The Backdrop

Recent policy documents1 and working drafts on Artificial Intelligence issued by the Niti Aayog (or the Planning Commission under the Government of India) recognize ethical and fundamental concerns with the implementation of AI and hint towards a self-regulatory approach towards the same in coming times. In this backdrop, it is important for Artificial Intelligence (AI) and Machine Learning (ML) developers and stakeholders to understand the importance of precise self-regulatory exercises required to avoid risking legal and regulatory red-flagging by government authorities in the coming future.

The trends in these policy documents suggest greater responsibility for developers of AI systems than just the broader known issues related to AI systems already recognized globally.

With the increasing use of AI to develop scalable business solutions companies around the world are also increasing their legal and regulatory risks. Authorities around the globe are now conscious of the issues of 'Explainability', 'Provability', 'Transparency', 'Accountability' and 'Accessibility' associated with AI. With growing dependency upon technology and machine learning capabilities, the authorities are working extensively on preparing policy and legal frameworks for the regulation of AI.

AI systems around the world are coming under the regulatory scanner for violating ethics. For instance, in the United States, Optum is currently under regulatory scanner for allegedly developing an algorithm which recommended doctors and nurses to pay more attention to white patients than to black patients2;  Goldman Sachs is under the scanner for an AI algorithm that allegedly granted larger credit limits to men than women on Apple cards; Facebook was under the scanner for granting access to the personal data of more than 50 million users to Cambridge Analytica; The US Department of Housing and Urban Development recently sued Facebook as its ad-serving algorithms allegedly enabled discrimination based on gender and race; Google is being denied renewal of its AI contract with Department of Defense after employees raising ethical issues.

Policy Documentations suggesting Self-Regulation

As we speak, there is a global void for law and regulation of development and implementation of Artificial Intelligence (AI) and Machine Learning (ML) Technologies. As some prominent jurisdictions have formulated advisory councils and centers3 on the Ethical Use of AI and Data thereby steering the 'Ethics for AI' debate at a central level, India has also set the stage for similar initiatives. Although the Government of India has not issued any national policy document on AI describing a regulatory framework for AI, however, few guiding documents recently issued by the planning commission (the NITI Aayog) constituted under the Government of India hints some specifics for Ethics in AI and its regulation and lays a clearer picture of the regulatory future ahead. These guiding documents include the "National Strategy for Artificial Intelligence #AiForAll" (issued June 2018)4, "Working Document: Towards Responsible #AIforAll – Part I" (issued August 2020), and the latest one being the "Working Document: Towards Responsible #AIforAll – Part I" (issued November 2020) (collectively Policy Documentation).

Current Laws & Regulations in India

Policy Documentation states that existing laws are sufficient for tackling the challenges of AI that directly impact society. They are described in the documents as "System Considerations" and that the existing laws require sector-specific modifications and alignments. However, the policy documents identify a different category of challenges which indirectly impact the society such as loss in jobs, deep fakes, pshychological profiling and macicious use. For challenges having indirect impact such as loss of jobs they suggests skilling, adapting legislations and regulations to harness new job opportunities. It is interesting to see that the recommendations on dealing with malicious use of AI for spreading hate or propoganda, is to use the technology for proactive adentificaton and flaging.

Policy documentation also identifies ethical challenges in AI based on their impact on the Indian society while recognizing the issues such as the 'Black Box Phenomenon', the issues of data collection without proper consent, the privacy of personal data, inherent selection bias, risk of profiling and discrimination, and non-transparent nature of certain AI solutions. They also recognize the reputational issues of public fear that companies are somehow harnessing huge consumer data and utilizing it inappropriately to gain consumer insight; and that the companies are developing large DATASETS and building unfair competitive advantage somehow.

Policy Documentation emphasizes conscious development of 'XAI' or explainable AI and concepts such as 'Differential Privacy' by implementing 'Federated Learning' wherein data trusts are developed for easy and secure sharing of data without compromising any sensitive personal data or information. The documentation also prescribes Technical best practices on three broader principles: Explainability using Pre hoc and Post hoc techniques; Privacy and data protection using federated learning, differential privacy, zero knowledge protocols or homomorphic encryption; and Emiminating bias and encouraging fairness using such as Tools such as IBM's 'AI Fairness 360', Google's 'What-If' Tool, Fairlearn and open source frameworks such as FairML.

Guidance on Self-Regulation & Self-Audit

Policy Documentation suggests following seven broad guiding principles to be followed as part of self regulation:

  • Principle of Safety and Reliability
  • Principle of Equality
  • Principle of Inclusivity and Non-discrimination
  • Principle of Privacy and security
  • Principle of Transparency
  • Principle of Accountability
  • Principle of protection and reinforcement of positive human values

Policy Documentation futher prescribes very clearly the following eight elements of effective self-assessment, self-regulation and self-audit:

  1. Problem Scoping:
    • Assessing potential harm from AI System,
    • Putting in place a dynamic plan of action for unintended consequences,
    • Formulating a 'Grievance Redressal Mechanism',
    • Formulating 'Error Handling Mechanisms' for dealing with error in decision making,
    • Provision for public auditing without compromising system information and risking unwarranted manipulation,
    • Goal setting for explainability, equality, non-discrimination, and inclusion.
  2. Data Collection:
    • Identifying laws for data handling,
    • Keeping track of known sources of data, and steps to ensure privacy and safety,
    • Ensuring the effectiveness and impact of Datasets.
  3. Data Labelling
    • Tracking human variability and biases.
  4. Data Processing
    • Ensuring masking of personal and sensitive data.
  5. Training
    • Developing system's explainability of models used,
    • Training on fairness goals,
    • Ensuring training on the protection of sensitive & personal data.
  6. Evaluation:
    • Ensuring safe and reliable system deployment by experts,
    • Evaluation of system meeting fairness goals,
    • Evaluation of adversarial inputs,
    • Evaluate error rates across subpopulation groups- access social impact.
  7. Deployment:
    • Ensuring easy accessibility of grievance redressal mechanism,
    • Access impact of real-world bias.
  8. Dynamic assessment:
    • Risk mitigation strategy for changing development environment,
    • Tracking use of policies and technologies used,
    • Dynamic monitoring of fairness goals,
    • Tracking system performance and changes,
    • Ensuring accessibility by third parties to audit and probe, understand and review the behaviour of the system,
    • Ensuring open-source, academic and research community for an audit of Algorithm.

Way Forward

Admittedly, there is a void in the legal and regulatory framework affecting Artificial Intelligence. The undefined contours of this currently unknown area of industry and technology also make it difficult and challenging to anticipate and lay down a rigid set of laws or regulations. In fact, anything more than a broad policy document would be fraught with risks, especially given the inverse relationship between the speeds at which the technology and law have grown/adapted. Hence, it is opined that developers in India embrace self-regulation, periodically conduct systematic and structured self-audit, and document it for record-keeping and regulatory purposes. This would help not only in the structured and orderly growth of the industry, but also allow the technology and businesses to grow in a laissez affaire manner.

Footnotes

1. "Working Document: Towards Responsible #AIforAll – Part I" (issued August 2020), (https://niti.gov.in/sites/default/files/2020-07/Responsible-AI.pdf), and the latest one being the "Working Document: Towards Responsible #AIforAll – Part I" (issued November 2020), (https://niti.gov.in/sites/default/files/2020-11/Towards-Responsible-AI-Enforcement-of-Principles.pdf).

2. https://www.washingtonpost.com/health/2019/10/24/racial-bias-medical-algorithm-favors-white-patients-over-sicker-black-patients/

3. UK has formulated a Centre for Data Ethics and Innovation, Under Department for Digital, Culture, Media & Sport; Singapore has formulated Advisory Council on Ethical Use of AI and Data, Under Infocomm Media Development Authority (IMDA),

4. http://www.niti.gov.in/writereaddata/files/document_publication/NationalStrategy-for-AI-Discussion-Paper.pdf

Tuhin Batra, Associate Partner, TMT Law Practice

Tuhin is an experienced Senior Legal Counsel with a demonstrated history of working in M&A and General Corporate space for the Indian Renewable Power Sector, Finance and Banking industry. Skilled in Corporate Structuring, Due Diligence, corporate legal advisory and Commercial Contract drafting.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.