Mr. Jeremy Rollison:

I thank the Senator for the question. We are examining the matter every single day, given where the legislation was and the legislation happening around the world that is inspired by some of the various aspects. The simplest answer to the Senator’s question is that I believe there will be a lot of change. It is a good example of the challenge that exists in regulating the space most effectively, because it is not a product in a box in the way other things might be regarded. There is an ecosystem here and different layers. Right now, we are trying to understand where the line is drawn in the value chain for the sets of obligations the Act sets out for deployers versus developers and providers. Increasingly, the way our customers use the technology is such that the lines can get blurred. We are going to have a tremendous responsibility, directly from the Act’s obligations and in support of our customers, whom we are going to have to help in that regard. Most of the focus is on the risk-based approach and having a better understanding of where the high-risk boundaries are. That is where the clarity will come, along with further guidance and standards that emerge. There are various definitions or interpretations, depending on whom you speak to. Given the scrutiny in the space and our activity at every layer of the technology stack, we are at a stage at which we are going to be taking the most cautious interpretations possible. There are things that have to be taken into consideration regarding certain aspects. When we think of good examples of the workforce being high risk, where do we draw the line? Is it a case of using a Word document as opposed to the making of hiring decisions? With regard to prohibited practices for which enforcement is fastest and for which we have the earliest deadlines, we are focusing right now on where the deadlines are, what has been prohibited by the Act, and things we should all agree should be prohibited, such as social scoring and biometric identification. Once again, some of the lines can get blurred in practice with things that are on the market. It is a question of interpretation, and we are having dialogues with regulators to understand it better.

The EU deserves much credit for having moved first on this. Amidst the advances in the technology, there is more regulatory attention around the world. We are optimistic about much of the consensus on where the focus should be at the level of highest risk when some of the more powerful models emerge, but this is not going to be the last time AI will be regulated - far from it. There is a set of horizontal principles. We welcome the risk-based approach therein. It is a case of making sure we all have a similar understanding of where the highest risks are and our responsibilities directly regarding our customers and users of the technology. There is a lot of work at the moment.