Riding the waves of internet regulation

 Riding the waves of internet regulation

Ahead of RAID Physical in Brussels, Nick Seeber, Partner & Internet Regulation Global Lead, Deloitte shares his view of what regulators and industry need to consider at this time of dramatic change


Where are we on the AI development curve, and what do policymakers need to do to keep the pace?

It’s very early days! AI is a new foundational technology like electricity, which will unlock all sorts of opportunities in the decades ahead – but it’s in its infancy. It’s like we’re in a nineteenth-century factory looking at our steam engines and gas lights, and thinking how amazing it will be to replace them with electric motors and electric lighting, but we can’t imagine how the invention of electricity will enable things like microchips and satellites and the internet.

In the same way, it’s hard for us to imagine what AI will let us do in the decades or centuries to come, so policymakers should try to stay close to what opportunities are emerging, engage closely with the broadest range of stakeholders, and be open-minded to the positive possibilities. And where there are obvious issues, being careful that policy responses are proportionate and targeted.


What’s your take on the EU AI Act – could it become a global standard?

It’s a good question. But I think it’s worth stepping back and asking “global standard for what?”

Looking at the big picture, there are so many concerns that policymakers and regulators are trying to address. The impact on the creative economy, the risks of mis- and disinformation by state actors, the issue of targeted fraud and financial crime are all very real worries. None of these are going to be solved by the EU AI Act. It also won’t address the social challenge of long-term changes to the labour market, or the fears around super-intelligence and the problems of alignment and control.

The focus of the EU AI Act is quite narrow in this sense – it’s about organisations that create or use AI systems ensuring that it’s safe, transparent, traceable, environmentally-friendly and so on.

I imagine other regulators will be looking on with interest to see how it’s received.


What do companies need to do to prepare for all this new legislation coming into force?

For the EU AI Act specifically, it’s still in draft. But with that caveat, companies using or creating AI systems will benefit from having a good picture now across their organisation of what they are being used for, where the training data is coming from, and what their ‘failure modes’ are – in short, the worst outcomes if they don’t work properly.

More broadly, the effect of the bow-wave of regulation across competition, online content and behaviour, and consumer protection, is that the practical challenge of understanding the impact for each company gets much harder. And it’s not just direct regulation, it’s also the indirect effect of regulation on other companies in the ecosystem.

For many clients, the most impactful thing they can do right now is set up to think thematically about regulatory changes. This means that you can think about all of the impacts around a particular topic – recommender systems, or complaint handling, for example  – and create an internal policy that addresses all the requirements. This has other benefits of enabling cross-functional dialogue about delivering compliance, so the quality of the regulatory response is higher.


What would you say are the biggest concerns when it comes to regulating the internet?

For me there are three.

One – think about regulations for any given domain in terms of the trade-offs between competing outcomes. There is no single “right” answer, so finding the right balance is key, and recognising that the balance may need to shift over time. Also being conscious that different stakeholders won’t agree on where the balance lies – so they will need to compromise.

Two – there are also trade-offs between regulatory domains. I’m thinking about where there are known tensions, for example between security and interoperability, or between privacy and free speech. Optimising for a single domain may lead to unintended negative consequences in other domains, so it’s important for regulators to work together, cross-functionally, to consider how their policies interact with each other.

And then finally, understanding how to achieve real public engagement and transparency in the regulatory process – too often we see laws which prioritise abstract policy goals over the real issues faced by everyday users.


What are your expectations of RAID Physical in Brussels on 26 September?

I’m excited! It will be good to participate in a truly multi-disciplinary event, bringing together policymakers, academia and activists, industry leaders and experts. At Deloitte we are delighted to be the platinum sponsors once again and look forward to contributing to the debate.