EU AI Act To Target US Open Source Software

In a bold stroke, the EU’s amended AI Act would ban American companies such as OpenAI, Amazon, Google, and IBM from providing API access to generative AI models.  The amended act, voted out of committee on Thursday, would sanction American open-source developers and software distributors, such as GitHub, if unlicensed generative models became available in Europe.  While the act includes open source exceptions for traditional machine learning models, it expressly forbids safe-harbor provisions for open source generative systems.

Any model made available in the EU, without first passing extensive, and expensive, licensing, would subject companies to massive fines of the greater of €20,000,000 or 4% of worldwide revenue.  Opensource developers, and hosting services such as GitHub – as importers – would be liable for making unlicensed models available. The EU is, essentially, ordering large American tech companies to put American small businesses out of business – and threatening to sanction important parts of the American tech ecosystem.

If enacted, enforcement would be out of the hands of EU member states.  Under the AI Act, third parties could sue national governments to compel fines.  The act has extraterritorial jurisdiction.  A European government could be compelled by third parties to seek conflict with American developers and businesses.


The Amended AI Act

The PDF of the actual text is 144 pages.  The actual text provisions follow a different formatting style from American statutes.  This thing is a complicated pain to read.  I’ve added the page numbers of the relevant sections in the linked pdf of the law. 

Here are the main provisions:

Very Broad Jurisdiction:  The act includes providers and deployers of AI systems that have their place of establishment or are located in a third country, where either Member State law applies by virtue of public international law or the output produced by the system is intended to be used in the Union.” (pg 68-69).

You have to register your “high-risk” AI project or foundational model with the government.  Projects will be required to register the anticipated functionality of their systems.  Systems that exceed this functionality may be subject to recall.  This will be a problem for many of the more anarchic open-source projects.  Registration will also require disclosure of data sources used, computing resources (including time spent training), performance benchmarks, and red teaming. (pg 23-29).

Expensive Risk Testing Required.  Apparently, the various EU states will carry out “third party” assessments in each country, on a sliding scale of fees depending on the size of the applying company.  Tests must be benchmarks that have yet to be created.  Post-release monitoring is required (presumably by the government).  Recertification is required if models show unexpected abilities.  Recertification is also required after any substantial training.  (pg 14-15, see provision 4 a for clarity that this is government testing).

Risks Very Vaguely Defined:  The list of risks includes risks to such things as the environment, democracy, and the rule of law. What’s a risk to democracy?  Could this act itself be a risk to democracy? (pg 26).

Open Source LLMs Not Exempt:  Open source foundational models are not exempt from the act.  The programmers and distributors of the software have legal liability.  For other forms of open source AI software, liability shifts to the group employing the software or bringing it to market.  (pg 70).

API Essentially Banned.  API’s allow third parties to implement an AI model without running it on their own hardware.  Some implementation examples include AutoGPT and LangChain.  Under these rules, if a third party, using an API, figures out how to get a model to do something new, that third party must then get the new functionality certified. 

The prior provider is required, under the law, to provide the third party with what would otherwise be confidential technical information so that the third party can complete the licensing process.  The ability to compel confidential disclosures means that startup businesses and other tinkerers are essentially banned from using an API, even if the tinkerer is in the US.  The tinkerer might make their software available in Europe, which would give rise to a need to license it and compel disclosures. (pg 37).

Open Source Developers Liable.  The act is poorly worded.  The act does not cover free and Open Source AI components.  Foundational Models (LLMs) are considered separate from components.  What this seems to mean is that you canoOpen source traditional machine learning models but not generative AI.

If an American Opensource developer placed a model, or code using an API on GitHub – and the code became available in the EU – the developer would be liable for releasing an unlicensed model.  Further, GitHub would be liable for hosting an unlicensed model.  (pg 37 and 39-40).

LoRA Essentially Banned.  LoRA is a technique to slowly add new information and capabilities to a model cheaply.  Opensource projects use it as they cannot afford billion-dollar computer infrastructure.  Major AI models are also rumored to use it as training in both cheaper and easier to safety check than new versions of a model that introduce many new features at once.  (pg 14).

If an Opensource project could somehow get the required certificates, it would need to recertify every time LoRA was used to expand the model. 

Deployment Licensing.  Deployers, people, or entities using AI systems, are required to undergo a stringent permitting review project before launch.  EU small businesses are exempt from this requirement. (pg 26).

Ability of Third Parties to Litigate.  Concerned third parties have the right to litigate through a country’s AI regulator (established by the act).  This means that the deployment of an AI system can be individually challenged in multiple member states.  Third parties can litigate to force a national AI regulator to impose fines. (pg 71).

Very Large Fines.  Fines for non-compliance range from 2% to 4% of a companies gross worldwide revenue.  For individuals that can reach €20,000,0000.  European based SME’s and startups get a break when it comes to fines. (Pg 75).

R&D and Clean Energy Systems In The EU Are Exempt.  AI can be used for R&D tasks or clean energy production without complying with this system. (pg 64-65).

AI Act and US Law

The broad grant of extraterritorial jurisdiction is going to be a problem.  The AI Act would let any crank with a problem about AI – at least if they are EU citizens – force EU governments to take legal action if unlicensed models were somehow available in the EU.  That goes very far beyond simply requiring companies doing business in the EU to comply with EU laws.

The top problem is the API restrictions.  Currently, many American cloud providers do not restrict access to API models, outside of waiting lists which providers are rushing to fill.  A programmer at home, or an inventor in their garage, can access the latest technology at a reasonable price.  Under the AI Act restrictions, API access becomes complicated enough that it would be restricted to enterprise-level customers.

What the EU wants runs contrary to what the FTC is demanding.  For an American company to actually impose such restrictions in the US would bring up a host of anti-trust problems.  Model training costs limit availability to highly capitalized actors.  The FTC has been very frank that they do not want to see a repeat of the Amazon situation, where a larger company uses its position to secure the bulk of profits for itself – at the expense of smaller partners.  Acting in the manner the AI Act seeks, would bring up major anti-trust issues for American companies. 

Outside of the anti-trust provisions, the AI Acts’ punishment of innovation represents a conflict point.  For American actors, finding a new way to use software to make money is a good thing.  Under the EU Act finding a new way to use software voids the safety certification, requiring a new licensing process.  Disincentives to innovation are likely to cause friction given the statute’s extraterritorial reach.

Finally, the open source provisions represent a major problem.  The AI Act treats open source developers working on or with foundational models as bad actors.  Developers and, seemingly, distributors are liable for releasing unlicensed foundation models – of apparently foundation model enhancing code.  For all other forms of Opensource machine learning, the responsibility for licensing falls to whoever is deploying the system.

Trying to sanction parts of the tech ecosystem is a bad idea.  Opensource developers are unlikely to respond well to being told by a government that they can’t program something – especially if the government isn’t their own.  Additionally, what happens if GitHub and the various co-pilots simply say that Europe is too difficult to deal with and shut down access?  That may have repercussions that have not been thoroughly thought through.

Defects of the Act

To top everything off, the AI Act appears to encourage unsafe AI.  It seeks to encourage narrowly tailored systems.  We know from experience – especially with social media – that such systems can be dangerous.  Infamously, many social media algorithms only look at the engagement value of content.  They are structurally incapable of judging the effect of the content.  Large language models can at least be trained that pushing violent content is bad.  From an experience standpoint, the foundational models that the EU is afraid of are safer than the models they are driving.

This is a deeply corrupt piece of legislation.  If you are afraid of large language models, then you need to be afraid of them in all circumstances.  Giving R&D models a pass shows that you are less than serious about your legislation.  The most likely effect of such a policy is to create a society where the elite have access to R&D models, and nobody else – including small entrepreneurs – does.

I suspect this law will pass, and I suspect the EU will find that they have created many more problems than they anticipated.  That’s unfortunate as some of the regulations, especially relating to algorithms used by large social networks, do need addressing.