DRAFT Guidance for Regulation of Artificial Intelligence Applications This draft Memorandum sets out policy considerations that should guide, to the extentpermitted by law, regulatory and non-regulatory oversight of AI applications developed anddeployed outside of the Federal government. Although Federal agencies currently use AI inmany ways to perform their missions, government use of AI is outside the scope of this Memorandum. While this Memorandum uses the definition of AI recently codified in statute,2 itfocuses on “narrow” (also known as “weak”) AI, which goes beyond advanced conventionalcomputing to learn and perform domain-specific or specialized tasks by extracting information from data sets, or other structured or unstructured sources of information. More theoreticalapplications of “strong” or “general” AI—AI that may exhibit sentience or consciousness, can beapplied to a wide variety of cross-domain activities and perform at the level of, or better than ahuman agent, or has the capacity to self-improve its general cognitive abilities similar to orbeyond human capabilities—are beyond the scope of this Memorandum. Encouraging Innovation and Growth in AI -- As stated in Executive Order 13859, “the policy of the United States Government [is] tosustain and enhance the scientific, technological, and economic leadership position of the UnitedStates in AI.”3 The deployment of AI holds the promise to improve safety, fairness, welfare,transparency, and other social goals, and America’s maintenance of its status as a global leaderin AI development is vital to preserving our economic and national security. The importance ofdeveloping and deploying AI requires a regulatory approach that fosters innovation, growth, andengenders trust, while protecting core American values, through both regulatory and nonregulatory actions and reducing unnecessary barriers to the development and deployment of AI.To that end, Federal agencies must avoid regulatory or non-regulatory actions thatneedlessly hamper AI innovation and growth. Where permitted by law, when deciding whetherand how to regulate in an area that may affect AI applications, agencies should assess the effect of the potential regulation on AI innovation and growth. Agencies must avoid a precautionaryapproach that holds AI systems to such an impossibly high standard that society cannot enjoytheir benefits. Where AI entails risk, agencies should consider the potential benefits and costs ofemploying AI, when compared to the systems AI has been designed to complement or replace.Furthermore, in the context of AI, as in other settings, agencies must consider the effectof Federal regulation on existing or potential actions by State and local governments. In somecircumstances, agencies may use their authority to address inconsistent, burdensome, and duplicative State laws that prevent the emergence of a national market. Where a uniform national standard for a specific aspect related to AI is not essential, however, agencies shouldconsider forgoing regulatory action. Office of Management and BudgetOMB_fc2d8890-ba77-4c51-bbad-1cc10871c14eRussell T. VoughtActing Director -- Executive Order 13859, “Maintaining American Leadership in Artificial Intelligence,”1requires the Director of the Office of Management and Budget (OMB), in coordination with theDirector of the Office of Science and Technology Policy, the Director of the Domestic PolicyCouncil, and the Director of the National Economic Council, to issue a memorandum thatprovides guidance to all Federal agencies to inform the development of regulatory and nonregulatory approaches regarding technologies and industrial sectors that are empowered orenabled by artificial intelligence (AI) and consider ways to reduce barriers to the developmentand adoption of AI technologies. Consistent with Executive Order 13859, OMB guidance onthese matters seeks to support the U.S. approach to free markets, federalism, and good regulatorypractices (GRPs), which has led to a robust innovation ecosystem. When considering regulationsor policies related to AI applications, agencies should continue to promote advancements intechnology and innovation, while protecting American technology, economic and nationalsecurity, privacy, civil liberties, and other American values, including the principles of freedom,human rights, the rule of law, and respect for intellectual property.Regulatory AgenciesAgency Plans to Achieve Consistency with this Memorandum -- Executive Order 13859 requires that implementing agencies with regulatory authoritiesreview their authorities relevant to AI applications and submit plans to OMB on achievingconsistency with this Memorandum.The agency plan must identify any statutory authorities specifically governing agencyregulation of AI applications, as well as collections of AI-related information from regulatedentities. For these collections, agencies should describe any statutory restrictions on thecollection or sharing of information (e.g., confidential business information, personallyidentifiable information, protected health information, law enforcement information, andclassified or other national security information). The agency plan must also report on theoutcomes of stakeholder engagements that identify existing regulatory barriers to AI applicationsand high-priority AI applications that are within an agency’s regulatory authorities. OMB alsorequests agencies to list and describe any planned or considered regulatory actions on AI.Appendix B provides a template for agency plans.Agency plans are due on [date 180 days after this Memorandum is issued] and should besubmitted to [xx@omb.eop.gov]. Innovation and growth in AI_78f30448-3238-11ea-a903-1e26f982ea00To sets out policy considerations that should guide regulatory and non-regulatory oversight of AI applications developed and deployed outside of the Federal government._78f3057e-3238-11ea-a903-1e26f982ea00StewardshipPrinciples for the Stewardship of AI Applications -- Consistent with law, agencies should take into consideration the following principleswhen formulating regulatory and non-regulatory approaches to the design, development,deployment, and operation of AI applications, both general and sector-specific. These principles,many of which are interrelated, reflect the goals and principles in Executive Order 13859. Agencies should calibrate approaches concerning these principles and consider case-specificfactors to optimize net benefits. Given that many AI applications do not necessarily raise novel issues, theseconsiderations also reflect longstanding Federal regulatory principles and practices that arerelevant to promoting the innovative use of AI. Promoting innovation and growth of AI is a highpriority of the United States government. Fostering innovation and growth through forbearingfrom new regulations may be appropriate. Agencies should consider new regulation only afterthey have reached the decision, in light of the foregoing section and other considerations, thatFederal regulation is necessary. Trust1. Public Trust in AI -- AI is expected to have a positive impact across sectors of social and economic life,including employment, transportation, education, finance, healthcare, personal security, andmanufacturing. At the same time, AI applications could pose risks to privacy, individual rights,autonomy, and civil liberties that must be carefully assessed and appropriately addressed. Itscontinued adoption and acceptance will depend significantly on public trust and validation. It istherefore important that the government’s regulatory and non-regulatory approaches to AIpromote reliable, robust, and trustworthy AI applications, which will contribute to public trust inAI. The appropriate regulatory or non-regulatory response to privacy and other risks mustnecessarily depend on the nature of the risk presented and the appropriate mitigations. Participation2. Public Participation -- Public participation, especially in those instances where AI uses information aboutindividuals, will improve agency accountability and regulatory outcomes, as well as increasepublic trust and confidence. Agencies should provide ample opportunities for the public tonational standard for a specific aspect related to AI is not essential, however, agencies shouldconsider forgoing regulatory action.Principles for the Stewardship of AI ApplicationsConsistent with law, agencies should take into consideration the following principleswhen formulating regulatory and non-regulatory approaches to the design, development,deployment, and operation of AI applications, both general and sector-specific. These principles,many of which are interrelated, reflect the goals and principles in Executive Order 13859.provide information and participate in all stages of the rulemaking process, to the extent feasibleand consistent with legal requirements (including legal constraints on participation in certainsituations, for example, national security preventing imminent threat to or responding toemergencies). Agencies are also encouraged, to the extent practicable, to inform the public andpromote awareness and widespread availability of standards and the creation of other informativedocuments.Scientific Integrity3. Scientific Integrity and Information Quality -- The government’s regulatory and non-regulatory approaches to AI applications shouldleverage scientific and technical information and processes. Agencies should hold information,whether produced by the government or acquired by the government from third parties, that islikely to have a clear and substantial influence on important public policy or private sectordecisions (including those made by consumers) to a high standard of quality, transparency, andcompliance. Consistent with the principles of scientific integrity in the rulemaking and guidanceprocesses, agencies should develop regulatory approaches to AI in a manner that both informspolicy decisions and fosters public trust in AI. Best practices include transparently articulatingthe strengths, weaknesses, intended optimizations or outcomes, bias mitigation, and appropriateuses of the AI application’s results. Agencies should also be mindful that, for AI applications toproduce predictable, reliable, and optimized outcomes, data used to train the AI system must beof sufficient quality for the intended use.Risk Management4. Risk Assessment and Management -- Regulatory and non-regulatory approaches to AI should be based on a consistentapplication of risk assessment and risk management across various agencies and varioustechnologies. It is not necessary to mitigate every foreseeable risk; in fact, a foundationalprinciple of regulatory policy is that all activities involve tradeoffs. Instead, a risk-basedapproach should be used to determine which risks are acceptable and which risks present thepossibility of unacceptable harm, or harm that has expected costs greater than expected benefits.Agencies should be transparent about their evaluations of risk and re-evaluate their assumptionsand conclusions at appropriate intervals so as to foster accountability. Correspondingly, themagnitude and nature of the consequences should an AI tool fail, or for that matter succeed, canhelp inform the level and type of regulatory effort that is appropriate to identify and mitigaterisks. Specifically, agencies should follow the direction in Executive Order 12866, “RegulatoryPlanning and Review,”4 to consider the degree and nature of the risks posed by various activitieswithin their jurisdiction. Such an approach will, where appropriate, avoid hazard-based andunnecessarily precautionary approaches to regulation that could unjustifiably inhibit innovation.5 Benefit/Cost Analysis5. Benefits and Costs -- When developing regulatory and non-regulatory approaches, agencies will oftenconsider the application and deployment of AI into already-regulated industries. Presumably,such significant investments would not occur unless they offered significant economic potential.As in all technological transitions of this nature, the introduction of AI may also create uniquechallenges. For example, while the broader legal environment already applies to AI applications,the application of existing law to questions of responsibility and liability for decisions made by AI could be unclear in some instances, leading to the need for agencies, consistent with theirauthorities, to evaluate the benefits, costs, and distributional effects associated with anyidentified or expected method for accountability. Executive Order 12866 calls on agencies to“select those approaches that maximize net benefits (including potential economic,environmental, public health and safety, and other advantages; distributive impacts; andequity).”6 Agencies should, when consistent with law, carefully consider the full societal costs,benefits, and distributional effects before considering regulations related to the development anddeployment of AI applications. Such consideration will include the potential benefits and costsof employing AI, when compared to the systems AI has been designed to complement or replace,whether implementing AI will change the type of errors created by the system, as well ascomparison to the degree of risk tolerated in other existing ones. Agencies should also considercritical dependencies when evaluating AI costs and benefits, as technological factors (such asdata quality) and changes in human processes associated with AI implementation may alter thenature and magnitude of the risks and benefits. In cases where a comparison to a current systemor process is not available, evaluation of risks and costs of not implementing the system shouldbe evaluated as well. Flexibility6. Flexibility -- When developing regulatory and non-regulatory approaches, agencies should pursueperformance-based and flexible approaches that can adapt to rapid changes and updates to AIapplications. Rigid, design-based regulations that attempt to prescribe the technicalspecifications of AI applications will in most cases be impractical and ineffective, given theanticipated pace with which AI will evolve and the resulting need for agencies to react to newinformation and evidence. Targeted agency conformity assessment schemes, to protect healthand safety, privacy, and other values, will be essential to a successful, and flexible, performancebased approach. To advance American innovation, agencies should keep in mind internationaluses of AI, ensuring that American companies are not disadvantaged by the United States’regulatory regime. Fairness7. Fairness and Non-Discrimination -- Agencies should consider in a transparent manner the impacts that AI applications mayhave on discrimination. AI applications have the potential of reducing present-daydiscrimination caused by human subjectivity. At the same time, applications can, in someinstances, introduce real-world bias that produces discriminatory outcomes or decisions thatundermine public trust and confidence in AI. When considering regulations or non-regulatoryapproaches related to AI applications, agencies should consider, in accordance with law, issuesof fairness and non-discrimination with respect to outcomes and decisions produced by the AIapplication at issue, as well as whether the AI application at issue may reduce levels of unlawful,unfair, or otherwise unintended discrimination as compared to existing processes. Transparency8. Disclosure and Transparency -- In addition to improving the rulemaking process, transparency and disclosure canincrease public trust and confidence in AI applications. At times, such disclosures may includeidentifying when AI is in use, for instance, if appropriate for addressing questions about how theapplication impacts human end users. Agencies should be aware that some applications of AIcould increase human autonomy. Agencies should carefully consider the sufficiency of existingor evolving legal, policy, and regulatory environments before contemplating additional measuresfor disclosure and transparency. What constitutes appropriate disclosure and transparency iscontext-specific, depending on assessments of potential harms, the magnitude of those harms, thetechnical state of the art, and the potential benefits of the AI application. Safety9. Safety and Security -- Agencies should promote the development of AI systems that are safe, secure, andoperate as intended, and encourage the consideration of safety and security issues throughout theAI design, development, deployment, and operation process. Agencies should pay particularattention to the controls in place to ensure the confidentiality, integrity, and availability of theinformation processed, stored, and transmitted by AI systems. Agencies should give additionalconsideration to methods for guaranteeing systemic resilience, and for preventing bad actorsfrom exploiting AI system weaknesses, including cybersecurity risks posed by AI operation, andadversarial use of AI against a regulated entity’s AI technology. When evaluating or introducingAI policies, agencies should be mindful of any potential safety and security risks, as well as therisk of possible malicious deployment and use of AI applications.Coordination10. Interagency Coordination -- A coherent and whole-of-government approach to AI oversight requires interagencycoordination. Agencies should coordinate with each other to share experiences and to ensureconsistency and predictability of AI-related policies that advance American innovation andgrowth in AI, while appropriately protecting privacy, civil liberties, and American values andallowing for sector- and application-specific approaches when appropriate. When OMB’s Officeof Information and Regulatory Affairs (OIRA) designates AI-related draft regulatory action as“significant” for purposes of interagency review under Executive Order 12866, OIRA willensure that all agencies potentially affected by or interested in a particular action will have anopportunity to provide input. Non-Regulatory ApproachesDetermine whether existing regulations are sufficient or that the benefits of new regulations do not justify their costs._78f30650-3238-11ea-a903-1e26f982ea001Non-Regulatory Approaches to AI7 -- An agency may determine, after considering a particular AI application, that eitherexisting regulations are sufficient or that the benefits of a new regulation do not justify its costs,at that time or in the foreseeable future. In these cases, the agency may consider either not takingany action or, instead, identifying non-regulatory approaches that may be appropriate to addressthe risk posed by certain AI applications. Examples of such non-regulatory approaches include: Sector-Specific PolicyConsider using existing statutory authority to issue non-regulatory policy statements, guidance, or testing and deployment frameworks._78f309ac-3238-11ea-a903-1e26f982ea001.1Sector-Specific Policy Guidance or Frameworks. Agencies should consider using anyexisting statutory authority to issue non-regulatory policy statements, guidance, or testingand deployment frameworks, as a means of encouraging AI innovation in that sector.Agencies should provide clarity where a lack of regulatory clarity may impedeinnovation. This may also include work done in collaboration with industry, such asdevelopment of playbooks and voluntary incentive frameworks. Experiments & PilotsConsider using existing authorities to grant waivers and exemptions from regulations, or to allow pilot programs that provide safe harbors for specific AI applications._78f30ace-3238-11ea-a903-1e26f982ea001.2Pilot Programs and Experiments. Agencies should consider using any authority underexisting law or regulation to grant waivers and exemptions from regulations, or to allowpilot programs that provide safe harbors for specific AI applications. Such programs mayalso include events such as hackathons, tech sprints, challenges, and other types ofpiloting programs. As part of such programs, agencies may collect data on the design,development, deployment, operation, or outcomes of AI applications to improve theirunderstanding of the benefits and risks, which could produce useful data to inform futurerulemaking and non-regulatory approaches. If this information is of significant publicinterest, agencies should consider periodically informing the general public aboutemerging trends to help coordinate research efforts, new or emerging changes that willaffect particular stakeholders (e.g., consumers), and transparency about how specific AIapplications generate net benefits and, if relevant, distributional effects. StandardsGive preference to voluntary consensus standards._78f30bd2-3238-11ea-a903-1e26f982ea001.3Voluntary Consensus Standards. The private sector and other stakeholders may developvoluntary consensus standards that concern AI applications, which provide nonregulatory approaches to manage risks associated with AI applications that are potentiallymore adaptable to the demands of a rapidly evolving technology. Agencies should give apreference to voluntary consensus standards but may also avail themselves ofindependent standards-setting organizations and consider the robustness of theirstandards when evaluating the need for or developing related regulations. In addition,agencies should consider relying on private-sector conformity assessment programs andactivities, before proposing either regulations or compliance programs.BarriersReduce barriers to the deployment and use of AI._78f30d4e-3238-11ea-a903-1e26f982ea002Reducing Barriers to the Deployment and Use of AI -- As discussed above, Executive Order 13859 requires OMB to issue a memorandum toagencies that shall “consider ways to reduce barriers to the use of AI technologies in order topromote their innovative application while protecting civil liberties, privacy, American values,and United States economic and national security.” Below are four non-exhaustive examples of actions agencies can take, outside the rulemaking process, to create an environment thatfacilitates the use and acceptance of AI. AccessCollect and create information in ways that support public transparency as well as dissemination and processing by third parties._78f30eb6-3238-11ea-a903-1e26f982ea002.1Federal AgenciesExecutive Order 13859 calls on agenciesto increase public access to government data and models where appropriate. Increasing suchaccess to government data must be done in a manner consistent with the Open, Public, Electronic, and, Necessary Government Data Act;8 OMB Circular No. A-130 “ManagingInformation as a Strategic Resource;”9 and OMB Memorandum M-13-13, “Open Data Policy Managing Information as an Asset,”10 which require agencies to collect and create information ina way that supports public transparency as well as downstream, secondary informationdissemination and processing by third parties, thereby making government informationaccessible, discoverable, and usable...Agencies may also review their existing disclosure protocols to determine if itis appropriate to make more data public, as well as provide more granular data, rather thanaggregate data. In increasing data access, agencies should not lose sight of the legal and policyrequirements regarding the protection of sensitive information and vital public interests, such asprivacy, security, and national economic competitiveness.11 OMBAgencies should also follow forthcoming OMB guidance to agencies, pursuant to section5 of Executive Order 13859, regarding discovery and usability of Federal data and models fornon-Federal use.Access to Federal Data and Models for AI R&D -- Access to data (and metadata) can facilitate the innovative design, development,deployment, and operation of specific AI applications.CommunicationCommunicate with the public about the benefits and risks of AI._78f31032-3238-11ea-a903-1e26f982ea002.2Federal AgenciesConsistent with the principles described in this Memorandum, agencies should communicatewith the public about the benefits and risks of AI in a manner that gives the public appropriatetrust and understanding of AI. An important opportunity to do this is when publishing requestsfor information (RFIs) in the Federal Register that are related to AI. RFIs and similar notices canhelp ensure that public perceptions of AI are informed by agency risk assessments that arecontext-specific and based on sound scientific evidence. Agencies should communicate thisinformation transparently by describing the underlying assumptions and uncertainties regardingexpected outcomes, both positive and negative...Agencies are also encouraged to promote widespread availabilityof guidance documents that may be created.13 OSTPFor more specific guidance, agencies shouldconsult OSTP’s 2010 memorandum on scientific integrity when considering regulatory and nonregulatory approaches to AI.12 Communication to the Public -- The process by which agencies develop and implement regulatory and non-regulatoryapproaches to AI applications will have a significant impact on public perceptions of AI.StandardsParticipate in the development and use of voluntary consensus standards._78f312a8-3238-11ea-a903-1e26f982ea002.3National Institute of Standards and TechnologyAs directed byE.O. 13859, the National Institute of Standards and Technology (NIST) developed a plan forFederal engagement in AI standards.14Federal AgenciesAgencies should use this plan to direct their involvementin AI standards development relevant to their authorities...Consistent with Section12(d)(1) of the National Technology Transfer and Advancement Act of 1995, all Federalagencies must use voluntary consensus standards in place of government-unique standards intheir procurement and regulatory activities, except where inconsistent with law or otherwiseimpractical.16Agencies should also consider effective approaches to conformity assessment for AIapplications. Conformity assessment procedures provide a means of enhancing the confidencethat the products, services, systems, persons, or bodies have specifically required characteristics,and that these characteristics are consistent from product to product, service to service, system tosystem, and in similar scenarios. Agencies should rely on the guidance in NIST publications tounderstand conformity assessment concepts17 and to use conformity assessment in an effectiveand efficient manner that meets agency requirements.18Standard-Setting OrganizationsWhen engaging with private sector standard-setting organizations, agencies shouldadhere to OMB Circular A-119, “Federal Participation in the Development and Use of VoluntaryConsensus Standards and in Conformity Assessment Activities.”15 Agency Participation in the Development and Use of Voluntary Consensus Standards andConformity Assessment Activities -- Executive Order 13859 calls for Federal engagement in the development of technicalstandards and related tools in support of reliable, robust, and trustworthy systems that use AItechnologies. To promote innovation, use, and adoption of AI applications, standards couldaddress many technical aspects, such as AI performance, measurement, safety, security, privacy,interoperability, robustness, trustworthiness, and governance. Moreover, Federal engagementwith the private sector on the development of voluntary consensus standards will help agenciesdevelop expertise in AI and identify practical standards for use in regulation.International CooperationEngage in the development of regulatory approaches through international regulatory cooperation._78f3144c-3238-11ea-a903-1e26f982ea002.4Regulatory Working GroupInternational Regulatory Cooperation -- Executive Order 13609, “Promoting International Regulatory Cooperation,” calls on theRegulatory Working Group, which was established by Executive Order 12866, to consider“appropriate strategies for engaging in the development of regulatory approaches throughinternational regulatory cooperation, particularly in emerging technology areas.”19 Accordingly,agencies should engage in dialogues to promote consistent regulatory approaches to AI thatpromote American AI innovation while protecting privacy, civil rights, civil liberties, andAmerican values. Such discussions, including those with the general public, can providevaluable opportunities to share best practices, data, and lessons learned, and ensure that Americaremains at the forefront of AI development. 2020-01-08https://www.whitehouse.gov/wp-content/uploads/2020/01/Draft-OMB-Memo-on-Regulation-of-AI-1-7-19.pdfOwenAmburOwen.Ambur@verizon.net