On October 30, 2023, President Biden issued a 63-page Executive Order to define the trajectory of artificial intelligence adoption, governance and usage within the United States government. The Executive Order outlines eight guiding principles and priorities for US federal agencies to adhere to as they adopt, govern and use AI. While safety and security are predictably high on the list, so too is a desire to make America a leader in the AI industry including AI development by the federal government. While executive orders are not a statute or regulation and do not require confirmation by Congress, they are binding and can have the force of law, usually based on existing statutory powers.

Instruction to Federal Agencies and Impact on Non-Governmental Entities

The Order directs a majority of federal agencies to address AI’s specific implications for their sectors, setting varied timelines ranging from 30 to 365 days for each applicable agency to implement specific requirements set forth in the Order.

The actions required of the federal agencies will impact non-government entities in a number of ways, because agencies will seek to impose contractual obligations to implement provisions of the Order or invoke statutory powers under the Defense Production Act for the national defense and the protection of critical infrastructure, including: (i) introducing reporting and other obligations for technology providers (both foundational model providers and IaaS providers); (ii) adding requirements for entities that work with the federal government in a contracting capacity; and (iii) influencing overall AI policy development.

Substantial within the Order are new reporting requirements for models trained using substantial computing power (i.e., those models using computing power that exceeds thresholds in the Order, or as such thresholds are re-defined by the Secretary of Commerce). Also, building on existing cyber-related sanctions measures, the Commerce Department is to propose extensive reporting requirements for IaaS providers whenever a foreign person interacts with training large AI models that could be used in malicious cyber-enabled activity (proposed rules are due within 90 days), as well as identity verification requirements on foreign persons obtaining IaaS accounts through foreign resellers (proposed rules are due within 180 days). Another key provision with a quick 90-day turnaround time directs the Secretary of State and Secretary of Homeland Security to streamline visa processes for skilled AI professionals, students and researchers. The Order also provides the possibility for additional intellectual property protections related to AI (given that the Order directs the US Patent and Trademark Office to provide AI guidance and the US Copyright Office to recommend additional protection for works produced using AI).

The Order’s Eight Key Directives

1. New Standards for AI Safety and Security

  • Developers of powerful AI systems will now be required to share their safety test results and other pertinent information with the US government. Companies developing foundation models that could pose a risk to national security, the economy, or public health and safety must notify the federal government when training the model, and must share the results of certain prescribed safety tests.
  • Within the next 270 days the National Institute of Standards and Technology will set rigorous standards for extensive testing to ensure safety before public release, and the Department of Homeland Security will apply those standards to critical infrastructure sectors and establish an AI Safety and Security Board. 
  • Agencies that fund life-science projects will establish standards for biological synthesis screening.
  • The Department of Commerce will develop guidance for content authentication to protect Americans from AI-enabled fraud and deception, particularly in relation to official government communications.
  • The National Security Council and the White House Chief of Staff will work together to develop a National Security Memorandum to ensure that the US military and intelligence community use AI safely, ethically and effectively in their missions.
  • The Departments of Energy and Homeland Security will address AI risks related to critical infrastructure, chemical, biological, radiological, nuclear and cybersecurity. The Order requires secure and responsible development of AI hardware and software that will be used by critical infrastructure. On the heels of the Critical Infrastructure Risk Management Cybersecurity Improvement Act and major supply chain vulnerabilities, safeguarding our nation’s critical infrastructure is a top priority. Also, similar to Biden’s 2021 Executive Order 14028, CISA has been tasked with evaluating how AI can disrupt critical infrastructure by creating vulnerabilities and increased risk of cyberattacks and business interruption.

2. Protecting Americans’ Privacy: The Order calls on Congress to pass bipartisan data privacy legislation, with a focus on: protecting children; strengthening privacy-preserving research and technologies; evaluating how agencies collect and use commercially available information; strengthening privacy guidance for federal agencies; and developing guidelines for federal agencies to evaluate the effectiveness of privacy-preserving techniques.

3. Advancing Equity and Civil Rights: The Order recognizes that irresponsible uses of AI can lead to and deepen discrimination, bias, and other abuses in criminal justice, healthcare, employment and housing and directs actions to mitigate such risks.

4. Standing Up for Consumers, Patients and Students: The Order recognizes that while AI can bring significant benefits to consumers (for example, by making products better, cheaper and more widely available), it can also risk injuring, misleading or otherwise harming Americans. The Order directs the Department of Health and Human Services to establish a safety program to receive reports of harms or unsafe healthcare practices involving AI.

5. Supporting American Workers: The Order directs the development of principles and best practices to mitigate the harms and maximize the benefits of AI for workers, including AI-driven job displacement and disempowerment, upskilling for workers, labor standards, employee privacy and wage and hour considerations.

6. Promoting American Innovation and Competition: The Order introduces measures to catalyze AI research across the US by piloting a National AI Research Resource and expanded grants for AI research in specific areas including healthcare and climate change. The further aims to attract and retain foreign national AI talent in the US by modernizing or expanding existing immigration programs. And, the Order encourages the Federal Trade Commission to exercise its authority to ensure fair competition in the AI marketplace and to ensure that consumers and workers are protected from harms that may be enabled by the use of AI.

7. Advancing American Leadership Abroad: The Order seeks to accelerate development and implementation of AI standards with international partners, and promote the safe, responsible and rights-affirming development and deployment of AI abroad to solve global challenges.

8. Ensuring Responsible and Effective Government Use of AI: Federal agencies will receive guidance on AI use, procurement, and deployment. AI systems can aid the speed of the procurement process and if utilized correctly could conceivably reduce the amount of bid protests. The Order aims to address the possibility of bias in this process.

Baker McKenzie’s recognized leaders in AI are supporting multinational companies with strategic guidance for responsible and compliant AI development and deployment. Our industry experts with backgrounds in data privacy, intellectual property, cybersecurity, trade compliance and employment can meet you at any stage of your AI journey to unpack the latest trends in legislative and regulatory proposals and the corresponding legal risks and considerations for your organization. Please contact a member of our team for more.

Author

Adam Aft helps global companies navigate the complex issues regarding intellectual property, data, and technology in product counseling, technology, and M&A transactions. He leads the Firm's North America Technology Transactions group and co-leads the group globally. Adam regularly advises a range of clients on transformational activities, including the intellectual property, data and data privacy, and technology aspects of mergers and acquisitions, new product and service initiatives, and new trends driving business such as platform development, data monetization, and artificial intelligence.

Author

Melissa Allchin is an Attorney in Baker McKenzie's Employment and Compensation Practice with more than eleven years of experience in corporate immigration law. She routinely advises multinational and domestic clients on the strategy, requirements, and procedures to secure visas and work and residence permits and satisfy employment eligibility and other immigration-related regulatory requirements for a global workforce. Melissa frequently speaks on global and US immigration and immigration compliance issues at Firm and client events geared towards global mobility, human resources, and legal professionals. She has been a Member of the Firm's Pro Bono and Diversity Committees.

Author

Maurice A. Bellan is the Managing Partner of the Washington, DC office and a member of the Global Dispute Resolution and North America Litigation and Government Enforcement Steering Committees. He is a former trial attorney at the US Department of Justice and is experienced in a broad range of fraud and anti-corruption matters. Maurice was recently named by Savoy magazine as one of the most influential African-American lawyers in the United States.

Author

Caroline Burnett is a Knowledge Lawyer in Baker McKenzie’s North America Employment & Compensation Group. Caroline is passionate about analyzing trends in US and global employment law and developing innovative solutions to help multinationals stay ahead of the curve.

Author

Cynthia J. Cole is Chair of Baker McKenzie’s Global Commercial, Tech and Transactions Business Unit, a member of the Firm’s global Commercial, Data, IP and Trade (CDIT) practice group steering Committee and Co-chair of Baker Women California. A former CEO and General Counsel, just before joining the Firm, Cynthia was Deputy Department Chair of the Corporate Section in the California offices of Baker Botts where she built the technology transactions and data privacy practice. An intellectual property transactions attorney, Cynthia also has expertise in AI, digital transformation, data privacy, and cybersecurity strategy.

Author

Alex advises clients on issues involving data privacy, digital transformation, IP, and cutting-edge technologies such as artificial intelligence. He represents clients in drafting agreements for data, IP, and technology transactions.

Author

Lothar has been helping companies in Silicon Valley and around the world take products, business models, intellectual property and contracts global for nearly 20 years. He advises on data privacy law compliance, information technology commercialization, interactive entertainment, media, copyrights, open source licensing, electronic commerce, technology transactions, sourcing and international distribution at Baker McKenzie in San Francisco & Palo Alto.

Author

Susan Eandi is the head of Baker McKenzie's Global Employment and Labor Law practice group for North America, and chair of the California Labor & Employment practice group. She speaks regularly for organizations including ACC, Bloomberg, and M&A Counsel. Susan has been published extensively in various external legal publications in addition to handbooks/magazines published by the Firm. Susan has been recognized as a leader in employment law by The Daily Journal, Legal 500, PLC and is a Chambers ranked attorney.

Author

Paul Evans is the New York and East Coast leader for the Employment & Compensation Practice Group, residing in Baker McKenzie's New York office.

Author

Brian provides advice on global data privacy, data protection, cybersecurity, digital media, direct marketing information management, and other legal and regulatory issues. He is Chair of Baker McKenzie's Global Data Privacy and Security group.

Author

Teisha Johnson is a member of Baker McKenzie's antitrust practice in Washington, DC. She advises clients on a wide range of antitrust and e-discovery matters, and has considerable experience counseling clients in government investigations, proposed mergers and acquisitions, compliance, and litigation matters.

Author

Mackenzie Martin co-leads the Firm's Global Patent Practice and is a member of the Firm's North American Intellectual Property & Technology and North American Trial Team Steering Committees. She focuses on intellectual property litigation, counseling, licensing, and portfolio strategy matters. She has significant experience in patent and trade secret litigation actions in federal district courts, before the US International Trade Commission, and before the United States Patent and Trademark Office Patent Trial and Appeal Board.

Author

Cristina focuses her practice on regulatory and transactional issues in global privacy and data protection, including data security, data breach notification, global privacy, website privacy policies, behavioral advertising, cross-border data transfers, and comprehensive compliance programs.

Author

Teresa advises on all aspects of dispute resolution, primarily complex business disputes, class actions, intellectual property and international arbitration. She is the Co-Chair of the North American Class Action Subgroup.

Author

Bradford Newman is a litigation partner resident in Baker McKenzie's Palo Alto Office and Chair of the North America Trade Secrets Practice. According to Chambers USA, Brad is a "recognized authority on trade secrets cases" who "is valued for his tenacious, intelligent and thoughtful approach to trade secrets matters." Bradford regularly serves as lead trial counsel in cases with potential eight and nine-figure liability, and has successfully litigated (both prosecuting and defending) a broad spectrum of trade secrets cases in state and federal courts throughout the country. He routinely advises and represents the world's leading technology, banking, professional service, manufacturing and commerce companies in connection with their most significant data protection and trade secret matters.

Author

Ella is an associate in our Firm's Intellectual Property & Technology Practice Group and is based in our San Francisco office.

Author

Justine focuses her practice on both proactive and reactive cybersecurity and data privacy services, representing clients in matters related to information governance, diligence in acquisitions and investments, incident preparedness and response, the California Consumer Privacy Act, privacy litigation, and cyber litigation.

Author

Sara Pitt is an associate in Baker McKenzie's Los Angeles office and a member of the Firm's Litigation and Government Enforcement practice. She represents foreign and domestic corporations involved in high-stakes commercial litigation, with a focus on cross-border disputes.

Author

Alison Stafford Powell has considerable experience counseling companies on cross-border outbound trade compliance in the areas of export controls, trade and financial sanctions, anti-terrorism controls, anti-corruption and anti-money laundering rules, US anti-boycott laws, and US foreign investment restrictions. With a background also in EU and UK trade restrictions, she helps non-US companies navigate conflicting compliance obligations and risks under US and EU trade rules. She is a dual US/English qualified lawyer and has worked in the Firm's London, Washington, DC and Palo Alto offices since 1996.

Author

Elizabeth Roper is a partner in Baker McKenzie's North America Litigation and Global Dispute Resolution Practice. She is based in the New York office. Prior to joining the firm, Liz served in the Manhattan District Attorney's Office as Bureau Chief of the Cybercrime and Identity Theft Bureau (CITB). In this role, Liz directed the investigation and prosecution of all types of cybercrime impacting Manhattan, including sophisticated cyber-enabled financial crime such as identity theft, payment card fraud, and money laundering; network intrusions, hacking, ransomware, and "middleman" attacks; intellectual property theft; "dark web" trafficking of contraband; and the theft and illicit use of cryptocurrencies.

Author

Robin Samuel is a partner in the Employment Practice Group of Baker McKenzie's Los Angeles office. Robin helps clients manage and resolve local and cross-border employment issues, whether through counseling or litigation. He advises clients on virtually all aspects of the employment relationship, including hiring and firing, wage and hour, discrimination, harassment, contract disputes, restrictive covenants, employee raiding, and trade secret matters. Clients trust Robin to handle their most sensitive and complex employment issues.

Author

Jonathan Tam is a partner in the San Francisco office focused on global privacy, advertising, intellectual property, content moderation and consumer protection laws. He is a qualified attorney in Canada and the U.S. passionate about helping clients achieve their commercial objectives while managing legal risks. He is well versed in the legal considerations that apply to many of the world’s cutting-edge technologies, including AI-driven solutions, wearables, connected cars, Web3, DAOs, NFTs, VR/AR, crypto, metaverses and the internet of everything.

Author

Cyrus Vance Jr. is a partner in Baker McKenzie's North America Litigation and Government Enforcement Practice as well as the Firm's Global Compliance and Investigations Practice. He is based in New York and serves as Global Chair of the Cybersecurity Practice.