Listen to this post

Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance with eight underlying principles. The order, while directed to government agencies, will impact businesses as well. In particular, the order has privacy and cybersecurity impacts on companies’ use of artificial intelligence. Among other things, companies should keep in mind the following:

  • NIST Guidelines: The order calls for industry guidelines and best practices for deploying AI systems. These are to be created by the end of July 2024 by NIST, and include guidelines for AI developers as well as guidelines for assessing the safety and security of AI systems.
  • Critical Infrastructure: The order outlines steps to be taken to manage AI in critical infrastructure and cybersecurity. Included in these is requiring the Treasury to issue a best practices report to financial institutions by the end of March 2024.
  • Protect Consumers from Harm: The order outlines several steps to promote competition and protect individuals from potential harm. This includes potential FTC rulemaking. The order also asks all independent regulatory agencies to consider steps to protect consumers from AI-related risks. These include privacy risks. Listed agencies include HHS, the Department of Transportation the Department of Education, and the Federal Communications Commission. Time frames for the agencies to take action range from three months to a year.
  • Federal Agency Procurement: The order calls for the Office of Management and Budget to review what “commercially available information” (CAI) is procured by agencies. Especially when the CAI includes personal information and/or is obtained from data brokers. After that review OMB is called on to take issue recommendations on how these activities can be done in a way that “mitigates privacy and confidentiality risks.”

As illustrated from the Fact Sheet accompanying the order, these are just some of many directives it contains. Other issues covered in the order include intellectual property, federal use of AI, and national security.

Putting it into Practice: There is time before we see the outcome of the action agencies have been directed to take under the order. In the meantime, companies are reminded that the measures it outlines -protecting consumers from privacy and security harm- are already expected by the FTC.