Open Access Research Article
ARTIFICIAL INTELLIGENCE AND CYBER LAWS IN INDIA: DISCOVERING WAYS TO IMPLEMENT REGULATION
Published Paper
Article Details
ARTIFICIAL INTELLIGENCE AND CYBER
LAWS IN INDIA: DISCOVERING WAYS TO IMPLEMENT REGULATION
Authored By - Shubham Kumar Dass[1]
Tamil Nadu National Law University
ABSTRACT
Artificial Intelligence is a rapidly
expanding concept of technology which enables the functioning of tasks by the computer-system in the most efficiently diversified and anthropoid-manner possible. However, the current social conception about AI is much
associated to an anthropomorphic imagination, which is distant
and in many-ways oblivious from the current
system of AI technology which might not be as advanced as society
currently perceive it to be. This paper approaches to explain the current dichotomy between the imaginative and
pragmatic conception of AI and then sail-forth
to understand the current legal frameworks needed to render the regulation of
AI efficient in India considering the
social perils which the regulation could curb. For the same, the research compared the American and
European progress in this sphere of legislation and finally suggested
the incorporation of Lamfalussy approach
to bring-in AI regulation within
the country.
Keywords- Artificial Intelligence, anthropoid, anthropomorphic, dichotomy, regulation, Lamfalussy approach.
Artificial
intelligence (AI) is a branch of computer science which deals with making
machine (systems) capable of
executing tasks which normally require human-like intelligence to perform. But does that mean, systems
that possess human intelligence? The answer to this question
is crucial in order to clear a myth regarding
the nature and kind of AI which
exist in the contemporary world and
the possibility of its regulation. Simple answer to the aforementioned speculation is in negative, reason being the current limits to the capability of
science to vest machines or software systems
with the ability to process the information they receive like humans do. A
larger answer to this question would entail us to dwell into the aspects of AI in somewhat deeper context, one which
would be more approachable from the task of regulation and one which is closer to reality
considering today’s
scientific progress regarding AI.
MISCONCEPTION ABOUT ARTIFICIAL INTELLIGENCE-
Since its conception,
artificial intelligence has been widely misunderstood by the general population. John McCarthy was the first person to coin this term in Dartmouth Conference in MIT in 1956. Although the vision was
sumptuous, but his phrase: “a system
which is to evolve intelligence of
human order”[2]
led people to have an anthropomorphic misconception about AI. Alan Turing too proposed Turing test[3] in
1950 to asses machine’s intelligent behavior at par with human cognition.
However, that’s a fictional depiction of AI, much motivated by the
entertainment industry who depicted
computers to engage in arbitrary conversations about abstract general topics
along with possessing independent
cognitive system without human-supervision showcasing super-human intelligence.[4]
This is just a far-stretched imagination for scientists which currently stands
as an aspirational phenomenon for current technology
to fathom.[5]
However, AI does have a structural existence in today’s world in the form
of sub-fields of robotics and Machine
learning (ML).[6] But
these fields of system work through human-defined algorithmic codes which are directed to perform certain specific
tasks in particular and not every task in general. This brings us to the two forms of AI, namely-
1.
Artificial General Intelligence (AGI) is an AI which
could harness capability to surpass human
intelligence, knowledge, social behavior across every field of human
endeavor, ranging from working ability to abstract elements of emotions.[7]
AGI, also labelled
as ‘strong AI’ is generally
within the mental
picture of the society when they envision
the concept of artificial-intelligence. But this category of Artificial-Intelligence doesn’t exist today and is utterly
implausible.[8]
Envisioning it as a reality posits an unrealistic expectation which is dangerous for policymakers in
particular for even giving a thought to regulate them. In other words, an AI can’t think, behave,
foresee or care in an anthropomorphic manner.[9]
Hence, policymakers need not divert
their time to regulate what is known to be “inconceivable” with current
technology to envision.
2.
Artificial Narrow Intelligence (ANI) also known as weak AI, refer
to those systems
which can exhibit human-like intelligence in some
specific domains.[10]
An AI of this sort is not general but
specifically envisioned and algorithmically coded to execute a certain task in
a narrow domain. However, calling it
a weak AI would be dysphemistic to the current state-of-the-art technology which it sustains
within itself. ANIs today are the most powerful software
systems which are capable to learn through
experience and are able to self-modify their code to provide the output they are programmed to perform.[11] Some ANIs
are- Apple’s Siri, Amazon’s Alexa,
IBM’s Watson, Tesla’s
electric cars, etc. These AIs use Machine-learning (ML) or its different subsets
(like deep-learning) as a technique to perform these specific tasks.
Machine-learning works by detecting useful patterns (heuristics)[12]
in large data to reach an intelligent result.[13] Thus, Machine-Learning can be used to program
and modify AI code accordingly to perform a specific-task for
which it doesn’t need an explicit intervention
of programmer at every stage to encode it in advance.[14]
The aforementioned discussion establishes the fact that the AIs which
exist today are ANIs which work through human-programmed codes exhibiting
intelligence in its output through pattern-detection
by processing more data. Most importantly, it’s a technology which is built and controlled by humans through
algorithmically coded programs.
This opens up the possibility of its regulation. This regulation may be attributed to AI inventors who, via feature
engineering, are responsible for enabling AI systems to execute and train themselves in their intelligent pattern- assessing work, resulting in better outcomes.[15]
Now that the myth about the real nature of AI has been dispelled, it is
time to examine the necessity, options, and methods for its regulation.
NEED FOR REGULATION OF ARTIFICIAL INTELLIGENCE-
There is no
doubt in asserting that AI in its various forms today has made human life
easier, efficient and better, saving
valuable time and energy.[16]
But every invention has potential dark- sides and AI brings
no exception to it. Self-driving automobiles, for example,
can be of enormous assistance to PWDs and save significant
human effort, but they can also cause accidents if improperly designed.[17] Many scholars have pointed
out to the liability of producers
and end-users as AI’s learning and decisions are a result of human
programming or instructions which make its actions
a foreseeable result of its
codification.[18]
But still there are two significant reasons
for it to be regulated: Firstly, the absence
of regulation opens up the field of AI technology for various illegal
purposes such as violence,[19] terrorism,[20]
offences against privacy,
etc.[21] The instances of cyber fraud
using AIs such as Payment
Diversion Frauds (PDF) and Ransomware attacks are tantamount to its
dangerous effects which AI could
engender.[22]
Secondly, since this new technology is still developing in the hands of large businesses, there is a potential of unequal distribution of the benefits
of AI in the world, furthering the inequality. However, it’s unfortunate
that there is hardly any concretized government effort taken to deal with the issues of regulation. Given the potential
of AI and the scale of its progression to date, AI can be managed for the time
being; yet, if steps are not taken now, its effects might soon infiltrate the darker
edges of progress, as seen
by different contemporary circumstances.
CURRENT INDIAN
PROGRESS-
For introduction and promotion of artificial intelligence in India, the Indian government initiated “#AIFOR
ALL” wherein, NITI Aayog, a government-run think-tank has been tasked to direct
its national AI policy.[23] Some of
its collaborations are as follows-
1.
NITI Aayog teamed up with google to develop and
integrate AI based models to provide business solutions for modern India.[24]
2. In May
2018, it also signed a letter of intent with ABB India to "get critical
sectors of the Indian economy ready
for a digitalized future and leverage the promise of AI, big data, and connectivity."[25]
3.
It published a discussion paper in 2018,[26]
wherein it recognized the potential of AI for India’s growth and technological advancement in key areas along with
promoting it for greater good instead of commercially driving it.
It’s conspicuous that Indian government is pouring intense effort to
promote AI in India. However, the
current AI growth in India is being done on fragmented ad-hoc policies by the government.[27] It is true that there
is now no regulatory structure
for AI in India, with the exception of certain theoretical concerns for dealing
with privacy issues,[28] which are separately addressed by the Data Protection Bill, which is
currently not in force. Thus, there exists no single authority, regulatory body or ministry to
understand the implications arising out of AI.[29]
Hence, the existing initiatives are primarily geared to harness the
opportunities rather than to regulate
those opportunities. Even in matters of national security, AI Task force lacks
the efforts to be taken to regulate the responsibility of government.[30] But as the saying by Denzel Washington goes: “If you pray for rain, you gotta deal with the mud too. That’s a part of it,”[31] we
can’t properly and safely benefit from AI technology without having a shield of regulation backing it. Also, as
already discussed about
the potential damage
AIs could have on the lives of people and businesses, it becomes crucial for having a
regulation simultaneously as the AI technology is developing. Hence,
it’s clearly a point of concern to be contemporaneously vigilant against.
Since India lacks a regulatory framework of its own, it’s crucial to
understand the efforts of foreign
governments so as to study and suggest the ideal method to regulate AI in India
or introduce a manner of regulation
in India which as per the grand vision of the government would revolutionize growth in multiple
sectors such as education, smart-cities, agriculture among others[32].
In this regard, a brief understanding of the American
and European experience would bring into light the systemic considerations to suggest the direction
of AI regulation in India.
AMERICAN AND EUROPEAN EXPERIENCE-
American experience is unique with respect to approaching the regulation of digital innovations. American practice avoids taking a precautionary-approach
because of the inherent risks this type of
approach sustain within it. For-instance, traditional administrative
regulatory-systems are notorious for being extremely rigid,
bureaucratic, inflexible, and sluggish to adjust to changing circumstances.[33]
It seems problematic to foster fast-moving technologies with prior-hypothesized regulation as trying to plan for every
possible worst-case situation and then resolve it through a regulatory procedure/law implies
that many best-case outcomes will
never be realized.[34]
Thus, America embraced the culture of permissionless-innovation which
enabled it to open the contours to development avoiding
unnecessary restraints. A major instance
could be seen from the Telecommunications
Act, 1996,[35] which
restricted agencies to regulate internet unlike other physical technologies as its growth is itself undetectable and
moreover unpredictable, much like AI.
Hence, this policy is based on three stanchions: Avoiding prior restraints;
basing policy on evidence not fear to
avoid hypothesized legislations as in here, problems are best dealt in ex-post fashion[36] and adopting a flexible
bottom-top approach rather than rigid top-down
approach as we often uncover logical answers to legitimately challenging
difficulties that new technology might bring
only via. continual trial and error: “By making errors and dealing with
adversity, both individuals and organizations learn how to do
things better, more effectively and safely.”[37]
Hence, it could be inferred that American experience is against
previously legislating upon unpredictable aspects
of technology such as internet. However, what could be predicted and fairly hypothesized could be regulated in a manner which embraces
its permissionless innovation policy. Hence, the
current AI (ANIs) could be considered under subject-matter of liberal
regulation. This unhindered AI
regulation in US is termed: “allowing a thousand flowers to bloom.”[38]
Here, government accepted to regulate
AI in light-handed fashion and introduce regulation only when applicable, for-instance,
aviation-sectors,[39]
thus, forming predictable, minimalist, consistent, and straightforward legal environment for business.[40] Accordingly, US is pouring
efforts for introducing the regulation on AI supervision through National Artificial Intelligence Initiative Act, 2020[41]
which has imbibed its unhindered AI growth policy. Hence, US approach to
regulate AI is dynamic and not bureaucratically-inflexible.
These three stanchions of permissionless-innovation also seem to guide
the European Union’s efforts in AI regulation. Accordingly, EU, in 2016 published a draft-report on Civil Law Rules on Robotics[42]
to recommend the principles for AI regulation. However, as compared to US, this regulation seems narrower as it focused on Robotics (a branch of AI) instead
of overall AI structure in ANIs. It also identified specific
areas where immediate attention is required such as drones, autonomous vehicles, medical-robots.[43] The report proposes
establishment of a "European Agency
for Robotics and AI," comprised of regulators and ethical experts
to monitor AI and robotics- related trends,
identify best-practices, recommend
regulatory measures, define
new principles, and address potential consumer protection issues.[44]
Subsequently, EU unveiled
its white-paper on AI on 19th February, 2020 wherein it took a giant leap forward to propose a clear plan to
regulate AI and characterized a clear dichotomy between promotion (fostering ecosystem of excellence) and regulation
(fostering ecosystem of trust).[45] Herein, it accepted the fact that EU
already has laws dealing with certain crucial aspects of AI. One such law is the General
Data-Protection Regulation (GDPR) which had explicitly provided for Data-protection in the EU.[46] Others
are in the areas of unfair commercial practices and product
liability laws.[47]
So, any future strategy for AI law would entail
an examination of existing laws in similar
areas so that unnecessary clash could be avoided and future AI law becomes
coherent with lesser
burdensome legislation.[48] Accordingly, EU is considering drafting its Artificial Intelligence Act,[49] focusing
on multiple sectoral development of AI in its promotion and regulation with assisted frameworks already under its perusal.
A SUGGESTIVE INDIAN-MODEL FOR REGULATION-
It can be understood that European efforts
are guided by the principles upon which the direction of American regulatory practice in digital
technology is carried
on. Although the abstract principles are similar on ground level,
one crucial aspect needs to be perused upon which both approaches differ. It’s the level of legislation which is available
in both the regions with respect to data-protection. As already understood from the mechanism of machine-learning, data is the most important aspect of AI because it’s the
main ingredient for AI technologies to process the desired intelligent output.[50]
Hence, AI is data hungry. At this juncture, it becomes crucial for a
country/region to have laws to regulate
data-protection, especially considering the vast array of sensitive information which AI utilizes
to take decisions for us. Hence, data-protection framework becomes much crucial
for basing future AI related
policies upon. In fact, it could become the first step towards
regulating the AI framework. However,
only European Union
has an enacted regional data-protection law named General
Data-Protection Regulation which entails to harmonize privacy
and data-protection within European Union.[51]
Fortunately, there exists some state regulations in the US rather than
federal. Although talks are
undergoing to have American Data Privacy and Protection Act,[52]
but it’s not yet in force. Considering the current circumstances and American policy
of required-intervention, a federal legislation was a much-needed requirement for safety
of its citizens which is still a dream for many
American states and it may hinder its drafted law on AI.
Coming to the question of India, it’s clear that it doesn’t have any regulatory
mechanism to govern AI actions.
However, what it does have is a draft of Data-protection Bill which has gone through
multiple revisions and is still under consideration.[53] One unique aspect
to note is that India aspires
to model its data-protection law along the lines of GDPR. The drafted bill has
envisaged many provisions similar to
GDPR such as prior-consent requirement,[54]
limitations on processing of personal-data,[55] compliance-requirement for data-processors[56] along with provisions for providing cross-sectoral privacy and penalties for non-compliances.[57] Hence,
I propose to base the Indian
AI regulatory framework upon the model suggested by the scholars for
implementing the AI law in Europe for
a crucial reason of basing the Indian data-protection regulation on GDPR, it seems
much more coherent
to adapt to the path of EU or at least have its manner of implementation into preferential consideration while enacting the Indian law
on Artificial Intelligence. Secondly, the
European efforts would focus on a dynamic approach wherein existing laws would
also be examined while
making its Artificial Intelligence Act (AIA).
However, Americans are yet to have existing laws regarding the fields
similar to AI, such as the Data-Protection law. Thus, in absence of such regulations in US and provided
the scenario where India is already drafting its data- protection law on the GDPR model, India could already have an
existing Data-Protection law by the
time it starts working on its own law upon Artificial Intelligence. These two
scenarios entail the European
approach much closer for Indians
to embrace in its AI policy
for regulation.
Now, in terms of the mode of implementation of AI regulation in Europe,
Dr. Philipp Hacker[58] proposed an effective method consisting
of a mix of horizontal and vertical regulation, which is commonly used in capital-markets law, to implement a future
liberal AI/ML regulation, namely the Lamfalussy-process.
Herein, regulation should be brought in four stages/levels to implement
complex regulatory mechanisms. In
Level-1(General-principles), he proposes to introduce horizontal-regulation in which general/abstract principles are laid
down. These would act as guide for future rules to be framed in specific
sub-areas. The article
5 of GDPR[59] could become part of it which
have abstract principles such as lawful, fairness and
transparency. However, those matters which have higher risk-potential could also be addressed under level-1 specifically with certain refinements at further levels.
This would entail protection against certain high-risk AI techs at initial
stage itself.
Under Level-2(sector specificity), specific vertical-regulations could
be introduced on a sector-
specific basis in accordance with the general-principles in areas which
require precise-regulation tailored
to different kinds of risk. Specific areas could include medicine, autonomous
driving and personalized-ads. Level-3
should cover safe-harbor
provisions on strict-conditions to ensure compliance
of rules by big-players who are in position to mutilate fair-competition and
annihilate general-principles. Level-4(Guidelines and self-regulation) could cover further
refined requirements for
certain areas along with introducing non-binding guidelines to foster economic- growth, such as article 40(3) of GDPR[60]
which allows people to enter into contracts with third- country organizations as well to set out their own liabilities
(which of course can’t go against the general-rules but can be flexible enough to
foster a liberal development).
CONCLUSION-
Indian
experience with AI is still in its promotional stage and as seen from the approach
of NITI- Aayog, India is looking for a
multi-sectoral implementation of AI.[61]
Concomitantly, it requires a multi-sectoral
regulatory approach as well, for which the Lamfalussy-process can be of crucial guidance.
However, since no country has a full-fledged AI law in operation to learn the consequences of its implementation, it would be prudent for Indian regulatory-approach to imbibe the liberal US-stanchions while adopting
the Lamfalussy-process to ensure a fair implementation while avoiding compromises with citizen-welfare and unnecessary state-intervention via. precautionary-approach impeding
future Indian potential in the sector
of artificial-intelligence.
[1] Student pursuing B. Com LL. B (Hons.) in Tamil
Nadu National Law University.
[3] Robert M. French, The Turing
Test: the first 50 years,
4, Trends in Cognitive Sciences, 115 (2000).
[6] Olivia J. Erd´elyi & G´abor
Erd´elyi, The AI Liability Puzzle and a
Fund-Based Work-Around, 70, Journal of
Artificial Intelligence
Research, 1309 (2021).
[7] M.C. ELISH & TIM HWANG, AN
AI PATTERN LANGUAGE, 1 (Data
& Society 2016).
[8] John Markoff, Software is smart enough for SAT, but still far from intelligent NEW
YORK TIMES(Sept20,2015), http://www.nytimes.com/2015/09/21/technology/personaltech/software-is-smart-enough-for-sat-but-still-far-from- intelligent.html.
[9] Olivia, supra note 5, at 1320.
[10] Vidushi Marda, Artificial intelligence policy in India: a framework for engaging the
limits of data-driven decision-making, Phil. Trans. R. Soc. A 376: 20180087,
1(2019).
[16] Matilda Claussen-Karlsson, Artificial
Intelligence and the External
Element of the Crime:
An Analysis of the Liability Problem, 7(2017).
[17] Ankit Padhy & Amit Padhy, Criminal Liability of the Artificial Intelligence Entities, NLUJ, 15(2019).
[19] LOW Yan Lin, International Regulations on Artificial Intelligence in the Military, SAcLJ,
720(2020).
[22] Alana Maurushat et al, Artificial
Intelligence Enabled Cyber
Fraud: A Detailed
Look into Payment
Diversion Fraud and Ransomware, IJLT, 261(2019).
[26] NITI
Aayog, National
Strategy for Artificial Intelligence, INDIAAI, 5 (June 2018) https://indiaai.gov.in/documents/pdf/NationalStrategy-for-AI-Discussion-Paper.pdf.
[27] Vidushi, supra note 9, at 7.
[31] BRAINYQUOTE, https://www.brainyquote.com/quotes/denzel_washington_337069 (last visited Jan 3,2023).
[33] Adam Thierer et al, Artificial Intelligence and Public Policy, Mercatus Research
Paper, 38(2017).
[35] Pub. LA. No. 104-104,
110 Stat. 56 (1996).
[36] Adam, supra note, at 43.
[38] Corinne Cath et al, Artificial Intelligence and the 'Good
Society': the US, EU, and UK approach, Science
and engineering ethics, 505 (2018).
[40] Corinne, supra note
36, at 41.
[44] European Parliament Committee on Legal Affairs, supra
note 40, at 7ff.
[45] Dr. Philipp Hacker, AI Regulation in Europe, SSRN, 1 (2020) https://ssrn.com/abstract=3556532 (Last
visited on Jan 3, 2023)
[46] Anirudh Burman, Will a GDPR-style data protection law work
for India, Carnegie India, (2019) 4-17- 19_Burman_India_GDPR.pdf (carnegieendowment.org), (Last visited o Jan3,
2023).
[48] Veljanovski, Economic Approaches to Regulation, The Oxford Handbook
of Regulation, 18 (2010).
[49] THE AI ACT,
https://artificialintelligenceact.eu, (Last visited
on Jan2, 2023).
[50] Harry Surden, Machine Learning and Law, WASH. L. REV.,
87 (2014).
[52] American Data Privacy and Protection Act, H.R.8152 [117th Congress
(2021-2022)].
[54] Draft Personal Data Protection Bill,
cl. 8, 12. https://www.meity.gov.in/writereaddata/files/The%20Digital%20Personal%20Data%20Protection%20Bill%2C%20 2022.pdf.
[57] Draft Personal Data Protection Bill, supra note cl. 65, 69–73.
[59] General Data Protection
Regulation, art. 5, 2018.
Article Information
ARTIFICIAL INTELLIGENCE AND CYBER LAWS IN INDIA: DISCOVERING WAYS TO IMPLEMENT REGULATION
Authors: Shubham Kumar Dass
- Journal IJLRA
- ISSN 2582-6433
- Published 2023/08/09
- Issue 7
About Journal
International Journal for Legal Research and Analysis
- Abbreviation IJLRA
- ISSN 2582-6433
- Access Open Access
- License CC 4.0
All research articles published in International Journal for Legal Research and Analysis are open access and available to read, download and share, subject to proper citation of the original work.
Disclaimer: The opinions expressed in this publication are those of the authors and do not necessarily reflect the views of International Journal for Legal Research and Analysis.