AI Regulation: Implications of US Regulations for UK Businesses.

This is the third and last article in a 3-part mini-series that provides an outline of the USA regulatory requirements and what it means to UK businesses - large and small - even when they only operate from within the UK. The first article AI Regulation: Navigating UK Compliance provided an overview of the UK regulatory requirements for AI. The second article AI Regulation: Implications of the EU AI Act for UK Businesses highlighted the European regulatory compliance factors and how they impact UK businesses.

Introduction

It is crucial for any UK business providing or using Artificial Intelligence (AI) solutions and engaging in business with the United States to have a clear understanding of the regulatory landscape. While the USA doesn't have a single overarching federal AI law like the EU AI Act, it does have a complex web of regulations, standards, and guidelines at both the federal and state levels. This article aims to provide UK businesses with a breakdown of the key aspects of US AI regulation to help navigate this evolving environment.

The US Regulatory Landscape

The US approach to AI regulation is characterised by a layered structure, incorporating:

• Federal Guidance and Initiatives: The federal government plays a significant role through various agencies and initiatives that provide guidance and direction on AI development and use.

• Sector-Specific Regulations: Existing laws and regulatory bodies that oversee specific industries (e.g., healthcare, finance) also apply to AI applications within those sectors.

• State-Level Legislation: Individual states are increasingly active in introducing their own AI-related laws, leading to a patchwork of requirements across the country.

This multi-faceted approach means that UK businesses must consider a range of potential obligations depending on their AI applications and the sectors and states in which they operate.

Key Federal Initiatives and Guidance

While a comprehensive federal AI law is still under development, several key initiatives and guidance documents shape the US AI regulatory landscape:

• The National Artificial Intelligence Initiative Act of 2020: This act is a cornerstone of the US federal approach to AI.  It establishes the National Artificial Intelligence Initiative to coordinate AI-related activities across federal agencies, promote AI research and development, and address workforce and standards issues.  For UK businesses, this highlights the US government's focus on leadership in AI and the importance of keeping abreast of developments from this initiative.   

• AI Risk Management Framework (AI RMF) from NIST: The National Institute of Standards and Technology (NIST) has developed the AI Risk Management Framework. This framework provides guidance to organisations on managing risks associated with AI systems. While not legally binding, it is a crucial resource for responsible AI development and deployment and is likely to inform future regulation. UK businesses can use the AI RMF to align their AI practices with US best practices and demonstrate a commitment to responsible AI.   

Sector-Specific Regulations

In addition to these overarching initiatives, existing US laws and regulatory bodies that govern specific sectors also apply to AI. This means that UK businesses must also comply with sector-specific rules when using AI in those areas. Examples include:

• Healthcare: AI applications in healthcare are subject to regulations from the Food and Drug Administration (FDA) and the Health Insurance Portability and Accountability Act (HIPAA), among others.   

• Finance: AI in financial services is overseen by agencies like the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC), with a focus on issues like consumer protection and fair lending.

  
  

State-Specific Regulations

Individual US states are increasingly active in enacting AI-related legislation. This creates a complex landscape, as requirements can vary significantly from state to state. Areas of focus for state-level AI laws include:

• Biometric Data: Several states have laws regulating the use of biometric information, which can impact AI systems that use facial recognition or other biometric technologies.

• AI in Employment: Some states are introducing laws to address the use of AI in hiring and employment decisions, focusing on preventing discrimination and ensuring transparency.

• Data Protection Laws: While there's no overarching federal data protection law, state laws like the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) provide significant privacy protections and have extraterritorial reach.

UK businesses must carefully monitor state-level AI legislative developments, particularly if they operate in or target specific US states.

Key Considerations for UK Businesses

The US regulatory landscape has several important implications for UK businesses:

• Compliance Complexity: The layered approach, with federal guidance, sector-specific rules, and state-level laws, creates a complex compliance environment. UK businesses need to be diligent in identifying all applicable requirements - even if they are based in the UK.

• Risk Management is Essential: Even in the absence of a single federal AI law, the emphasis on risk management, as demonstrated by the NIST AI RMF, makes it crucial for UK businesses to adopt responsible AI practices.

• FTC Scrutiny: Be mindful of the FTC's focus on fairness, accuracy, and transparency in AI systems. Avoid deceptive claims about AI capabilities and ensure your systems don't discriminate against consumers.

• Monitoring Developments: The US AI regulatory landscape is rapidly evolving. UK businesses must stay informed about new federal initiatives, sector-specific guidance, and state-level legislation to ensure ongoing compliance.

  
  

AI Literacy: A Foundation for US Operations

For UK businesses looking to operate responsibly and effectively in the US AI landscape, building a strong foundation of AI literacy within their teams is essential. AI literacy goes beyond simply understanding what AI is; it involves developing the skills and knowledge to:

• Recognise AI applications: Identify where AI is being used, both overtly and subtly, in business processes, software, and services.

• Evaluate AI capabilities and limitations: Understand what AI can realistically achieve, its potential biases, and where human oversight remains crucial.

• Work effectively with AI tools: Learn how to use AI tools efficiently, provide effective prompts, and critically assess AI outputs.

• Address ethical considerations: Understand the ethical implications of AI use, including fairness, privacy, explainability and accountability, and how to mitigate potential risks.

• Stay informed about AI developments: Keep up-to-date with the rapidly evolving field of AI, including new technologies, best practices, and regulatory changes.
  

Preparing Your Business

To ensure your UK business is well-equipped to navigate the US AI landscape and use AI responsibly, consider these recommendations:

1. Invest in AI Literacy Training: Provide training and resources to help your team develop essential AI literacy skills. This could include workshops, online courses, or access to relevant learning materials.

2. Promote a Culture of Responsible AI: Foster an organisational culture that prioritises ethical considerations in AI development and deployment. This includes establishing clear guidelines for AI use, encouraging open discussions about ethical concerns, and empowering employees to raise questions or concerns.

3. Establish Clear Governance Structures: Define roles and responsibilities for AI oversight within your organisation. This includes identifying individuals or teams responsible for ensuring compliance with US regulations, managing AI risks, and promoting ethical AI practices.

4. Develop Robust Data Governance Practices: Implement strong data governance policies and procedures to ensure data quality, security, and privacy. This is crucial for both training AI models and using AI applications effectively and responsibly.

5. Prioritise Explainable AI: Where possible, prioritise the use of AI systems that provide transparency into their decision-making processes. This can help build trust, facilitate audits, and ensure accountability.

6. Conduct Thorough Legal Assessments: Before deploying AI solutions in the US, conduct comprehensive legal assessments to identify all applicable federal and state requirements. This is critical for navigating the complex US regulatory landscape and avoiding potential legal issues.

7. Adopt a Risk-Based Approach: Implement a risk-based approach to AI deployment, carefully assessing the potential risks and benefits of each AI application. This allows you to prioritise risk mitigation efforts and allocate resources effectively.

8. Engage with Stakeholders: Communicate openly and transparently with stakeholders, including customers, employees, and partners, about your use of AI. This can help build trust and address potential concerns.

9. Monitor US Developments: Closely monitor developments in US AI regulation, standards, and best practices. This will help your business stay agile and adapt to the evolving landscape.

10. Seek Expert Guidance: Don't hesitate to seek advice from legal counsel, AI ethics experts, or consultants specialising in US AI regulation. This can be particularly valuable for small businesses with limited resources or expertise in this area.

By focusing on AI literacy, promoting responsible AI practices, and staying informed about the evolving US landscape, UK businesses can harness the power of AI while mitigating risks and building a sustainable presence in the US market.

Expert Opinion

To emphasise the importance of proactive preparation, consider this quote:

"AI is arguably already one of the most important strategic priorities for businesses. However, alongside the potential opportunities, there are widespread concerns about AI’s risks. In response, governments around the world have embarked on a significant programme of regulation, with over 300 AI-related laws and regulations now on the statute book or in development"

AI risk and approaches to global regulatory compliance | Deloitte UK

This highlights the critical need for UK businesses to navigate the complex and evolving landscape of different AI regulations across the globe.

Conclusion

In the complex and rapidly evolving landscape of US AI regulation, AI literacy is not just an advantage—it's a necessity. Just as the EU AI Act and the UK National AI Strategy emphasise the need for understanding and responsible engagement with AI, so too does the US approach, albeit through a different regulatory structure.

For UK businesses operating in the US, this means:

• Empowering your team: Equipping employees with the knowledge and skills to navigate AI systems, understand their limitations, and identify potential risks.

• Fostering ethical awareness: Cultivating a strong sense of ethical responsibility in the development and deployment of AI, ensuring fairness, transparency, and accountability.

• Promoting proactive compliance: Building a culture of compliance where staying informed about evolving regulations and adhering to best practices is a priority.

Ultimately, AI literacy is the bridge that enables businesses to innovate responsibly, build trust with stakeholders, and thrive in a world increasingly shaped by AI.

Advantage AI support customers on their journey to leverage AI for competitive advantage. Services start with upskilling staff AI literacy via the AI Essentials - An Introduction for All training courses. Scheduled courses can be viewed and booked on Eventbrite, or contact us with any questions.