3 Obstacles to Regulating Generative AI

By Andrew Burt

Efforts to regulate artificial intelligence have ramped up in recent weeks. Just yesterday, the Biden administration announced a sweeping new executive order which aims to reshape the federal government’s approach to AI. That order relies on a Korean War-era law to compel companies developing certain high-impact generative AI models to notify the government and to share their testing results, among other provisions. Across the Atlantic, the UK kicks off its so-called AI safety summit this week, while the EU itself is finalizing its AI Act as it seeks to be the global leader in regulating AI. Increasingly, the focus of these new proposals is to reign in the dangers of generative AI.

All these efforts will fail.

But there is hope in the form of innovative ways to regulate how generative AI systems are developed and to embed laws within AI itself.

The Obstacles to Regulating

While traditional AI systems make predictions — a “yes” or a “no,” for example, for decisions such as whether to display an ad or to raise a consumer’s credit limit — generative AI creates images, audio, or text (hence the “generative” in its name). As just one example of the challenges in regulating generative AI with existing regulatory tools, a recent Stanford study analyzed the EU AI Act’s impact on the 10 most commonly used generative AI models. The conclusion: Not a single model came close to complying.

In particular, three obstacles stand in the way of successfully regulating generative AI.

1. Defining “Harm”

Unlike traditional AI systems whose harms can be tied to the impacts of specific predictions, the harms of generative AI are less clear and cannot be as easily defined. Who is harmed when an AI system gives answers with inaccurate information? If that information is generated over the course of a longer conversation, such as a New York Times reporter’s famously bizarre multi-day conversation with a generative AI system, when does the harm even take place?

The problem with generative AI is less the micro and more the macro. Harms arising from any specific output created by the system — a single image, a block of text, or an audio file — generally have minimal repercussions and are easy to overlook. A single wrong fact here and there is often the price to pay for probabilistic systems that are guaranteed to get some answers wrong.

The harms that are most worrisome from generative AI systems are harms that “accrete” over time. One erroneous fact may be insignificant, but on a societal level, inaccurate information can proliferate and generate serious consequences, ranging from misinformation to representational harms that denigrate marginalized groups. Once added up, these harms can have seriously detrimental effects on society as a whole.

This is an issue my AI-focused law firm, Luminos.Law, runs into over and over: Companies understand that their generative AI systems pose collective risks, but they do not know where to draw the line. Governments will face the same issues when deciding what generative AI content, if any, should be illegal.

2. Assessing Damages

When it comes to assessing the specific harms of generative AI systems, the actual damages — and therefore the penalties to impose for any illegal behavior once it is defined — are similarly unclear.

Take, as a reference point, the world of privacy, where assessing damages is an analogously difficult issue. In one infamous example, Google took images of a Pennsylvania house owned by the (wonderfully-named) Boring family for its “Street View” feature on Google Maps. The Borings sued for a violation of privacy and prevailed — only to be awarded $1 in damages.

The issue of calculating damages from generative AI is harder by several degrees. Assuming governments can determine what specific type of output constitutes a great enough harm to be illegal, what should the penalties be? When should these penalties be inflicted?

3. Policing Speech

Last, many of the dangers of generative AI are related to speech — a notoriously difficult issue to police in western countries. Indeed, there is a large body of legal theory devoted to viewing software itself as speech — meaning that any attempts to regulate generative AI will have to contend with the difficult problems of regulating speech.

While authoritarian countries like China can get away with blanket prohibitions on AI creating harmful content, countries like the United States will have a much harder time banning or even shaping algorithmic speech.

A Better Alternative: Rethinking the Law

The difficulties of governing generative AI form a serious, potentially insurmountable barrier to effective regulation. But new solutions that rethink how laws are applied in practice, including new technological solutions, can much more effectively mitigate risks.

Encouraging an innovative approach to regulation will not be easy. Efforts to make laws more tech-savvy and to think outside the regulatory box have a long and unsuccessful history. Just over 10 years ago, for example, the Obama administration mandated that the text of laws themselves should be machine executable, which would allow software systems to understand and even implement the laws themselves. The effort went nowhere.

To succeed with generative AI where lawmakers have failed in the past, governments will need to rethink how laws are enforced and the ways in which companies can demonstrate compliance. They would do well to take lessons from regulators like the U.S. Food and Drug Administration, which last year completed a groundbreaking pilot program into new ways to certify AI systems. That effort was centered on certifying processes surrounding software development rather than certifying each system itself. Other regulators, such as the UK’s Financial Conduct Authority, have experimented with other innovative approaches to embed laws within software systems. Creativity and the ability to rethink the relationship between laws and technology will be needed.

On the technological side, one new approach, pioneered by researchers at the AI company Anthropic, is called “constitutional AI.” The technique allows one AI system to police the content of another AI system. For harmful content to make its way to a user, each system would have to “sign off” on that content. (Disclaimer: This is a severely oversimplified description of the technique; for actual technical details, see here).

To date, research suggests this may be a reliable and scalable way to oversee generative AI systems. And, critically, this technology-focused approach to managing AI risks does not suffer from many of the pitfalls above: Because the oversight occurs before the AI system provides its content to the user, this allows the focus to shift from addressing the harm after the fact — and therefore having to determine when it occurs, who was hurt, and how to assess the damages after it takes place — and instead attempts to avoid the harm altogether. Constitutional AI is only one among many other creative solutions being adopted to manage AI risks.

That said, I am the first to admit that the temptation to govern risky technologies with yet more technology and innovation is a dangerous approach. Often called techno-solutionism, this can lead to solutions that generate even more risks.

It is admittedly dangerous to rely on technology and innovation to manage the harms of the new technology itself. But in the case of generative AI, not doing so will be far more dangerous.