Technology Law Source

Biden administration releases wide-ranging executive order on AI

Woman using mobile phone to log in and chat with Artificial Intelligence chatbot. Robot application and global connection, AI, Artificial intelligence, innovation, and technology

On Oct. 30, 2023, the Biden administration issued an executive order focused on the growing field of artificial intelligence. The administration is advancing a comprehensive and coordinated approach to the safe and responsible development and use of AI and setting a marker for the world. The EO is practical and aspirational with varying degrees of immediate impact for businesses and their leadership teams.  

Our team is pleased to offer this summary of the EO and related guidance, and to share key provisions and initial takeaways. In the coming weeks, we will dive deeper into critical topics covered by the new EO.

Executive order on AI: Background and policy

The Biden administration issued its Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence on Oct. 30, 2023. Concerns about the potential risks associated with AI have reverberated around the country and throughout Washington. The White House aims to establish comprehensive regulatory principles over the AI industry. The order builds upon an array of prior governmental and industrial guidance and actions, including the following materials published on ai.gov:

In parallel, the Office of Management and Budget issued draft policy guidance on the federal government’s use of AI. OMB is accepting public comments on this draft document until Dec. 5, 2023.

The EO is a clear sign from the White House that the U.S. intends to be the leader in global AI policy and to ensure AI is imbued with Western values as it develops. The EO comes as major industry leaders including Open AI, Google and Microsoft have called for federal or globally-coordinated AI regulation, and Senate Majority Leader Chuck Schumer (D-NY) has launched a major effort to write legislation regulating AI. The European Union and China have already started to regulate AI.

Scope of the EO

The EO seeks to address AI’s broad applications and promote accountability and safety in AI development and deployment across various sectors of the economy. The EO emphasizes eight principles and priorities for AI governance, including:

  • Ensure AI safety through robust, standardized evaluations, institutions and risk mitigation before deployment.
  • Promote responsible innovation, competition and education while addressing IP concerns and preventing monopoly.
  • Support American workers through education, job training and labor impact understanding.
  • Advance equity and civil rights.
  • Protect the interests of Americans using AI products in their daily lives.
  • Safeguard privacy and civil liberties with lawful, secure data handling.
  • Manage risks in federal AI use and enhance regulatory capacity for better results.
  • Lead global progress, collaborate with international partners and develop an AI risk management framework.

Proposed reporting and rulemaking requirements

Of important note, the EO establishes a number of industry reporting requirements and regulatory promulgation deadlines for federal agencies, ranging from 45 to 365 days, to implement various directives, with stakeholder engagement playing a crucial role. The EO uses the Defense Production Act to mandate certain reporting requirements.

Governmental stakeholders

The implementation and oversight of the EO and associated AI policies will be conducted by the White House AI Council, comprised of representatives from executive branch agencies and departments. The White House AI Council will be chaired by the assistant to the president and deputy chief of staff for policy (currently Bruce Reed) and will include the secretaries or their designees for most of the cabinet agencies, as well as the directors of National Intelligence, National Science Foundation, OMB and Office of Science and Technology Policy, among others.

Following the pattern established with the CHIPS Act, the Department of Commerce and the National Institute of Standards and Technology will take the lead in coordinating and implementing the EO, emphasizing the “all-of-government” approach.

Key takeaways

Potential legislative actions

While congress continues its development of AI legislation, the EO primarily focuses on federal agency programs, AI procurement requirements, national security and potential rulemaking. 

Current focus on federal government use of AI and critical AI risks

It is important to note that while the fanfare and publicity of this EO has been significant, the order cannot independently create new laws or regulations. The EO provides guidance to federal agencies who will issue related regulations. The EO also includes directives pertaining to federal agency programs, criteria for AI systems acquired by the federal government, obligations related to national security and vital infrastructure, and initiating potential regulatory processes for supervised entities.

This alert provides a comprehensive overview of the recent Executive Order on AI and its broad implications. This is the first installment in a short series to delve deeper into key takeaways and deliver essential industry-specific insights for businesses and their leadership, shedding light on the extensive impact of the EO. 

For more information on the EO, please contact Adrian SneadMatt LapinMaxwell Herath or any member of Porter Wright’s Government & Regulatory Affairs Practice Group.

Recent Google sanctions should prompt review of data preservation practices

Close-up hands typing on keyboard laptop computer with chat box icons

A federal court in California ruled in favor of sanctions against Google last week for failing to preserve records. Google’s document retention policy required individual employees to identify internal chat conversations responsive to a litigation hold. The court found this policy to be in violation of Google’s duty to preserve electronically-stored information under the Federal Rule of Civil Procedure 37(e). The consolidated case arose out of antitrust litigation regarding Google’s “Play Store” Application on Android cell-phones. In re Google Play Store Antitrust Litigation, 21-MD-02981, NDCa.

Continue Reading

Bio-shocked: In Illinois, workers’ comp not exclusive remedy for claims involving employee biometrics

Employers beware: A recent holding out of Illinois has determined that employees may sue employers who collect and/or disclose employees’ biometric data. On Feb. 3, 2022, the Illinois Supreme Court issued a significant decision in McDonald v. Symphony Bronzeville Park, LLC, et al., impacting current and  future claims against employers involving the Illinois Biometric Information Privacy Act (BIPA). Continue Reading

November Privacy and Security Roundup: Cybersecurity export controls, mandatory reporting bills and Safeguards Rule changes

BIS has issued an interim final rule, and entities dealing with cybersecurity exports are being asked to submit comments by early December. In this latest edition of our Privacy and Security Roundup, we share the details of the final rule’s two key measures including export restrictions and a new License Exception, provide an update on cyber incident reporting legislation, discuss modifications to the GLBA Safeguards Rule and much more. Continue Reading

October Privacy and Security Roundup: Cryptocurrencies endure scrutiny, China’s Privacy Law goes into effect and new EU SCCs now required

Across the globe, concerns continue regarding cryptocurrencies and digital currency exchanges. In the October edition of our Privacy and Security Roundup, we dive into the latest details surrounding OFAC’s efforts to stifle ransomware attacks, how organizations should carefully assess the new Personal Information Protection Law in China, the new EU Standard Contractual Clauses requirement effective Sept. 27, and more. Continue Reading

OFAC updates guidance on ransomware payments and sanctions risk

On Sept. 21, 2021, the Department of Treasury, Office of Foreign Assets Control (OFAC), updated its published guidance regarding sanctions risks associated with making ransomware payments and its official policy on such payments. This updated guidance, taken in conjunction with OFAC’s recent sanctions designation of a cryptocurrency payment exchange frequently used for ransomware payments, and other ongoing regulatory legislative efforts to address ransomware attacks, further highlights the whole of government effort by the United States to discourage ransomware attacks and address the compliance responsibilities this effort continues to impose upon the business community. Continue Reading

September Privacy and Security Roundup: Funding national cybersecurity, violating Safeguards Rule and fighting cyber threats

Not only are public and private companies increasingly targeted for cyber-attacks, but local and state governments across the country are as well. In our latest Privacy and Security Roundup, we cover the Senate-passed bill that includes nearly $2 billion in national cybersecurity funding, recent sanctions by the SEC on investment advisors and broker-dealers, a new initiative that aims to improve defense planning and information sharing between the public and private sectors, and more. Continue Reading

Privacy and Security Roundup: New consumer privacy laws, big developments in ransomware attacks and the FBI’s Operation Trojan Shield

More states, including Ohio, are working on comprehensive consumer privacy laws that could impact how companies share data. In our August 2021 Privacy and Security Roundup, we cover the nuances in the various legislation, more ransomware and supply chain attacks and news of a messaging app used as a Trojan horse by the FBI.

Continue Reading

New standard contractual clauses adopted by the European Commission

On June 4, 2021, the European Commission (EC) adopted a modernized set of standard contractual clauses for international data transfers (New SCCs) aimed at better protection of the data businesses transfer out of the European Union (EU). These New SCCs, which will take effect on June 27, 2021, will replace the standard contractual clauses that were adopted under the former EU Data Protection Directive in 2001, 2004 and 2010 (Previous SCCs).

Continue Reading

LexBlog