Let’s hit a couple of regulatory items.
In the UK, the government has announced a new standard on artificial intelligence to be adopted by government departments and public sector organizations. Organized into two tiers, the standard includes a short description of the algorithmic tool, including how and why it is being used. The second tier offers more detailed information about how the tool works, the datasets that have been used to train the model and the level of human oversight involved. That from Computer Weekly.
In the EU, a similar draft of regulation for AI is getting pushback for not going far enough. A group of 115 not-for-profits focused on advocacy are calling for the April draft to go further.
And in the US, Amazon is getting pushback for providing “misleading or grossly incomplete” data about the number of Covid-19 infections potentially spread in its U.S. facilities, according to a labor group calling on the federal government to investigate the company.
Also in the US, something I missed and wanted to note, the FTC expanded the definition of financial institutions beyond banks – it can include anything from payday lenders, pawnshops, brokerages, mortgage clearinghouses, and motor vehicle dealers. The new rules also require that financial institutions designate a “qualified individual” to oversee their cybersecurity compliance.
And in growing coverage, the National Society of IT Service Providers highlights work done by the National Conference of State Legislators – 45 states and Puerto Rico have introduced or considered more than 250 bills or resolutions that significantly deal with cybersecurity.
Why do we care?
That redefinition of financial institutions stood out for me – that’s much broader, and a trend I don’t expect to see slowing.
We talk about AI ethics a lot on the Killing IT Podcast, so these data points fit the trend for sure.. and notably, not the US. The EU and UK are pushing a lot of tech laws… and we should care because larger companies will simply implement the compliance for all because it makes sense to do so. They want simplification at scale.
So think about this – US citizens get all the downside then.. without any upside of protection. Inaction, or lack of action, is a decision too, and it comes with consequences. So in many cases, US providers need to know EU or UK laws… just because of the impact on the systems they manage.