AI in the Supply Chain Under Government Focus

Kristopher Chandler, Vanessa Gomez, Megan MacCallum, Jonathan Todd
Benesch
Contact
LinkedIn
Facebook
X
Send
Embed

Benesch

The U.S. Department of Transportation is seeking input from industry stakeholders on the role of artificial intelligence in the supply chain.

The DOT’s Advanced Research Projects Agency – Infrastructure is one of many federal agencies that together with the White House are drawing into sharp focus the risks and opportunities of artificial intelligence. This one example signals the importance of seriously examining the commercial, compliance, and national security implications of technological advances.

Five Immediate Areas of DOT Focus on AI

In this instance, the DOT requests comments by July 2, 2024, on the development of safe and responsible development and use of AI in the transportation sector (See 89 FR 36849.). This inquiry focuses on five key areas of concern: (1) Current AI applications in transportation, (2) Opportunities for AI in transportation, (3) Challenges of AI in transportation, (4) Autonomous mobility ecosystems, and (5) Other considerations in the development of AI for Transportation. The DOT request for information also warns against the submission of confidential information in response, which understandably highlights the highly sensitive and competitive nature of the subject.

Growing Trend of Federal Focus on AI

The federal government has taken a very indirect approach to addressing AI regulation. Like its approach to data privacy and personal information, the federal government has yet to adopt a comprehensive AI law providing compliance obligations for the use and deployment of AI tools. Instead, they have relied on enforcement by executive agencies of existing laws to address AI. Though there is no current federal omnibus regulation governing the use of AI tools, some federal agencies have clarified that existing statutes and regulations apply to business operations regardless as to a business’ use of AI tools. This means that if a law applies to your business then your use of an AI tool will not alleviate your compliance obligations under that law. Again, similar to the approach taken in the U.S. as it relates to data security and privacy of an individual’s personal information, to find a comprehensive law on AI you need to look to individual states for how they are addressing the use and deployment of AI and the legal pitfalls that come with it.

In contrast, the federal government has taken a very hands-on approach to AI usage by federal agencies. In March 2024, the Office of Management and Budget issued its first government-wide policy as memorandum M-24-10 titled “Advanced Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence” (the “AI Memorandum”). Under President Biden’s October 2023 AI Executive Order, the AI Memorandum directs federal agencies to “advance AI governance and innovation while managing risks from the use of AI in the federal government, particularly those affecting the rights and safety of the public.”

Specifically, the AI Memorandum’s requirements and recommendations fall into four categories: (1) strengthening AI governance, (2) advancing responsible AI Innovation, (3) managing risks from use of AI, and (4) managing risks in federal procurement of AI. The risks addressed specifically are those that “result from any reliance on AI outputs to inform, influence, decide, or executive agency decisions or actions, which could undermine the efficacy, safety, equitableness, fairness, transparency, accountability, appropriateness, or lawfulness of such decisions or action. Most of the AI Memorandum applies to “all agencies defined in 44 U.S.C. § 3502(1)” while other provisions only apply to agencies identified in the Chief Financial Officers Act ). Certain requirements do not apply to members of the intelligence community as defined in 50 U.S.C § 3003. System functionality that “implements or is reliant on” AI that is “developed, used or procured by” the covered agencies is also subject to the AI Memorandum. Activity merely relating to AI, including regulatory actions for nonagency AI use or investigations of AI in an enforcement action, and AI deployed as part of a component of a National Security System are not covered.

The AI Memorandum clearly addresses federal agency use of AI and does not extend to the private sector, however, history shows that federal government use and guidance impact the development of best practices adopted by companies. As such, private sector companies using AI will benefit from formally assessing how their current AI practices and policies align with the AI Memorandum and future guidance on the federal government’s use of AI.

AI in the Supply Chain Concerns and Implications

Federal interest in exploring AI impacts specific to supply chain services and their national security implications has appropriately taken a broad-based approach. As a comprehensive policy statement, the Biden Administration released its Fact Sheet titled “New Actions to Strengthen America’s Supply Chains, Lower Costs for Families, and Secure Key Sectors” on November 27, 2023. Among its many recommendations were a Supply Chain Data and Analytics Summit as well as an AI Hackathon.

The nexus between AI, other emerging technologies, and strengthening the domestic United States supply chain in new and novel ways is clear. The 2023 Fact Sheet is one step in a multiyear bipartisan trend of increased recognition that a country’s supply chain and its national security are one and the same. This trend started before the COVID-19 disruptions that brought the conversation into national discourse.

Stepping back five years, the Trump Administration’s Executive Order 13873 was issued in 2019 to address foreign exploitation of vulnerabilities in the information and communications technology and services supply chain. The concern at that time was that supply chain-related systems and processes are vulnerable to foreign adversaries due to their high-value target status as the veritable backbone of U.S. critical infrastructure. This risk was addressed by assigning responsibility to the Commerce Department for assessing the risk of foreign parties and their domestic actors from acquiring, transferring, or dealing in information and technology that could yield catastrophic effects for the homeland. Commerce’s role in doing so is supported by Treasury, State, Defense, and Homeland Security, among other agencies. For example, Homeland Security will be responsible for identifying entities, hardware, software, and services that pose vulnerabilities to the U.S supply chain.

The Biden Administration continued to ramp up the focus on technological applications within the supply chain and their risks. In 2021, the Biden Administration published Executive Order 14034 with the goal of protecting American sensitive data from foreign interference. More recently, on February 28, 2024, the Biden Administration published Executive Order 14117 to expand the scope of national security concerns addressed in 2019 by President Trump. The expanded scope of national security concerns focuses on minimizing access to Americans’ bulk sensitive personal data via data brokerages and supply chain agreements pertaining to third-party vendors, employment, and investments. The Biden Administration highlights the concern that a supply chain stakeholder in a country of concern will be required to meet compliance obligations to transfer Americans’ sensitive personal data to that country of concern’s intelligence services. The countries of concern include the People’s Republic of China, China’s Special Administrative Regions of Hong Kong and Macau, Iran, North Korea, Cuba, and Venezuela.

Concerns over international trading relationships and connectivity echo in the recent DOT request for comment as well as other agency activities. As a parallel, Commerce’s Bureau of Industry and Security (BIS) has expressed a focus on information and communications technology and services (ICTS) transactions that are essential to the connective vehicles (CV) supply chain. BIS has assessed the potential risks related to the design, manufacturing, and implementation of ICTS in CVs due to CV connectivity to original equipment manufacturers, third-party service providers, and devices like smartphones. A complex web of geopolitics, federal and state jurisdiction, private industry, and consumer interests is emerging.

Private Industry’s Path Forward

There is little doubt that interest in AI and adjacent technologies is far from over. The five-year trendline of hardening supply chain protections, particularly from a technological perspective, proves that this is not a flash-in-the-pan occurrence. Absence of substantial comprehensive federal law on the subject does not mean that there are no rules. Instead, this is a moment in time when nimble multidisciplinary approaches are meaningful. Just as a commercial “arms race” is occurring, the best and brightest companies are carefully assessing emerging best practices, the impact on existing compliance obligations, and the threat of geopolitical risks.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Benesch | Attorney Advertising

Written by:

Benesch
Benesch
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Benesch on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide