To print this article, all you need is to be registered or login on Mondaq.com.
The Backdrop
Recent policy documents1 and working drafts on
Artificial Intelligence issued by the Niti Aayog (or the Planning
Commission under the Government of India) recognize ethical and
fundamental concerns with the implementation of AI and hint towards
a self-regulatory approach towards the same in coming times. In
this backdrop, it is important for Artificial Intelligence (AI) and
Machine Learning (ML) developers and stakeholders to understand the
importance of precise self-regulatory exercises required to avoid
risking legal and regulatory red-flagging by government authorities
in the coming future.
The trends in these policy documents suggest greater
responsibility for developers of AI systems than just the broader
known issues related to AI systems already recognized globally.
With the increasing use of AI to develop scalable business
solutions companies around the world are also increasing their
legal and regulatory risks. Authorities around the globe are now
conscious of the issues of ‘Explainability’,
‘Provability’, ‘Transparency’,
‘Accountability’ and ‘Accessibility’ associated
with AI. With growing dependency upon technology and machine
learning capabilities, the authorities are working extensively on
preparing policy and legal frameworks for the regulation of AI.
AI systems around the world are coming under the regulatory
scanner for violating ethics. For instance, in the United States,
Optum is currently under regulatory scanner for allegedly
developing an algorithm which recommended doctors and nurses to pay
more attention to white patients than to black
patients2; Goldman Sachs is under the scanner for
an AI algorithm that allegedly granted larger credit limits to men
than women on Apple cards; Facebook was under the scanner for
granting access to the personal data of more than 50 million users
to Cambridge Analytica; The US Department of Housing and Urban
Development recently sued Facebook as its ad-serving algorithms
allegedly enabled discrimination based on gender and race; Google
is being denied renewal of its AI contract with Department of
Defense after employees raising ethical issues.
Policy Documentations suggesting Self-Regulation
As we speak, there is a global void for law and regulation of
development and implementation of Artificial Intelligence (AI) and
Machine Learning (ML) Technologies. As some prominent jurisdictions
have formulated advisory councils and centers3 on the
Ethical Use of AI and Data thereby steering the ‘Ethics for
AI’ debate at a central level, India has also set the stage for
similar initiatives. Although the Government of India has not
issued any national policy document on AI describing a regulatory
framework for AI, however, few guiding documents recently issued by
the planning commission (the NITI Aayog) constituted under the
Government of India hints some specifics for Ethics in AI and its
regulation and lays a clearer picture of the regulatory future
ahead. These guiding documents include the “National
Strategy for Artificial Intelligence #AiForAll”
(issued June 2018)4, “Working
Document: Towards Responsible #AIforAll – Part I”
(issued August 2020), and the latest one being the
“Working Document: Towards Responsible #AIforAll –
Part I” (issued November 2020)
(collectively Policy Documentation).
Current Laws & Regulations in India
Policy Documentation states that existing laws are sufficient
for tackling the challenges of AI that directly impact society.
They are described in the documents as “System
Considerations” and that the existing laws require
sector-specific modifications and alignments. However, the policy
documents identify a different category of challenges which
indirectly impact the society such as loss in jobs, deep fakes,
pshychological profiling and macicious use. For challenges having
indirect impact such as loss of jobs they suggests skilling,
adapting legislations and regulations to harness new job
opportunities. It is interesting to see that the recommendations on
dealing with malicious use of AI for spreading hate or propoganda,
is to use the technology for proactive adentificaton and
flaging.
Policy documentation also identifies ethical challenges in AI
based on their impact on the Indian society while recognizing the
issues such as the ‘Black Box Phenomenon’, the issues of
data collection without proper consent, the privacy of personal
data, inherent selection bias, risk of profiling and
discrimination, and non-transparent nature of certain AI solutions.
They also recognize the reputational issues of public fear that
companies are somehow harnessing huge consumer data and utilizing
it inappropriately to gain consumer insight; and that the companies
are developing large DATASETS and building unfair competitive
advantage somehow.
Policy Documentation emphasizes conscious development of
‘XAI’ or explainable AI and concepts such as
‘Differential Privacy’ by implementing ‘Federated
Learning’ wherein data trusts are developed for easy and secure
sharing of data without compromising any sensitive personal data or
information. The documentation also prescribes Technical best
practices on three broader principles: Explainability using Pre hoc
and Post hoc techniques; Privacy and data protection using
federated learning, differential privacy, zero knowledge protocols
or homomorphic encryption; and Emiminating bias and encouraging
fairness using such as Tools such as IBM’s ‘AI Fairness
360’, Google’s ‘What-If’ Tool, Fairlearn and open
source frameworks such as FairML.
Guidance on Self-Regulation & Self-Audit
Policy Documentation suggests following seven broad guiding
principles to be followed as part of self regulation:
Principle of Safety and Reliability
Principle of Equality
Principle of Inclusivity and Non-discrimination
Principle of Privacy and security
Principle of Transparency
Principle of Accountability
Principle of protection and reinforcement of positive human
values
Policy Documentation futher prescribes very clearly the
following eight elements of effective self-assessment,
self-regulation and self-audit:
Problem Scoping:
Assessing potential harm from AI System,
Putting in place a dynamic plan of action for unintended
consequences,
Formulating a ‘Grievance Redressal Mechanism’,
Formulating ‘Error Handling Mechanisms’ for dealing
with error in decision making,
Provision for public auditing without compromising system
information and risking unwarranted manipulation,
Goal setting for explainability, equality, non-discrimination,
and inclusion.
Data Collection:
Identifying laws for data handling,
Keeping track of known sources of data, and steps to ensure
privacy and safety,
Ensuring the effectiveness and impact of Datasets.
Data Labelling
Tracking human variability and biases.
Data Processing
Ensuring masking of personal and sensitive data.
Training
Developing system’s explainability of models used,
Training on fairness goals,
Ensuring training on the protection of sensitive & personal
data.
Evaluation:
Ensuring safe and reliable system deployment by experts,
Evaluation of system meeting fairness goals,
Evaluation of adversarial inputs,
Evaluate error rates across subpopulation groups- access social
impact.
Deployment:
Ensuring easy accessibility of grievance redressal
mechanism,
Access impact of real-world bias.
Dynamic assessment:
Risk mitigation strategy for changing development
environment,
Tracking use of policies and technologies used,
Dynamic monitoring of fairness goals,
Tracking system performance and changes,
Ensuring accessibility by third parties to audit and probe,
understand and review the behaviour of the system,
Ensuring open-source, academic and research community for an
audit of Algorithm.
Way Forward
Admittedly, there is a void in the legal and regulatory
framework affecting Artificial Intelligence. The undefined contours
of this currently unknown area of industry and technology also make
it difficult and challenging to anticipate and lay down a rigid set
of laws or regulations. In fact, anything more than a broad policy
document would be fraught with risks, especially given the inverse
relationship between the speeds at which the technology and law
have grown/adapted. Hence, it is opined that developers in India
embrace self-regulation, periodically conduct systematic and
structured self-audit, and document it for record-keeping and
regulatory purposes. This would help not only in the structured and
orderly growth of the industry, but also allow the technology and
businesses to grow in a laissez affaire manner.
Footnotes
1. “Working Document: Towards
Responsible #AIforAll – Part I” (issued August
2020), (https://niti.gov.in/sites/default/files/2020-07/Responsible-AI.pdf),
and the latest one being the “Working Document: Towards
Responsible #AIforAll – Part I” (issued November
2020), (https://niti.gov.in/sites/default/files/2020-11/Towards-Responsible-AI-Enforcement-of-Principles.pdf).
2. https://www.washingtonpost.com/health/2019/10/24/racial-bias-medical-algorithm-favors-white-patients-over-sicker-black-patients/
3. UK has formulated a Centre for Data
Ethics and Innovation, Under Department for Digital, Culture, Media
& Sport; Singapore has formulated Advisory Council on Ethical
Use of AI and Data, Under Infocomm Media Development Authority
(IMDA),
4. http://www.niti.gov.in/writereaddata/files/document_publication/NationalStrategy-for-AI-Discussion-Paper.pdf
Tuhin Batra, Associate Partner, TMT Law
Practice
Tuhin is an experienced Senior Legal Counsel with a demonstrated
history of working in M&A and General Corporate space for the
Indian Renewable Power Sector, Finance and Banking industry.
Skilled in Corporate Structuring, Due Diligence, corporate legal
advisory and Commercial Contract drafting.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Privacy from India
Data Protection Laws In India – Everything You Must Know
Vaish Associates Advocates
Data Protection refers to the set of privacy laws, policies and procedures that aim to minimise intrusion into one’s privacy caused by the collection, storage and dissemination of personal data. Personal data generally refers to the information or data which relate to a person who can be identified from that information or data whether collected by any Government or any private organization or an agency.
Source: https://www.mondaq.com/india/privacy-protection/1015476/selfregulation-in-artificial-intelligence-an-indian-perspective
