Tech Policy Unit Horizon Scanner - February 2020
Welcome to the inaugural Tech Policy Unit Horizon Scanner. It is our monthly dive into the key tech policy and legislative developments around the world. In this special post-Davos first edition, we take stock of where we are at the beginning of the year.
France and the USA announced at Davos that they will continue talks on a digital services tax. With the USA threatening sanctions if France goes ahead, the issue is contentious as the OECD process drags on and other countries – including the UK – consider going it alone.
The USA is also fighting a battle on another front – over China based tech company involvement in western communications infrastructure. The recently agreed China-USA "Phase I" trade agreement does not cover those issues, which shows they can interact on multiple tracks, from the collaborative to the adverse. The UK has opted to allow Chinese tech companies to be involved in the development of 5G networks while the EU has adopted a "toolbox" of measures to mitigate the main cybersecurity risks of 5G networks.
Beyond these immediate controversies, governments around the world are grappling with the prospects of more pervasive and powerful AI, the status of large tech companies, digital currencies and forms of exchange, and content control online.
Some businesses have also vocally supported policy changes and tighter regulation. IBM and Microsoft, for example, both called for regulation of AI at the World Economic Forum in Davos.
The US government continued to pursue an agenda designed to advance US tech leadership, including through a trade agreement with China.
The Office of Management and Budget released guidance to federal agencies on regulatory approaches to technologies and industrial sectors affected by AI, in which agencies are encouraged to consider ways to reduce barriers to the development and adoption of the technology.
The Department of Transportation unveiled its "Autonomous Vehicles 4.0" initiative, designed to unify oversight and provide high-level core principles, including the desire to promote American innovation and ensure consistency in regulation while protecting users.
The Treasury Department finalized its implementing regulations of a 2018 statute which expanded the powers of the interagency Committee on Foreign Investments in the United States (CFIUS) over transactions that would give a foreign person control of, or certain types of involvement in, a US business related to critical technologies, critical infrastructure, or sensitive personal data. The UK, Australia, and Canada are the first three foreign states to benefit from certain exemptions from the regulations.
In the U.S. Congress, the Senate Committee on Commerce, Science and Transportation held a hearing on the "Industries of the Future". Committee Chairman Roger Wicker introduced a bipartisan bill to require the White House Office of Science and Technology Policy to deliver a report to Congress on research and development investment in the Industries of the Future, plans to double investments in AI and quantum information science by 2022 and to increase investment to $10 billion per year by 2025, and to set up a coordinating council. Separately, the DIGIT (Developing Innovation and Growing the Internet of Things) Act, which would establish a working group composed of federal agencies and representatives of industry and other stakeholders to formulate recommendations to foster the development of the Internet of Things in the United States, passed the Senate and was referred to the House for consideration. The House Judiciary Committee's Subcommittee on Antitrust held a hearing on competition issues involving online platforms and market power in the digital economy, while the House Committee on Oversight and Reform held a hearing on facial recognition technology.
In Brazil, the government updated its "Infomatics Law" to bring it into line with a WTO ruling in a case brought by the EU and Japan relating to tax exemptions given to Brazilian tech companies.
The big themes kicking off the year in Asia Pac are AI and the continuing friction between the USA and China. Business continues as usual as legislators also grapple with data security.
The Singapore Government released an updated model governance framework on AI at Davos, which outlines ethical and practical guidance that can be implemented by businesses in Singapore and elsewhere.
Frameworks governing the use of AI have also been developed specifically for the financial services sectors in Singapore and Hong Kong. The Monetary Authority of Singapore, partnering with various financial institutions, has created a framework called Veritas for the responsible adoption of AI and Data Analytics. In Hong Kong, the Hong Kong Monetary Authority has published guidance for the banking Industry on using AI, which centres on ethical guidance and includes provisions on the accountability of boards and senior management for AI-related outcomes. See our recent briefing on this.
Legislative and regulatory developments on data protection are also becoming more commonplace across the Asia Pacific region. Thailand introduced the Personal Data Protection Act (PDPA) in 2019, which reflects many of the laws established in the EU by the introduction of GDPR. The PDPA will be enforceable in Thailand from May 2020 onwards, having given affected businesses and organisations one year to ensure that they will be fully compliant once the PDPA takes full effect.
In mainland China, the Standing Committee of the National People's Congress passed a law in autumn 2019 on data encryption, which regulates entities encrypting digital information in the public and private sector (depending on the type of information) and seeks to define the responsibilities of such entities. The law came into effect on 1 January 2020.
While guidance published by Chinese authorities over recent years has confirmed that some provisions in the 2017 PRC Cybersecurity law are intended to serve as data protection provisions, mainland China is yet to bring in a comprehensive data protection framework that is equivalent to the EU's GDPR. A legislative process is currently underway to develop a comprehensive data protection regulatory framework in China, including rules for identifying and regulating critical information infrastructure operators and supervising data export. Reportedly, Chinese legislators are also working on dedicated legislation for personal data protection and data security. See our short video on this here.
The development of tech policy in Africa continues to be patchy but is likely to see evolution in 2020.
Kenya passed data protection laws which align with the EU's GDPR in late 2019, supporting its rapidly growing tech economy. South Africa and Egypt are both seeing rapid growth in the number of tech-hubs and are likely to see further legislative developments in 2020.
In late 2019 Nigeria sought to expand the focus of its Ministry of Communications beyond telecoms by re-naming it the "Ministry of Communications and Digital Economy" however the government may be more focussed on raising revenue from successful start-ups, for example by imposing high fees on bike-hailing start-ups to gain licences to operate in the nation's capital, Lagos.
The Tunisian "Startup Act", passed in 2018, was a uniquely grassroots driven process, and was part of the "Digital Tunisia 2020" strategy which includes a ambitious e-government programme. One of the key challenges Tunisia faces is the fact that its currency, the Dinar, is difficult to exchange into foreign currency, which poses a challenge for home-grown companies wanting to go international.
On the downside, continued "internet shutdowns" continue to pose a significant challenge for tech businesses in Africa, with such events regularly taking place in Sudan, Zimbabwe, the Democratic Republic of Congo to name a few. High cost and low speed continue to be problems at the start of 2020.
Brexit, the start of a new "geo-political" commission and tensions over digital taxes dominate the beginning of the year.
Thierry Breton took office late last year as the new European Commissioner with responsibility for both the single market and digital. It is the first time that digital has been brought into the fold of the internal market, underlining the Commission's ambition to create a true digital single market in Europe. Expected to work closely with Competition Commissioner Margrethe Vestager, Commissioner Breton has a busy agenda.
The EU is putting in motion plans to update laws specific to AI. The European Commission president, Ursula von der Leyen, promised AI ethics legislation in her first 100 days (i.e. by 9 March). That's now unlikely. The European Commission will first publish a White Paper on artificial intelligence in the first quarter of 2020, a follow-up to its 2018 Communication. A draft of the Paper leaked in January 2019. We can assume that the final Paper will explore consumer protection measures, liability law reforms, voluntary labelling/kitemarking for trustworthy AI, and regulation for the use of facial recognition. According to the Commission's work programme for 2020, legislation on AI will be proposed in the last quarter of the year.
A new Digital Services Act will focus on content regulation, with details expected in the second half of 2020. The rules on liability and safety for digital platforms, services and products are expected to be upgraded.
The antitrust focus on large – and largely US – tech companies will continue.
The Directive of network and information systems (NIS) will be reviewed in the last quarter of 2020.
The Commission has launched consultations on the suitability of existing European laws for crypto-assets including stablecoins, and on how to improve the financial sector's ability to deal with cyber-attacks (the deadline for responses is 18 March 2020). Legislative proposals will follow in the second half of the year.
The EU will continue to push discussions about an international digital tax.
In the UK, legislative bills on Online Harms and Telecommunications Infrastructure were announced. The Information Commissioner's Office continued to focus on thematic priorities including AI, finalising its consultation on Explaining AI decisions guidance in partnership with the Alan Turing Institute (closing in January 2020).
With Brexit looming, the UK is positioning itself as policy leader. It also issued its final Age Appropriate Design Code, which will require digital services to implement age verification, transparency and children-centred updates to their platforms. The code is expected to apply from autumn 2021.
A key moment in the UK will be the 11 March government budget, where the government is expected to introduce a 2% digital services tax.
The tech sector in the Middle East continues to be a bright spot for the region with intense competition between in particular Dubai and the UAE.
In the Dubai International Financial Centre (DIFC), a common law financial "free zone" which hosts numerous multinational financial institutions within the UAE, a separate platform titled the Cyber Threat Intelligence Platform was launched in December 2019 by the financial services regulator, the DFSA. The platform, which was launched in collaboration with DESC and various other international cyber security organisations, will provide cyber threat intelligence to all DIFC-based companies.
Over the past several years, the UAE has appointed a Minister of State for Artificial Intelligence and launched a UAE National Program for Artificial Intelligence. Building on this, in April 2019 the UAE government launched the "UAE Artificial Intelligence Strategy 2031".
The eight objectives of the strategy include: reaffirming the UAE’s position as a global hub for artificial intelligence; increasing the competitive edge of the AI sector in the UAE; establishing an incubator for AI innovations; employing AI in the field of customer services; attracting and training talent for jobs "of the future"; attracting leading research capabilities; providing a data-driven infrastructure to support AI experiments; and optimising AI governance and related regulations.
"Smart Dubai", a Dubai government initiative aimed at promoting and developing open data, AI, paperless government and blockchain initiatives for public benefit, announced in December 2019 that Dubai has been ranked in several global reports as a leader in the Middle East for its smart transformation efforts.
The world's first "court tech lab" has been launched in the DIFC. The Court technology tech lab will initially involve a legal technology competition, with the winner being provided access to the DIFC courts to test their technology solution. The aim is to prototype and launch court technology such as blockchain powered initiatives, AI enabled programmes and cloud based solutions.