Publication date: November 30, 2023
On 30 October 2023, the President of the United States issued an Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. The Executive Order establishes new standards for Artificial Intelligence safety and security, protects Americans’ privacy, advances equity and civil rights, stands up for consumers and workers, promotes innovation and competition, advances American leadership around the world, and more. The Executive Order builds on previous actions the President has taken, including work that led to voluntary commitments from 15 leading companies to drive safe, secure, and trustworthy development of AI.
The US has undoubtedly ‘overtaken’ the European Union and become a leader in the AI regulatory space. In April 2021, the European Commission issued a proposal for a regulatory framework on Artificial Intelligence, but it was the second half of 2024 that was anticipated as the earliest period in which the regulation could apply to operators that have standards ready and are conducting their first compliance assessments. A common final version of the act, agreed by the European Parliament, the Council of the European Union, and the European Commission in a so-called trilogue, is needed for the adoption of the European regulation. The trilogue is still going on, but this does not mean that the Union has lost its chance to create standards with which actors outside the Union would also have to reckon.
The US Executive Order is, however, a set of guidelines and a political declaration rather than a ‘hard’ law. While it is true that the institutions under the President’s authority are obliged to take the actions indicated in the document, in the case of Congress it is merely a call for legislative action. An Order does not have the force of a law and may not be sufficient to defend the legality of the administration’s actions in possible legal proceedings brought by a private company. Meanwhile, the EU Artificial Intelligence Regulation, will be directly applicable in all Member States (like, for example, GDPR). Moreover, it will take precedence over national laws. Furthermore, unlike an executive decree of the US President, the solutions adopted in the AI Act will be very permanent. The European Union therefore still has a chance to create the first comprehensive and effective act to regulate artificial intelligence.
Will the US regulation inspire the European Parliament when issuing the European regulation on AI?
There are no concrete answers to this question yet, but it does not change the fact that the US Executive Order will be helpful to the European Union.
The Executive Order demonstrates to the EU that it will not be alone in imposing restrictions on advanced AI systems. The Executive Order represents a move toward enforceable requirements from the U.S. government. The definitions and categories established in the Executive Order could be a helpful reference and the list of information the Executive Order requires from AI companies under the Defense Production Act could also be mirrored by the EU’s legislation. The Executive Order is not a model for EU action, and because it is not legislation, it is not the US version of the AI Act.
New standards for AI Safety and Security
It is worth looking at some regulations that are included in the US Order.
As the possibilities offered by artificial intelligence grow, so do the security implications of its use. A new Executive Order outlines steps to protect Americans from potential threats posed by artificial intelligence systems.
Regarding the aim to protect the use of AI systems, there is a requirement in the Executive Order that states that within 270 days of the date of the Order, the Secretary of Commerce, acting through the Director of the National Institute of Standards and Technology (NIST) should establish guidelines and best practices with the aim of promoting consensus industry standards, for developing and deploying safe, secure, and trustworthy AI systems, including, for example, developing a companion resource to the Secure Software Development Framework to incorporate secure development practices for generative AI and for dual-use foundation models.
The dual-use foundation model means an AI model that is trained on broad data, which uses self-supervision, contains at least tens of billions of parameters, is applicable across a wide range of contexts and that exhibits, or could be easily modified to exhibit, high levels of performance at tasks that pose a serious risk to security, national economic security, national public health or safety, or any combination of those matters, such as by:
Models meet this definition even if they are provided to end users with technical safeguards that attempt to prevent users from taking advantage of the relevant unsafe capabilities.
Sharing safety test results with US government
Another requirement is that developers of the most powerful AI systems share their safety test results and other critical information with the U.S. government. In accordance with the Defense Production Act, the Order will require that companies developing any foundation model that poses a serious risk to national security, national economic security, or national public health and safety must notify the federal government when training the model with information, reports, or records regarding the following:
Also, the developers must share the results of all red-team safety tests. The term “AI red-teaming” means a structured testing effort to find flaws and vulnerabilities in an AI system, often in a controlled environment and in collaboration with developers of AI. Artificial Intelligence red-teaming is most often performed by dedicated “red teams” that adopt adversarial methods to identify flaws and vulnerabilities, such as harmful or discriminatory outputs from an AI system, unforeseen or undesirable system behaviors, limitations, or potential risks associated with the misuse of the system. These measures will ensure AI systems are safe, secure, and trustworthy before companies make them public.
Development of standards, tools, and tests to help ensure that AI systems are safe, secure, and trustworthy
National Institute of Standards and Technology will set the rigorous standards for extensive red-team testing to ensure safety before public release. The Department of Homeland Security will apply those standards to critical infrastructure sectors and establish the AI Safety and Security Board. The Departments of Energy and Homeland Security will also address AI systems’ threats to critical infrastructure, as well as chemical, biological, radiological, nuclear, and cybersecurity risks.
The Secretary of Commerce, acting through the Director of the National Institute of Standards and Technology (NIST), in coordination with the Secretary of Energy, the Secretary of Homeland Security, and the heads of other relevant agencies as the Secretary of Commerce may deem appropriate, will establish guidelines and best practices, with the aim of promoting consensus industry standards, for developing and deploying safe, secure, and trustworthy AI systems, including:
Also, the NIST should establish appropriate guidelines (except for AI used as a component of a national security system), including appropriate procedures and processes, to enable developers of AI, especially of dual-use foundation models, to conduct AI red-teaming tests to enable deployment of safe, secure, and trustworthy systems. These efforts will include:
Protection against the risks of using AI to engineer dangerous biological materials
The Executive Order also provides for the protection of using AI to engineer dangerous biological materials. The protection would involve developing strong new standards for biological synthesis screening. Agencies that fund life-science projects will establish these standards as a condition of federal funding, creating powerful incentives to ensure appropriate screening and manage risks potentially made worse by AI.
To better understand and mitigate the risk of AI being misused to assist in the development or use of CBRN threats — with a particular focus on biological weapons — in the Executive Order cited actions that should be implemented in this direction. Within 180 days of the date of the Order, the Secretary of Homeland Security, in consultation with the Secretary of Energy and the Director of the Office of Science and Technology Policy (OSTP), shall evaluate the potential for AI to be misused to enable the development or production of CBRN threats, while also considering the benefits and application of AI to counter these threats. The Secretary of Homeland Security shall conduct consultations with AI and CBRN experts from the Department of Energy, private AI labs, academia, and external model evaluators to assess the ability of AI models to represent CBRN threats-exclusively to protect against those threats, as well as options to minimize the risk of AI models being misused to generate or exacerbate those threats and then submit a report to the President that describes the progress of there efforts.
The Executive Order also includes information on a framework that includes existing US government guidelines to encourage suppliers of synthetic nucleic acid sequences to implement comprehensive, scalable, and verifiable control mechanisms for ordering synthetic nucleic acids. Director of OSTP in this direction will:
As for agencies that fund life sciences research, they should establish (where appropriate and in accordance with applicable law) that, as a requirement for funding, the sourcing of synthetic nucleic acids is done through suppliers or manufacturers that comply with the framework, for example, through a certificate from the supplier or manufacturer.
Protection from AI-enabled fraud and deception by establishing standards and best practises for detecting AI-generated content and authenticating official content
Another important aspect that was raised in the Executive Order is that standards will be set for the detection of content generated by artificial intelligence. The Secretary of Commerce is supposed to develop content authentication and watermarking guidelines to clearly mark content generated by artificial intelligence. Federal agencies will use these tools to help Americans make sure the communications they receive from the government are authentic – and set an example for the private sector and governments around the world.
Secretary of Commerce will submit to the Director of OMB (Office of Management and Budget) and the Assistant to the President for National Security Affairs identifying the existing standards, tools, methods, and practices, as well as the potential development of further science-backed standards and techniques, for
In so doing, the administration would add governance over AI’s ability to generate massive volumes of deep fakes and persuasive disinformation rapidly.