance with all of the fair processing principles, which in part overlap with some of the ethical concerns related to AI. Some of those principles include fairness, transparency, lawful processing of personal data, security, data minimization and data integrity. The ICO has acknowledged the importance of AI, and, in its normal pragmatic fashion, offers a toolkit to aid compliance.
Given the UK’s laissez-faire approach to regulation, the entertainment and media industry, in the short term, will not be impacted by any new laws, and the use of any personal data must still comply with the UK’s data protection laws.