Posted

Earlier this year, the UK’s Competition and Markets Authority (CMA) published an update to its initial report on AI foundation models which presented the CMA’s findings on key changes in the foundation model sector and included stakeholder feedback. (Our thoughts on the initial September 2023 report, which provides a summary of foundation models and the CMA’s initial review, can be found here.) The updated report confirms the CMA’s final competition and consumer protection principles and details how the CMA plans to continue its investigations into the impact of foundation models on digital markets and take enforcement against unfair competition. The updated report also outlines recent and upcoming initiatives and publications from the CMA, emphasizing the importance of collaboration and cooperation between regulators in the digital markets sector.

Continue reading

Posted

ai-data-governance-722210487-e1730305423540-300x246Google recently unveiled its latest AI-integrated search engine—and the internet didn’t hold back, roasting it for suggesting recipes like glue-infused pizza sauce and recommending rocks as a nutritious snack. The tech giant’s AI bot could scrape the web’s boundless resources and serve up answers, but apparently, it couldn’t tell sincerity from sarcasm or facts from wild fiction. This fiasco is just another reminder of why data governance really matters.

Continue reading

Posted

The California legislature recently passed Assembly Bill 2013 (AB 2013) on August 27, 2024, a measure aimed at enhancing transparency in AI training and development. If signed into law by Governor Gavin Newsom, developers of generative AI systems or services that are made available to Californians would be required to disclose significant information on the data used to train such AI systems or services. This, in turn, may raise novel compliance burdens for AI providers as well as unique challenges for customers in interpreting the information.

Continue reading

Posted

In a landmark moment for global AI governance, the United States, European Union and United Kingdom have signed the Council of Europe’s framework convention on artificial intelligence and human rights, democracy, and the rule of law (the “Convention”), the first legally binding international treaty on AI.

Continue reading

Posted

GettyImages-1490939019-300x193On July 25, 2024, the Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC) issued a joint statement describing potential risks related to banks’ deposit arrangements with fintechs and other third parties. The agencies also published a joint request for information (RFI) seeking input on the risk management practices employed in a wider variety of arrangements between banks and fintechs. These joint actions follow an increase in regulators’ enforcement actions involving bank-fintech arrangements and are the latest step in their efforts to more closely monitor those relationships.

Continue reading

Posted

As part of NIST’s recent mandate to formalize AI Testing set forth in President Joe Biden’s Executive Order on AI, NIST recently released a testbed called Dioptra that can be utilized to conduct evaluations to assess AI developers’ claims about their systems’ performance. Dioptra helps users identify attacks that would reduce model performance, and quantify the failures that potentially result. Dioptra’s capabilities align with the core principles of rigorous AI testing, emphasizing the necessity of validating AI systems against risks such as reliability, security, and fairness.

Continue reading

Posted

In light of the increasing organizational use of and reliance on software and the concerns raised regarding the malicious use of the same, the UK Government has published a response to its call for views on software resilience and security for businesses and organizations. (See here for details of the call for views.) The UK Government has unveiled an ambitious plan to enhance software security practices in the UK by proposing baseline security expectations for software vendors in an effort to seek more transparency and consistency for customers.

Continue reading

Posted

More than two decades in, cloud computing is no longer a technology that requires a herald or proselytizer. What began with government agencies and then financial institutions seeking expanded storage solutions and an alternative to enterprise applications anchored to physical locations has matured into a cornerstone of many services the average person uses and benefits from every day.

But even as companies ponder exactly how, when, and to what extent cloud services such as IaaS (infrastructure as a service), PaaS (platform as a service), and cloud native solutions might best serve their needs, one thing remains constant—cloud transformation is complex and fraught with potential pitfalls.

Continue reading

Posted

Reliability, security, and legal compliance. These are assurances that customers purchasing technology products expect from their providers, and which are often required as part of the contracts for such products. AI Providers, however, are lagging in their willingness to contractually commit to such assurances, let alone deliver in practice. Thus, as AI products grow in both popularity and technical complexity, robust testing tools become indispensable. Unfortunately, utilization of such tools may unwittingly expose companies to legal risks, particularly in that user testing breaches the use rights, license restrictions, or allocation of intellectual property rights to which the parties commit in the contract for the AI product.

Continue reading

Posted

On March 12, 2024, Acting Comptroller of the Currency Michael Hsu indicated in a speech that regulations may soon be forthcoming that would be designed to bolster larger depository institutions’ ability to withstand disruptions to their critical operations. If enacted, these regulations would require covered financial institutions (and by extension, their third-party service providers) to satisfy operational resilience requirements at a level of granularity that has previously been absent from United States financial regulations.

Continue reading