BSA-The Software Alliance in comments to the Office of Management and Budget offers praise for the risk management approach the White House is taking toward implementation of a wide-ranging executive order on artificial intelligence, while calling for a series of revisions to OMB guidance that the group says will help remove barriers to AI adoption.
“The OMB memo has important ramifications for federal IT modernization. Given the increase of AI in software services, it is critical that the guidance strikes the right balance in creating safeguards that promote the responsible use of AI while maximizing its benefits to the federal government. If it fails to do so, the gap between the commercial and federal marketplace will only grow,” according to BSA’s Dec. 5 filing with OMB.
President Biden’s executive order on AI was issued on Oct. 30. OMB on Nov. 3 posted draft guidance on implementation of the order.
The comment period closes today on the OMB draft, which included eight questions for commenters to consider on the scope and oversight of implementing Biden’s order.
“The OMB memo establishes a range of important risk management practices across federal agencies,” BSA says. “We are encouraged that the OMB memo requires agencies to take important steps to adopt strong risk management practices and attempt to categorize risks associated with government use of AI. This approach aims to help agencies focus on uses of AI that pose high risks to the public.”
BSA calls for multiple adjustments to the guidance “to ensure agencies can better implement these risk management practices” including:
- Continue to remove barriers to the responsible use and adoption of AI;
- Ensure uniform definitions of rights-impacting and safety-impacting AI across federal agencies;
- Ensure the definitions and list of rights-impacting and safety-impacting AI use cases focus on those risks that impact individuals;
- Further encourage the use of the NIST AI Risk Management Framework;
- Refine the minimum risk management practices required for federal agencies;
- Extend the timeline for agency implementation;
- Revise procurement obligations, to ensure vendors’ ability to further train AI models and to recognize the importance of internal testing; and
- Harmonize concurrent regulatory actions affecting AI procurement
“At the outset,” BSA writes, “we want to recognize that the OMB memo includes important guidance for strengthening federal agencies’ AI governance and advancing AI innovation across the federal government. We appreciate the OMB’s focus on promoting strong risk management practices and removing barriers to the use of AI by federal agencies.”
BSA singles out the guidance’s “requirement for agencies to designate a Chief AI Officer,” its focus on removing barriers to usage of AI, and its attention to workforce issues as particularly beneficial.
But it seeks substantial revisions in how the guidance approaches rights-impacting and safety-impacting AI.
“First, at the outset, we note that the definitions in Section 6 of rights-impacting and safety-impacting AI are overbroad and ambiguous,” BSA says, going on to comment, “OMB should focus on high-risk use cases resulting in consequential decisions about individuals, namely decisions that create legal or similarly significant effects on individuals.”
“Second,” the group says, “to the extent that OMB maintains these categories, including a non-exhaustive list of rights-impacting and safety-impacting AI in the OMB memo while allowing agencies to develop additional agency-specific lists creates fragmentation.”
BSA recommends “revising the OMB memo to include an exhaustive list of purposes and use cases that are rights-impacting and safety-impacting. Alternatively, OMB could be provided the authority to update this list over time, at set intervals, which would create a more stable approach than creating an agency-by-agency approach.”
“Third,” BSA says, “the threshold for determining whether AI is rights-impacting or safety-impacting is vague and can lead to differing interpretations across agencies.”
The filing says, “Fourth, the list of AI that is presumed to be rights-impacting and safety-impacting captures a broad set of AI applications, rather than specific use cases. … We recommend that OMB tailor this section to focus on consequential employment decisions – decisions by agencies to hire, terminate, determine the pay, or promote individuals.”
Among its other major points, BSA says, “We encourage OMB to better leverage the NIST AI RMF, which is a flexible framework for identifying and mitigating risks.”
The group says, “Creating the NIST AI RMF was a significant achievement that builds on NIST’s work creating frameworks for managing cybersecurity and privacy risks. … We strongly encourage OMB to incorporate the NIST AI RMF as part of the memo’s minimum risk management practices for federal agencies.”
BSA also calls for refining the minimum risk management practices included in the guidance, including on impact assessments, to consult further with stakeholders on “identifying algorithmic discrimination” as well as in other areas, and to extend the implementation timeline.