Response to Request for Information on Regulatory Reform on Artificial Intelligence

 

  • What AI activities, innovations, or deployments are currently being inhibited, delayed, or otherwise constrained due to Federal statutes, regulations, or policies? Please describe the specific barrier and the AI capability or application that would be enabled if it was addressed. The barriers may directly hinder AI development or adoption, or indirectly hinder it through incompatible policy frameworks.

    The current challenge is to craft regulations that are easy to satisfy and minimize negative impacts without burdening positive ones. They must be enforceable (e.g., automatable) as the wider public begins to use AI tools. AI, like conventional technologies, is being used to conduct online scams, create deepfake pornography, apprehend innocent people, direct lethal weapons, violate personal privacy, and drive teenagers to suicide. Many of these problems are growing at national and global scales even now; as AI technology advances, these problems will be supercharged, and new issues will arise.

  • What specific Federal statutes, regulations, or policies present barriers to AI development, deployment, or adoption in your sector? Please identify the relevant rules and authority with specificity, including a citation to the Code of Federal Regulations (CFR) or the U.S. Code (U.S.C.) where applicable.

    Industrial innovation starts in academic research, and long-funded projects to develop applied AI in critical fields like medicine, drug discovery, and defense are in jeopardy due to federal research funding cuts at NSF, NIH, and DOE. AI is also data-driven, and uncertainties associated with the application of tariffs to intellectual property and data stymie international collaboration and AI innovation.

  • Where existing policy frameworks are not appropriate for AI applications, what administrative tools ( e.g., waivers, exemptions, experimental authorities) are available, but underutilized? Please identify the administrative tools with specificity, citing the CFR or U.S.C. where applicable.

    Developing a risk-tiered criteria model for governance of systems increases flexibility. Assign reviews more strategically based on potential risk and harm posed by the system, and focus higher-level scrutiny on safety-critical systems. For example, high-risk applications might include implanted medical devices, aviation control, and critical infrastructure. For ongoing reviews, consider scaling back for genuinely lowimpact systems, such as non-critical content generation. A significant change should be defined by a system’s level of risk and the potential harm it may cause.

    Regulators (as well as vendors and deploying organizations) should monitor and retest operational deployed AI systems. All systems, including AI, should be continually or periodically checked after approval—not just once—and should incorporate features such as ongoing performance tracking, alerts, safety checks, and emergency downgrades for high-risk changes. The results of regulatory reviews of deployed systems should be readily available to the public through postings on the reviewing agency’s website. Since regulators will have time to review only a small fraction of high-impact systems, vendors and deploying organizations should be incentivized to conduct their own reviews. Require auditable tracking of data and digital system changes to promote accountability and transparency. For low-risk academic research, permit greater openness with minimal exceptions, while maintaining tighter safeguards to support research while protecting national security. Provide regulations to govern safe testing spaces where systems can be tested at scale under controlled conditions before public release. These controlled spaces should be integrated into the development process at all stages, from design through deployment.

    The federal government should focus on strengthening existing organizations, including OSTP, NIST, and other federal regulatory agencies. Collaboration that represents broad perspectives should be encouraged to establish enduring legislation and frameworks that protect digital rights, privacy, and transparency. Specific considerations for Regulatory Sandboxes and AI Assurance models are listed below:

    Regulatory Sandboxes for AI: AI systems should support curated training data or predefined behavior parameters to guide them during sandbox testing. It should be monitored through risk controls. In view of public and system safety, this controlled environment fosters public trust by imposing and integrating post-market audits that evaluate the systems. The results of such audits should be made public to increase transparency and confidence in the results.

    AI Assurance Case Models: This flexible approach aligns AI systems with safety, social benefits, and other regulatory and policy priorities. This entails drafting a system operational design domain, along with documented performance indicators, retraining/rollback triggers, and human accountability layers. This approach is more flexible than rigid human-in-the-loop rules, as it fosters trust and accountability and, more importantly, promotes transparency in AI development. The Model responds to the all-encompassing need for AI assurance, for seamless, responsible AI development, while ensuring oversight.

     

  • Where specific statutory or regulatory regimes are structurally incompatible with AI applications, what modifications would be necessary to enable lawful deployment while preserving regulatory objectives?

    Most current US regulations won’t align with AI that can learn, adapt, and change over time, nor with self-service systems that involve human assistance for these tasks. In addition to this challenge, the” regulatory framework for AI should include mechanisms to include collaboration from a broad range of stakeholders, include shared policy fragments, and executive-level coordination among the various levels of governance.

    The regulation we currently have in place is mainly for user-driven, static software and for systems that won’t change unless a new version is deployed. The current approach to regulating technologies assumes that software is released in fixed versions and always goes through a formal approval process, so a human expert can trace, explain, and follow through on each decision. This wouldn’t apply to a new technique for a movie Recommendation system or one for suggesting potential drug targets. Modern software/systems that use AI and machine learning are dynamic and sometimes autonomous, so they retrain themselves over time and adapt with every new data point. Constant evolution, and especially evolution that is not human-supervised, raises a critical risk in medicine, healthcare, cybersecurity, jurisprudence and legal practice, transportation, defense, research, and beyond.

    As 15 CFR Parts 734-774 and other export control laws treat AI model weights as static technology, this hampers open-source collaborations. Whether a set of model weights is “controlled” depends on whether it meets the threshold for ECCN 4E091 (e.g., trained with >1026 operations) and whether it is “published.” Many open-source projects may struggle to self-assess whether they fall under these controls. This creates legal risk for open-source contributors: if they inadvertently export controlled model weights (e.g., by sharing them online for download worldwide), they could violate the EAR. A “research carve-out” should be created for low-risk academic sharing for collaboration and AI model sharing with fewer constraints. Furthermore, provenance tracking, as a collaborative measure to safeguard national security, will entail tracking the movement and migration of AI models and ensuring their origin is known. While many systems are directly relevant to national security, it’s a general Assurance issue. Provenance tracking should apply to both non-AI and AI systems in high-impact applications. Modern data systems (esp. data ops) include many pragmatic features for tracking provenance and quality, e.g., based on workflows and dataflows. The AI community should also have access to and integrate with non-AI standards and mechanisms.

  • Where barriers arise from a lack of clarity or interpretive guidance on how existing rules cover AI activities, what forms of clarification ( e.g., standards, guidance documents, interpretive rules) would be most effective?

    As with other technologies, regulations that allow divergent interpretations or implementations can hinder development or deployment, leading to fear of running afoul of them. One helpful form of clarification is to provide regularly updated use cases and examples of when an AI process is subject to regulation, and examples when it is not. Examples should include multiple deployment stages and how they are subject to regulation, including stages where data collection, curation, training, and testing are involved.

    Any number of U.S. laws and regulations may apply to AI technologies today, and this may change over time as AI evolves. Every law and regulation must consider AI and provide clear guidance on how it applies to non-human intelligent systems. Some of the current laws and regulations creating the most ambiguity and uncertainty include copyright considerations, liability and standards of harm, and transparency in decision-making.

  • Are there barriers that arise from organizational factors that impact how Federal statues, regulations, or policies are used or not used? How might Federal action appropriately address them?

    No response.

    Acknowledgements:

    These comments were drafted by the AI and Algorithms committee, as part of the US Technology Policy Committee’s ongoing work in this space. A thank you to specific contributors including: Shrinivass A.B, Houssam Abbas, Prakhar Agarwal, Aryan Chaudhary, Lillie Coney, Carlos E. Jimenez Gomez, Yuyin (Josephine) Liu, Alison Derbenwick Miller, Anusha Nerella, Arnon Rosenthal, Mohan Sankaran

PDF available here.

Members help shape the Committee’s action agenda, author its official Statements and other materials shared with policy makers and the public, and spot emerging issues on which the Committee might engage. Join USTPC today!