President Biden issued his Executive Order on AI in October last year and has just released an update on progress against his 180-day deadlines. Top of the to-do list was “establish a framework for nucleic acid synthesis screening to help prevent the misuse of AI for engineering dangerous biological materials”, and thankfully in the US at least such screenings are now in place. But despite the order setting AI wide-ranging targets for the many US agencies, major legislative action is not yet forthcoming.
The Golden State isn’t waiting for Washington. Senate Bill 1047, recently proposed in California, aims to set clear standards for developers of the most advanced AI systems, requiring pre-deployment safety testing and certification, ongoing monitoring, and giving the Attorney General power to hold negligent developers accountable. It’s a bold move for a state that’s at the centre of the AI revolution. Giants like Google, Meta and OpenAI call the state home, as do a range of ambitious startups. And as might be expected SB 1047 like any talk of AI regulation is dividing opinion.
Leading researchers such as Geoffrey Hinton and Yoshua Bengio have spoken out in favour, seeing it as a way to mandate responsible development. Open-source advocates and smaller players are alarmed. Jeremy Howard, a prominent researcher and entrepreneur, argues that the bill’s broad definition of “covered model” could impact well-intentioned, small-scale developers working on beneficial AI projects.
Bigger firms could also be impacted. A key complexity is how the bill handles what re termed “derivative models”. The recently launched Lama 3 model from meta has already been re-trained or ‘fine-tuned’ by hundreds of developers in the last few weeks. The bill would place Meta, the original developer, on the hook for variants developed from their work, even if it was radically different, dangerous, or toxic.
Another challenge is the classification of ‘frontier’ models. They are defined by setting a compute threshold, but measuring and verifying compute used is tricky. There are different precisions and architectures that make a single threshold meaningless. And does putting all the onus on the original lab even make sense? It’s a bit like expecting MIT to be responsible for everything its ultra-smart alumni end up doing. Good luck with that.
Perhaps hardening the wider world is a better bet than trying to pre-empt every way a powerful AI could be misused or go rogue. That’s where efforts like NIST’s GenAI initiative comes in. Controversy around NIST appointments aside, this new risk framework is laser focused on the here and now, providing tools to spot AI-generated disinformation for example.
But some kind of regulation will be inevitable. Recent reports suggest that despite the promises made by the big AI firms last year, only Google have submitted their latest systems for pre-release testing by the UK’s AI Safety Institute. Big tech likely can’t be trusted to police itself with so much investment at stake. Even the regulation wary UK government is considering drafting new safety legislation.
With the next global AI Safety Summit later this month in South Korea, the futility of safety regulation is causing a shift from doomsday scenarios to resource and environmental challenges. Key players are getting summit fatigue with some suggesting they won’t attend – reaching any kind of global consensus to pre-empt a risk event looks unlikely.
Takeaways: Don’t wait for politicians, tech firms, open-source advocates, (or lawyers) to work this one out. The myriad AI systems available today are not going to be impacted by any frontier regulation, and they’re already capable of providing huge value for several years ahead. Take a proactive approach to AI governance within your organization. Develop clear policies, deploy the latest governance approaches, and continue to harden your human and digital infrastructure. Check the NIST AI risk management framework published this week for a comprehensive list of actions.