AI Technology Is in the Crosshairs of National Security Restrictions
The U.S. government is increasingly focused on competition between the United States and China in the development of artificial intelligence (AI), as a national security issue. The Administration has oriented its approach to AI to position the U.S. as a leader in AI development and standards, explicitly stating that it is working with its allies in opposition to China. Given the Administration’s aggressive stance on trade restrictions with China in a variety of areas, one question facing industry is how AI technology will be regulated by the U.S. government. A recent report by the congressionally formed National Security Commission on Artificial Intelligence (NSCAI) provides some insights on how the Administration – and in particular the U.S. Department of Commerce – might approach AI technology protection. Pending legislation likewise portends further scrutiny of AI regulation and standards.
The Administration has been explicit that its strategy to promote AI development is meant to counter China. For example, in late May, the U.S. Chief Technology Officer Michael Kratsios wrote a prominent op-ed in support of the announcement that the U.S. was helping to launch the Global Partnership on AI (GPAI) with its G-7 allies. Kratsios noted that “AI is being twisted by authoritarian regimes to violate rights” – pointing to China’s use of the technology for surveillance and “social credit” scoring – and that “[a]s the world begins to recover from the pandemic, nations face a stark choice about what vision of artificial intelligence will prevail.” One particular focus is on “develop[ing] AI here at home,” because “[w]hen we create technology instead of importing it, we retain the power to shape technology in a manner consistent with our values.”
Separately, the Administration has been highly skeptical of Chinese access to U.S. data and influence over critical technology. For example, the Administration has taken actions to restrict collection of data on U.S. persons by Chinese companies (e.g., TikTok) and also has restricted Chinese involvement in critical supply chain infrastructure. The TikTok order specifically cites the risk of the Chinese government collecting “vast swaths of information from [app] users,” which could be used to track and create profiles of American users – the kind of big data analysis that could be done by AI systems. Additionally, the U.S. government recently expanded the role of the Committee on Foreign Investment in the United States (CFIUS) in reviewing national security concerns arising from foreign investment in certain Critical Technology, Critical Infrastructure, and Sensitive Personal Data U.S. businesses.
One possible path for the Administration’s AI trade policy has been suggested by the National Security Commission on Artificial Intelligence. The NSCAI was established by Congress in 2018 and its Commissioners consist of a mix of industry representatives, researchers, and others who have been tasked with presenting recommendations on how to improve the U.S. approach to AI from a national security perspective. Many of the Commission’s recommendations have focused on ways for the federal government to effectively invest in AI research and its workforce as a national security strategy, and the latest NSCAI recommendations also include proposals to more aggressively restrict AI exports and scrutinize foreign investment in U.S. AI companies. The recommendations propose a targeted approach to AI technology restrictions, focused on two components: targeted export controls and foreign investment restrictions.
Targeted export controls. In its recommendations, the Commission seeks to identify the AI components for which export controls would most effectively protect national security. The Commission recommends primarily focusing on hardware, concluding that “[e]xport controls on advanced hardware capabilities, particularly advanced semiconductor manufacturing equipment, are more likely to advance U.S. national security interests than controls on any other element of the AI stack.” The Commission points to AI-specific chips and notes that the computing power necessary for advanced AI to function will be a big part of American competitive edge. Additionally, the Commission suggests more analysis of potential restrictions on specific data sets, such as AI-enriched data or data containing sensitive personal information of U.S. individuals. In contrast, the Commission concludes that controls over exporting software or specific algorithms would be difficult and/or counterproductive.
While some of its recommendations require legislative changes, this export control strategy could be incorporated into the Department of Commerce’s proposed rulemaking to identify “emerging technologies” under the Export Control Reform Act (ECRA). ECRA authorizes the Commerce Department to establish controls on the export, reexport, and in-country transfer of identified “emerging” technologies, which could include AI. The Department has received comments but has not yet issued a final rule. Additionally, the Department of Commerce just recently published an Advance Notice of Proposed Rulemaking on identifying “foundational technologies” – which could open the door to stricter export controls on a variety of technologies; its interplay with prior evaluations of AI is unclear and overall there is risk that AI could be subject to export controls and other regulation.
Foreign investment review. The Commission also recommends more aggressive screening of foreign investment by CFIUS, as a “deterrent to adversarial capital.” As discussed above, CFIUS has the power to review foreign investments in U.S. Critical Technology, Critical Infrastructure, and Sensitive Personal Data businesses. Recent amendments to CFIUS’s jurisdiction have focused on a desire to increase scrutiny of “Critical Technologies” which would include AI if it is identified as an “emerging technology” pursuant to ECRA. Similarly, AI companies could function as Sensitive Personal Data businesses to the extent they collect or maintain (or intend to collect or maintain) certain identifiable data on a million or more individuals. The Commission’s report recommends that CFIUS differentiate among foreign investors by country of origin in reviewing AI investment transactions and identify “countries of special concern,” based on risk. Transactions involving these countries could involve mandatory reporting requirements or closer review, and the report specifically recommends closer scrutiny of early-stage AI technology venture investments, particularly those which do not yet produce specific products.
The federal government’s approach to AI technology controls is at a potential inflection point, given the focus on Chinese access to technology and the Commerce Department rulemakings. The NSCAI recommendations provide one potential road map moving forward, and also come at a time when Congress is increasingly focused – on a bipartisan basis – on enhancing American competitiveness in AI. As the U.S. continues to develop and implement its AI strategy, we can expect proposals for AI technology protection to be part of the debate for the foreseeable future.