Australia
Voluntary AI Ethics Principles guide responsible AI development in Australia, with potential reforms under consideration.
Artificial intelligence (AI) has made enormous strides in recent years and has increasingly moved into the public consciousness.
Increases in computational power, coupled with advances in machine learning, have fueled the rapid rise of AI. This has brought enormous opportunities, as new AI applications have given rise to new ways of doing business. It has also brought potential risks, from unintended impacts on individuals (e.g., AI errors harming an individual's credit score or public reputation) to the risk of misuse of AI by malicious third parties (e.g., by manipulating AI systems to produce inaccurate or misleading output, or by using AI to create deepfakes).
Governments and regulatory bodies around the world have had to act quickly to try to ensure that their regulatory frameworks do not become obsolete. In addition, international organizations such as the G7, the UN, the Council of Europe and the OECD have responded to this technological shift by issuing their own AI frameworks. But they are all scrambling to stay abreast of technological developments, and already there are signs that emerging efforts to regulate AI will struggle to keep pace. In an effort to introduce some degree of international consensus, the UK government organized the first global AI Safety Summit in November 2023, with the aim of encouraging the safe and responsible development of AI around the world.
Most jurisdictions have sought to strike a balance between encouraging AI innovation and investment, while at the same time attempting to create rules to protect against possible harms. However, jurisdictions around the world have taken substantially different approaches to achieving these goals, which has in turn increased the risk that businesses face from a fragmented and inconsistent AI regulatory environment. Nevertheless, certain trends are becoming clearer at this stage:
Businesses in almost all sectors need to keep a close eye on these developments to ensure that they are aware of the AI regulations and forthcoming trends, in order to identify new opportunities and new potential business risks. But even at this early stage, the inconsistent approaches each jurisdiction has taken to the core questions of how to regulate AI is clear. As a result, it appears that international businesses may face substantially different AI regulatory compliance challenges in different parts of the world. To that end, this AI Tracker is designed to provide businesses with an understanding of the state of play of AI regulations in the core markets in which they operate. It provides analysis of the approach that each jurisdiction has taken to AI regulation and provides helpful commentary on the likely direction of travel.
Because global AI regulations remain in a constant state of flux, this AI Tracker will develop over time, adding updates and new jurisdictions when appropriate. Stay tuned, as we continue to provide insights to help businesses navigate these ever-evolving issues.
Voluntary AI Ethics Principles guide responsible AI development in Australia, with potential reforms under consideration.
The enactment of Brazil's proposed AI Regulation remains uncertain with compliance requirements pending review.
AIDA expected to regulate AI at the federal level in Canada but provincial legislatures have yet to be introduced.
The Interim AI Measures is China's first specific, administrative regulation on the management of generative AI services.
The Council of Europe is developing a new Convention on AI to safeguard human rights, democracy, and the rule of law in the digital space covering governance, accountability and risk assessment.
The successful implementation of the EU AI Act into national law is the primary focus for the Czech Republic, with its National AI Strategy being the main policy document.
The EU introduces the pioneering EU AI Act, aiming to become a global hub for human-centric, trustworthy AI.
France actively participates in international efforts and proposes sector-specific laws.
The G7's AI regulations mandate Member States' compliance with international human rights law and relevant international frameworks.
Germany evaluates AI-specific legislation needs and actively engages in international initiatives.
National frameworks inform India’s approach to AI regulation, with sector-specific initiatives in finance and health sectors.
Israel promotes responsible AI innovation through policy and sector-specific guidelines to address core issues and ethical principles.
Japan adopts a soft law approach to AI governance but lawmakers advance proposal for a hard law approach for certain harms.
Kenya's National AI Strategy and Code of Practice expected to set foundation of AI regulation once finalized.
Nigeria's draft National AI Policy underway and will pave the way for a comprehensive national AI strategy.
Position paper informs Norwegian approach to AI, with sector-specific legislative amendments to regulate developments in AI.
The OECD's AI recommendations encourage Member States to uphold principles of trustworthy AI.
Saudi Arabia is yet to enact AI Regulations, relying on guidelines to establish practice standards and general principles.
Singapore's AI frameworks guide AI ethical and governance principles, with existing sector-specific regulations addressing AI risks.
South Africa is yet to announce any AI regulation proposals but is in the process of obtaining inputs for a draft National AI plan.
South Korea's AI Act to act as a consolidated body of law governing AI once approved by the National Assembly.
Spain creates Europe's first AI supervisory agency and actively participates in EU AI Act negotiations.
Switzerland's National AI Strategy sets out guidelines for the use of AI, and aims to finalize an AI regulatory proposal in 2025.
Draft laws and guidelines are under consideration in Taiwan, with sector-specific initiatives already in place.
Turkey has published multiple guidelines on the use of AI in various sectors, with a bill for AI regulation now in the legislative process.
Mainland UAE has published an array of decrees and guidelines regarding regulation of AI, while the ADGM and DIFC free zones each rely on amendments to existing data protection laws to regulate AI.
The UK prioritizes a flexible framework over comprehensive regulation and emphasizes sector-specific laws.
The UN's new draft resolution on AI encourages Member States to implement national regulatory and governance approaches for a global consensus on safe, secure and trustworthy AI systems.
The US relies on existing federal laws and guidelines to regulate AI but aims to introduce AI legislation and a federal regulation authority.
The Council of Europe has adopted a new Convention on AI to safeguard human rights, democracy, and the rule of law in the digital space covering governance, accountability and risk assessment.
The Council of Europe (CoE) adopted the first ever international treaty aimed at ensuring the respect of human rights, rule of law, and democracy legal standards in the use of AI systems ("the AI Convention") on May 17, 2024.1 The AI Convention is intended to function as a "global legally binding instrument".2
The AI Convention was formally adopted by the Committee of Ministers of the CoE (Ministers of Foreign Affairs) on May 17, 2024.3 On September 5, 20244, the Council of Europe’s Framework Convention5 on AI was signed by Andorra, Georgia, Iceland, Norway, the Republic of Moldova, San Marino, the United Kingdom, Israel, the United States, and the European Union. The treaty will enter into force on the first day of the month following three months after five signatories, including at least three Council of Europe Member States, have ratified it. Countries from all over the world will be eligible to join and commit to its provisions.
The CoE has various legally binding instruments and non-binding guidelines that may affect the development or use of AI systems. A non-exhaustive list of key examples includes:
AI system is defined in the AI Convention as "a machine-based system that for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that may influence physical or virtual environments."10 The AI Convention notes that different artificial intelligence systems vary in their levels of autonomy and adaptiveness after deployment.
The AI Convention would apply to all of the CoE Member States that choose to sign it. This could include, for example, individual EU Member States and the UK.
However, whether or not certain CoE Members choose to sign the AI Convention (and submit to the AI Convention's territorial scope) is likely to be influenced by the outcome of the final reading. For example, it has been suggested that the UK will not sign the AI Convention if its provisions also apply to the private sector.
The AI Convention will:11
(i) Apply to the activities within the lifecycle of AI systems undertaken by public authorities or entities acting on their behalf where such systems have the potential to interfere with human rights, democracy, and the rule of law
(ii) Not apply to activities within the lifecycle of AI systems relates to protection of a CoE Member's security interests, in so far as the activities are conducted in a manner consistent with applicable international law (e.g., human rights law)
(iii) Not apply to research and development activities regarding AI systems, unless those activities12 have the potential to interfere with human rights, democracy, and the rule of law
(iv) Require each signatory to take appropriate steps for the realization of the AI Convention in respect of the activities within the lifecycle of AI systems by private entities, where such systems have the potential to interfere with human rights, democracy, and the rule of law.
The AI Convention effectively creates compliance roles on two tiers: the obligations in the AI Convention apply directly to signatories (being CoE Members), but compliance with those obligations will ultimately impact AI actors throughout the lifecycle of AI systems. For example, Article 8 (Transparency and oversight) requires each signatory to "adopt or maintain measures to ensure that adequate transparency and oversight requirements […] are in place in respect of activities within the lifecycle of [AI] systems."13 As another example, Article 9 (Accountability and responsibility) requires each signatory to "adopt or maintain measures to ensure accountability and responsibility for adverse impacts on human rights, democracy, and the rule of law resulting from activities within the lifecycle of artificial intelligence systems."14 The signatories' implementation of such provisions will inevitably impact developers, deployers, and managers of AI systems.
The AI Convention aims to address ethical, legal, and societal issues arising from the use of AI systems by ensuring "that activities within the lifecycle of AI systems are fully consistent with human rights, democracy, and the rule of law."15
The AI Convention does not categorize AI systems according to risk. However, it will require signatories to adopt a risk-based approach. For example:
Chapter II (General obligations) of the AI Convention establishes the general obligations that each signatory must comply with, which include the implementation of measures:
Chapter III (Principles related to activities within the lifecycle of artificial intelligence systems) establishes the general principles that each signatory must reflect in the measures they implement to ensure compliance with the AI Convention. A non-exhaustive list of the applicable principles includes:
Each signatory will be required to establish or designate effective regulatory oversight mechanisms to oversee compliance with the obligations in the AI Convention.25 The exercise of regulatory duties must be independent and impartial, and any such regulator must have the necessary powers, expertise, and resources to effectively fulfil their task of overseeing compliance with the AI Convention.
The AI Convention requires that each CoE signatory must: (i) take measures to ensure the availability of accessible and effective remedies for violations of human rights resulting from the activities within the lifecycle of artificial intelligence systems; and (ii) ensure that effective procedural guarantees, safeguards, and rights, in accordance with applicable domestic and international law, are available to persons affected thereby.
1 The official CoE publication; the AI Convention (17 May 2024).
2 See the Overview of the Council of Europe activities on Artificial Intelligence, page 10.
3 See the CoE Committee's announcement of the AI Convention's approval.
4 See Council of Europe press release here.
5 See Convention text here.
6 Guidelines on Artificial Intelligence and Data Protection.
7 European Ethical Charter on the use of artificial intelligence (AI) in judicial systems and their environment.
8 The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108).
9 See the AI Convention (17 May 2024), Article 2 (Definition of artificial intelligence systems).
10 See the AI Convention (17 May 2024), Article 3 (Scope).
11 See the AI Convention (17 May 2024), Article 3 (Scope).
12 See the AI Convention (17 May 2024), Article 8 (Transparency and oversight).
13 See the AI Convention (17 May 2024), Article 9 (Accountability and responsibility).
14 See the AI Convention (17 May 2024), Article 1 (Object and purpose).
15 See the AI Convention (17 May 2024), Article 1 (Object and purpose).
16 See the AI Convention (17 May 2024), Article 16 (Risk and impact management framework).
17 See the AI Convention (17 May 2024), Articles 4 (Protection of human rights) and 5 (Integrity of democratic processes and respect for the rule of law).
18 See the AI Convention (17 May 2024),Article 7 (Human dignity and individual autonomy).
19 See the AI Convention (17 May 2024),Article 8 (Transparency and oversight).
20 See the AI Convention (17 May 2024), Article 9 (Accountability and responsibility).
21 See the AI Convention (17 May 2024), Article 10 (Equality and non-discrimination).
22 See the AI Convention (17 May 2024), Article 11 (Privacy and personal data protection).
23 See the AI Convention (17 May 2024), Article 12 (Reliability).
24 The AI Convention (17 May 2024), Article 26 (Effective oversight mechanisms).
25 See the AI Convention (17 May 2024), Article 14 (Remedies) and Article 15 (Procedural safeguards).
White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.
This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.
© 2024 White & Case LLP
Daniel Mair (Trainee Solicitor, White & Case, Paris) contributed to this publication.