Diverging EU and US AI Stances Could Raise Regulatory Issues, Lawyers Say
The U.S. has set itself on a "fundamentally divergent path" from the EU by focusing on deregulation and national security in the new White House AI Action Plan (see 2507230058), Pinsent Mason AI and intellectual property attorney Cerys Wyn Davies blogged Thursday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The U.S. administration has prioritized "deregulation, innovation and national security while the European Union is focused on regulatory certainty and a risk-based approach," Wyn Davies wrote.
An IAPP article analyzing the July 23 U.S. plan said it lacks three significant issues: "guidance on copyright issues raised by AI, federal privacy legislation and guardrails on high-risk AI use cases."
If the White House plan becomes policy, a key question is whether it will clash with EU data protection and AI principles and rules. If so, navigating the differences could be a challenge for global companies.
Many U.S. states have enacted privacy regulations and there has been nothing so far to say that will change, Wyn Davies said Friday in an interview. She predicted a fragmented regulatory approach to AI among the states but said it's too soon to tell.
Meanwhile, as AI regulation policies are pursued on the federal level, there will be extensive debate about how they will interact with EU and states' privacy laws, she said. "The devil's in the details."
At the big-picture level, Wyn Davies said, the U.S. wants to develop AI technology domestically, but developers will want to export it. Many pieces will have to fit together for the system to work for all tech providers, she said.
The AI Action Plan directly calls for the U.S. State and Commerce departments to engage with the international community on AI governance approaches, Hogan Lovells digitalization attorney Mark Brennan said in an email.
While the plan lacks focus on data privacy, Brennan said he expects discussions will "ultimately intersect with a variety of data policy issues," including privacy.
Brennan said he sees AI and privacy intersecting regularly in the U.S. as states continue to craft comprehensive privacy laws, some of which also regulate AI use directly. Several states have also passed broad AI legislation, he noted, so, "as a practical matter, the U.S. is quite active in this area."
Brennan said he expects global companies will focus on harmonizing policies and legal approaches across jurisdictions, just as they do on other global tech, trade and geopolitical issues.
U.S. companies have long recognized that to operate on a global stage and maintain customers' trust, they must have strong privacy and AI governance programs, IAPP Chief Knowledge Officer Caitlin Fennessy emailed us.
While non-U.S. laws have set global standards for decades, major U.S. companies enacted robust privacy programs even before many of today's laws came online, she added.
Business eventually adapted those programs to comply with laws around the world, aiming for a single global compliance program but tweaking around the edges where conflicts arose, and supporting programs like the EU-U.S. Data Privacy Framework to enable cross-border data flows, Fennessy said.
Now, Fennessy said, nearly 20 U.S. states have joined major global economies in adopting comprehensive privacy laws and are quickly picking up the baton on AI legislation.
This raises "big questions," Fennessy said.
One is whether the complexity of the global rulebook for digital governance will create unmanageable legal conflicts across jurisdictions or evolve in sync across allied democracies. Another is whether the U.S. will enact rules covering privacy, AI governance or cybersecurity on the federal level or work to steer the global regulatory conversation, Fennessy added.