The Atlantic Council hosted Confederation of British Industry (CBI) Director-General Dame Carolyn Fairbairn in Washington, D.C. on February 5, 2020 for a discussion about the UK’s global trading future post-Brexit. Dame Carolyn was supportive of the UK pursuing a new free trade agreement with the US that would include new standards for tech including ecommerce, fin-tech, and artificial intelligence (AI). She suggested that the OECD AI Principles would be a good place to start with respect to operationalizing high AI standards in a U.S.-UK trade deal. There is a lot to be said for this approach, particularly in making Principle 2.5 c) a reality: c): “Governments should promote the development of multi-stakeholder, consensus-driven global technical standards for interoperable and trustworthy AI.” This also makes sense because neither the United States nor the United Kingdom are likely going to want to do away with the idea that market access commitments in trade agreements should be technologically neutral, i.e. that if a country commits to open up the market in a given sector, that sector should be open no matter what technology is used to serve that sector. Cooperating on standards development can, however, have the effect of stimulating the use of innovative technologies such as AI, which is a worthwhile goal.
Standards Cooperation does not Mean Countries Must have Identical Laws
Laws, regulations, and standards are sometimes conflated, which occasionally leads to confusion. The European Center for Standardization defines a standard as “a technical document designed to be used as a rule, guideline or definition. It is a consensus-built, repeatable way of doing something.” The National Institute of Standards (NIST) provides examples of AI standards areas such as:
- Data sets in standardized formats, including metadata for training, validation and testing of AI systems
- Tools for capturing and representing knowledge and reasoning in AI systems
- Full documented use cases providing information re: specific AI applications and guides for making decisions about when to deploy AI systems
- Benchmarks to drive AI innovation
- Testing methodologies
- Metrics to quantifiably measure and characterize AI technologies
- AI testbeds
- Tools for accountability and auditing
For instance, AI systems often require safeguarding Personally Indentifiable Information (PII) data. This International Organization of Standards (ISO) standard (ISO/IEC 29101:2013) defines a privacy architecture framework for entities that process such data. It does not specify what the definition of PII data is (that is a country’s sovereign right to determine), only how to create ICT systems to protect such data. Technical standards cooperation could pay dividends if companies could use standards (methodologies) accepted by regulators on both sides of the Atlantic to demonstrate how transparency, bias avoidance, privacy protection and other regulatory priorities are being addressed from a technical standpoint. We are really talking about developing common methodologies (technical standards) to achieve certain objectives such as the protection of privacy, not substantive legal/regulatory convergence. And we are not talking about “checklists” either because the idea is that companies establish ongoing processes, not a checklist of compliance for a certain date in time.
Composition of U.S.-UK Trade
In this context, understanding the composition of U.S.-UK trade and recalling the most modern trade agreement in existence from a digital standpoint – the United States Mexico Canada Agreement (USMCA) – is a good place to start. The United States Trade Representative (USTR) notes that in 2018, the U.S. goods and services trade with the UK totaled roughly $261.9 billion. For both countries, trade in financial services, cars and pharmaceuticals is significant. From an AI promotion standpoint, honing in on these sectors could potentially allow for the two countries to do some innovative things in a trade agreement. The USMCA Digital Trade Chapter’s Chapter 19:14 says that the Parties “shall endeavor” to cooperate on a range of issues important for digital trade. A U.S.-UK trade deal should ideally delineate areas where the U.S. and the UK “shall” cooperate. It might also be worthwhile for the U.S. and the UK to explore whether USMCA Chapter 11 commitments with respect to Technical Barriers to Trade might be worthwhile considering in the U.S.-UK context.
Financial Services: Are Robo-Advisors, Use of Public Records, and Alternative Data Ripe for Cooperation?
The USMCA’s Chapter 17 covers financial services and provides for a point of departure in thinking about what a U.S.-UK deal might look like with respect to financial services. For example, chapter 17:7 provides for commitment with respect to “New Financial Services.” What this means is that if one Party permits a new financial service to be offered in its territory, then it must allow the other two parties to offer the same new financial service. See below for the text of this provision:
Each Party shall permit a financial institution of another Party to supply a new financial service that the Party would permit its own financial institutions, in like circumstances, to supply without adopting a law or modifying an existing law.5 Notwithstanding Article 17.5.1(a) and(e) (Market Access), a Party may determine the institutional and juridical form through which the new financial service may be supplied and may require authorization for the supply of the service. If a Party requires a financial institution to obtain authorization to supply a new financial service, the Party shall decide within a reasonable period of time whether to issue the authorization and may refuse the authorization only for prudential reasons.
There is a “like circumstances” caveat, as well as scope for the Parties to “determine the institutional and juridical form through which the new financial service may be supplied.” The U.S. and the UK may want to consider areas where the two sides might want to consider mutual recognition regimes of some kind. There has been a lot of discussion, for instance, regarding how to regulate financial advisory services “robo-advisors.” See this LEXOLOGY piece, for instance, on how regulators in the U.S., the UK, Europe, Canada and Hong Kong are dealing with this issue. Michel Girard’s January 2020 Paper entitled: “Standards for Digital Cooperation” provides some good ideas for what might be possible in this and other sectors. He notes, for instance, that the report from a 2018 High-Level Panel on Digital Cooperation proposes new data governance technical standards to address gaps such as the creation of audits and certification schemes to monitor compliance of AI systems with technical and ethical standards. I have also written about how explanations and audits can enhance trust in AI.
Another example where closer U.S.-UK cooperation might be warranted is in the area of know your customer (KYC) and anti-money laundering (AML) services. Although to date, trade agreements have appropriately not entered into detail regarding what a privacy law should look like (the Comprehensive and Progressive Agreement for Trans-Pacific Partnership and USMCA only say that Parties shall have a privacy system), it might be worth clarifying that privacy law should not be an impediment to the provision of these essential services. In practice this would mean that the “right to be forgotten” laws would have to be appropriately tailored and that companies would continue to be able to use public records and wide distributed media to provide high quality KYC and AML services.
Alternative data is another area where the U.S. and the UK might want to step up collaboration. For example, the U.S. and investment industries could potentially benefit from greater use of voluntary alternative data standards. Standards that have the effect of improving data documentation; raising data quality; unifying data pipeline management; reducing time spent on data delivery and ingestion; easier permissions management and authentication; and, simplifying vendor due diligence and contracting would be a good thing. Export Britain actually advises UK firms to focus on , among other sectors, financial services in exporting to the United States. The same is undoubtedly true for U.S. financial services firms looking to expand in the UK. It may make sense for regulators on both sides of the Atlantic to work together to promote the use of alternative data standards for the investment industry. There is perhaps also scope to work together on the use of alternative data in making consumer credit decisions. There is substantial evidence suggesting that the use of alternative data in credit scoring can help in expanding service to underserved markets as these comments to the Consumer Financial Protection Bureau (CFPB) make clear. Common U.S.-UK alternative data standards could be helpful, particularly if they are coupled with safeguards to ensure that alternative data can be developed through access to public records and widely distributed media in both the United States and the United Kingdom.
Cars – Can the United States and the United Kingdom Drive Connectedness?
On January 8, 2020, the Trump Administration released “Ensuring American Leadership in Automated Vehicle Technologies: Automated Vehicles 4.0 AV 4.0). Clearly, going forward this will be a U.S. strength given the investments being made by U.S. tech firms. But there is plenty of potential interest in the UK as well as this 2019 Society of Motor Manufacturers and Traders (SMMT) report notes. One of the report’s recommendations is to harmonize international harmonization of regulations. And as this AV Investor Tracker report establishes, concerns about data privacy are holding back the development of the sector. This Booz Allen Hamilton White Paper delineates some of the issues at stake. Perhaps one of the ways to help U.S. and UK carmakers would be to take what is relevant from the U.S. National Institute of Standards (NIST) Privacy Framework in creating “privacy by design” for AV manufacturers in the UK and the U.S. On the UK side there has been plenty of preparatory thinking about the privacy issues surrounding AVs – particularly what to do about location data. See this piece, for instance, entitled: “Where your data is being driven.” The Center for Connected & Autonomous Vehicles has done innovative work in this space. Perhaps U.S. and UK negotiators could agree on how privacy can be addressed through mutually agreed upon privacy by design standards for car manufacturers and the apps that will have increasing value add in automobiles. On February 14, 2019 the United States and the United Kingdom signed a Mutual Recognition Agreement (MRA) with respect to standards. One of the stated purposes of the agreement is to promote trade between the two countries. The agreement at this time focuses on mutual recognition with respect to telecoms equipment, electromagnetic compatibility, and pharmaceutical good manufacturing practices. Perhaps there might be scope to expand this to AVs and other standards important to innovative digital industries?
Making the Most of AI to Make Drug Discovery Cheaper and Quicker
There is a lot of excitement about the potential for AI to help with drug discovery but there is arguably a need for standards to realize the potential of the technology. AI Startup Entrepreneur and Ph.D. Charles K. Fisher actually asks the FDA to develop such standards. Why not work with the UK equivalents to do precisely that together with NIST and UK equivalents? The Confidentiality Coalition (the Coalition is composed of a range of different healthcare industry players, including pharmaceutical companies) submitted a January 14, 2019 letter to NIST requesting that it work on a privacy framework that is protective of privacy but at the same time allows for needed healthcare data to go to where it is needed. One of the Coalition’s requests is for the Privacy Framework to be consistent with HIPAA and other existing Privacy Frameworks. The NIST Privacy Framework does not explicitly establish a system to comply with specific laws. And, for instance, with respect to international transfers of clinical trial data, there are some differences between HIPAA and the GDPR as this article notes. Although the NIST is appropriately careful to note that its cybersecurity and privacy frameworks are not “checklists,” it might be helpful, especially given the 2019 MRA to select some sectors where additional guidance might be useful such as healthcare. After all, in 2018 the United States imported about $5 billion in pharmaceuticals from the United Kingdom. In 2016, the United States exported about $2.5 billion to the UK in medical and pharmaceutical products. Despite these seemingly impressive numbers though, it is hard to think of a sector more in need of a revolution for a changed innovation model. And besides the economics, AI-driven enhanced drug discovery clearly has potential to help people in the way that matters most: improving health outcomes through faster development of new drugs. In this context, given the politics surrounding healthcare, it is worthwhile underscoring that this technical standards cooperation is about ensuring high quality as well as efficiency, and that it has nothing to do with healthcare delivery models that that United States and the United Kingdom choose. The UK can keep the NHS. And the U.S. can keep its largely private insurance-based system.
The U.S. is putting its money where its mouth is in that federal money is being prioritized for AI R&D. The UK is also a strong AI adopter and leader. And the countries are partners that share similar values. Let’s make the most of these strengths and develop a trade deal that promotes AI-driven innovation.