The Challenges of AI Legislation

An article from CNN this last weekend described “the befuddled state of AI regulation in the United States”.  And went on to state that “the government (aka US government) should be involved in conversations about AI safety, especially those that impact national security”.

One of the reasons that this has come under scrutiny is the “latest spat between Anthropic and the government”  which, the article says has highlighted the fact that “There is no transparent, consistent framework for regulating AI – and the result could stifle the industry in the United States.”

Artificial intelligence (AI) is advancing rapidly, but the laws governing it are struggling to keep pace.   Jessica Tillipman, associate dean for government procurement law at George Washington University, wrote recently “What is striking is the absence of any meaningful process.”

The Trump government has issued a national policy framework with the proviso that  national security agencies fully grasp the potential safety risks.

The disagreement between Anthropic and the US government exposed a key weakness in the current regulatory environment: the lack of a clear and transparent framework for assessing AI risks.

The US administration did issue an order to AI companies to share their most advanced models with the government for cybersecurity vetting before releasing them publicly. But there have been delays.

So, some US states have passed their own laws. California, often a leader in data privacy issues, now has a law requiring AI companies to issue risk frameworks and report safety issues. Following that, Florida opened a criminal investigation into some AI Companies, and regulation is expected to follow.

At present, the United States does not have a single comprehensive law regulating AI. The UK does not have any AI-specific regulation, relying existing legal frameworks, such as financial services legislation and very much on GDPR.

Many experts believe that future AI legislation should balance innovation with accountability. They argue that companies need clear standards for safety testing, cybersecurity assessments, and risk reporting. At the same time, regulators must ensure that enforcement decisions are transparent, evidence-based, and applied consistently across the industry.

As AI becomes increasingly important to national security, business, and everyday life, the debate around it demonstrates why comprehensive and well-defined AI risk assessments are necessary…

Hail, AI Trust Assure.

We developed this for all the reasons stated above- and as yet, it is the only comprehensive AI Risk Framework that exists, based on approved controls.