Over the last few years many countries have released various forms of oversight for artificial intelligence. This has created speculation about how the U.S. will approach this generational challenge. On 30 Oct., the U.S. took the next step toward answering this question when President Joe Biden released a comprehensive Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.
Executive Order 14110 identifies the immense opportunity of AI, acknowledging that it must have guardrails to be truly harnessed for the betterment of society. With safety and responsibility as cornerstones of the order, the Biden-Harris administration is directing government departments and agencies to inform these important efforts. Additionally, the order provides a wide range of new opportunities for input from the private sector, academia and civil society.
Guided by eight policies and principles, which serve as direction for the administration's approach to the governance of AI, much of the order requires additional implementation. However, there is a clear sense of urgency, with deadlines ranging from 45-375 days for a wide range of projects from public consultations to new regulations. The first consultations are already beginning. Immediately after the order's release, the Office of Management and Budget released draft guidance for the use of AI by the federal government, along with an invitation for stakeholders to comment.
As you develop AI governance initiatives within your organization, you should understand the policies and principles reflected in the executive order, which will have direct and indirect effects for years to come. One theme is clear in the order: the administration understands that people are at the heart of AI development and use.
Why an executive order?
In the absence of congressional action, the Biden-Harris administration made clear it intends to use every tool available to respond to the priority of AI policy. Executive orders are rules and instructions issued by the president that bind the addressed executive agencies. They have the force of law with respect to their addressees and, though they are of principal relevance to those addressees, executive orders can have wide-ranging impacts on the economy.
While Executive Order 14110 will lead to an incredible amount of government action in a relatively short period — building on many existing government initiatives — it offers only limited new requirements that apply today. However, the order serves as a watershed moment in its articulation of the types of rules under consideration and its setting of guideposts for the development of best practices. As agencies and regulators continue to engage with the order, the expectations of reasonable AI practices will be informed by what comes next.
The scope of AI guardrails
The order defines AI in broad terms as including any machine-based system that can make predictions, recommendations or decisions influencing real or virtual environments. However, many of the order's specific requirements apply only to clearly defined higher risk systems, such as dual-use foundation models. Dual-use models are distinct both in relation to their size (trained on tens of billions of parameters) and their potential use for both security and civilian purposes.
Policies and principles
expand_more
1. Ensuring the safety and security of AI technology
Develop soft law for AI: The order highlights the importance of guidelines, benchmarks, industry standards and test beds for AI oversight. The National Institute of Standards and Technology will continue building on its AI Risk Management Framework with input from experts in industry, civil society and academia.
Create AI assurance: Assurance tools and processes like audits, third-party assessments and red teams are identified as ways for federal agencies to provide accountability as the development and use of AI increases in various domains. The Department of Defense, secretary of health and human services, and secretary of commerce will develop guidance specific to their sectoral contexts and regulatory competences.
Develop harm and risk identification practices: A theme throughout the order is working to understand the impact that AI has on marginalized communities. Pointing to existing work like the Department of Energy model evaluation tools and AI test beds, the administration wants to leverage similar tools to develop a clear understanding of the harms and risks posed by various uses of AI, specifically those that pose nuclear, biological, infrastructure or energy security threats.
Consult with the public and relevant subject matter experts: The secretary of commerce will work with business leaders, researchers, civil society organizations and other experts to develop appropriate mitigation tactics for identified AI risks and harms.
Create stronger rules for cyber- and bio-security threats: In addition to the guidance and standards mentioned above, the secretary of commerce will require companies developing dual-use foundation models, large computing clusters, cybersecurity and biosecurity applications to report their activity.
Establish rules for AI infrastructure: With the acknowledgement that not all AI are built in the U.S., agencies will develop new regulations for infrastructure providers, including additional reporting requirements for foreign companies using these platforms. Additionally, the order provides guidance on how large model capabilities can be limited to malicious activity.
Identify appropriate use for open-source data and models: As part of ongoing security considerations, additional information on the benefits and risks of open-source model development is requested. The order also renews support for the release of federal open data to support the advancement of AI.
expand_more
2. Promoting innovation and competition
Attract and retaining talent: From expanding and renewing work visa processes to ensuring continuity of student visas to streamlining the immigration process, the order provides direction to attract and retain AI talent.
Scope AI workforce: The secretary of labor will categorize AI occupations to understand where there are gaps in the market for particular roles.
Research to implementation: The order directs the establishment of public-private partnerships to encourage the conversion of AI research and researchers into solutions. Additionally, new patent examiners guidance will address new AI considerations, including intellectual property concerns.
Protect AI supply chain: There will be support for chip manufacturers to reduce dependency on other countries that are solely responsible for chip manufacturing.
Support small and medium AI companies: Funding for small and medium-sized businesses will include accelerator funding and access to mentorship.
expand_more
3. Supporting workers
Understand effects on labor: The Chairman of the Council of Economic Advisers will coordinate a report about the impact of AI on the labor market, recognizing that AI will create workforce disruptions.
Address displacement of workers: The secretary of labor will oversee development of principles and best practices to mitigate AI's impact on workers, including looking at job-displacement risks, career opportunities, labor standards and job quality.
Address workplace surveillance concerns: The order supports the provision of rules and fair compensation requirements for employers who deploy AI to collect data in the workplace and use this data to manage or monitor employees.
Prepare for an AI-enabled workforce: The National Science Foundation will augment existing workforce programs to support an AI-ready workforce, including fellowship programs and awards.
expand_more
4. Advancing equity and civil rights
Apply existing laws to AI use cases: Federal departments and agencies will extend implementation and enforcement of existing federal laws to address civil rights and civil liberty violations and discrimination.
Engage stakeholders: The order directs consultation to be done with federal civil rights offices across government, as well as civil rights and civil liberties organizations, academic institutions, and subnational governments as part of the process to help inform new training, technical assistance, guidance and laws.
Address consequential impacts of AI: With a focus on the criminal justice system, law enforcement, human resources and housing, the U.S. attorney general and other relevant federal leaders will develop best practices and guidance to mitigate harms related to the increased use of AI.
Ensure responsible use of AI in government benefits and programs: Federal civil rights and civil liberties offices will prevent and address unlawful discrimination and other harms from the use of AI in federal programs and benefits administration, including programs implemented by state and local governments. Plans to address issues arising from the increased use of AI in administering these programs are required.
expand_more
5. Protecting consumers, patients, passengers and students
Protect consumer rights: Recognizing that AI can lead to consumer fraud, discrimination and threats to privacy, agencies will use existing powers to address these issues, including renewed responsibilities as a result of AI use.
Ensure patient safety: The secretary of health and human services will establish an AI Task Force to develop a strategic plan and possible new regulations for the use of AI in health care. Special consideration will be paid to the establishment of equity principles and AI assurance, including bias testing and documentation requirements.
Establish new regulations for AI-enabled drug development: The secretary of health and human services will develop a strategy for regulating the use of AI in drug development including identification of risks, statutory authorities, and funding for public-private partnerships.
Develop new guidance for automated vehicles: The secretary of transportation will oversee new guidance for the use of AI in transportation, ensuring its safe and responsible use with a specific look at pilot opportunities, grants and the establishment of new governance groups.
Address use of AI in education sector: The secretary of education will lead the development of resources, policies, guidance and guardrails for the use of AI in education, including the creation of an AI toolkit for education leaders.
Understand implications of AI on communications networks: The Federal Communications Commission will review how AI can improve communications hardware, including network security, resiliency and interoperability.
expand_more
6. Protecting privacy
Leverage privacy impact assessments to respond to AI harms: As part of future rules for government agencies, the OMB will begin a dedicated workstream to level up existing privacy impact assessments to address privacy risks, including those exacerbated by AI, more effectively.
Update rules for government acquisition of personal data: The OMB will revise the rules for government agencies' procurement and use of commercially available information, particularly when it includes personal data. Rules for U.S. government interactions with data brokers have been a hotly debated area of policy, and the order acknowledges that proper safeguards are even more important when AI systems can exacerbate privacy risks through enhanced inferences.
Expand the development of privacy-enhancing technologies: The NSF will continue to incentive the research and development of PETs, including through a new Research Coordination Network dedicated to advancing privacy research. This will build on the existing work of the U.K.-U.S. PETs prize challenge.
Develop differential privacy guidelines: The NIST will create guidelines for federal agencies to "evaluate differential-privacy-guarantee protections, including for AI." The NIST has engaged closely on the development of differential privacy practices, as explained in a series of blog posts.
Support development of a privacy law: Alongside the publication of the order, the Biden-Harris administration released its strongest call yet for Congress to "pass bipartisan data privacy legislation to protect all Americans, especially kids."
expand_more
7. Advancing federal government use of AI
Harness the power of AI for government: Under the leadership of the OMB, new governance programs and operational activities will be established to leverage AI to improve government service delivery and operations.
Establish chief AI officers: All agencies will be required to designate a chief AI officer to be accountable for their agency's use of AI, promote AI innovation and manage risks from their agency's use of AI.
Appropriately manage AI risks: Agencies will be required to mitigate risks of their AI use through activities such as conducting public consultations, assessing data quality, assessing and mitigating disparate impacts and algorithmic discrimination, providing notice of the use of AI, continuously monitoring and evaluating deployed AI, and maintaining human interaction where necessary. This will include requirements for the continued public reporting on agency use of AI, as well as ensuring those working with any AI system are appropriately trained.
Create guidance for AI procurement: The OMB will develop guidance for agencies that acquire AI systems and services.
Address AI talent gaps: The order encourages the prioritization of new roles to be developed and recruited to support the government's use of AI and all the objectives outlined in the order.
Train the federal workforce: To help the federal workforce understand and manage issues related to AI, the head of each agency must implement training programs for technology employees, managers and leadership roles, as well as relevant areas including procurement, governance, legal and other compliance functions.
Develop future credentialing for AI roles: The Office of Personal Management will review competencies for civil engineers and other occupations that should require AI expertise.
expand_more
8. Strengthening American leadership abroad
Collaborate with international peers: The U.S. will continue to engage in international efforts to mitigate the impacts of AI and advance opportunities for AI development through common frameworks, voluntary commitments and the development of technical standards.
Establish a global AI research agenda: The secretary of state and the administrator of the U.S. Agency for International Development will develop a plan for global research objectives including ensuring the safe and responsible use of AI and understanding global labor-market changes, cross-border AI risks, critical infrastructure and malicious use of AI.
Top takeaways for AI governance professionals
This executive order is a significant step forward for the governance of AI in the U.S. and will have an impact on the development of policies and standards internationally.
Though binding on most federal agencies—excepting independent agencies—the order addresses all aspects of the AI supply chain and is therefore directly relevant when the private sector does business with federal agencies. It is also indirectly relevant for parts of the private sector not engaged with federal agencies because of the AI governance norms that will flow from new standards and evolving best practices.
While many details and requirements will be forthcoming in various consultations, frameworks and regulations, now is the time to act by preparing your organization.
Some considerations to get you started:
Consider fostering AI governance practices within your organization, such as:
Creating a chief AI officer or accountable individual or group within your organization.
Training individuals involved in development and use of AI across the organization. For example, check out the IAPP AI Governance Professional training.
Developing policies and procedures within your organization, including reporting, documenting and tracking the use of AI and data involved throughout the lifecycle.
Introducing accountability and compliance mechanisms for AI, including laying the foundation for likely future reporting requirements.
Developing AI assurance practices, such as tests, evaluations, assessments, and audits for your people, processes and tools.
Familiarize yourself with the NIST AI RMF and other emerging AI standards development processes.
If you work in or with the U.S. government, it appears the AI RMF and future NIST standards will likely align with future AI guidance and any sectoral regulation.
Support for implementing the concepts in the AI RMF can be found in the companion playbook.
Interested organizations can also help shape standards development through the NIST's open call for participation in the AI standards development process.
Prepare to align with guidance and direction provided for federal departments and agencies if you work for an AI vendor that sells to the government.
Start to review workforce impacts due to increased AI use, by:
Being aware of the data you are collecting for use in AI systems. For example, it is likely new rules will be required for collecting and using employee data in the workplace to ensure civil rights and liberties.
Thinking about what jobs will change and how you are preparing for an AI-enabled workforce, including requirements for new AI roles in technical, operational or governance teams.
Keep aware of forthcoming AI rules and regulations:
There are a lot of clues in this order and the accompanying OMB memo about what types of requirements may be in future frameworks, guidance and regulations. While i one general purpose law for AI is unlikely, it appears there will be several sectoral and use-case specific rules.
Look for new grants and funding opportunities if you are looking to expand your business to include AI.
Keep an eye out for upcoming opportunities if you are an AI expert or are looking for a career change. It appears that there will be many federal government jobs available in the near future.
The IAPP AI Governance Center will work to provide updates of relevant work completed from these requirements as they evolve. Here are some key items we will be watching:
Development of new frameworks, guidance and/or regulations for AI in criminal justice, law enforcement, transportation, hiring, education and health care.
Continued development of NIST standards to promote the safe and responsible design, development and use of AI.
Additional safeguards that will be required of companies developing large language models, making use of large computers or developing high-risk applications with cyber- or biosecurity, in addition to the new reporting requirements.
The U.S. government's approach to open-source model development.
Clarity around new AI talent rules to attract and retain AI expertise to work and study in the U.S.
AI standards development for organizations, whether through procurement requirements, government standard-setting or multistakeholder engagement.
Credentialing requirements for AI engineers and other AI roles, including AI governance professionals.
While high expectations have been set for this work, it is important to note the limitations of an executive order, which does not have the same enforcement requirements as a law. As a result, changes in direction could occur along with changes in administration. In addition, the president is unable to authorize new funding to complete the work prioritized within the order. This means changes to budgets — or existing funding constraints — could affect the capacity for projects to be completed within the identified time limits.
However, even if milestones are missed, the impact of this order will be felt for years.
Additional resources
expand_more
Artificial intelligence resources
Artificial Intelligence topic page On this topic page, you can find the IAPP’s collection of coverage, analysis and resources on AI connections to the privacy space. View Here
AI Governance Dashboard newsletter Stay on top of the latest AI governance news, learn about our new offerings and engage in the development of the AI governance profession. View Here
AI Governance Center The IAPP AI Governance Center provides privacy and AI governance professionals with the content, resources, networking, training and certification needed to respond to the complex risks in the AI field. View Here
US Federal Privacy Topic Page The IAPP has been keeping track of the goings-on regarding a federal privacy law, and we’ve collected our news and resources here. View Here
US Federal Privacy Legislation Tracker This tracker organizes the privacy-related bills proposed in Congress to keep our members informed of developments within the federal privacy landscape. View Here
The IAPP-EY Privacy Governance Report 2023 builds on previous comprehensive efforts to shine a light on the location, performance and significance of privacy governance within organizations. For the first time, we explored organizational confidence when it comes to privacy governance and the drivers...
In July 2023, the IAPP AI Governance Center convened a group of leaders from industry, government, academia and civil society in Portsmouth, New Hampshire to discuss the future of AI and responsible governance. This infographic presents some of the most prominent themes and questions identified thro...
Approved