Report on Large Language Models and Generative AI from the House of Lords on 2 February 2024

by Raffaella Aghemo

The ‘synchronization’ of certain actions in the field of Artificial Intelligence regulation, and especially on next-generation models, is no longer an exception: in fact, right at the same time as the almost final approval of the latest European draft of the Artificial Intelligence Act, the British House of Lords published the First Report 2023–24 on ‘Large language models and generative AI’, the result of evidence gathering from 41 expert witnesses, examination of over 900 pages of written evidence, round table discussions with small and medium-sized companies hosted by the software company Intuit, and visits to Google and UCL Business. With the assistance of expert consultant, Michael Wooldridge, Professor of Computer Science at Oxford University.

Ninety-five pages aimed at addressing the phenomenon through, the introduction states, “…forward-looking, focused and rapid action to catalyse innovation responsibly and mitigate risks proportionately. We found room for improvement in government priorities, policy coherence and pace of implementation.”

The UK’s perspectives are clear in points 7 and 8 of the first chapter: ‘It is common for technological developments to outpace policy responses (as well as raising ethical issues). But recent advances in foundation models suggest that this gap is becoming acute and may continue to widen. This presents difficulties for governments seeking to harness this technology for good. Too much early intervention risks introducing laws similar to the ‘Red Flag Act’ of 1865, which required someone to walk in front of new cars waving a red flag. But too much caution about sensible rules is also harmful: seat belts were invented in 1885 but drivers were not required to wear them until 1983.

8. Solving the ‘Goldilocks’ problem of striking the right balance between innovation and risk with limited foresight of market developments will be one of the crucial challenges for the current generation of policy makers. Our report proposes a number of recommendations to help government, regulators and industry address the challenges ahead.”

After Chapter 2 gives an overview of large models and their functionalities and potential, Chapter 3 addresses the question of whether opensources or closed models are better, whether the government should take an explicit position in favour of one or the other, and how it should address concerns about regulatory protection: ‘Irene Solaiman, director of global policy at the open access platform Hugging Face, said that openness provided better transparency and opportunities for community-driven improvements. However, open models have lagged behind more advanced closed models on full-spectrum benchmarks and have fewer options to recall and repair malicious products. Microsoft and Google have stated that they are generally very supportive of open access technologies, but believe that the security risks from powerful, freely available LLMs are so significant that more guardrails are needed. OpenUK stated that there are many different types of ‘open’ technologies, in the same way that cars and trucks are different types of vehicles, and suggested that nuanced regulatory proposals are essential. Getty Images warned of “gaps in the regulatory fabric” that could exempt open models from obligations.”

It concludes by expressing concern about both models and discouraging the emergence of hidden powers or lobbies that can decide the regulatory fabric, strong on the economic and social influences they possess: “We recommend that the government implement more transparency measures for high-profile roles in artificial intelligence. This should include further high-level information on the types of mitigations prepared and a public statement within six months of appointment to confirm that these mitigations have been completed.”

Chapter 4 outlines the potential opportunities created by large language models (LLMs), followed by an assessment of how well the government’s strategy is positioning the UK to take advantage of them. “In March 2023, the government published its ‘pro-innovation approach to AI regulation’. This white paper envisaged an “agile and iterative approach” structured around five principles:

- safety, security and robustness;

- transparency and adequate explicability;

- fairness;

- accountability and governance;

- contestability and redress.”

Moreover, a prudent and balanced use of the new tools will serve to avoid falling behind international competitors or becoming strategically dependent on a small number of foreign technology companies, instead attracting and retaining a diverse set of skills and people, which is crucial for finding the right balance in artificial intelligence.

To this end, the paragraph on the importance of developing a sovereign LLM capability is interesting. This could be an ‘internal model’ used by government and public sector bodies, or a broader structure available to researchers and industry.

In the case of the ‘internal model’, three options would be considered:

- Purchasing a commercially available model would be quick and inexpensive, but would entail risks related to insufficient governance oversight, security barriers, mitigation of bias and data privacy, and concerns about strategic dependency.

- Developing a model from scratch would provide more control — but would require a high-risk, high-tech and expensive internal research and development effort for which the government may be ill-suited.

- Contracting an external developer to build a model to be deployed on a secure government infrastructure and UK-based data processing capability would provide a middle ground. The government would set security and ethical standards. The developer would provide the software and expertise for training and a licence for the government to run the model in-house. This would probably involve less risk, though not entirely risk-free.

Among the various options, value for money would be the key. “A sovereign LLM capability in the UK could provide substantial value if challenges relating to reliability, ethics, security and interpretability could be resolved.”

Chapter 5 examines the risk profile, with an interesting table on degrees of risk, leaving out, in a separate category, existential risk.

The risks of even generative models are multiple and well established, so mitigation work is needed in government and industry. The main problem remains scope and speed: malicious perpetrators enjoy first mover advantages, while it will take time to improve public and private sector mitigation measures, including public awareness. And as the government paper on the AI Safety Summit noted, market incentives to provide safety barriers are limited and there are no standardised safety parameters.

Catastrophic risk. Catastrophic risks could result from implementing a model with highly advanced capabilities without sufficient guarantees. As outlined in the table above, indicative impacts could result in more than 1,000 fatalities, 2,000 casualties and/or financial damage in excess of £10 billion. Threat models of varying plausibility exist. Most of our data suggest that these events will be less likely within the next three years, but should not be ruled out, particularly as the capabilities of next-generation models become clearer and open-access models more widespread. There is talk of possible biological or chemical hazards, destructive cyber tools or critical infrastructure failures.

On this last point, the following is specified: “OpenAI told us that work was underway to assess “hazardous capabilities” and appropriate safety features, but noted that “scientific measurements of the risks of frontier systems… are still nascent”. Professor John McDermid OBE, Professor of Safety Critical Systems at the University of York, said that industries such as civil aviation have designed software with fault detection in mind so that sudden failures can be resolved quickly and safely. He did not believe such safety-critical system analysis was yet possible for LLMs and felt it should be a research priority.”

Even more alarming is the following paragraph assessing the possibility of uncontrollable proliferation: “Google DeepMind told us that “once a model is openly available, any safeguards can be bypassed, and proliferation of capabilities is irreversible.” There is no ‘undo’ function if major security or legal compliance issues arise later, and no central registry to determine the provenance of the model once released. It may be possible to incorporate identifying features into models to help monitor them, although such research is still at an early stage.”

Finally, a threat to existential risk remains highly controversial. One basic scenario involves the gradual integration of super-intelligent artificial intelligence into high-impact systems to gain political, economic or military advantage, followed by the loss of human control. This could happen because humans gradually relinquish control to highly capable systems that far exceed our understanding; and/or the artificial intelligence system pursues goals that are not aligned with human welfare and reduce human action (e.g. nuclear power industry).

Finally, the risk of social prejudice, discrimination and bias, and, last but not least, the desirability of an adequate data protection defence (suggesting, for example, that the Department of Health and Social Care should work with NHS bodies to ensure that future data protection provisions are built into licence terms. This would help reassure patients, given the possibility of LLM companies working with NHS data being acquired by foreign companies).

Chapter 7 analyses the international context, distinguishing between the European regulatory effort, the US market-oriented effort, and China’s ‘safety first’ effort: although the government could learn from the US vision of context-specific regulation, from the EU’s goals to mitigate high-impact risks, and from China’s positive attitude towards technology adoption while addressing its social and security concerns, according to Katherine Holden of techUK , the UK should continue to pursue its own regulatory path that is ‘proportionate, risk-based and outcome-focused’.

The strategy is to make the White Paper work by committing to establishing ‘central functions’ such as:

- monitoring, evaluation and feedback;

- supporting consistent implementation of the principles;

- cross-sectoral risk assessment;

- horizon scanning;

- supporting innovators (including test-beds and sandboxes);

- education and awareness-raising; and

- international interoperability.

Furthermore, “The government should introduce standardised powers for key regulators to lead AI oversight to ensure that they can collect information related to AI processes and conduct technical, empirical and governance audits. It should also ensure that meaningful sanctions are in place to provide credible deterrents against serious wrongdoing.”

Accredited standards and audit practices are also recommended.

Chapter 8, on the other hand, is all about the sensitive topic of copyright and authors’ rights, where the government’s continued commitment “to promote and reward investment in creativity” and to ensure that rights holders’ content is “adequately protected”, while supporting artificial intelligence innovation, is emphasized. “The application of the law to LLM processes is complex, but the principles remain clear. The purpose of copyright is to reward creators for their efforts, to prevent others from using works without permission and to incentivize innovation. The current legal framework fails to ensure that these outcomes occur and the government has a duty to act.” “The IPO code should ensure that creators have full power to exercise their rights, both on an opt-in and opt-out basis. Developers should clarify whether their web crawlers are used to acquire data for training on generative artificial intelligence or for other purposes.” Various solutions are being sought, but the demand for huge amounts of data makes a broadening of the scope of licences insufficient, so much so that Dan Conway suggested that a searchable archive of citations and metadata would be useful.

The last pages are in essence a SUMMARY OF CONCLUSIONS AND RECOMMENDATIONS.

All Rights Reserved

Raffaella Aghemo, Lawyer

In Plain English 🚀

Thank you for being a part of the In Plain English community! Before you go:

• Be sure to clap and follow the writer ️👏️️
• Follow us: X | LinkedIn | YouTube | Discord | Newsletter
• Visit our other platforms: Stackademic | CoFeed | Venture | Cubed
• More content at PlainEnglish.io