African Union
The African Union's Continental AI Strategy sets the stage for a unified approach to AI governance across the continent.
Artificial intelligence (AI) has made enormous strides in recent years and has increasingly moved into the public consciousness.
Increases in computational power, coupled with advances in machine learning, have fueled the rapid rise of AI. This has brought enormous opportunities, as new AI applications have given rise to new ways of doing business. It has also brought potential risks, from unintended impacts on individuals (e.g., AI errors harming an individual's credit score or public reputation) to the risk of misuse of AI by malicious third parties (e.g., by manipulating AI systems to produce inaccurate or misleading output, or by using AI to create deepfakes).
Governments and regulatory bodies around the world have had to act quickly to try to ensure that their regulatory frameworks do not become obsolete. In addition, international organizations such as the G7, the UN, the Council of Europe and the OECD have responded to this technological shift by issuing their own AI frameworks. But they are all scrambling to stay abreast of technological developments, and already there are signs that emerging efforts to regulate AI will struggle to keep pace. In an effort to introduce some degree of international consensus, the UK government organized the first global AI Safety Summit in November 2023, with the aim of encouraging the safe and responsible development of AI around the world.
Most jurisdictions have sought to strike a balance between encouraging AI innovation and investment, while at the same time attempting to create rules to protect against possible harms. However, jurisdictions around the world have taken substantially different approaches to achieving these goals, which has in turn increased the risk that businesses face from a fragmented and inconsistent AI regulatory environment. Nevertheless, certain trends are becoming clearer at this stage:
Businesses in almost all sectors need to keep a close eye on these developments to ensure that they are aware of the AI regulations and forthcoming trends, in order to identify new opportunities and new potential business risks. But even at this early stage, the inconsistent approaches each jurisdiction has taken to the core questions of how to regulate AI is clear. As a result, it appears that international businesses may face substantially different AI regulatory compliance challenges in different parts of the world. To that end, this AI Tracker is designed to provide businesses with an understanding of the state of play of AI regulations in the core markets in which they operate. It provides analysis of the approach that each jurisdiction has taken to AI regulation and provides helpful commentary on the likely direction of travel.
Because global AI regulations remain in a constant state of flux, this AI Tracker will develop over time, adding updates and new jurisdictions when appropriate. Stay tuned, as we continue to provide insights to help businesses navigate these ever-evolving issues.
The African Union's Continental AI Strategy sets the stage for a unified approach to AI governance across the continent.
Voluntary AI Ethics Principles guide responsible AI development in Australia, with potential reforms under consideration.
The enactment of Brazil's proposed AI Regulation remains uncertain with compliance requirements pending review.
AIDA expected to regulate AI at the federal level in Canada but provincial legislatures have yet to be introduced.
The Interim AI Measures is China's first specific, administrative regulation on the management of generative AI services.
The Council of Europe is developing a new Convention on AI to safeguard human rights, democracy, and the rule of law in the digital space covering governance, accountability and risk assessment.
The successful implementation of the EU AI Act into national law is the primary focus for the Czech Republic, with its National AI Strategy being the main policy document.
The EU introduces the pioneering EU AI Act, aiming to become a global hub for human-centric, trustworthy AI.
France actively participates in international efforts and proposes sector-specific laws.
The G7's AI regulations mandate Member States' compliance with international human rights law and relevant international frameworks.
Germany evaluates AI-specific legislation needs and actively engages in international initiatives.
National frameworks inform India’s approach to AI regulation, with sector-specific initiatives in finance and health sectors.
Israel promotes responsible AI innovation through policy and sector-specific guidelines to address core issues and ethical principles.
Japan adopts a soft law approach to AI governance but lawmakers advance proposal for a hard law approach for certain harms.
Kenya's National AI Strategy and Code of Practice expected to set foundation of AI regulation once finalized.
Nigeria's draft National AI Policy underway and will pave the way for a comprehensive national AI strategy.
Position paper informs Norwegian approach to AI, with sector-specific legislative amendments to regulate developments in AI.
The OECD's AI recommendations encourage Member States to uphold principles of trustworthy AI.
Saudi Arabia is yet to enact AI Regulations, relying on guidelines to establish practice standards and general principles.
Singapore's AI frameworks guide AI ethical and governance principles, with existing sector-specific regulations addressing AI risks.
South Africa is yet to announce any AI regulation proposals but is in the process of obtaining inputs for a draft National AI plan.
South Korea's AI Act to act as a consolidated body of law governing AI once approved by the National Assembly.
Spain creates Europe's first AI supervisory agency and actively participates in EU AI Act negotiations.
Switzerland's National AI Strategy sets out guidelines for the use of AI, and aims to finalize an AI regulatory proposal in 2025.
Draft laws and guidelines are under consideration in Taiwan, with sector-specific initiatives already in place.
Turkey has published multiple guidelines on the use of AI in various sectors, with a bill for AI regulation now in the legislative process.
Mainland UAE has published an array of decrees and guidelines regarding regulation of AI, while the ADGM and DIFC free zones each rely on amendments to existing data protection laws to regulate AI.
The UK prioritizes a flexible framework over comprehensive regulation and emphasizes sector-specific laws.
The UN's new draft resolution on AI encourages Member States to implement national regulatory and governance approaches for a global consensus on safe, secure and trustworthy AI systems.
The US relies on existing federal laws and guidelines to regulate AI but aims to introduce AI legislation and a federal regulation authority.
The G7's AI regulations mandate Member States' compliance with international human rights law and relevant international frameworks.
The G7 nations have progressed the Hiroshima AI Process Comprehensive Policy Framework, which consists of four pillars:
(i) the International Guiding Principles for Organizations Developing Advanced AI Systems (the "Guiding Principles");1
(ii) the International Code of Conduct for Organizations Developing Advanced AI Systems (the "Code of Conduct")2 designed to supplement the Guiding Principles and provide voluntary guidance to organizations developing Advanced AI systems;
(iii) analysis of priority risks, challenges and opportunities of generative AI; and
(iv) project-based cooperation in support of the development of responsible AI tools and best practices.
Neither the Guiding Principles nor the Code of Conduct are legally binding, yet both pieces of guidance will likely exert strong political influence internationally.
The G7 lacks the ability to pass laws regarding AI or its implementation. Nevertheless, the G7's AI Regulations do specify that its members must abide by their obligations under international human rights law, while private sector activities should be in line with international frameworks such as the United Nations Guiding Principles on Business and Human Rights and the OECD Guidelines of Multinational Enterprises.
The Guiding Principles were proposed in draft form on October 30, 2023 and are expected to be regularly reviewed and updated. This will involve multiple consultations before the Guiding Principles are finalized.
The International Code of Conduct also remains in draft form as proposed on October 30, 2023. Timing of the consultation and finalization process remains uncertain.3
The G7 competition authorities and the European Commission met in Italy on October 3-4, 2024, to address competition challenges in digital markets posed by new technologies. Their Joint Statement4 and AI working group's Discussion Paper5 outline risks for businesses and strategies to ensure competition, protect innovation, and promote responsible AI practices.
The G7's Guiding Principles and Code of Conduct build on existing OECD AI Principles and are intended to inform and spearhead the national regulatory regimes implemented by the G7 nations as part of a fit-for-purpose global governance charter on AI.
In addition, there are various laws and frameworks that do not directly seek to regulate AI, but may affect the development or use of AI in the G7. For example:
The Guiding Principles and Code of Conduct do not establish an independent definition of "AI." Instead, both pieces of guidance build on the OECD AI Principles that adopt the following definitions:6
The Code of Conduct and the Guiding Principles additionally define the following term:
The Guiding Principles and Code of Conduct do not territorially confine the concepts of AI actors or Advanced AI systems. The G7 members, namely Canada, France, Germany, Italy, Japan, the UK, the US, and the EU have called on AI actors in their respective states to follow the Guiding Principles and have called on organizations to follow the Code of Conduct in line with a risk-based approach while national governments develop more detailed governance and regulatory regimes.
The Guiding Principles and Code of Conduct are not sector-specific.
The Guiding Principles apply to all AI actors (i.e., including both individuals and organizations) involved in the design, development, deployment and use of Advanced AI systems.
The Code of Conduct applies to all organizations that are developing Advanced AI systems.
Such organizations may include entities from academia, civil society, the private sector and the public sector.7
Organizations involved in the design, development, deployment and use of Advanced AI Systems are expected to abide by the G7's AI Regulations. All AI actors should also comply with the Guiding Principles.
The G7's AI Regulations seek to promote safe, secure, and trustworthy AI worldwide and provide practical guidance for organizations developing and using foundation models and generative AI systems. The G7's AI Regulations actively seek to prevent organizations from developing or deploying Advanced AI systems that are considered "not acceptable" – namely Advanced AI systems that undermine democratic values, are particularly harmful to individuals or communities, facilitate terrorism, enable criminal misuse, or pose substantial risks to safety, security, and human rights.8
AI is not explicitly categorized according to risk in the G7's AI Regulations. However, the Code of Conduct highlights various risks that should be particularly considered by organizations (as discussed in the section below).
The G7's AI Regulations set out the following 11 Guiding Principles and supplementary guidance:
The G7 intends to develop, in consultation with the OECD and other stakeholders, monitoring tools and mechanisms to help AI actors "stay accountable" in their compliance with the Guiding Principles and Code of Conduct.31 This suggests that the G7's AI Regulations will therefore be "self-regulated" by the organizations and/or individuals to which they apply, but the position is not settled.
The G7's AI Regulations do not otherwise stipulate how the G7 nations should regulate the implementation of the Guiding Principles in their own jurisdictions.
As the G7's AI Regulations are not legally binding, they do not confer enforcement powers or give rise to any penalties for non-compliance. The G7 therefore relies on its members to implement the relevant Guiding Principles and give effect to the Code of Conduct. Notably, the Guiding Principles and Code of Conduct state that each G7 state has considerable discretion to implement the relevant AI Regulation uniquely in different ways and as each sees fit.32
1 See here.
2 See here.
3 See the G7 Leaders' Statement.
4 See G7 Joint Statement here.
5 See G7 Discussion Paper here.
6 Please see the OECD's AI Principles.
7 See the Guiding Principles (draft), page 1, paragraph 1.
8 See the Guiding Principles (draft), page 2, paragraph 1.
9 This includes testing measures such as "red-teaming" and traceability in relation to datasets, processes and decisions. See the Guiding Principles (draft), page 2, Principle 1.
10 See the Code of Conduct (draft), pages 2-3, Code 1. Relevant risks include: (i) chemical, biological, radiological and nuclear risks; (ii) offensive cyber capabilities; (iii) risks to health and/or safety; (iv) risks from models "self-replicating" themselves or training other models; (v) societal risks; (vi) threats to democratic values and human rights; and (vii) risks of creating a chain reaction.
11 See the Guiding Principles (draft), page 2, Principle 2.
12 See the Code of Conduct (draft), page 4, Code 2.
13 See the Code of Conduct (draft), page 4, Code 3. Transparency reports should include, for example: (i) details of the evaluations conducted for potential safety, security and societal risks; (ii) capacities of the model/system and significant limitations in performance that have implications for the domains of appropriate use; (iii) assessment of the AI system's effects and risks, such as harmful bias, discrimination and threats to the protection of privacy or personal data; and (iv) the results of "red-teaming."
14 See the Guiding Principles (draft), page 3, Principle 3.
15 See the Guiding Principles (draft), page 3, Principle 4.
16 See the Code of Conduct (draft), page 5, Code 4.
17 See the Guiding Principles (draft), page 3, Principle 5.
18 See the Code of Conduct (draft), pages 5-6, Code 5.
19 See the Guiding Principles (draft), pages 4, Principle 6.
20 See the Code of Conduct (draft), page 6, Code 6.
21 See the Guiding Principles (draft), page 4, Principle 7.
22 See the Code of Conduct (draft), pages 6-7, Code 7.
23 See the Guiding Principles (draft), page 4, Principle 8.
24 See the Code of Conduct (draft), page 7, Code 8.
25 See the Guiding Principles (draft), pages 4-5, Principle 9.
26 See the Code of Conduct (draft), pages 7-8, Code 9.
27 See the Guiding Principles (draft), page 5, Principle 10.
28 See the Code of Conduct (draft), page 8, Code 10.
29 See the Guiding Principles (draft), page 5, Principle 11.
30 See the Code of Conduct (draft), page 8, Code 11.
31 See the Guiding Principles (draft), page 1, paragraph 6 and the Code of Conduct (draft), Page 1.
32 See the Guiding Principles (draft), page 1, paragraph 5 and the Code of Conduct (draft), Page 1.
White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.
This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.
© 2024 White & Case LLP