The executive order on AI signed Monday by President Joe Biden is a positive step toward curbing risk associated with the technology, though it may face challenges when it comes to implementation, analysts and executives said.
Some executives from vendors in the space praised the tone and scope of the Biden administration's order.
“Today's executive order marks one of the most significant actions any government has taken on AI, addressing a multitude of priorities from privacy and security to the need for AI talent,” Hugh Gamble, VP of federal government affairs for Salesforce, told CIO Dive via email. “Businesses everywhere are facing an AI trust gap, and we are proud to see the U.S. taking a strong leadership stance on bridging that divide.”
Microsoft Vice Chair and President Brad Smith characterized the executive order as “another critical step forward in the governance of AI technology,” in a message posted on X, the platform formerly known as Twitter.
Other stakeholders and analysts felt the provisions raised questions about the path forward and their applicability.
"The new executive order highlights how the administration is adopting an everything-and-the-kitchen-sink approach to AI policy that is, at once, extremely ambitious and potentially over-zealous,” Adam Thierer, senior fellow for the R Street Institute’s technology and innovation team, said in a blog post Monday.
“The implementation details on all the matters here are mostly left to the various federal agencies to work out, and it remains unclear how far they can stretch their statutory authority to enforce many of these stipulations,” Thierer said.
Some expect those details to arrive shortly.
“If the 2021 EO on improving the nation’s cybersecurity is any indication, we can expect the details to publish in about 10 days,” Alla Valente, senior analyst at Forrester, said via email.
Valente shared with CIO Dive last week that, for the order to have teeth, requirements would need to be clear, including specific actions mandated to ensure safe and compliant AI practices. The section of the order that most fits that description is the provision on ensuring responsible and effective government use of AI, according to Valente.
“The EO’s call for a revamping of the government’s procurement and contracting process for AI will push these requirements downstream to the entire federal supply chain and all companies that do business with the government who, in turn, will likely push them down to their supply chain, and so on,” Valente said.
The executive order on AI built upon other actions the administration has taken, including securing voluntary commitments from leading AI companies in July. The EO encourages federal agencies to exercise their authority, though the White House did not give “detailed step-by-step directions” for how to carry out enforcement, according to a senior administration official.
Merve Hickok, president and research director at the Center for AI and Digital Policy, underlined the importance of agencies, such as the Federal Trade Commission, enforcing guidelines and protecting consumers.
The advocacy group filed a 46-page complaint to the FTC in March about OpenAI and escalated the complaint by filing a supplement in July. The federal agency began its investigation into OpenAI just a few days later.
CAIDP is still hungry for additional regulatory action.
“While we are happy with the executive order and what it brings, we are also looking to Congress to really pass bipartisan legislation,” Hickok told CIO Dive, referencing Senate Majority Leader Chuck Schumer’s work in congress.
During an event at the White House Monday, Biden said Schumer and a bipartisan group he put together will head to the White House Tuesday to underscore the need for congressional action.
Another area of the executive order that has received attention is its focus on cybersecurity.
Chris Wysopal, CTO and founder of Veracode, told CIO Dive he spoke with the Office of the National Cyber Director in June to discuss the upsides and challenges AI would bring to cybersecurity.
“One of the benefits the EO pursues is one of the biggest challenges of our time, which is cybersecurity, by tackling the risks due to insecure software,” Wysopal said.
The executive order calls for an advanced cybersecurity program to develop AI tools to find and fix vulnerabilities in critical software — an area the administration has also targeted through its AI Cyber Challenge, which was announced in August.
“With far less vulnerabilities making it out of the development process into production code, the cost to attackers skyrockets as there are less points of vulnerability and security teams can more easily defend a smaller attack surface,” Wysopal said via email.
