The US National Security Memorandum on AI
On October 24th, President Biden released a long-anticipated National Security Memorandum on AI (NSM). Building on a broad international consensus around AI governance, the NSM directs the US government to take effective steps to ensure the government’s use of safe, secure, and trustworthy AI for national security. This memorandum was mandated by the Executive Order on the Safe, Secure, and Trustworthy Development and Use of AI of October 30th 2023 and aims to provide the first-ever risk management guidance for the use of AI in national security missions.
Fundamentally, the NSM establishes a comprehensive framework for harnessing AI models and AI-enabled technologies in the context of US national security systems (NSS), while concurrently upholding human rights, civil liberties, privacy, and safety. At its core, the NSM aims not only to catalyse decisive changes in the way the US government approaches AI national security policy, but also to take an active role in steering global AI norms and institutions by laying the groundwork for a stable and responsible international AI governance landscape.
The accompanying Framework to Advance AI Governance and Risk Management in National Security, envisioned by the NSM itself, brings the US legal framework for AI regulation a little closer to the risk-based approach embodied in the European AI Act. It identifies, for instance, prohibited and ‘high-impact’ AI use cases based on the risk they pose to national security, international norms, democratic values, human rights, civil liberties, privacy, and safety. Moreover, the Framework sets out ‘sufficiently robust minimum-risk management practices’ for those categories of AI identified as high-impact, including pre-deployment risk assessments, monitoring and accountability mechanisms.
The G7 Toolkit for AI in the Public Sector & The Compendium of Digital Government Services
On October 15th, a G7 Technology and Digital Ministerial Meeting took place in Cernobbio, northern Italy. The gathering, chaired by the Undersecretary of State for Technological Innovation, Alessio Butti, clinched the commitments made in the G7 Declaration adopted at a previous meeting in Trento on March 15th. With the support of the Italian Presidency, the OECD and UNESCO launched two key reports on AI in the public sector at the Cernobbio meeting: the G7 Toolkit for AI in the Public Sector and the G7 Compendium of Digital Government Services.
The toolkit for AI in the public sector draws on extensive research conducted by the OECD and UNESCO to highlight significant trends and showcase successful AI initiatives across the G7. Effectively, the toolkit offers policymakers and public sector leaders a hands-on guide to help them translate principles for safe, secure, and trustworthy AI into actionable policies. The document also recommends additional safeguards such as transparency requirements for public algorithms, regulations on automated decision-making and risk management frameworks.
The Compendium of Digital Government Services, on the other hand, is a comprehensive report prepared by the OECD Directorate for Public Governance which summarises the state of the art of key digital government initiatives and approaches among G7 members, showcasing best practices and solutions to pave the way for a smooth transition from e-government to digital government. The Compendium is structured around four key areas: a) digital identity solutions for accessing public services; b) data and information sharing in the public sector; c) other digital government systems; and d) so-called ‘enablers’, i.e. the allocation of resources to service providers for creative applications and services that cannot be built by governments alone.
G7 Mapping Exercise of Digital Identity Approaches
Also in the context of the G7 Technology and Digital Ministerial Meeting, the OECD released a Mapping Exercise of Digital Identity Approaches, a report that identifies critical commonalities in digital identity approaches across the G7, laying the groundwork for future interoperability efforts. These commonalities include shared concepts and definitions, as well as common standards and assurance levels of approaches.
Digital identity systems are key to globalised economies. By enabling people to prove their identity quickly and securely, they open a virtual door to a wealth of essential public and private services. As more and more services are digitised and people’s lives increasingly span across borders, the need for accessible and interoperable digital identity systems has become acute. In essence, the salient communalities mapped out in this report are valuable knowledge resources for policymakers and stakeholders to design digital identity policies and interoperable digital systems across the G7.
The Cyber Resilience Act in the EU
On October 10th, the EU Council adopted the Cyber Resilience Act. The new regulation targets critical gaps, clarifies connections, and streamlines the cybersecurity framework in Europe. From IoT devices to other digital products, the goal is to secure them throughout their entire lifecycle and supply chain.
The regulation introduces cybersecurity requirements for the design, production, and marketing of all products that are directly or indirectly connected to another device or network – excluding products for which cybersecurity requirements already exist, such as medical devices, aeronautical products and cars. The Act is now expected to be signed by the Presidents of the Council and the European Parliament and published in the EU’s Official Journal in the coming weeks.
Much More Than a Market: Enrico Letta’s Report on the Next Steps of the European Single Market
On October 21st, the erstwhile Prime Minister of Italy and President of the Jacques Delors Centre, Enrico Letta, presented his report, Much More Than a Market, to the European Parliament. The report, which had been commissioned by the Belgian and Spanish governments with the support of the European Council, was concluded in April this year. The core aim is to revamp and modernise the European Single Market to rise to new challenges and unlock untapped opportunities.
There is a vital concept at the heart of this report: what Mr Letta called a ‘fifth freedom’ for a new Single Market. Its current framework is rooted in four freedoms that fundamentally reflect twentieth-century principles: the free movement of people, goods, services, and capital. But however important they have been to this day, Mr Letta holds, they fall short of addressing the fiendishly complex dynamics of a digital market increasingly shaped and driven by AI. The fifth freedom, according to the report, means embedding research and innovation at the heart of the Single Market. While significant progress has been delivered in the past legislature with the passing of the Digital Markets Act, the Digital Services Act, the AI Act, the Data Act, and the Data Governance Act, the fifth freedom could come with an evolving regulatory framework that catalyses strides in R&D, data use, AI, quantum computing, biotechnology, biorobotics, and beyond.
