The post below was first published on our Public Law blog
How to regulate an emerging sector is always an interesting question to which there can be many answers based on the various models of regulation. The UK’s regulatory environment for artificial intelligence (“AI“) is poised for significant evolution, and in this post we consider whether the somewhat unconventional approach proposed by the Government may provide some insight into the future of regulation in other areas.
Proposals for regulating AI – a centrally co-ordinated principles based approach
On 29 March 2023, the Government’s Department for Science, Innovation and Technology published its White Paper on a “pro-innovation approach to AI regulation” (the “White Paper“) (available here), which seeks stakeholder views on the Government’s proposed new AI regulatory framework. For a discussion of the substantive issues see our TMT Notes blog post.
In terms of the regulatory approach:
- The Government proposes to introduce five “cross-sectoral principles” (the “Cross-Sectoral Principles“) for existing regulators to have regard to when dealing with AI issues, intended to “guide and inform the responsible development and use of AI“.
- Initially, the principles will be issued on a non-statutory basis and applied by regulators within their remits, primarily through guidance. A new statutory duty may subsequently be introduced, which would require regulators to have due regard to the Cross-Sectoral Principles.
- The way that regulators apply the Cross-Sectoral Principles when introducing new guidance or other measures, as well as when conducting investigations and enforcement action, should be informed by existing law and regulations. This includes human rights and equality legislation, as well as general public law principles such as rationality and procedural fairness.
The White Paper recognises that AI technologies are advancing rapidly and that “a complex patchwork of legal requirements” currently applies to AI, creating difficulties for businesses. The White Paper explains that regulators also face difficulties, because “some AI risks arise across, or in the gaps between, existing regulatory remits“.
Rather than introducing a new, AI-specific regulator, the Government proposes to introduce a centrally co-ordinated regulatory approach across existing regulators, under the banner of “cross-cutting, principles-based regulation“.
At the heart of the proposed new framework are five Cross-Sectoral Principles, namely:
- safety, security and robustness;
- appropriate transparency and explainability;
- accountability and governance; and
- contestability and redress.
Under the Government’s proposals, regulators would “be expected to apply the [Cross-Sectoral Principles] proportionately to address the risks posed by AI within their remits, in accordance with existing laws and regulations“.
The Government envisages playing a central co-ordinating role, including through the production of “central regulatory guidance“. The White Paper indicates that this central regulatory guidance would, amongst other things, encourage initiatives such as guidance being jointly produced by different regulators, and aim to prevent the Cross-Sectoral Principles from hindering innovation.
The potential introduction of a new statutory duty
The Government does not propose to incorporate the Cross-Sectoral Principles into statute in the initial stages of the new framework. However, it anticipates that it will eventually pursue the enactment of a statutory duty for regulators to “have due regard” to the Cross-Sectoral Principles. The enactment of such a duty would aim to “strengthen and clarify regulators’ mandates“, and could encourage an increased willingness to take enforcement action amongst some regulators.
The continuing relevance of existing law and regulations
Irrespective of whether the proposed statutory duty is enacted, regulators will be expected to continue taking account of existing law as they develop guidance or other measures. Some of the Cross-Sectoral Principles have close parallels with existing law; for example, the White Paper recognises that the application of the Cross-Sectoral Principle of “fairness” by regulators should “include consideration of compliance with relevant law and regulation“, including the Human Rights Act 1998 and the Equality Act 2010. Regulators will therefore be required to have regard to these and other existing legislative requirements, as well as to public law principles more generally, when decision-making, including when conducting consultations, issuing guidance and conducting investigations and enforcement action.
What does this tell us about the future of regulation?
The approach proposed for AI differs significantly from the traditional model of a specific regulator as part of a detailed statutory regulatory scheme applying to a particular area, or even from models of self-regulation. It also departs significantly from the comprehensive and centralised framework proposed in the EU. The reasons given for this emphasise the need for flexibility and agility in the rapidly moving world of AI. AI is, of course, not the only area where developments often outpace law and regulation, and those arguments could apply equally well in other contexts and sectors. Indeed, this approach does appear to be part of a broader trend towards the use of policy and guidance, emphasising higher level principles and the attractiveness of being nimble, over detailed legislation. It also chimes with the Government’s recent policy paper on ‘Smarter regulation to grow the economy‘ which looks at reducing regulatory burdens to drive economic growth and boost innovation, and in which the view is expressed that “governments too often reach for the lever of regulation first, when other ways to improve and safeguard outcomes are available“.
As always, flexibility comes with its downsides. There is an obvious risk, when tasking multiple regulators with providing guidance in their own areas, of inconsistency or indeed of certain matters falling between the gaps due to a lack of clarity as to who takes ultimate responsibility for a specific issue. Concerns have already been expressed by the Information Commissioner’s Office over precisely how regulators would be expected to interact with the central regulatory guidance, and over funding and co-ordination more generally. Consistency across sectors may be particularly difficult to achieve under this model.
This approach also lacks the certainty and predictability that businesses are used to in other regulatory spheres. The very point of “nimble” guidance is presumably that it can be changed at a moment’s notice, leaving businesses at risk of spending disproportionate time and money trying to comply with ever-shifting standards. Often when a new policy is announced by the Government we are told that the devil will be in the detail, but here there is to be no such detail, or what there is will be in non-statutory guidance only. That leaves businesses, and indeed regulators, seeking to use the high level principles to fill in gaps where no specific guidance applies. Needless to say, those two groups of organisations are not always going to interpret and apply high level principles in the same way. Further, it is unclear how enforcement will operate if standards are only contained in non-binding guidance, although the Government has emphasised its expectation for regulators to act proportionately and in a way that does not stifle innovation.
There are also broader constitutional implications about such heavy reliance on guidance, not least the lack of Parliamentary scrutiny. A more practical concern is that essential procedural safeguards for businesses in this regulatory space may not be guaranteed in the way they are in comprehensive statutory schemes.
One potential consequence of pursuing this avenue may be a greater reliance on general public law principles to fill the gaps when things go wrong. Where a regulator fails to act in a way which is incompatible with its public law duties, then it will be open to businesses and other stakeholders to challenge the regulator’s decisions or actions by way of judicial review. Judicial review may therefore play a significant role, for example in ensuring procedural fairness is upheld in circumstances where there is no set procedure laid down in legislation. Judicial review can also police how regulators use guidance, ensuring that relevant guidance is taken into account but not applied blindly and inflexibly.
It will certainly be interesting to see how this regulatory experiment works and whether, after some time, the Government decides to revert to more traditional statutory intervention. If the system works well, and is welcomed by both businesses and regulators for cutting red-tape and encouraging innovative and collaboration, that may well herald a new approach in other sectors.