Lord C-J calls for action on AI regulation and data rights in Kings Speech Debate

I want to start on a positive note by celebrating the recent Royal Assent of the Online Safety Act and the publication of the first draft code for consultation. I also very much welcome that we now have a dedicated science and technology department in the form of DSIT, although I very much regret the loss of Minister George Freeman yesterday.

Sadly, there are many other less positive aspects to mention. Given the Question on AI regulation today, all I will say is that despite all the hype surrounding the summit, including the PM’s rather bizarre interview with Mr Musk, in reality the Government are giving minimal attention to AI, despite the Secretary of State saying that the world is standing at the inflection point of a technological revolution. Where are we on adjusting ourselves to the kinds of risk that AI represents? Is it not clear that the Science, Innovation and Technology Committee is correct in recommending in its interim report that the Government

“accelerate, not … pause, the establishment of a governance regime for AI, including whatever statutory measures as may be needed”?

That is an excellent recommendation.

I also very much welcome that we are rejoining Horizon, but there was no mention in the Minister’s speech of how we will meet the challenge of getting international research co-operation back to where it was. I am disappointed that the Minister did not give us a progress update on the department’s 10 objectives in its framework for science and technology, and on action on the recommendations of its many reviews, such as the Nurse review. Where are the measurable targets and key outcomes in priority areas that have been called for?

Nor, as we have heard, has there been any mention of progress on Project Gigabit, and no mention either of progress on the new programmes to be undertaken by ARIA. There was no mention of urgent action to mitigate increases to visa fees planned from next year, which the Royal Society has described as “disproportionate” and a “punitive tax on talent”, with top researchers coming to the UK facing costs up to 10 times higher than in other leading science nations. There was no mention of the need for diversity in science and technology. What are we to make of the Secretary of State demanding that UKRI “immediately” close its advisory group on EDI? What progress, too, on life sciences policy? The voluntary and statutory pricing schemes for new medicines currently under consultation are becoming a major impediment to future life sciences investment in the UK.

Additionally, health devices suffer from a lack of development and commercialisation incentives. The UK has a number of existing funding and reimbursement systems, but none is tailored for digital health, which results in national reimbursement. What can DSIT do to encourage investment and innovation in this very important field?

On cybersecurity, the G7 recognises that red teaming, or what is called threat-led penetration testing, is now crucial in identifying vulnerabilities in AI systems. Sir Patrick Vallance’s Pro-innovation Regulation of Technologies Review of March this year recommended amending the Computer Misuse Act 1990 to include a statutory public interest defence that would provide stronger legal protections for cybersecurity researchers and professionals carrying out threat intelligence research. Yet there is still no concrete proposal. This is glacial progress.

However, we on these Benches welcome the Digital Markets, Competition and Consumers Bill. New flexible, pro-competition powers, and the ability to act ex ante and on an interim basis, are crucial. We have already seen the impact on our sovereign cloud capacity through concentration in just two or three US hands. Is this the future of AI, given that these large language models now developed by the likes of OpenAI, Microsoft, Anthropic AI, Google and Meta require massive datasets, vast computing power, advanced semiconductors, and scarce digital and data skills?

As the Lords Communications and Digital Committee has said, which I very much welcome, the Bill must not, however, be watered down in a way that allows big tech to endlessly challenge the regulators in court and incentivise big tech firms to take an adversarial approach to the regulators. In fact, it needs strengthening in a number of respects. In particular, big tech must not be able to use countervailing benefits as a major loophole to avoid regulatory action. Content needs to be properly compensated by the tech platforms. The Bill needs to make clear that platforms profit from content and need to pay properly and fairly on benchmarked terms and with reference to value for end users. Can the Minister, in winding up, confirm at the very least that the Government will not water down the Bill?

We welcome the CMA’s market investigation into cloud services, but it must look broadly at the anti-competitive practices of the service providers, such as vendor lock-in tactics and non-competitive procurement. Competition is important in the provision of broadband services too. Investors in alternative providers to the incumbents need reassurance that their investment is going on to a level playing field and not one tilted in favour of the incumbents. Can the Minister reaffirm the Government’s commitment to infrastructure competition in the UK telecommunications industry?

The Data Protection and Digital Information Bill is another matter. I believe the Government are clouded by the desire to diverge from the EU to get some kind of Brexit dividend. The Bill seems largely designed, contrary to what the Minister said, to dilute the rights of data subjects where it should be strengthening them. For example, there is concern from the National AIDS Trust that permitting intragroup transmission of personal health data

“where that is necessary for internal administrative purposes”

could mean that HIV/AIDS status will be inadequately protected in workplace settings. Even on the Government’s own estimates it will have a minimal positive impact on compliance costs, and in our view it will simply lead to companies doing business in Europe having to comply with two sets of regulation. All this could lead to a lack of EU data adequacy.

The Bill is a dangerous distraction. Far from weakening data rights, as we move into the age of the internet of things and artificial intelligence, the Government should be working to increase public trust in data use and sharing by strengthening those rights. There should be a right to an explanation of automated systems, where AI is only one part of the final decision in certain circumstances—for instance, where policing, justice, health, or personal welfare or finance is concerned. We need new models of personal data controls, which were advocated by the Hall-Pesenti review as long ago

as 2017, especially through new data communities and institutions. We need an enhanced ability to exercise our right to data portability. We need a new offence of identity theft and more, not less, regulatory oversight over use of biometrics and biometric technologies.

One of the key concerns we all have as the economy becomes more and more digital is data and digital exclusion. Does DSIT have a strategy in this respect? In particular, as Citizens Advice said,

“consumers faced unprecedented hikes in their monthly mobile and broadband contract prices”

as a result of mid-contract price rises. When will the Government, Ofcom or the CMA ban these?

There are considerable concerns about digital exclusion, for example regarding the switchover of voice services from copper to fibre. It is being carried out before most consumers have been switched on to full fibre infra- structure and puts vulnerable customers at risk.

There are clearly great opportunities to use AI within the creative industries, but there are also challenges, big questions over authorship and intellectual property. Many artists feel threatened, and this was the root cause of the recent Hollywood writers’ and actors’ strike. What are the IPO and government doing, beyond their consultation on licensing in this area, to secure the necessary copyright and performing right reform to protect artists from synthetic versions?

I very much echo what the noble Baroness, Lady Jones, said about misinformation during elections. We have already seen two deepfakes related to senior Front-Bench Members—shadow spokespeople—in the Commons. It is concerning that those senior politicians appear powerless to stop this.

My noble friends will deal with the Media Bill. The Minister did not talk of the pressing need for skilling and upskilling in this context. A massive skills and upskilling agenda is needed, as well as much greater diversity and inclusion in the AI workforce. We should also be celebrating Maths Week England, which I am sure the Minister will do. I look forward to the three maiden speeches and to the Minister’s winding up.

by Tim Clement-Jones

Response to AI White paper falls short.

This is my reaction to the government's AI White Papert response which broadly follows the line taken by the White paper last year and does not take on board the widespread demand expressed during the consultation for regulatory action. 

There is a gulf between the government’s hype about a bold and considered approach and leading in safe AI and reality. The fact is we are well behind the curve, responding at snails pace to fast moving technology. We are far from being bold leaders in AI . This is in contrast to the EU with its AI Act which is grappling with the here and now risks in a constructive way. 

As the House of Lords Communication s and Digital Committee said in its recent report on Large Language Models  there is  evidence of regulatory capture by the big tech companies . The Government rather than regulating just keeps saying more research is needed in the face of clear current evidence of the risk of many uses and forms of AI. It’s all too early to think about tackling the risk in front of us. We are expected to wait until we have complete understanding and experience of the risks involved. Effectively we are being treated as guinea pigs to see what happens whilst the government taklks about the existential risks of AI instead

Further the response to the White Paper states that general purpose AI already presents considerable risks accross a range of sectors, so in effect admitting that a purely sectoral approach is not practical. 

The Government has failed to move from principles to practice. Sticking to their piecemeal context specific approach approach they are not suggesting immediate regulation nor any new powers for sector regulators but, as anticipated, the setting up of a new central function (with the CDEI being subsumed into DSIT as the Responsible Technology Adoption Unit) and an AI Safety Institute to assess risk and advise on future regulation. In essence any action-without new powers- will be left to the existing regulators rather than any new horizontal duties being mandated.

Luckily others such as the EU-and even the US- contrary to many forecasts- are grasping the nettle.

My view is that 

We need early risk based horizontal legislation across the sectors ensuring that standards for a proper risk management framework and impact assessment are imposed when AI systems are developed and adopted and consequences that flow when the system is assessed as high risk in terms of additional requirements to adopt standards of transparency and independent audit.

We shouldn’t just focus on existential long term risk or risk from Frontier AI, predictive AI is important too in terms of automated decision making. risk of bias and lack of traanspartency.

We should focus as well on interoperability with other jurisdictions which means working with the BSI,ISO, IEEE, OECD and others towards convergence of standards such as on Risk Managenent, Impact Assessment, Testing Audit, Design, Continous monitoring etc etc There are several existing international standards such as ISO 42001 and 42006 which are ready to be adopted.

That government needs to implant its the Algorithmic Transparency Recording Standard into our public ervices alongside risk assessment of the AI systems it uses together with a public register of AI systems in use in government. It also needs need to beef up the Data Protection Bill in terms of rights of data subjects relative to Automated Decision Making rather than water them down and retain and extend the Data Protection Impact Assessment and DPO for use in AI regulation. 

Also and very importantly in the light of recent news from the IPO.   I hope the Gov will take strong note of the House of Lords report on the use of copyrighted works by LLM’s. The government has adopted its usual approach of relying on a voluntary approach. But it is clear that this is simply is not going to work. The ball is back in its court and It needs to  act decisively to make sure that these works are not ingested into training LLM’s without any return to rightsholders. 

In summary. We need consistency certainty and convergence if developers, adopters and consumers are going to safely innovate and take advantage of AI advances and currently the UK is not delivering the prospect of any of  these. 

by Tim Clement-Jones

Lord C-J: We Must Regulate AI before AGI arrives

The House of Lords recently debated the development of advanced artificial intelligence, associated risks and approaches to regulation

This is an edited version of what I said when winding up the debate

The narrative around AI swirls back and forwards in this age of generative AI, to an even greater degree than when our AI Select Committee conducted its inquiry in 2017-18—it is very good to see a number of members of that committee here today. For instance, in March more than 1,000 technologists called for a moratorium on AI development. This month, another 1,000 technologists said that AI is a force for good. We need to separate the hype from the reality to an even greater extent.

Our Prime Minister seems to oscillate between various narratives. One month we have an AI governance White Paper suggesting an almost entirely voluntary approach to regulation, and then shortly thereafter he talks about AI as an existential risk. He wants the UK to be a global hub for AI and a world leader in AI safety, with a summit later this year.

I will not dwell too much on the definition of AI. The fact is that the EU and OECD definitions are now widely accepted, as is the latter’s classification framework. We need to decide whether it is tool, partner or competitor. We heard today of the many opportunities AI presents to transform many aspects of people’s lives for the better, from healthcare to scientific research, education, trade, agriculture and meeting many of the sustainable development goals. There may be gains in productivity, or in the detection of crime.

However, AI also clearly presents major risks, especially reflecting and exacerbating social prejudices and bias, the misuse of personal data and undermining the right to privacy, such as in the use of live facial recognition technology. We have the spreading of misinformation, the so-called hallucinations of large language models and the creation of deepfakes and hyper-realistic sexual abuse imagery, as the NSPCC has highlighted, all potentially exacerbated by new open-source large language models that are coming. We have a Select Committee looking at the dilemmas posed by lethal autonomous weapons..We have major threats to national security. There is the question of overdependence on artificial intelligence—a rather new but very clearly present risk for the future.

 We must have an approach to AI that augments jobs as far as possible and equips people with the skills they need, whether to use new technology or to create it. We should go further on a massive skills and upskilling agenda and much greater diversity and inclusion in the AI workforce. We must enable innovators and entrepreneurs to experiment, while taking on concentrations of power. We must make sure that they do not stifle and limit choice for consumers and hamper progress. We need to tackle the issues of access to semiconductors, computing power and the datasets necessary to develop large language generative AI models.

However, the key and most pressing challenge is to build public trust, as we heard from so many noble Lords, and ensure that new technology is developed and deployed ethically, so that it respects people’s fundamental rights, including the rights to privacy and non-discrimination, and so that it enhances rather than substitutes for human creativity and endeavour. Explainability is key, as the noble Lord, Lord Holmes, said. I entirely agree with the right reverend Prelate that we need to make sure that we adopt these high-level ethical principles, but I do not believe that is enough. A long gestation period of national AI policy-making has ended up producing a minimal proposal for:

“A pro-innovation approach to AI regulation”,

which, in substance, will amount to toothless exhortation by sectoral regulators to follow ethical principles and a complete failure to regulate AI development where there is no regulator.

Much of the White Paper’s diagnosis of the risks and opportunities of AI is correct. It emphasises the need for public trust and sets out the attendant risks, but the actual governance prescription falls far short and goes nowhere in ensuring where the benefit of AI should be distributed. There is no recognition that different forms of AI are technologies that need a comprehensive cross-sectoral approach to ensure that they are transparent, explainable, accurate and free of bias, whether they are in a regulated or an unregulated sector. Business needs clear central co-ordination and oversight, not a patchwork of regulation. Existing coverage by legal duties is very patchy: bias may be covered by the Equality Act and data issues by our data protection laws but, for example, there is no existing obligation for ethics by design for transparency, explainability and accountability, and liability for the performance of AI systems is very unclear.

We need to be clear, above all, as organisations such as techUK are, that regulation is not necessarily the enemy of innovation. In fact, it can be the stimulus and the key to gaining and retaining public trust around AI and its adoption, so that we can realise the benefits and minimise the risks. What I believe is needed is a combination of risk-based, cross-sectoral regulation, combined with specific regulation in sectors such as financial services, underpinned by common, trustworthy standards of testing, risk and impact assessment, audit and monitoring. We need, as far as possible, to ensure international convergence, as we heard from the noble Lord, Lord Rees, and interoperability of these standards of AI systems, and to move towards common IP treatment of AI products.

We have world-beating AI researchers and developers. We need to support their international contribution, not fool them that they can operate in isolation. If they have any international ambitions, they will have to decide to conform to EU requirements under the forthcoming AI legislation and ensure that they avoid liability in the US by adopting the AI risk management standards being set by the National Institute of Standards and Technology. Can the Minister tell us what the next steps will be, following the White Paper? When will the global summit be held? What is the AI task force designed to do and how? Does he agree that international convergence on standards is necessary and achievable? Does he agree that we need to regulate before the advent of artificial general intelligence?

As for the creative industries, there are clearly great opportunities in relation to the use of AI. Many sectors already use the technology in a variety of ways to enhance their creativity and make it easier for the public to discover new content.

But there are also big questions over authorship and intellectual property, and many artists feel threatened. Responsible AI developers seek to license content which will bring in valuable income. However, many of the large language model developers seem to believe that they do not need to seek permission to ingest content. What discussion has the Minister, or other Ministers, had with these large language model firms in relation to their responsibilities for copyright law? Can he also make a clear statement that the UK Government believe that the ingestion of content requires permission from rights holders, and that, should permission be granted, licences should be sought and paid for? Will he also be able to update us on the code of practice process in relation to text and data-mining licensing, following the Government’s decision to shelve changes to the exemption and the consultation that the Intellectual Property Office has been undertaking?

There are many other issues relating to performing rights, copying of actors, musicians, artists and other creators’ images, voices, likeness, styles and attributes. These are at the root of the Hollywood actors and screenwriters’ strike as well as campaigns here from the Writers’ Guild of Great Britain and from Equity. We need to ensure that creators and artists derive the full benefit of technology, such as AI-made performance synthetisation and streaming. I very much hope that the Minister can comment on that as well.

We have only scratched the surface in tackling the AI governance issues in this excellent debate, but I hope that the Minister’s reply can assure us that the Government are moving forward at pace on this and will ensure that a full debate on AI governance goes forward.

by Tim Clement-Jones

A long way off a Science and Technology Superpower

This is an  extended version of a speech I made in a recent debate held in the Lords on a Report from the Science and Technology Committee "Science and technology superpower”: more than a slogan?  which extensively discussed government policy in science and technology 

The Committee's comprehensive report despite being nearly a year old still has great currency and relevance. Its conclusions are as valid as they were a year ago

Sir James Dyson has described the government’s science superpower ambition as a political slogan. Grandiose language about Global Britain from the Integrated review-and stated ambition to be a Science Superpower by 2030 -or is it a Science and Technology Superpower, is clearly overblown and detracts from what needs to be done. . 

UCL research has demonstrated that if measured by authorship, the UK accounts for about only about 13 per cent of the top 1 per cent of the most highly cited work across all research fields

We have had a proliferation of strategies as the Committee noted. 

• R&D Roadmap, 
• the Innovation Strategy,
• the Life Sciences Vision 
• the People and Culture Strategy,
• and the National Space Strategy
• National Quantum strategy.
• National semi conductor strategy
• A taskforce on foundation models is being set up

We have had a whole series of attempts at creating a strategy in various areas but with what follow up and delivery?

As well as the strategies I have mentioned we  have had a series of reviews

• Professor  Dame Angela McLean’s Pro-innovation Regulation of Technologies Review Life Sciences
• The Vallance Review of Pro-innovation Regulation of Digital Technologies 
• Independent Review of Research Bureaucracy the  Review by Professor Adam Tickell 
• The independent review of UKRI by Sir David Grant
• We now have the Independent Review of The Future of Compute announced 
• And now the Chancellors recent Life Sciences package

Where’s the result. What will the KPI’s be ? What is the shelf life of these reviews and where is the practical implementation?

T

Take for example the Life Sciences Vision launched back in 2021 

Dame Kate Bingham is quoted as believing the Vaccine scheme legacy has been  ‘squandered’.

Professor Adrian Hill, director of the Jenner Institute, which was responsible for the Oxford Covid vaccine, has said that the recent loss of the Vaccines Manufacturing and Innovation Centre (VMIC) in Oxfordshire, which had been created to respond to outbreaks, showed that the UK had been going backwards since the coronavirus pandemic.

Business investment is crucial. And no where more than in the life sciences sector. 

Lord Hunt of Kings Heath highlighted issues relating to investment in the sector  two weeks ago in his regret motion on the Branded Health Service Medicines (Costs) (Amendment) Regulations 2023. All the levers to create incentives for the development of new medicines are under government control.

As his motion noted the UK’s share of global pharmaceutical R&D has fallen by over one-third between 2012 and 2020. He   argued rightly that both the voluntary and statutory pricing schemes for new medicines schemes are becoming a major impediment to future investment in the UK. We seem to be treating the pharma industry as some kind of golden goose

Despite the government’s Life  Sciences  Vision we see Eli lilley pulling investment on laboratory space in London  because the UK “does not invite inward investment at this time and Astra Zeneca has decided to build its next plant in Ireland  because of the U.K.’s “discouraging” tax rate. 

Eli Lilly, the American multinational, had been looking to investing laboratory space in the UK, but it has put its plans for London on hold because, it said,”

The excellent O’Shaunessy report on clinical trials is all very well but if there is no commercial incentive to develop and launch. new medicines here why should pharma companies want to engage in clinical trials here? The Chancellor’s growth package for life Sciences announced on the 25th May fails to tackle this crucial aspect. 

In other sectors 

• The CEO  OF Johnson Matthey, a chemicals company with a leading position in green hydrogen,has  said the UK is at risk of losing its lead thanks to a policy vacuum. 
• The co founder  of ARM, Britain’s biggest semiconductor company, blames our “technologically illiterate political elite” and “Brexit idiocy” for the country’s paltry share of the chips market. 

On these benches however we do welcome the creation of the new department and I welcome  the launch of the Framework for Science and Technology to inform the work of the department to 2030. 

There are 10 key objectives:

• identifying, pursuing and achieving strategic advantage in the technologies that are most critical to achieving UK objectives

• showcasing the UK’s S&T strengths and ambitions at home and abroad to attract talent, investment and boost our global influence

• boosting private and public investment in research and development for economic growth and better productivity building on the UK’s already enviable talent and skills base 

• financing innovative science and technology start-ups and companies

• capitalising on the UK government’s buying power to boost innovation and growth through public sector procurement

• shaping the global science and tech landscape through strategic international engagement, diplomacy and partnerships

• ensuring researchers have access to the best physical and digital infrastructure for R&D that attracts talent, investment and discoveries

• leveraging post-Brexit freedoms to create world-leading pro-innovation regulation and influence global technical standards
• creating a pro-innovation culture throughout the UK’s public sector to improve the way our public services run

What are the key priority outcomes? What concrete plans for delivery lie behind this? And does this explicitly supersede all of the visions and strategies that have gone before? 

As the Committee said in its report

“The government should set out what it wants to achieve in each of the broad areas of science and technology it has identified, with a clear implementation plan including measurable targets and key outcomes in priority areas, and an explanation of how they will be delivered. 

And - The government should consolidate existing sector-specific strategies into that implementation plan”

Also in terms of vital cross departmental working, joining up government on Science and Technology policy what is the role of the eNational Science and Technology Council and what are its key priorities?

This applies especially with Home office on visas for researchers if the UK wants to be a world leader in science and technology, it needs to be world leading in its approach to researcher mobility.

The UK’s upfront costs for work and study visas are up to 6 times higher than the average fees of other leading science nations. The application process for UK visitor visas is also bureaucratic and unwieldy, and the UK has one of the highest visitor visa refusal rates.

There are really important systemic issues which should be a top priority for resolution by the new Department. 

Published at the same time as the DSIT framework was the independent review of the UK’s research, development and innovation  landscape by Sir Paul Nurse,

Sir Paul calculated our spending around 2.5% of GDP. But he still concluded that funding, particularly  provided by government, was limited, and below that of other competitive nations such as  the Germans, South Koreans and US. 

There is the particular and urgent problem of Horizon and the uncertainty around our membership. The absolute top priority for UK R&D should  be rejoining Horizon.We need access to collaboration across the EU  where pre Brexit  we disproportionately benefited from Horizon’s 95 billion euro budget. We need a clear commitment to negotiate re entry. What is the position now nearly two months after the Prime Minister’s  letter to Sir Adrian Smith of 14th April assuring him about our intentions on Horizon?

Iceland and Israel, Norway and New  Zealand, and Turkey and Tunisia, are all already part of Horizon, as is Ukraine. Why not us?

The two universities of Oxford and Cambridge once received more than £130m a year from European research programmes but are now  getting only £1m annually between them.

Meanwhile Britain has fallen behind Russia, Italy and Finland in the world league table for computing power., Britain has slipped from third in the rankings in 2005 to seventh now, according to the Independent Review of The Future of Compute. 

The way the UK delivers and supports research is also “not optimal,” the Nurse review said said. Of course research academics here will know the frustrations of the bureaucracy associated with applying for U.K. research grants. As the Tickell review  found there are issues with bureaucracy around research and development funding. 

EPSRC is according to researchers admirable in how it oversees the research grants. Innovate UK with its  Knowledge Transfer Partnerships however has a far more risk averse and bureaucratic approach just at the point where a bit of commercial risk taking is needed. We need to benchmark to ensure the least bureaucratic processes. I am told that the European Innovation Council is a model. 

ARIA was specifically designed to avoid bureaucracy as we said during the passage of the bill but why weren't all of UKRI processes remodelled rather than creating a new entity? Incidentally do we have any more information now about their key research and development projects?

The government doesn’t really have a clear idea of the role of university research either. The Research Excellence Framework has the perverse incentive of discouraging cooperation. We should be encouraging strategic partnerships in research especially internationally as the Committee concludes 

Commercialisation is a crucial aspect linking R&D to economic growth.  This in turn means the need for a consistent industrial strategy with the right commercial incentives and an understanding of the value of intangible assets such as IP and data. In this context Catapults are performing a brilliant job but need a bigger role and more resource as the Committee have recommended in a previous report.

Of course we are all much relieved for the tech sector by the rescue of Silicon Valley bank by HSBC. But the popularity of a US bank in a way demonstrates that we  may have a growing start up culture but scale up is still a problem as Sir Patrick Vallance said in his evidence to the Commons Science Innovation and Technology Committee  last month. 

The US is still preferred for listing by tech companies over London as we’ve seen with U.K. based ARM  seeking a listing in the US. 

There are aspects of wider government policy where there is no perceived benefit to U.K. science and technology

• Reduction of of R & D  tax credits for SME’s
• Raising corporation tax to 25% 

One of the long outstanding issues is reform to assist with derisking so that pension funds can play their part in helping grow tech companies also mentioned by Sir Patrick as an important  aspiration and I see that finally something is stirring from the British Business Bank with the LIFTS initiative.  

There are many other elements that need to be covered for a viable Science and technology strategy.

Regulatory Divergence 

Even where the government thinks it is being innovation friendly it is clouded by the desire to be divergent from the EU to get some kind of Brexit dividend.. It talks about  pro innovation regulation but Contrary to the advice of virtually every prominent technologist  the AI governance white paper only concerns itself with voluntary sectoral regulation and leaves it to the regulators in particular sectors not proposing a broader risk based regulatory regime like that proposed under the EU’s AIA or indeed by the US Administration’s Blue Print for AI. Maybe that will change after the  Prime Minister’s ’s visit to the US this week. 

Changes to our Data Protection regime proposed by the Data Protection and Digital Information bill no 2 which go further than just clarifying the retained GDPR and of course make changes to the ICO’s structure could leads to a lack of EU data adequacy and new compliance costs.. 

We have waited forever for competition law in the digital space to be reformed through a Digital Markets Act and Digital Markets Unit to be put on a statutory basis and now we have a bill which gives inadequate powers to the CMA to act swiftly to ensure competition.  In the meantime the so called hyperscalers gain greater and greater influence over the development of new technologies such as AI. 

Diversity

 In the the wise words of the British Science Association we must ensure the opportunities and benefits are equitable in any future science strategy, not only to shape a world-leading science industry, but to sustain progress and successfully bring out the potential of people from all communities, backgrounds and regions. Britain cannot be a superpower if parts of society are not welcomed and able to contribute to science research and innovation. Making science inclusive – from classroom to career – is essential to establishing a globally competitive workforce.

Mathematics

As regards mathematics, where is the £300m promised additional funding for mathematical science research as announced in January 2020 or the National Academy for the Mathematical Sciences or a National Strategy for Mathematics.

So much to do for the new Department. I hope that the Minister and his colleagues in DSIT will rise to the challenge 

by Tim Clement-Jones

The long-awaited AI Governance White Paper falls far short of what is needed

Lord Clement-Jones

@whiterhino1949

They called inter alia for AI developers to “work with policymakers to dramatically accelerate development of robust AI governance systems”. So, it is ironic that our government published proposals for AI governance barely worthy of the name.

This at a time when there is huge interest and apprehension of the capabilities of new AI, such as ChatGPT and GPT-4, has never been higher.

Business needs a clear central oversight and compliance mechanism, not a patchwork of regulation

A long gestation period of national AI policy making, which started so well back in 2017 with the Hall-Pesenti Review and the creation of the Centre for Data Ethics and Innovation, the Office for AI and the AI Council, has ended up producing a minimal  proposal for “a pro-innovation approach to AI regulation”. In substance this amounts to toothless exhortation by sectoral regulators to follow ethical principles and a complete failure to oversee AI development with no new regulator.

Much of the white paper’s diagnosis is correct in terms of the risks and opportunities of AI. It emphasizes the need for public trust and sets out the attendant risks and adopts a realistic approach to the definition of AI. It makes the case for central coordination and even admits that this is what business has asked for, but the actual governance prescription falls far short.

The suggested form of governance of AI is a set of principles and exhortations which various regulators – with no lead regulator – are being asked to interpret in a range of sectors under the expectation that they will somehow join the dots between them. They will have no new enforcement powers. There may be standards for developers and adopters but no obligation to adopt them.

There is no recognition that the different forms of AI are technologies that need a comprehensive cross-sectoral approach to ensure that they are transparent, explainable, accurate and free from bias whether they are in an existing regulated or unregulated sector. Business needs a clear central oversight and compliance mechanism, not a patchwork of regulation. The government’s proposals will not meet its objective of ensuring public trust in AI technology.

The government seems intent on going forward entirely without regard to what any other country is doing in the belief that somehow this is pro innovation. It does not recognise the need for our developers to be confident they can exploit their technology internationally.

Far from being world leading or turbocharging growth in practice, our developers and adopters will be forced to look over their shoulder at other more rigorous jurisdictions. If they have any international ambitions they will have to conform to European Union requirements under the forthcoming AI Act and ensure they avoid liability in the United States by adopting the AI risk management standards being set by the National Institute for Standards and Technology. Once again government ideology is militating against the interests of our business and science and technology communities.

What is needed – which I sincerely hope the Science and Technology Committee will recommend in its inquiry into AI governance – is a combination of risk-based, cross-sectoral regulation combined with specific regulation in sectors, such as financial services, underpinned by common trustworthy international standards of risk assessment, audit and monitoring.

We have world beating AI researchers and developers. We need to support their international contribution, not fool them they can operate in isolation.

Lord Clement-Jones, Liberal Democrat peer and spokesperson for Science Innovation and Technology in the Lords and co-founder of the All Party Parliamentary Group on AI.  

by Tim Clement-Jones

Common Ethics and Standards and Compatible Regulation will let responsible AI Flourish

This is the talk I gave at the opening of the excellent Portraits of AI Leadership Conference organized by Ramsay Brown of the The AI Responsibility Lab  based in LA and  Dr Julian Huppert Director of the Intellectul Forum at Jesus College Cambridge  

It’s a pleasure to help kick off proceedings today.

Now you may well ask why a lawyer like myself fell among tech experts like yourselves  

In 2016 as a digital spokesperson at an industry and Parliament trust breakfast I realized that the level of parliamentary understanding was incredibly low so with Stephen Metcalfe MP then the chair of Science and Technology Select Committee I founded the All Party Parliamentary Group on Artificial Intelligence.The APPG is dedicated to informing parliamentarians about developments and creating a community of interest around future policy regarding AI,  its adoption use and regulation.

As a result I was asked to chair the House of Lords Special Enquiry Select Committee on AI with the remit  “to consider the economic, ethical and social implications of advances in artificial intelligence. This produced its report “AI in the UK: Ready Willing and Able?”  in April 2018.  It took a close look at government policy towards AI and its ambitions including those contained in the Hall/ Pesenti Review of October 2017 and those set out by former prime Minister Teresa May in her Davos World Economic Forum Speech including her goal for “ the UK to lead the world in deciding how AI can be deployed in a safe and ethical manner.”  

Since then, as well as co-chairing the All Party AI Group, I have maintained a close interest in the development of UK policy in AI, chaired a follow-up to the Select Committee’s report, “AI in the UK: No Room for Complacency”, acted as an adviser to the Council of Europe’s working party on AI (CAHAI) and helped establish the OECD Global Parliamentary Network on AI. 

I am now the Science Innovation and Technology  Spokesperson for the Liberal Democrats in the House of Lords for my sins.

Accross the world COVID-19  has emphasized and accelerated the dependence of virtually every business and sector on the successful adoption of the latest relevant technologies for their survival. Barely a day goes by without some reference to AI in the news. Both today and yesterday GPT 4 was one of the lead stories. 

Artificial Intelligence presents opportunities in a whole variety of sectors.  Variously we know what it can do,.

• Detect financial crime/fraud/anti competitive behaviour.
• Deliver personalised Education-of the learning experience
• Energy Conservation 
• In Healthcare: Diagnostics. Drug Discovery and distribution, administration too 
• Delivery of the UN Sustainable development goals in terms of more productive agriculture, alleviation of hunger and poverty
• Smart or connected cities
• In terms of  technology used by regulators or Reg tech

The  opportunities for AI are incredibly varied indeed many people find it unhelpful to have such a variety of different types of machine learning labelled AI as it is. But I think we are stuck with it! There are common factors such as deep neural networks and machine learning. Increasingly the benefits are not just seen around not just about increasing efficiency, speed etc in terms of analysis, pattern detection and ability to predict but more about what creatively AI can add to human endeavour

We’ve seen the excitement over ChatGPT from Open AI and other large language models and AI text to image applications such as DALL E and now we have GPT 4. . The combination of these systems will give every appearance of AGI. 

The anticipated economic benefits over this decade are significant with estimates predicting that the UK’s GDP will be up to 10% higher in 2030 from the development and adoption of AI

But things can go wrong.This isn’t just any old technology-The degree of autonomy, lack of human intervention, the Black box nature  of some systems makes it different from other tech.

This is well illustrated by Brian Christian’s book ; the Alignment Problem and Stuart Russell’s  Human Compatible. The challenge is to ensure that AI is our servant not our master. Stuart Russell says we have to build in uncertainty into the delivery of objectives of AI systems so that a human in loop is not just desirable but necessary.

Furthermore failure to tackle issues such as bias/discrimination and lack of transparency could lead to a lack of public/consumer trust, reputational damage and inability to deploy new technology. Public trust and trustworthy AI is fundamental to continued advances in technology.

Just take for instance 

• Consumer Financial Services decisions such as on Credit rating
• Cybersecurity issues
• Deployment in the workplace 

This is particularly true in government and public sector use of AI.

• Public sector decisions such as on social security matters
• Live Facial recognition by the police-The dangers of the surveillance state
• And of course deployment of Lethal AutonomousWeapons

The need to ensure responsible or ethical AI in its business and public adoption could and should however lead to a positive appraisal of governance more broadly both in the private and public sector

It is clear that AI even in its narrow form will and should have a profound impact on and implications for corporate governance. Trade organisations such as techUK and specific AI organisations such as the Partnership on AI recognize that corporate responsibility and governance on AI is increasingly important.

This means a much more value driven approach to the adoption of new technology. Engagement from boards through governance right through to policy implementation is crucial. This not purely a matter for the CTO/CIO.

Key areas that need tackling 

• Raising senior management awareness of issues posed by AI 
• Definition/classification  of AI systems being developed, procured and deployed,
• Employment issues : will it augment human skills or substitute them?
• Oversight including Accountability through Boards and Audit and Risk Committees, 
• Risk assessment that is undertaken with the identification of high risk uses
• Procurement rules
• Whistleblowing 

But it also importantly means assessing the ethics of adoption of AI  and the ethical principles to be applied: It may involve the establishment of an ethics advisory committee.

We have a pretty good common set of principles -OECD or G20- which are generally regarded as the gold standard which can be adopted which can help us ensure 

• Quality of training data
• Freedom from Bias 
• The impact on Individual civil and human rights
• Accuracy and robustness
• Transparency and Explainability which of course include the need for open communication where these technologies are deployed. 

Generally in business and in the tech research and development world I think there  there is an appetite for regulatory certainty and adoption of common standards  particularly on standards for tools such as 

• Conformity/risk and impact assessment 
• AI audit
• Continuous Monitoring 
• Scoreboxes
• And Sandboxing 

I am optimistic too that common standards

can be achieved internationally in all these areas. Work on common standards is bearing fruit.  In particular We have seen the launch last October of the interactive AI Standards Hub by the Alan Turing institute with the support of the British Standards Institution and National Physical Laboratory  which will provide users across industry, academia and regulators with practical tools and educational materials to effectively use and shape AI technical standards. 

This in turn could lead to agreement on ISO standards with the EU and the US where NIST is actively engaged in developing such standards

Agreement on the actual regulation of AI ie what elements of governance and application of standards is obligatory, however, is more difficult. 

There are already some elements of a legal framework in place. Even without specific legislation, AI deployment in the UK will interface with existing legislation and regulation in particular relating to 

•  personal data under the GDPR  
•  discrimination and fair treatment under the Human Rights Act and Equality Act
• product safety and public safety
• And various sector-specific regulatory regimes requiring oversight and control by persons undertaking regulated functions, the FCA for financial services, Ofcom in the future for social media for example.

But when it comes to legislation and regulation that is specific to AI that’s where some of the difficulties and disagreements start emerging especially from the UK’s divergent approach. 

The UK has stated that it wishes its regulation to be innovation friendly and context specific. We do need however to be clear that regulation is not necessarily the enemy of innovation, it can in fact be the stimulus and be the key to gaining and retaining public trust around digital technology and its adoption so we can realise the benefits and minimise the returns.

Then we have the policy that regulation will be context specific. As regards categorising AI rather than working to a broad definition of AI and determining what falls within scope, which is the approach taken by the EU AI Act, the UK looks like electing to follow an approach that instead sets out the core principles of AI which the government says “allows regulators to develop their own sector-specific definitions to meet the evolving nature of AI as technology advances.”

 This approach which potentially adopts different regulatory requirements across sectors in my view runs the risk of creating barriers for developers and adopters having to navigate through the regulators of multiple sectors even given the new levels of cooperation currently being put in place.  Where a  cross-compatible AI system is concerned for example in finance and telecoms for example they would have to potentially understand and comply with different regimes administered by the FCA, Prudential Reg Authority, and Ofcom at the same time. 

In its  AI policy paper published last July there is a surprising admission by the government that a context-driven approach may lead to less uniformity between regulators and may cause confusion and apprehension for stakeholders who will potentially need to consider a regime of multiple regulators as well as the measures required to be taken to deal with extra- territorial regimes, such as the EU Regulation.

Also the the more we diverge when it comes to regulation from other jurisdictions the more difficult it gets for developers and those who want to develop AI systems internationally

One example is the proposals to water down data protection under the GDPR which could mean difficulty in transferring data between the UK and Europe. The more I look at the new Data Protection and Digital Identity bill introduced into Parliament last week the more problematic it appears. 

In my view without a broad definition and some overarching duty to carry out a risk and impact assessment and subsequent regular audit to assess whether an AI system is conforming to Al principles the governance of AI systems will be deficient, on the grounds alone that not every sector is regulated. 

For example, except for certain specific products such as driverless cars  or say in financial services and as proposed for social media platforms there is no accountability or liability regime established for the operation of  AI systems more broadly..

Regulation could and should take the form of an overarching regulatory regime designed to  ensure public transparency in the use of AI technologies and the recourse available across sectors for non ethical use.This should set out clear common duties to assess risk and impact and adhere to common standards. Depending on the extent of the risk and impact assessed further regulatory requirements  would arise. 

This includes the public sector. Although The UK Government has recognized the need for guidance for public sector organizations in the procurement and use of AI there is no central and local government compliance mechanism and no transparency yet in the form of a public register of use of automated decision making. It is is interesting that many US cities-and indeed big tech companies- have been much more proactive

Also, despite the efforts of Parliamentarians and organisations such as the Ada Lovelace Institute, there is no no recognition at all by Government that explicit legislation and/‘or regulation for intrusive AI technology such as live facial recognition is needed to prevent the arrival of the surveillance state

But International harmonization is in my view essential if we are to see developers able to commercialize their products on a global basis assured that they are adhering to common standards of regulation and I believe would help provide the certainty businesses would need to develop and invest in the UK more readily 

I would go further when it comes to dealing with our nearest trading partner. When the White Paper does emerge I believe that it is important that there is recognition that we need a considerable degree of convergence between ourselves and the EU and that a risk based form of horizontal rather than purely sectoral regulation is required otherwise we face potentially another trade barrier -AI Adequacy -to add to the need for data adequacy.

That in my view is the way to get real traction to realise the full benefits of  the global development of responsible AI, AI for good which we all to see flourish !  

by Tim Clement-Jones

Lord C-J at the Piccaso Data Privacy Awards

I recently attended and spoke at the inaugural Piccaso Data Privacy awards celebrating the contribution of businessers and organisations innovating in data privacy . 

Piccaso is an acronym (Privacy, InfoSec, Culture, Change , Awareness, Societal Organisation) for an organisation which aims to harness "the knowledge and experience of experts both from the privacy, data protection, and information security domains to inspire, challenge, and educate our community to elevate the practice of privacy and data protection maturity within their firms and sectors."

This is what I said. 

I’m delighted to have been asked to make a few remarks at this evening’s terrific inaugural Piccasso event… and it’s a privilege to follow the avatar of John Edwards the Information Commissioner, especially his sales pitch for the ICO!  It is a great example of his positive approach to regulation which we know needs to be principled, proportionate and communicative. 

Continuing the wise approach of his predecessor, Elizabeth Denham who I am delighted to see is one of our judges.

We of course have new data protection legislation coming down the track which may or may not prove positive, which we are going to have to grapple with inside and outside Parliament fairly soon 

I hope that whatever changes are made to the GDPR its broad approach will continue, and any changes to the GDPR structure and oversight of the regulator, mean we not only remain data adequate for EU purposes but keep public trust in the use and sharing of their data in the UK!

And the need for public trust in the use and sharing of our data and the preservation of individual privacy is crucial if we are to get the full benefit of the adoption of new technologies such as AI and Machine learning.  We have seen how when trust fails, such as with the poorly handled GP data saga last year, when over three million NHS patients opted out of sharing their health data. 

This is a unique and very special event gathering together the full width of community, public and private and third sector, who really get this and each of whom is supporting privacy compliant innovation, by developing privacy enabling solutions, ensuring organisations use their data in a privacy by design and trusted way, and enabling individuals to exercise their privacy rights.  

The 15 award categories tonight and those people and  organisations nominated give a real sense of the breadth of the skills and talent present – all of you focussed on making our organisations, economy and society a trusted and safe place to live and operate.  

Tonight’s event is a celebration of your incredible contributions, which are all too often overlooked and under-appreciated. 

Given that a culture of privacy protection is not always the rule, I want us to commend and celebrate the good work that is being done by so many in this room tonight - including those engaged in thought leadership, testing and setting boundaries and devising creative policy approaches which address new developments such as blockchain, Web 3.0 and the Metaverse. 

You all know, live with and understand the importance of data protection and privacy, and your leadership is helping to enable a safer future, and one where innovation is encouraged.  

So whether you win or not tonight, thank you - and congratulations for playing a really important role in a privacy protecting future!

by Tim Clement-Jones

It's time to have a moratorium on Live Facial Recognition use

We recently debated the recommendations of the  Lords Justice and Home Affairs Committee Report Technology rules? The advent of new technologies in the justice system 

This is what I said on welcoming the $eport.

I entirely understand and welcome the width of the report but today I shall focus on live facial recognition technology, a subject that I have raised many times in this House and elsewhere in Questions and debates, and even in a Private Member’s Bill, over the last five years. The previous debate involving a Home Office Minister—the predecessor of the noble Lord, Lord Sharpe, the noble Baroness, Lady Williams—was in April, on the new College of Policing guidance on live facial recognition.

On each occasion, I drew attention to why guidance or codes are regarded as insufficient by myself and many other organisations such as Liberty, Big Brother Watch, the Ada Lovelace Institute, the former Information Commissioner, current and former Biometrics and Surveillance Camera Commissioners and the Home Office’s own Biometrics and Forensics Ethics Group, not to mention the Commons Science and Technology Committee. On each occasion, I have raised the lack of a legal basis for the use of this technology—and on each occasion, government Ministers have denied that new explicit legislation or regulation is needed, as they have in the wholly inadequate response to this report.

In the successful appeal of Liberal Democrat Councillor Ed Bridges, the Court of Appeal case on the police use of live facial recognition issued in August 2020, the court ruled that South Wales Police’s use of such technology had not been in accordance with the

law on several grounds, including in relation to certain human rights convention rights, data protection legislation and the public sector equality duty. So it was with considerable pleasure that I read the Justice and Home Affairs Committee report, which noted the complicated institutional landscape around the adoption of this kind of technology, emphasised the need for public trust and recommended a stronger legal framework with primary legislation embodying general principles supported by detailed regulation, a single national regulatory body, minimum scientific standards, and local or regional ethics committees put on a statutory basis.

Despite what paragraph 4 of the response says, neither House of Parliament has ever adequately considered or rigorously scrutinised automated facial recognition technology. We remain in the precarious position of police forces dictating the debate, taking it firmly out of the hands of elected parliamentarians and instead—as with the recent College of Policing guidance—marking their own homework. A range of studies have shown that facial recognition technology disproportionately misidentifies women and BAME people, meaning that people from those groups are more likely to be wrongly stopped and questioned by police, and to have their images retained as the result of a false match.

The response urges us to be more positive about the use of new technology, but the UK is now the most camera-surveilled country in the Western world. London remains the third most surveilled city in the world, with 73 surveillance cameras for every 1,000 people. The last Surveillance Camera Commissioner did a survey, shortly before stepping down, and found that there are over 6,000 systems and 80,000 cameras in operation in England and Wales across 183 local authorities. The ubiquity of surveillance cameras, which can be retrofitted with facial recognition software and fed into police databases, means that there is already an apparatus in place for large-scale intrusive surveillance, which could easily be augmented by the widespread adoption of facial recognition technology. Indeed, many surveillance cameras in the UK already have advanced capabilities such as biometric identification, behavioural analysis, anomaly detection, item/clothing recognition, vehicle recognition and profiling.

The breadth of public concern around this issue is growing clearer by the day. Many cities in the US have banned the use of facial recognition, while the European Parliament has called for a ban on the police use of facial recognition technology in public places and predictive policing. In 2020 Microsoft, IBM and Amazon announced that they would cease selling facial recognition technology to US law enforcement bodies.

Public trust is crucial. Sadly, the new Data Protection and Digital Information Bill does not help. As the Surveillance Camera Commissioner said last year, in a blog about the consultation leading up to it:

“This consultation ought to have provided a rare opportunity to pause and consider the real issues that we talk about when we talk about accountable police use of biometrics and surveillance, a chance to design a legal framework that is a planned response to identified requirements rather than a retrospective reaction to highlighted shortcomings, but it is an opportunity missed.”

Now we see that the role of Surveillance Camera Commissioner is to be abolished in the new data protection Bill—talk about shooting the messenger. The much-respected Ada Lovelace Institute has called, in its report Countermeasures and the associated Ryder review in June this year, for new primary legislation to govern the use of biometric technologies by both public and private actors, for a new oversight body and for a moratorium until comprehensive legislation is passed.

The Justice and Home Affairs Committee stopped short of recommending a moratorium on the use of LFR, but I agree with the institute that a moratorium is a vital first step. We need to put a stop to this unregulated invasion of our privacy and have a careful review, so that its use can be paused while a proper regulatory framework is put in place. Rather than update and use toothless codes of practice, as we are urged to do by the Government, to legitimise the use of new technologies such as live facial recognition, the UK should have a root-and-branch surveillance camera and biometrics review, which seeks to increase accountability and protect fundamental rights. The committee’s report is extremely authoritative in this respect. I hope today that the Government will listen but, so far, I am not filled with optimism about their approach to AI governance.

by Tim Clement-Jones

AI Governance: Science and Technology Committee launches enquiry

The House of Commons Science and Technology Committee has launched an inquiry into the governance of artificial intelligence (AI).

This is what they said on launching it:

These are these key questions they are asking

• How effective is current governance of AI in the UK?
• What are the current strengths and weaknesses of current arrangements, including for research?
• What measures could make the use of AI more transparent and explainable to the public?
• How should decisions involving AI be reviewed and scrutinised in both public and private sectors?
• Are current options for challenging the use of AI adequate and, if not, how can they be improved?
• How should the use of AI be regulated, and which body or bodies should provide regulatory oversight?
• To what extent is the legal framework for the use of AI, especially in making decisions, fit for purpose?
• Is more legislation or better guidance required?
• What lessons, if any, can the UK learn from other countries on AI governance?

This is the written evidence to the Committee from myself and Coran Darling,  a Trainee Solicitor and member of the global tech and life sciences sectors at DLA Piper 

Introduction

I, alongside Stephen Metcalfe MP, co-founded the All Party Parliamentary Group on Artificial Intelligence (“APPG”) in late 2016. The APPG is dedicated to informing parliamentarians of contextual developments and creating a community of interest around future policy regarding AI, its adoption, use, and regulation.

I was fortunate to then be asked to chair the House of Lords Special Enquiry Select Committee on AI with the remit: “to consider the economic, ethical, and social implications of advances in artificial intelligence”. As part of our work, the Select Committee produced its first report “AI in the UK: Ready Willing and Able?” in April 2018. The report looked closely at the current landscape of governmental policy towards the subject of AI and its ambitions for future development. This included, for example, those future plans contained in the Hall/Pesenti Review of October 2017, and those set out by former prime Minister Teresa May in her Davos World Economic Forum Speech, including her aim for the UK to “lead the world in deciding how AI can be deployed in a safe and ethical manner.”

Since then, as well as continuing to co-chair the APPG, I have maintained a close interest in the development of UK policy in AI, chaired a follow-up to the Select Committee’s report, “AI in the UK: No Room for Complacency”, acted as an adviser to the Council of Europe’s working party on AI (“CAHAI”) and helped establish the OECD Global Parliamentary Network on AI.

Lord Clement-Jones

25th November 2022

Background

The Hall Pesenti Review (“Review”) was an independent review commissioned in March 2017 tasked with reporting on the potential impact of AI on the UK economy. While it did not tackle the question of ethics or regulation of AI, the Review made several key recommendations designed to set a clear course for UK AI strategy including that:

• Data Trusts should be developed to provide proven and trusted frameworks to facilitate the sharing of data between organisations holding data and organisations looking to use data to develop AI;
• the Alan Turing Institute should become the national institute for AI and data science with the creation of an International Turing AI fellowship programme for AI in the UK; and
• the establishment of an UK AI Council to help coordinate and grow AI in the UK should occur.

The Government's subsequent “Industrial Strategy: building a Britain fit for the future” published in November 2017 (“Industrial Strategy”), identified putting AI “at the forefront of the UK’s AI and data revolution” as one of four 'Grand Challenges' identified as key to Britain's future. At the same time, the Industrial Strategy recognised that ethics would be key to the successful adoption of AI in the UK. This led to the establishment of the Centre for Data Ethics and Innovation in late 2018 with the remit to “make sure that data and AI deliver the best possible outcomes for society, in support of their ethical and innovative use”. In early 2018, the Industrial Strategy would go on to produce a £950m ‘AI Sector Deal’, which incorporated nearly all the recommendations of the Review and established a new Government Office for AI designed to coordinate their implementation.

Building on the work of the Review and the Industrial Strategy, the original Select Committee report enquiry concluded that the UK was in a strong position to be among the world leaders in the development of AI. Our recommendations were designed to support the Government and the UK in realising the potential of AI for our society and our economy and to protect from future potential threats and risks. It was concluded that the UK had a unique opportunity to forge a distinctive role for itself as a pioneer in ethical AI. We did, however, emphasise that if poorly handled, public confidence in AI could be undermined significantly.

In anticipation of the OECD’s subsequent digital AI principles, which were adopted in 2019, the Select Committee proposed five principles that could form the basis of a cross-sector AI code, and which could be adopted both nationally and internationally.

We did not at that point recommend a new regulatory body for AI-specific regulation, but instead noted that such a framework of principles could underpin regulation, should it prove to be necessary, in the future and that existing regulators would be best placed to regulate AI in their respective sectors. The Government in its response accepted the need to retain and develop public trust through an ethical approach both nationally and internationally.

In December 2020, the Select Committee’s follow up report “AI in the UK: No Room for Complacency” we examined the progress made by the Government to date since our earlier work. After interviews with government ministers, regulators, and other key players, the new report made several key recommendations. In particular, that:

• greater public understanding was essential for the wider adoption of AI and active steps should be taken by the Government to explain to the general public the use of their personal data by AI;
• the development of policy and mechanisms to safeguard the use of data, such as data trusts, needed to pick up pace, otherwise it risked being left behind by technological developments;
• the time had come for the Government to move from deciding what the ethics are to how to instil them in the development and deployment of AI systems. We called for the CDEI to establish and publish national standards for the ethical development and deployment of AI;
• users and policymakers needed to develop a better understanding of risk and how it can be assessed and mitigated, in terms of the context in which it is applied; and
• that coordination between the various bodies involved in the development of AI, including the various regulators, was essential. The Government therefore needed to better coordinate its AI policy and the use of data and technology by national and local government. 

Despite the passage of time since the Industrial Strategy, the current governance of AI remains incomplete and unsatisfactory in several respects.

With respect to the use of data for training and inputs, such as for decision making and prediction, the UK General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 are important forms of governance. The Government’s “Data A New Direction” consultation however has led to a new Data Protection bill (“DP Bill”) which, while currently in development, proposes major changes to the GDPR post Brexit. These include significant amendments, such as no longer requiring firms to have a designated Data Protection Officer. The proposed DP Bill also waters down several provisions relating to data impact assessments. This holds the potential to create a divergence from the established data protection position in the UK and is likely to impact on the important EU Adequacy Decision in June 2021, leading to uncertainty for those wishing to use data for training and processing. The Government’s apparent intention to amend Article 22 of the GDPR giving the citizen the right not to be subjected to automated decision making also creates further uncertainty and runs the risk of a lower level of governance over decision made by AI systems.

A further area currently without a satisfactory approach is that of data and the issue of bias in decision making as a result of inherent bias caused by the improper use of data sets during the process of training algorithms. While it is likely that the Government’s own gap analysis will show that equalities legislation covers bias in acquired data which leads to discriminatory decisions made by AI, further consideration is needed on whether specific legal obligations in relation to the use of AI should be implemented in this context to actively mitigate its risk, rather than state that a discriminatory outcome is prohibited.

It is also the case that in many other areas of data and AI, there is no proper current governance in terms of binding legal duties that ensure that key internationally accepted ethical principles, such as those set out in the OECD AI Principles, are observed. These include:

• Inclusive growth, sustainable development and well-being;
• Human-centred values and fairness;
• Transparency and explainability;
• Robustness, security and safety; and

Despite the overall acceptance that the UK would need to consider developing policy or regulations in order to remain ahead of the curve, the UK’s National AI Strategy, published in September 2021, contained no discussion of ethics or regulation. Instead, an AI Governance whitepaper was promised to be published at some point in 2022.

Subsequent publication of an AI policy paper and AI Action Plan in July 2022 did however indicate that the Government was committed to developing “a pro-innovation national position on governing and regulating AI.” It is expected that this will be used to develop the AI Governance White paper.

Their approach is as follows:

“Establishing clear, innovation-friendly and flexible approaches to regulating AI will be core to achieving our ambition to unleash growth and innovation while safeguarding our fundamental values and keeping people safe and secure […] drive business confidence, promote investment, boost public trust and ultimately drive productivity across the economy.”

To facilitate its ‘pro-innovation’ approach, the Government has proposed several early cross-sectoral and overarching principles which build on the OECD AI Principles. These principles will, it seems, be interpreted and implemented by regulators within the context of the environment they oversee and will therefore be flexible to interpretation.

In terms of classification of AI within this ‘pro-innovation’ approach, rather than working to a clear definition of AI and determining what falls within scope, as chosen by the EU with their proposed AI Act, the UK has elected to follow an approach that instead sets out the core principles of AI which allows regulators to develop their own sector-specific definitions to meet the evolving nature of AI as technology advances.

In my view however, without a broad definition and some overarching duty to carry out a risk and impact assessment and subsequent regular audit to assess whether an AI system is conforming to Al principles, the governance of AI systems will be deficient, on the grounds alone that not every sector is regulated as is likely to be required. For example, except for certain specific products such as driverless cars there is no accountability or liability regime established for liability for the operation of AI systems at present.

This is the case for the public sector, as well as those in the private sector. While The Government has recognised the need for guidance for public sector organisations in the procurement and use of AI, it remains that there is no central and local government compliance mechanism to put this into practice. There are therefore insufficient measures of transparency, such as in the form of a public register of use of automated decision making, that require oversight and assessment of the decisions being carried out by AI in the context of public organisations. Furthermore, despite the efforts of parliamentarians, and organisations such as the Ada Lovelace Institute, there is no material recognition by the Government that explicit legislation, and/or regulation for intrusive AI technology such as live facial recognition, is needed to prevent the arrival of the surveillance state.

In light of the recognition by the National AI Strategy of the need to gain public trust, and for the wider use of trustworthy AI, the Government’s current proposals for a context specific approach are inadequate. In the face of this need to retain public trust, it must be clear, above all however, that regulation is not necessarily the enemy of innovation. In fact, it can in be the stimulus and key to gaining and retaining public trust around digital technology and its adoption. An approach by the Government could and should take the form of an overarching regulatory regime designed to ensure public transparency in the use of AI technologies and the recourse available across sectors for non-ethical use.

As is currently proposed, an approach which adopts divergent regulatory requirements across sectors would run the risk of creating barriers for developers and adopters through the requirement of having to navigate the regulatory obligations of multiple sectors. Where a cross-compatible AI system is concerned, for example in finance and telecoms, an organisation would have to potentially understand and comply with different regimes administered by the FCA, Prudential Regulation Authority, and Ofcom at the same time.

So, for these reasons, a much more horizontal cross sectoral approach than the Government is proposing is needed for the development and adoption of AI systems. This should set out clear common duties to assess risk and impact and adhere to common standards. Depending on the extent of the risk and impact assessed further legal duties would arise.

The question (What lessons, if any, can the UK learn from other countries on AI governance?) in my view should extend wider and ask not just about the lessons but the degree of harmonisation needed to ensure the most beneficial context for UK AI development, adoption, and assurance of ethical AI standards.

In its recent AI policy paper, a surprising admission is made by the Government that a context-driven approach may lead to less uniformity between regulators and may cause confusion and apprehension for stakeholders who will potentially need to consider multiple regimes, as well as the measures required to be taken to deal with extra-territorial obligations, such as those of the proposed EU AI Act.

International harmonisation is, in my view, essential if we wish to see developers and suppliers able to commercialise their products on a global basis assured that they are adhering to common standards of regulation without lengthy verification on entry of each individual jurisdiction in which they interact.

This could come in the form of a national version of the EU’s approach, where we have regulation that harmonises the landscape across sectors and industries, or in the form of international agreement on the standards of risk and impact assessment to be adopted. Work on common standards (i.e. the tools which would be deployed if regulation were out in place) is bearing fruit and may also assist organsiations in ensuring they are in conformity without navigating every subsector or jurisdiction with which they interact.

Most recently, we have seen the launch of the interactive AI Standards Hub by the Alan Turing institute with the support of the British Standards Institution and National Physical Laboratory which will provide users across industry, academia, and regulators with practical tools and educational materials to effectively use and shape AI technical standard. This in turn could lead to agreement on ISO standards with the EU and the US where NIST is actively engaged in developing similar protocols.

Having a harmonised approach would help provide the certainty businesses would need to develop and invest in the UK more readily.

When it comes to dealing with our nearest trading partner, it may be favourable to go one step further. When the White Paper does emerge, I believe that it is important that there is recognition that a considerable degree of convergence between us and EU is required practically, and that a risk-based form of horizontal, rather than purely sectoral, regulation is needed.

The Government is engaged in a great deal of activity. The question, therefore, is whether it is fast or focused enough and whether its objectives (such as achieving trustworthy AI and harmonised international standards) are going to be achieved through the actions being taken so far. As it stands currently, this does not look to be the case.

Lord Clement-Jones,

Coran Darling

by Tim Clement-Jones