The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have published a new standard providing guidance on risk management in artificial intelligence (AI). Titled ISO/IEC 23894:2023 Information technology – Artificial intelligence – Guidance on risk management, the standard offers guidance to organisations that develop, produce, deploy, or use products, systems, and services that use AI on how to manage AI-related risks. With the goal of assisting organisations in integrating risk management into their AI-related activities, the standard also describes processes for the effective implementation and integration of AI risk management. In this context, risk management processes are described as involving the systematic application of policies, procedures, and practices to the activities of communicating and consulting, establishing the context, and assessing, treating, monitoring, reviewing, recording, and reporting risk.
The standard is the result of work carried out within the Joint Technical Committee ISO/IEC JTC on information technology – Subcommittee SC 42 on AI.
In the High Court of Justice in London, Getty Images has filed a lawsuit against Stability AI for allegedly infringing the intellectual property rights of millions of images from its platform, which Stability AI used to train its AI image generator, Stable Diffusion. According to the lawsuit, Stability AI violated several of Getty Image’s Terms of Service, such as image scraping used to train its AI image generator.
Getty Image is alleging that Stability AI has unlawfully copied and processed images from its website without obtaining a license for their commercial exploitation, including copyright in content that belongs to or is represented by Getty Images.
Previously in September, as was then reported, Getty Images banned AI-generated content on its platform, including images produced by Stable Diffusion, fearing possible (future) copyright lawsuits.
US-based cyber threat intelligence research team Check Point Research (CPR) found that cybercriminals have been using the artificial intelligence-based tool ChatGPT for malicious purposes. The team described three examples of such misuses of ChatGPT:
- Recreating malicious strains and techniques described in research publications and write-ups about common malware.
- Creating encryption tools
- The second thread is found to perform cryptographic combinations of different signing, encryption, and decryption functions.
- Creating dark web marketplaces.
As CPR notes, although the examples given in the report are relatively basic, ‘it is only a matter of time until more sophisticated actors enhance the way they use AI-based tools for bad’.
In the USA, the Office of the Special Envoy for Critical and Emerging Technology began operations in early January 2023, within the US Department of State.
The office is expected to support the Department of State in its work on the policy and diplomatic dimensions of critical and emerging technologies. As such, it will ‘provide a center of expertise and energy to develop and coordinate critical and emerging technology foreign policy, and to engage foreign partners on emerging technologies’ such as biotechnology, advanced computing, artificial intelligence, and quantum information technologies.
China’s regulation on deepfakes will come into force on 10 January 2023. Deepfakes are synthetically generated or altered images or videos built using artificial intelligence. This technology can be used to alter an existing video, for example, by creating realistic fake speech.
Finalised at the end of 2022, the Provisions on the Administration of Deep Synthesis of Internet-based Information Services requires providers of deep synthesis services, among other issues, to:
- Strengthen data management by taking necessary measures for personal data protection according to the existing laws.
- Establish guidelines, criteria, and processes for recognising false or damaging information, and devise mechanisms to deal with users who produce false or damaging material using deep synthesis technology.
- Periodically review the algorithms used, and conduct security assessments when providing models, templates, and other tools with the editing function of the face, voice, and other biometric information, or objects, scenes, and other non-biometric information that may involve national security, national image, national interests, and public interests.
The US Department of Commerce’s Bureau of Industry and Security (BIS) announced new restrictions on the export of advanced US technologies to Chinese entities. The Bureau added 36 new entities to the Entity List, meaning that they will be subject to strict licence requirements significantly restricting their access to commodities, software, and technologies subject to the US Export Administration regulations. Among these 36 entities, 35 are primarily located in China and 1 in Japan (but it is a subsidiary to a Chinese entity). The US government argues that these entities were found ‘to be acting contrary to the national security or foreign policy interests of the United States)’ for the following reasons:
- Twenty-one entities are major artificial intelligence (AI) chip research and development (R&D), manufacturing, and sales entities thought to be or have close ties to government organisations that support the Chinese military and defence industry.
- Two entities were added to the list for acquiring or attempting to acquire US-origin items in support of China’s military modernisation.
- Seven of the entities engaged in supporting China’s military modernisation were found to have demonstrable direct ties to activities of concern.
- Four entities are seen as posing a significant risk of becoming involved in activities that could have a negative impact on the national security or foreign policy of the USA.
- One entity was found to engage in or enable activities contrary to US foreign policy interests.
- One entity was found to facilitate the illegal export of US-origin electronics to Iran for use in the production of military unmanned aerial vehicles and missile systems.
- For two entities, additional restrictions were imposed for having supported, or continued to support, Russia’s military (‘backfilling’) since the imposition of new export controls.
In a second rule issued on the same day, BIS:
- Removes 25 Chinese entities from the Unverified List (UVL) due to satisfactory completion of End-Use Checks (EUCs) and verification of those entities’ bona fides, including in cooperation with the Chinese government. This means they are now removed from BIS’ restricted party lists.
- Adds 9 Russian entities to the Entity List from the UVL due to the inability to complete EUCs.
The third ministerial meeting of the EU-US Trade and Technology Council (TTC) was held on 5 December 2022 in Washington, DC, USA. During the meeting, the two parties:
- Reiterated the importance of cooperating on trust and security in the ICT ecosystem and noted that the TTC Working Group on ICTS security and competitiveness plans to discuss transatlantic subsea cables’ connectivity and security, including alternative routes, such as the transatlantic route to connect Europe, North America and Asia.
- Reiterated their commitment to developing and implementing trustworthy artificial intelligence (AI), building on the Joint Roadmap on Evaluation and Measurement Tools for Trustworthy AI and Risk Management.
- Announced plans to launch a pilot project to assess the use of privacy-enhancing technologies and synthetic data in health and medicine.
- Announced plans to establish an expert task force to strengthen research and development cooperation on quantum information science, develop common frameworks for assessing technology readiness, discuss intellectual property, and export control-related issues as appropriate, and work together to advance international standards.
- Announced progress on increasing standards cooperation, for instance through the Strategic Standards Information mechanism meant to enable the EU and the USA to share information about international standardisation activities and react to common strategic issues.
- Announced that the US Department of Commerce and the European Commission are entering into an administrative arrangement to implement an early warning mechanism to address and mitigate semiconductor supply chain disruptions in a cooperative way.
- Stressed the importance of eliminating the use of arbitrary and unlawful surveillance to target human rights defenders, and expressed concerns over government-imposed internet shutdowns.
- Announced plans to enhance transatlantic trade, for instance through developing joint best practices for the use of digital tools to simplify or reduce the cost of commercial actors’ interactions with the governments in relation to trade-related policy, legal requirements, or regulatory requirements.
- Announced the launch of a Talent for Growth Task Force to facilitate exchanges of experiences on training and capacity building and serve as a catalyst for innovative skills policies.
These and other commitments and initiatives are outlined in the joint statement issued at the end of the meeting.
A coalition of eight civil society organisations has issued a joint statement following the Council of Europe’s Committee on Artificial Intelligence’s (CAI) second meeting (held in September 2022). During the session, members of the committee began the negotiations on the zero draft framework of a Council of Europe’s (CoE) binding convention on artificial intelligence (AI), human rights, democracy, and the rule of law.
The signatories expressed their disappointment with what they perceived as the EU’s efforts to delay the process of developing the binding treaty on AI. The statement urged the EU to reconsider its position of, essentially, ‘suspending the participation of the EU states in the CAI process…while the EU sorts out its participation in this matter’, while acknowledging the potential overlap of the CoE Convention and the EU’s draft AI Act.
It should be noted that the session was a closed-door meeting, and that currently the zero draft has yet to be made publicly available.