The European Union recently enacted its new artificial intelligence regulation, the (“EU AI Act”).  The new law is expected to have a substantial impact on the AI industry, including on companies outside of the EU, much as the GDPR did. Overall, the EU AU Act follows a risk-based approach and contains several categories of AI systems.  High risk systems are subject to the most stringent requirements, while AI systems presenting less risk are subject to lighter regulation.  But certain uses of AI systems are entirely prohibited.  Additionally, special rules apply to general ..read more

The Biden administration announced that it brokered a voluntary agreement with several of the biggest technology and artificial intelligence (AI) companies.  The agreement, available here, has the companies taking a number of actions intended to encourage safe, secure, and trustworthy development of AI technologies, particularly generative AI systems. While the commitments are not as extensive as other frameworks, such as the NIST AI Risk Management Framework or the Biden Administration’s Blueprint for an AI Bill of Rights, they are in some ways more concrete and actionable, and could ser ..read more

The rapid spread of Artificial Intelligence (AI) systems in recent years has overlapped with the enactment of comprehensive privacy laws by multiple U.S. states.  Aside from being generally applicable to AI systems in the same way as they are to any online service, several of the comprehensive state privacy laws have provisions that specifically address certain uses of AI systems, in particular use in profiling.  This article surveys those provisions and assumes the reader is already familiar with basic concepts in the comprehensive privacy laws, such as controllership and applicabil ..read more

On June 6, 2023, the Board of Governors of the Federal Reserve System, Office of the Comptroller of the Currency and Federal Deposit Insurance Corp. (collectively, the “Agencies”) issued final interagency guidance that provides granular recommendations for how banks and other regulated financial institutions should manage risks associated with third-party relationships (the “Guidance”). The Guidance replaces prior guidelines that were released by the Agencies on July 19, 2021. 1.   Introduction The Guidance is designed to assist banking organizations with managing the risks ass ..read more

As the use of artificial intelligence (AI) rapidly expands throughout the private sector and government, the Biden administration has published a report titled A Blueprint for an AI Bill of Rights. A summary is available at https://www.whitehouse.gov/ostp/ai-bill-of-rights/ and the full document is available at https://www.whitehouse.gov/wp-content/uploads/2022/10/Blueprint-for-an-AI-Bill-of-Rights.pdf. The report cites a myriad of issues with AI systems, including uses in hiring and credit decisions that have been found to reproduce existing inequities or create new harmful bias, uses in pat ..read more

The National Institute of Standards and Technology (NIST) recently released version 1.0 of its Artificial Intelligence Risk Management Framework. The framework is available at https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-1.pdf, and a full set of supporting documents is available at https://www.nist.gov/itl/ai-risk-management-framework.  There is an emerging consensus that AI systems present a significantly different risk profile than conventional information technology systems.  While there is currently no legal requirement to use a risk management framework when developing AI sy ..read more

The National Institute of Standards and Technology (NIST) recently released version 1.0 of its Artificial Intelligence Risk Management Framework. The framework is available at https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-1.pdf, and a full set of supporting documents is available at https://www.nist.gov/itl/ai-risk-management-framework.  There is an emerging consensus that AI systems present a significantly different risk profile than conventional information technology systems.  While there is currently no legal requirement to use a risk management framework when developing AI s ..read more

Andy Baer is joined by three of his Cozen O’Connor colleagues for a panel discussion exploring the evolving law of artificial intelligence in the U.S. and Europe, including legal risks associated with ChatGPT and other AI tools, the current state of regulation, and how providers and users of AI tools can manage risk going forward. Download this episode ..read more

Host Andrew Baer is joined by Matthew Klahre from Cozen O’Connor’s Technology, Privacy, & Data Security practice group for a discussion, with practical tips, on how to manage internal and external communications following a data breach. Download this episode ..read more

Andy Baer is joined by Christopher Dodson of Cozen O’Connor to discuss EU-US personal data transfers after Schrems II, including the latest on the EU-US Data Privacy Framework. Download this episode ..read more