Posted

On March 12, 2024, Acting Comptroller of the Currency Michael Hsu indicated in a speech that regulations may soon be forthcoming that would be designed to bolster larger depository institutions’ ability to withstand disruptions to their critical operations. If enacted, these regulations would require covered financial institutions (and by extension, their third-party service providers) to satisfy operational resilience requirements at a level of granularity that has previously been absent from United States financial regulations.

Continue reading

Posted

GettyImages-804492304-300x200Electronic identification and trust services (eIDAS) refer to a range of services that include verifying the identity of individuals and businesses online and verifying the authenticity of electronic documents. Since 2014, such services provided in the EU have been subject to the eIDAS Regulation, which aimed to create a predictable regulatory environment across the EU and ensure that interoperability across different EU Member States. The eIDAS Regulation’s complexity, inflexibility and perceived limitations resulted in limited adoption, while the COVID-19 pandemic simultaneously fueled an increased demand for electronic identification. Consequently, the European Commission committed to revising the eIDAS Regulation to establish an EU-wide attribute-based electronic identity framework, incorporating a government-issued digital identity wallet to eliminate the dependence on commercial authentication providers.

Continue reading

Posted

Since the release of OpenAI’s ChatGPT, the intense hype around large language models (LLMs) and complex AI systems has exploded. Organizations have rushed to both try and buy these new tools. Along with it, a flood of commentary continues to flow regarding how to use the tools productively and responsibly, along with the legal issues that might arise through such use. Those topics are certainly novel—but when it comes to procuring AI tools, what if the key to successfully purchasing the products is not?

Continue reading

Posted

GettyImages-804492304-300x200The Council of the European Union and the European Parliament reached a provisional agreement on a new comprehensive regulation governing AI, known as the “AI Act,” late on Friday night (December 8, 2023). While the final agreed text has not yet been published, we have summarized what are understood to be some of the key aspects of the agreement.

Continue reading

Posted

https://www.internetandtechnologylaw.com/files/2023/11/1200px-Competition_and_Markets_Authority.svg_-300x155.pngThe Competition and Markets Authority (CMA), the UK’s competition regulator, announced this month that it plans on publishing an update in March 2024 to its initial report on AI foundation models (published in September 2023). The update will be the result of the CMA launching a “significant programme of engagement” in the UK, the United States and elsewhere to seek views on the initial report and proposed competition and consumer protection principles.

Continue reading

Posted

GettyImages-1386414642-1-300x200The United Kingdom hosted an Artificial Intelligence (AI) Safety Summit on November 1 – 2 at Bletchley Park with the purpose of bringing together those leading the AI charge, including international governments, AI companies, civil society groups and research experts to consider the risks of AI and to discuss AI risk mitigation through internationally coordinated action.

Continue reading

Posted

A decision of the High Court of the United Kingdom earlier this year is an important reminder that the limitation of liability clause remains a crucial piece of any high value or complex contractual arrangement. The importance of such a clause seeking to restrict a party’s financial exposure in the event of a lawsuit or other claim is that, when enforceable, it can “cap” the amount of potential damages incurred. The issue considered in the High Court’s decision was whether a party could rely on a single liability cap rather than being subject to multiple liability caps for multiple claims. The decision hinged largely on the wording of the contract clauses and serves to remind us of key considerations when drafting limitation of liability clauses.

Continue reading

Posted

The UK and U.S. Governments have now formalized the UK-U.S. Data Bridge. The U.S. Attorney General designated the UK as a “qualifying state” for the purposes of the Executive Order 14086 on September 18, 2023, and the UK regulations implementing the Data Bridge are scheduled to take effect on October 12, 2023. From October 12, 2023, the Data Bridge will therefore operate as an extension of the EU-U.S. Data Privacy Framework (DPF) to enable the unrestricted movement of personal data between the UK and certified U.S. entities. For more information about the DPF, see our earlier briefing here.

Continue reading

Posted

GenAI-workplace-1488370396-scaled-e1683821460389-300x280The use of generative AI tools, like ChatGPT, are becoming increasingly popular in the workplace. Generative AI tools include artificial intelligence chatbots powered by “large language models” (LLMs) that learn from (and share) a vast amount of accumulated text and interactions (usually snapshots of the entire internet). These tools are capable of interacting with users in a conversational and iterative way with a human-like personality, to perform a wide range of tasks, such as generating text, analyzing and solving problems, language translation, summarizing complex content or even generating code for software applications. For example, in a matter of seconds they can provide a draft marketing campaign, generate corresponding website code, or write customer-facing emails.

Continue reading

Posted

Innovation has historically been driven by companies in regulated industries—e.g., financial services and health care—and some of the most intriguing use cases for generative AI systems will likely transform these industries.

At the same time, regulatory scrutiny could significantly hamper AI adoption, despite the current absence of explicit regulations against the use of AI systems. Regulators are likely going to focus on confidentiality, security and privacy concerns with generative AI systems, but other issues could arise, as well. Companies operating in key regulated industries appear to be anticipating regulatory scrutiny, which is why adoption of the newest generative AI systems will likely be slow and deliberate. However, in some cases, AI systems are being outright banned.

Continue reading