On October 30, 2023, U.S. President Biden issued an Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence. It marks the Biden Administration’s most comprehensive action on artificial intelligence policy, building upon the Administration’s Blueprint for an AI Bill of Rights (issued in October 2022) and its announcement (in July 2023) of securing voluntary commitments from 15 leading AI companies to manage AI risks.
The new EO directs actions across eight areas, described by the White House as follows:
- New standards for AI safety and security;
- Protecting Americans’ privacy;
- Advancing equity and civil rights;
- Standing up for consumers, patients, and students;
- Supporting workers;
- Promoting innovation and competition;
- Advancing American leadership abroad; and
- Ensuring responsible and effective government use of AI.
Notably, the Order requires private companies to share with the federal government the results of “red-team” safety tests for foundation models that pose certain risks, directs the development of new AI standards to guide government agencies’ acquisition and use of AI, creates a new National AI Research Resource to foster U.S. leadership in AI innovation, and pledges cooperation with international partners on frameworks for responsible AI development and deployment.
The Order’s provisions are summarized in further detail below.
Standards for AI Safety and Security
- Red-teaming requirements. The Administration will leverage the Defense Production Act to require developers to notify the federal government of any foundation models that pose a serious risk to national security, national economic security, or national public health and safety. Developers must also share the results of “red-team” exercises with the government.
- New standards. The National Institute of Standards and Technology will set new standards for red-team testing. The Departments of Homeland Security and Energy will draw on these standards to address critical infrastructure risks, as well as cybersecurity, chemical, biological, radiological, and nuclear risks. In addition, federal agencies will develop new standards for biological synthesis screening, and these standards will be used as conditions to receive federal funding for life sciences research. Finally, the Department of Commerce will develop new standards for content authentication and watermarking for AI-generated content, and U.S. federal agencies will use these standards to mark content that they generate.
- Addressing software vulnerabilities. The Administration will create a new program to develop AI tools to investigate and address vulnerabilities in critical software.
- AI use by the military and intelligence community. The National Security Council and White House Chief of Staff will develop a National Security Memorandum to guide safe and ethical use of AI by the military and intelligence community.
Protecting Americans' Privacy
- Call for federal privacy legislation. The Administration calls on Congress to pass privacy legislation to “protect all Americans, especially kids.”
- Privacy-enhancing technologies (PETs). The White House will prioritize development of privacy-preserving and privacy-enhancing technologies (supporting their research and development with new federal programs) and will develop guidelines for federal agencies’ use of these technologies.
- Guidance on use of personal information by federal agencies. The Administration will reevaluate how federal agencies use commercially obtainable personal information and strengthen privacy guidance for federal agencies.
Advancing Equity and Civil Rights
- New guidance and training to guard against discrimination. The Administration will issue guidance to landlords, federal benefits programs, and federal contractors to prevent AI algorithms from contributing to discrimination and will use training and technical assistance to advance best practices for investigating and prosecuting AI-related civil rights violations.
- Criminal justice system fairness. The Administration will develop best practices to guide the use of AI throughout the criminal justice system, including the use of AI in sentencing, policing, and forensic analysis.
- Standing Up for Consumers, Patients, and Students. The Department of Health and Human Services will establish a safety program to address risks associated with the use of AI in healthcare. The Administration will also support the expansion of AI-enabled tools in education.
- Supporting Workers. The Administration will support new research on AI’s potential impacts on the employment market and will develop principles and best practices to address potential job displacement, labor standards, workplace health and safety, and workplace data collection.
- Promoting Innovation and Competition. The Administration will support U.S. leadership in AI through the creation of a National AI Research Resource, which will broaden access to AI resources and data for researchers and students. It will also expand grants and technical assistance for AI innovation, and it will encourage AI experts from abroad to work and study in the United States.
- Advancing American Leadership Abroad. The State and Commerce Departments will work with international partners to establish frameworks that advance the realization of benefits and the mitigation of risks associated with AI. The U.S. is committed to working with other countries on the development of secure, trustworthy, and interoperable AI standards.
- Ensuring Responsible and Effective Government Use of AI. The White House will issue new guidance for agencies’ use of AI, including with respect to AI procurement, deployment, and hiring of skilled personnel through an “AI talent surge.”
Many aspects of the EO are consistent with recommendations recently made by the Centre for Information Policy Leadership (CIPL) at Hunton Andrews Kurth in its Ten Recommendations for Global AI Regulation, including taking a risk-based approach to AI governance to minimize harms and realize the benefits of AI, the promotion of cooperation across agencies, the use of procurement policy as a means to advance responsible AI development, and the prioritization of international cooperation on frameworks for responsible AI.
Hunton and CIPL will continue to monitor closely the Administration’s actions to implement the commitments in the Order, as well as any complementary actions pursued by Congress.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Regulation
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott H. Kimpel
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code