United States

This quarterly update highlights key legislative, regulatory, and litigation developments in the fourth quarter of 2023 and early January 2024 related to technology issues.  These included developments related to artificial intelligence (“AI”), connected and automated vehicles (“CAVs”), data privacy, and cybersecurity.  As noted below, some of these developments provide companies with the opportunity for participation and comment.

I. Artificial Intelligence

Federal Executive Developments on AI

The Executive Branch and U.S. federal agencies had an active quarter, which included the White House’s October 2023 release of the Executive Order (“EO”) on Safe, Secure, and Trustworthy Artificial Intelligence.  The EO declares a host of new actions for federal agencies designed to set standards for AI safety and security; protect Americans’ privacy; advance equity and civil rights; protect vulnerable groups such as consumers, patients, and students; support workers; promote innovation and competition; advance American leadership abroad; and effectively regulate the use of AI in government.  The EO builds on the White House’s prior work surrounding the development of responsible AI.  Concerning privacy, the EO sets forth a number of requirements for the use of personal data for AI systems, including the prioritization of federal support for privacy-preserving techniques and strengthening privacy-preserving research and technologies (e.g., cryptographic tools).  Regarding equity and civil rights, the EO calls for clear guidance to landlords, Federal benefits programs, and Federal contractors to keep AI systems from being used to exacerbate discrimination.  The EO also sets out requirements for developers of AI systems, including requiring companies developing any foundation model “that poses a serious risk to national security, national economic security, or national public health and safety” to notify the federal government when training the model and provide results of all red-team safety tests to the government.

Federal Legislative Activity on AI

Congress continued to evaluate AI legislation and proposed a number of AI bills, though none of these bills are expected to progress in the immediate future.  For example, members of Congress continued to hold meetings on AI and introduced bills related to deepfakes, AI research, and transparency for foundational models.

  • Deepfakes and Inauthentic Content:  In October 2023, a group of bipartisan senators released a discussion draft of the NO FAKES Act, which would prohibit persons or companies from producing an unauthorized digital replica of an individual in a performance or hosting unauthorized digital replicas if the platform has knowledge that the replica was not authorized by the individual depicted. 
  • Research:  In November 2023, Senator Thune (R-SD), along with five bipartisan co-sponsors, introduced the Artificial Intelligence Research, Innovation, and Accountability Act (S. 3312), which would require covered internet platforms that operate generative AI systems to provide their users with clear and conspicuous notice that the covered internet platform uses generative AI. 
  • Transparency for Foundational Models:  In December 2023, Representative Beyer (D-VA-8) introduced the AI Foundation Model Act (H.R. 6881), which would direct the Federal Trade Commission (“FTC”) to establish transparency standards for foundation model deployers in consultation with other agencies.  The standards would require companies to provide consumers and the FTC with information on a model’s training data and mechanisms, as well as information regarding whether user data is collected in inference.
  • Bipartisan Senate Forums:  Senator Schumer’s (D-NY) AI Insight Forums, which are a part of his SAFE Innovation Framework, continued to take place this quarter.  As part of these forums, bipartisan groups of senators met multiple times to learn more about key issues in AI policy, including privacy and liability, long-term risks of AI, and national security.

Continue Reading U.S. Tech Legislative, Regulatory & Litigation Update – Fourth Quarter 2023

On October 17, 2023, the U.S. Government Accountability Office (“GAO”) published a report on mergers and acquisitions (“M&A”) in the defense industrial base. The report details the current M&A review process of the Department of Defense (“DOD”) and provides recommendations to proactively assess M&A competition risks.

Currently, DOD’s Industrial Base Policy (“IBP”) office, with input

Earlier this month the Biden Administration released its long-anticipated Executive Order on Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern (“EO”), which imposes (1) prohibitions on certain outbound investments in the semiconductors and microelectronics, quantum information technologies, and artificial intelligence sectors, and (2) mandatory notification requirements for a

Updated August 8, 2023.  Originally posted May 1, 2023.

Last week, comment deadlines were announced for a Federal Communications Commission (“FCC”) Order and Notice of Proposed Rulemaking (“NPRM”) that could have significant compliance implications for all holders of international Section 214 authority (i.e., authorization to provide telecommunications services from points in the U.S. to points abroad).  The rule changes on which the FCC seeks comment are far-reaching and, if adopted as written, could result in significant future compliance burdens, both for entities holding international Section 214 authority, as well as the parties holding ownership interests in these entities.  Comments on these rule changes are due Thursday, August 31, with reply comments due October 2.

Adopted in April, the FCC’s item proposing the new rules also includes an Order requiring all holders of international Section 214 authority to respond to a one-time information request concerning their foreign ownership. Although last week’s Federal Register publication sets a comment deadline for the proposed rules, the reporting deadline for the one-time information request has not yet been established.  However, because the FCC has fulfilled its statutory obligations regarding the new information collection presented by the one-time reporting requirement, carriers — as well as entities holding an ownership interest in these carriers — should prepare for the announcement of the reporting deadline.

The FCC’s latest actions underscore the agency’s ongoing desire to closely scrutinize foreign ownership and involvement in telecommunications carriers serving the U.S. market, as well as to play a more active role in cybersecurity policy. These developments should be of interest to any carrier that serves the U.S. market and any financial or strategic investor focused on the telecommunications space, as well as other parties interested in national security developments affecting telecommunications infrastructure.

Proposed Rule Changes for International Section 214 Authority

The FCC’s proposed changes to its regulation of international Section 214 authorizations generally concern additional compliance, disclosure, and reporting requirements. The FCC’s proposed rule changes are far-reaching, but the most notable of the proposals concern the following:Continue Reading Comments Due August 31 on FCC’s Proposal to Step Up Review of Foreign Ownership in Telecom Carriers and Establish Cybersecurity Requirements

On July 10, 2023, the European Commission adopted its adequacy decision on the EU-U.S. Data Privacy Framework (“DPF”). The decision, which took effect on the day of its adoption, concludes that the United States ensures an adequate level of protection for personal data transferred from the EEA to companies certified to the DPF. This blog post summarizes the key findings of the decision, what organizations wishing to certify to the DPF need to do and the process for certifying, as well as the impact on other transfer mechanisms such as the standard contractual clauses (“SCCs”), and on transfers from the UK and Switzerland.

Background

The Commission’s adoption of the adequacy decision follows three key recent developments:

  1. the endorsement of the draft decision by a committee of EU Member State representatives;
  2. the designation by the U.S. Department of Justice of the European Union and Iceland, Liechtenstein, and Norway (which together with the EU form the EEA) as “qualifying states,” for the purposes of President Biden’s Executive Order 14086 on Enhancing Safeguards for U.S. Signals Intelligence Activities (“EO 14086”). This designation enables EU data subjects to submit complaints concerning alleged violations of U.S. law governing signals intelligence activities to the redress mechanism set forth in the Executive Order and implementing regulations (see our previous blog post here); and
  3. updates to the U.S. Intelligence Community’s policies and procedures to implement the safeguards established under EO 14086, announced by the U.S. Office of Director of National Intelligence on July 3, 2023.

The final adequacy decision, which largely corresponds to the Commission’s draft decision (see our prior blog post here), concludes “the United States … ensures a level of protection for personal data transferred from the Union to certified organisations in the United States under the EU-U.S. Data Privacy Framework that is essentially equivalent to the one guaranteed by [the GDPR]” (para. 201).

Key Findings of the Decision

In reaching the final decision, the Commission confirms a few key points:Continue Reading European Commission Adopts Adequacy Decision on the EU-U.S. Data Privacy Framework

On April 27, 2023, US National Security Advisor Jake Sullivan delivered a lecture at the Brookings Institution on American economic policy in which he promoted a ‘new Washington consensus’. His speech resonated loudly within EU member states and its institutions. What he said fits very well in the current debate in Brussels on economic and trade policy – a debate which divides policy makers even inside the European Commission in Brussels.

The need for a ‘new’ consensus

Jake Sullivan’s presentation, indeed, reinforces the views of those in Europe who feel there is a need for some distance from globalization, free trade and an economic system based solely on liberalism, competition rules and the law of the market. This system was often presented as ‘the Washington consensus’; this term was first coined by a British economist in 1989 to describe a world of free markets, with the United States as guarantor and relying mainly on the World Bank and the IMF. This ‘consensus’ developed in Washington during the Clinton administration and extended to the other side of the Atlantic – until the turn of the new century.

But now, times have changed: the US is no longer hegemonic; the world has fractured; western values are openly challenged by China and others in the ‘global south’ – and the Trump administration renounced major multinational treaties like TTIP and the TPP. Sullivan describes superbly the reasons why a ‘new’ consensus is needed: ‘a financial crisis that shook the middle class, a pandemic which exposed the fragility of our supply chains, a changing climate that threatens lives and livelihoods, the invasion of Ukraine by Russia which underscores the risks of overdependence’ – and, on top of that, a China which continues to subsidize the growth of its industry and ‘becoming a leader in critical technologies which will define the future’.

This diagnosis, and what Sullivan suggests, match perfectly the thinking by those in Europe who promote an EU ‘industrial policy’ – a novelty for the European Union. Clearly, liberalism and free trade retain strong supporters in European countries and in the EU Commission. Recently the EU ratified an agreement with Chile, concluded a treaty with New Zealand, and persists in completing the ratification of agreements with the Mercosur and Mexico. But even the Commission has to admit that the time of TTIP and other comprehensive trade agreements has passed and that those who want to relax state aid rules and encourage subsidies to the industry are dominating the scene.Continue Reading Europe and the ‘new Washington consensus’

On 31 May 2023, at the close of the fourth meeting of the US-EU Trade & Tech Council (“TTC”), Margrethe Vestager – the European Union’s Executive Vice President, responsible for competition and digital strategy – announced that the EU and US are working together to develop a voluntary AI Code of Conduct in advance of

May 31, 2023, Covington Alert

The Department of Justice (“DOJ”)’s FARA Unit released several new advisory opinions in recent weeks that interpret the Foreign Agents Registration Act (“FARA”) and its regulations. While the newly published opinions addressed a number of topics, the FARA Unit’s broad reading of the FARA triggers and the jurisdictional scope of

On May 23, 2023, the White House announced that it took the following steps to further advance responsible Artificial Intelligence (“AI”) practices in the U.S.:

  • the Office of Science and Technology Policy (“OSTP”) released an updated strategic plan that focuses on federal investments in AI research and development (“R&D”);
  • OSTP issued a new request for information (“RFI”) on critical AI issues; and
  • the Department of Education issued a new report on risks and opportunities related to AI in education.

These announcements build on other recent actions by the Administration in connection with AI, such as the announcement earlier this month regarding new National Science Foundation funding for AI research institutions and meetings with AI providers.

This post briefly summarizes the actions taken in the White House’s most recent announcement.

Updated OSTP Strategic Plan

The updated OSTP strategic plan defines major research challenges in AI to coordinate and focus federal R&D investments.  The plan aims to ensure continued U.S. leadership in the development and use of trustworthy AI systems, prepare the current and future U.S. workforce for the integration of AI systems across all sectors, and coordinate ongoing AI activities across agencies.

The plan as updated identifies nine strategies:Continue Reading White House Announces New Efforts to Advance Responsible AI Practices

May 18, 2023, Covington Alert

Today, the Supreme Court issued its opinion in Gonzalez v. Google LLC, a case about whether Section 230 of the Communications Decency Act (47 U.S.C. § 230) protected YouTube’s recommendation algorithms from a claim of secondary liability under the Anti-Terrorism Act (ATA). In a short, three-page per curiam opinion