Introduction
The regulatory landscape for artificial intelligence (AI) is evolving across different jurisdictions, with varying approaches to enforcement and liability. While the United States, European Union, and United Kingdom have yet to establish comprehensive AI-specific regulatory frameworks, existing laws and emerging directives are shaping how AI-related issues are addressed.
Description
The US currently lacks a specific AI regulatory enforcement regime [1], but active enforcement is anticipated [1]. The Federal Trade Commission has mandated the destruction of illegally obtained personal data and the AI systems trained with it [1], with potential for broader scrutiny [1]. The Department of Justice may pursue harsher penalties for criminal offenses involving AI [1], viewing it as a “sophisticated means” under US sentencing guidelines [1]. State Attorneys General are likely to investigate AI misuse under existing consumer protection laws [1].
In the absence of comprehensive federal AI legislation [1], remedies for AI-related harms must be sought through existing federal and state laws [1]. The US class action system allows private plaintiffs to access information or seek damages under state consumer protection laws [1]. While there is no federal AI-specific liability legislation [1] [2], existing laws can assign liability for AI misuse [1] [2], and some states, like Colorado [1] [2], are beginning to create specific liability statutes for high-risk AI systems [1].
The EU AI Act establishes a decentralized enforcement framework [1] [2], requiring Member States to appoint national authorities responsible for compliance monitoring and enforcement [1] [2]. This legislation applies to developers [2], deployers [1] [2], importers [1] [2], and distributors of AI systems [1] [2]. Market surveillance authorities are empowered to demand information [1] [2], conduct inspections [1] [2], and impose financial penalties for breaches [1] [2], with fines ranging from EUR7.5 million to EUR35 million or a percentage of a company’s total worldwide annual turnover [2]. Individuals and legal entities can file complaints with these authorities regarding alleged violations [1] [2], maintaining their rights to other administrative or judicial remedies [2]. Data processors and controllers may incur fines under the General Data Protection Regulation (GDPR) [1] [2], with enforcement actions already taken against companies misusing AI [1]. Individuals can also lodge complaints or seek judicial remedies for GDPR infringements [2].
In the UK [1] [2], there is no standalone AI regulatory enforcement regime [1]. The Information Commissioner’s Office (ICO) can require compliance from data controllers and processors [1], imposing fines up to 4% of total worldwide annual turnover for breaches [1]. The ICO has acted against financial institutions for non-compliance [1], and individuals can file complaints with the ICO or seek court redress [1]. Financial regulators in the UK have not issued specific guidance on AI enforcement but possess tools to address non-compliance [1], including financial penalties and license conditions [1]. Under the Senior Managers regime [1], technology systems [1], including AI [1], fall under the Chief Operations function’s responsibility [1], with senior managers potentially facing regulatory action for breaches [1].
The EU’s proposed AI Liability Directive aims to adapt civil liability rules for AI [1] [2], facilitating claims for damages, alongside a new Directive on Liability for Defective Products applicable to AI [1] [2]. In the UK [1] [2], data controllers and processors may be liable for damages resulting from GDPR infringements [1]. AI companies may also face liability for contractual breaches [1] [2], pre-contractual misrepresentation [2], product liability claims [1] [2], or common law negligence [2]. Individuals can take action against regulated financial institutions for regulatory violations [1] [2], although many rules are disapplied by regulators [1].
Conclusion
The evolving regulatory frameworks for AI across the US, EU [1] [2], and UK highlight the growing recognition of the need to address AI-related challenges. While comprehensive AI-specific regulations are still developing, existing laws and emerging directives provide mechanisms for enforcement and liability. These efforts aim to ensure responsible AI use, protect consumer rights, and maintain market integrity, ultimately shaping the future landscape of AI regulation.
References
[1] https://www.jdsupra.com/legalnews/zooming-in-on-ai-7-ai-under-financial-9856421/
[2] https://www.aoshearman.com/en/insights/ao-shearman-on-tech/zooming-in-on-ai-7-ai-under-financial-regulations-in-the-us-eu-and-uk-part-3