UK Government announces pro-innovation regulation of AI and data
Browse this blog post
Related news and insights
Blog Post: 23 November 2023
Blog Post: 22 November 2023
Blog Post: 17 November 2023
Blog Post: 16 November 2023
In his report, Sir Patrick Vallance, the UK Government's Chief Scientific Adviser and National Technology Advisor, flags particular challenges for digital and emerging technology. These include: the fact that the technology can be complex; combining distinct features such as powerful data processing and advanced data analytics and algorithms; the pace of innovation and development; the nature of integration across the board; the wide spectrum of evolving regulation (trying to keep up with technological development) and a fragmented approach of regulators with different objectives.
Whilst focusing on specific challenges for artificial intelligence and data, the report also addresses regulatory barriers for autonomous vehicles, drones, cyber security, and space and satellite technologies. In this blog we focus on the recommendations for AI, data and cybersecurity.
Recommendations and Response: Artificial Intelligence
Sir Patrick sets out two key recommendations for supporting innovation in AI.
First, that the Government should develop a "multi-regulator sandbox" for AI to be launched within the next six months. This proposal is aimed at allowing breathing room for AI companies to experiment with new technology, and launch new products and services for consumers with less risk of regulatory fines or liability. In return, regulators (such as Ofcom, the Information Commissioner’s Office (ICO) and the Competition and Markets Authority) will have the opportunity to closely supervise the work of the AI companies and consider how the technology, products and services can be best regulated across multiple regulatory spheres. The recommendation is that the sandbox initially covers areas where the most regulatory uncertainty exists, such as generative AI and personal data applications.
In its response, the Government accepted this recommendation. As announced by the UK Chancellor Jeremy Hunt in his Spring Budget speech to Parliament, the Government intends to engage regulators (including those in the Digital Regulatory Cooperation Forum) immediately to prepare for the launch of the proposed sandbox. The Government's response states that more details will follow in the coming weeks, alongside the launch of the AI White Paper.
Second, Sir Patrick recommended that the Government should announce a policy position on IP law in the context of generative AI to give confidence to AI companies and investors, including requiring the UKIPO to provide clearer guidance on the legal responsibilities of AI companies. The report notes the uncertainty around the direction that will be taken in relation to the UKIPO's proposed text and data mining exception, which we previously discussed here: UK re-considers proposed exception for text and data mining. Sir Patrick argues in favour of a generous exception: "there is an urgent need to prioritise practical solutions to the barriers faced by AI firms in accessing copyright and database materials". However, he also makes the case for a level of protection for rights holders through technological solutions that ensure attribution and recognition. The proposal also suggests a requirement for AI-generated images to be labelled as such.
The Government also accepted this recommendation. The Government has tasked the UKIPO with producing a code of practice by the summer. This code of practice will provide guidance to support AI companies in accessing copyright works for the purposes of training models. It will seek to do this while maintaining protections for rights holders, such as labelling. The Government envisages that if an AI firm commits to the code of practice it may expect to be able to have a reasonable licence offered by a rights holder. The Government suggests that, if this softer approach to regulation fails, there may be a need for legislation. The UKIPO has also been instructed to coordinate intelligence in relation to any systematic copyright infringement and encourage the development of AI tools to assist with the enforcement of IP rights.
Recommendations and Response: Data and Cybersecurity
In the report, Sir Patrick also sets out key recommendations for data and cybersecurity.
Sir Patrick recommended that the Government facilitate access by private sector firms to the data held by public sector bodies and that it prioritise the sharing of this data across the public sector. This proposal would contribute to the development and improvement of new technologies and is in line with the Government’s policy paper, ‘Transforming for a digital future: 2022 to 2025 roadmap for digital and data’ (the Roadmap), which committed to improving the standard of service of at least 50 out of 75 identified public services. In order to achieve this recommendation, Sir Patrick suggested the Government consider enabling access to public data as part of a competitive process where private sector firms put forward innovative ideas to deliver the Roadmap. In particular, the report proposes that the Government make use of privacy enhancing technologies and data intermediaries to make data available in a secure manner and to use platforms such as the Office for National Statistics’ (ONS) Integrated Data Service to share public data across public sector departments.
The Government accepted this recommendation and stated that it will consider how to expand the Data Marketplace, a single gateway for government users to access public data that the Government committed to provide in the Roadmap, to industry and external groups in the next 12 months. This includes consideration of the legislative and licensing arrangements relating to open public data. The Government also committed to continue use of the ONS’ Integrated Data Service to facilitate data sharing.
Sir Patrick added a further recommendation for the ICO to update its guidance to specify the situations in which organisations act as controller, joint controller or processor when personal data is processed in the context of AI as a service, including when providers can reuse personal data to improve their services. The Government accepted this recommendation but acknowledged that the ICO as an independent regulator is ultimately responsible to determine next steps. The ICO has recently published an updated set of guidance on AI and data protection in general.
Lastly, in response to the high percentage of businesses suffering cybersecurity attacks, Sir Patrick recommended amending the Computer Misuse Act 1990 to include a public interest defence as protection for professionals who carry out legitimate cybersecurity research, bringing the UK into line with France, Israel, and the United States. The Government responded that it will consider this recommendation alongside the responses it receives to its consultation on the ‘Review of the Computer Misuse Act 1990’ (which ends on 6 April 2023).
The Government’s broad approach
In its concluding recommendation, the report recommended that the Government and regulators do not look to regulate emerging technology too early and should continue to engage with the industry, for example regarding safety and the risk and benefits of innovation. The report highlighted the need for the Government and regulators to rapidly build expertise necessary to shape regulation at the right time.