Posted

The California legislature recently passed Assembly Bill 2013 (AB 2013) on August 27, 2024, a measure aimed at enhancing transparency in AI training and development. If signed into law by Governor Gavin Newsom, developers of generative AI systems or services that are made available to Californians would be required to disclose significant information on the data used to train such AI systems or services. This, in turn, may raise novel compliance burdens for AI providers as well as unique challenges for customers in interpreting the information.

Continue reading

Posted

In a landmark moment for global AI governance, the United States, European Union and United Kingdom have signed the Council of Europe’s framework convention on artificial intelligence and human rights, democracy, and the rule of law (the “Convention”), the first legally binding international treaty on AI.

Continue reading

Posted

GettyImages-1490939019-300x193On July 25, 2024, the Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC) issued a joint statement describing potential risks related to banks’ deposit arrangements with fintechs and other third parties. The agencies also published a joint request for information (RFI) seeking input on the risk management practices employed in a wider variety of arrangements between banks and fintechs. These joint actions follow an increase in regulators’ enforcement actions involving bank-fintech arrangements and are the latest step in their efforts to more closely monitor those relationships.

Continue reading

Posted

As part of NIST’s recent mandate to formalize AI Testing set forth in President Joe Biden’s Executive Order on AI, NIST recently released a testbed called Dioptra that can be utilized to conduct evaluations to assess AI developers’ claims about their systems’ performance. Dioptra helps users identify attacks that would reduce model performance, and quantify the failures that potentially result. Dioptra’s capabilities align with the core principles of rigorous AI testing, emphasizing the necessity of validating AI systems against risks such as reliability, security, and fairness.

Continue reading

Posted

In light of the increasing organizational use of and reliance on software and the concerns raised regarding the malicious use of the same, the UK Government has published a response to its call for views on software resilience and security for businesses and organizations. (See here for details of the call for views.) The UK Government has unveiled an ambitious plan to enhance software security practices in the UK by proposing baseline security expectations for software vendors in an effort to seek more transparency and consistency for customers.

Continue reading

Posted

More than two decades in, cloud computing is no longer a technology that requires a herald or proselytizer. What began with government agencies and then financial institutions seeking expanded storage solutions and an alternative to enterprise applications anchored to physical locations has matured into a cornerstone of many services the average person uses and benefits from every day.

But even as companies ponder exactly how, when, and to what extent cloud services such as IaaS (infrastructure as a service), PaaS (platform as a service), and cloud native solutions might best serve their needs, one thing remains constant—cloud transformation is complex and fraught with potential pitfalls.

Continue reading

Posted

Reliability, security, and legal compliance. These are assurances that customers purchasing technology products expect from their providers, and which are often required as part of the contracts for such products. AI Providers, however, are lagging in their willingness to contractually commit to such assurances, let alone deliver in practice. Thus, as AI products grow in both popularity and technical complexity, robust testing tools become indispensable. Unfortunately, utilization of such tools may unwittingly expose companies to legal risks, particularly in that user testing breaches the use rights, license restrictions, or allocation of intellectual property rights to which the parties commit in the contract for the AI product.

Continue reading

Posted

On March 12, 2024, Acting Comptroller of the Currency Michael Hsu indicated in a speech that regulations may soon be forthcoming that would be designed to bolster larger depository institutions’ ability to withstand disruptions to their critical operations. If enacted, these regulations would require covered financial institutions (and by extension, their third-party service providers) to satisfy operational resilience requirements at a level of granularity that has previously been absent from United States financial regulations.

Continue reading

Posted

GettyImages-804492304-300x200Electronic identification and trust services (eIDAS) refer to a range of services that include verifying the identity of individuals and businesses online and verifying the authenticity of electronic documents. Since 2014, such services provided in the EU have been subject to the eIDAS Regulation, which aimed to create a predictable regulatory environment across the EU and ensure that interoperability across different EU Member States. The eIDAS Regulation’s complexity, inflexibility and perceived limitations resulted in limited adoption, while the COVID-19 pandemic simultaneously fueled an increased demand for electronic identification. Consequently, the European Commission committed to revising the eIDAS Regulation to establish an EU-wide attribute-based electronic identity framework, incorporating a government-issued digital identity wallet to eliminate the dependence on commercial authentication providers.

Continue reading

Posted

Since the release of OpenAI’s ChatGPT, the intense hype around large language models (LLMs) and complex AI systems has exploded. Organizations have rushed to both try and buy these new tools. Along with it, a flood of commentary continues to flow regarding how to use the tools productively and responsibly, along with the legal issues that might arise through such use. Those topics are certainly novel—but when it comes to procuring AI tools, what if the key to successfully purchasing the products is not?

Continue reading