Is it deja vu all over again? In the absence of any federal regulation of privacy, the states have taken the reins, with dozens of comprehensive and targeted privacy laws being enacted in the last three years. Now, the race looks to start all over again on a new field: regulation of AI. The EU has passed a comprehensive, continent-wide law that will govern all AI starting later this year. The US has not. In early May, Colorado became the first state to pass a comprehensive AI law, one which will likely be a model for other states in next year's legislative sessions.
Why It Matters
The EU AI Act will regulate AI on a sliding scale, with higher compliance requirements (or outright bans) on systems deemed to present greater risks to humans. Lower-risk systems will not face the same high regulatory hurdles. The Colorado bill, if signed by the governor, will adopt a similar approach. Connecticut tried and failed to pass a similar risk-based bill this year, so we know the concept is certainly percolating in statehouses across the country.
For any organization adopting AI tools or systems, having a familiarity with risk-based regulation schemes is a smart idea. Using human oversight, diligence in the procurement process, and clear communications with stakeholders (employees, customers, boards, and others) about what the tools are and are not permitted to do will be key when the day arrives that AI is regulated in the US. Better to start now rather than have to retrofit your model later.
/Passle/61f3627a0c51c3165820f0e7/MediaLibrary/Images/5ff4a070535488111cdbfec9/2024-01-17-18-25-18-859-65a81b8e3f5d760a89621ac7.png)
