On October 13, 2022, the European Data Protection Supervisor (“EDPS”) released its Opinion 20/2022 on a Recommendation issued by the European Commission in August 2022 calling for a Council Decision authorising the opening of negotiations on behalf of the European Union for a Council of Europe convention on artificial intelligence, human rights, democracy and the
Artificial Intelligence (AI)
U.S. AI, IoT, CAV, and Privacy Legislative Update – Third Quarter 2022
This quarterly update summarizes key legislative and regulatory developments in the third quarter of 2022 related to Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and autonomous vehicles (“CAVs”), and data privacy and cybersecurity. …
Continue Reading U.S. AI, IoT, CAV, and Privacy Legislative Update – Third Quarter 2022
Artificial Intelligence & NYC Employers: New York City Seeks Public Comment on Proposed Rules That Would Regulate the Use of AI Tools in the Employment Context
Many employers and employment agencies have turned to artificial intelligence (“AI”) tools to assist them in making better and faster employment decisions, including in the hiring and promotion processes. The use of AI for these purposes has been scrutinized and will now be regulated in New York City. The New York City Department of Consumer and Worker Protection (“DCWP”) recently issued a Notice of Public Hearing and Opportunity to Comment on Proposed Rules relating to the implementation of New York City’s law regulating the use of automated employment decision tools (“AEDT”) by NYC employers and employment agencies. As detailed further below, the comment period is open until October 24, 2022.…
European Commission Publishes Directive on the Liability of Artificial Intelligence Systems
On September 28, 2022, the European Commission published its long-promised proposal for an AI Liability Directive. The draft Directive is intended to complement the EU AI Act, which the EU’s institutions are still negotiating. In parallel, the European Commission also published its proposal to update the EU’s 1985 Product Liability Directive. If adopted, the proposals will change the liability rules for software and AI systems in the EU.
The draft AI Liability Directive establishes rules applicable to non-contractual, fault-based civil claims involving AI systems. Specifically, the proposal establishes rules that would govern the preservation and disclosure of evidence in cases involving high-risk AI, as well as rules on the burden of proof and corresponding rebuttable presumptions. If adopted as proposed, the draft AI Liability Directive will apply to damages that occur two years or more after the Directive enters into force; five years after its entry into force, the Commission will consider the need for rules on no-fault liability for AI claims.
As for the draft Directive on Liability of Defective Products, if adopted, EU Member States will have one year from its entry into force to implement it in their national laws. The draft Directive would apply to products placed on the market one year after it enters into force.…
CNIL Tests Tools to Audit AI Systems
By Kristof Van Quathem & Alix Bertrand on
With the growing use of AI systems and the increasing complexity of the legal framework relating to such use, the need for appropriate methods and tools to audit AI systems is becoming more pressing both for professionals and for regulators. The French Supervisory Authority (“CNIL”) has recently tested tools that could potentially help its auditors…
UK Government Sets Out Sector-Specific Vision for Regulating AI
By Marianna Drake, Mark Young, Tomos Griffiths & Lisa Peets on
The UK Government recently published its AI Governance and Regulation: Policy Statement (the “AI Statement”) setting out its proposed approach to regulating Artificial Intelligence (“AI”) in the UK. The AI Statement was published alongside the draft Data Protection and Digital Information Bill (see our blog post here for further details on the Bill) and is…
CISA and NIST Urge Companies to Prepare to Transition to a Post-Quantum Cryptographic Standard
By Micaela McMurrough & Matthew Harden on
On July 5, 2022, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the National Institute of Standards and Technology (“NIST”) strongly recommended that organizations begin preparing to transition to a post-quantum cryptographic standard. “The term ‘post-quantum cryptography’ is often referred to as ‘quantum-resistant cryptography’ and includes, ‘cryptographic algorithms or methods that are assessed not to be specifically vulnerable to attack by” a CRQC (cryptanalytically relevant quantum computer) or a classical computer. NIST “has announced that a new post-quantum cryptographic standard will replace current public-key cryptography, which is vulnerable to quantum-based attacks.” NIST does not intend to publish the new post-quantum cryptographic standard for commercial products until 2024 but urges companies to begin preparing now by following the Post-Quantum Cryptography Roadmap. …
U.S. AI, IoT, CAV, and Data Privacy Legislative and Regulatory Update – Second Quarter 2022
This quarterly update summarizes key federal legislative and regulatory developments in the second quarter of 2022 related to artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and data privacy, and highlights a few particularly notable developments in U.S. state legislatures. In the second quarter of 2022, Congress and the Administration focused on addressing algorithmic bias and other AI-related risks and introduced a bipartisan federal privacy bill.…
NIST Releases Draft AI Risk Management Framework for Public Comment
By Libbie Canter & Jayne Ponder on
Posted in Artificial Intelligence (AI)
The National Institute of Standards and Technology (“NIST”) issued its initial draft of the “AI Risk Management Framework” (“AI RMF”), which aims to provide voluntary, risk-based guidance on the design, development, and deployment of AI systems. NIST is seeking public comments on this draft via email, at AIframework@nist.gov, through April 29, 2022. Feedback received on this draft will be incorporated into the second draft of the framework, which will be issued this summer or fall.
Continue Reading NIST Releases Draft AI Risk Management Framework for Public Comment
U.S. AI, IoT, CAV, and Privacy Legislative Update – First Quarter 2022
This quarterly update summarizes key federal legislative and regulatory developments in the first quarter of 2022 related to artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and data privacy, and highlights a few particularly notable developments in the States. In the first quarter of 2022, Congress and the Administration focused on required assessments and funding for AI, restrictions on targeted advertising using personal data collected from individuals and connected devices, creating rules to enhance CAV safety, and children’s privacy topics.
Continue Reading U.S. AI, IoT, CAV, and Privacy Legislative Update – First Quarter 2022