With Congress in summer recess and state legislative sessions waning, the Biden Administration continues to implement its October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (“EO”).  On July 26, the White House announced a series of federal agency actions under the EO for managing AI safety and security risks, hiring AI talent in the government workforce, promoting AI innovation, and advancing US global AI leadership.  On the same day, the Department of Commerce released new guidance on AI red-team testing, secure AI software development, generative AI risk management, and a plan for promoting and developing global AI standards.  These announcements—which the White House emphasized were on time within the 270-day deadline set by the EO—mark the latest in a series of federal agency activities to implement the EO.

AI Red-Teaming Testing and Risk Management 

On July 26, NIST’s U.S. AI Safety Institute (“US AISI”) released initial public draft guidelines on “Managing Misuse Risk for Dual-Use Foundation Models.” The guidelines outline practices for preventing malicious actors from recreating foundation models or deploying them to harm the public and include recommendations for developer red-teaming testing.  US AISI is accepting public comments on the draft until September 9, 2024.

NIST released the final version of its Generative AI Profile and companion resource.  The Generative AI Profile applies NIST’s 2023 AI Risk Management Framework to 12 risks that are “unique to or exacerbated by” generative AI, including data privacy and information security, environmental impacts, harmful bias, harmful or obscene synthetic content, and IP risks. 

These developments build on NIST’s May 28, 2024, release of its Assessing Risks and Impacts of AI (“ARIA”) pilot program, a test environment focusing on testing the risks and impacts of large language models, and the National Science Foundation’s July 23, 2024, launch of an AI test beds initiative for studying AI methods and systems and January 24, 2024, launch of the National AI Research Resource (“NAIRR”) pilot for compiling and sharing AI resources.

Secure AI Software Development Practices

NIST released the finalized version of its publication on “Secure Software Development Practices for Generative AI and Dual-Use Foundation Models,” supplementing NIST’s 2022 Secure Software Development Framework document.  The new companion resource addresses risks related to malicious training data that can adversely affect the performance of generative AI systems.   NIST also released Dioptra, an open-source software package designed to help AI developers and customers test the resiliency of AI models against adversarial attacks.

Global AI Standards

On July 26, the White House released the final version of its Implementation Roadmap for the May 2023 U.S. National Standards Strategy for Critical and Emerging Technology (“NSSCET”), following public comment on a draft roadmap released in June.  That same day, NIST also released the final version of its “Plan for Global Engagement on AI Standards” (“Plan”), which incorporates stakeholder feedback and public comments on an earlier draft.  Incorporating principles from the NIST AI Risk Management Framework and the US NSSCET, the Plan identifies over a dozen AI topic areas with clear or pressing needs for standardization, including defining key terminology for AI concepts, methods and metrics for assessing AI performance, risks, and benefits, and practices for maintaining and processing AI training data. 

These recent federal agency actions are just a subset of ongoing activities to implement the Biden Administration’s AI EO, and we anticipate more AI initiatives and developments as the White House approaches the one-year anniversary of the EO in October.  These efforts build on a number of agency efforts in the first half of 2024, including a Commerce Department proposed rule regulating infrastructure-as-a-service providers and guidance on the use of AI by federal agencies from the White House Office of Management and Budget. 

*                      *                      *

Follow our Global Policy WatchInside Global Tech, and Inside Privacy blogs for ongoing updates on key AI and other technology legislative and regulatory developments.

Matthew Shapanka

Matthew Shapanka draws on more than 15 years of experience – including on Capitol Hill, at Covington, and in state government – to advise and counsel clients across a range of industries on significant legislative, regulatory, and enforcement matters. He develops and executes…

Matthew Shapanka draws on more than 15 years of experience – including on Capitol Hill, at Covington, and in state government – to advise and counsel clients across a range of industries on significant legislative, regulatory, and enforcement matters. He develops and executes complex, multifaceted public policy initiatives for clients seeking actions by Congress, state legislatures, and federal and state government agencies, many with significant legal and political opportunities and risks.

Matt rejoined Covington after serving as Chief Counsel for the U.S. Senate Committee on Rules and Administration, where he advised Chairwoman Amy Klobuchar (D-MN) on all legal, policy, and oversight matters within the Committee’s jurisdiction, including federal election law and campaign finance, and oversight of the Federal Election Commission, legislative branch agencies, security and maintenance of the U.S. Capitol Complex, and Senate rules and regulations.

Most significantly, Matt led the Rules Committee staff work on the Electoral Count Reform and Presidential Transition Improvement Act – landmark bipartisan legislation to update the antiquated process of certifying and counting electoral votes in presidential elections that President Biden signed into law in 2022.

As Chief Counsel, Matt was a lead attorney on the joint bipartisan investigation (with the Homeland Security and Governmental Affairs Committee) into the security planning and response to the January 6, 2021 attack on the Capitol. In that role, he oversaw the collection review of documents, led interviews and depositions of key government officials, advised the Chairwoman and Committee members on two high-profile joint hearings, and drafted substantial portions of the Committees’ staff report on the attack. He also led oversight of the Capitol Police, Architect of the Capitol, Senate Sergeant at Arms, and executive branch agencies involved in implementing the Committees’ recommendations, including additional legislation and hearings.

Both in Congress and at the firm, Matt has prepared many corporate and nonprofit executives, academics, government officials, and presidential nominees for testimony at legislative, oversight, or nomination hearings before congressional committees, as well as witnesses appearing at congressional depositions and transcribed interviews. He is also an experienced legislative drafter who has composed dozens of bills introduced in Congress and state legislatures, including several that have been enacted into law across multiple policy areas.

In addition to his policy work, Matt advises and represents clients on the full range of political law compliance and enforcement matters involving federal election, campaign finance, lobbying, and government ethics laws, the Securities and Exchange Commission’s “Pay-to-Play” rule, as well as the election and political laws of states and municipalities across the country.

Before law school, Matt worked as a research analyst in the Massachusetts Recovery & Reinvestment Office, where he worked on all aspects of state-level policy, communications, and compliance for federal stimulus funding awarded to Massachusetts under the American Recovery & Reinvestment Act of 2009. He has also worked for federal, state, and local political candidates in Massachusetts and New Hampshire.

Read more about Matthew Shapanka
Show more Show less
August Gweon

August Gweon counsels national and multinational companies on data privacy, cybersecurity, antitrust, and technology policy issues, including issues related to artificial intelligence and other emerging technologies. August leverages his experiences in AI and technology policy to help clients understand complex technology developments, risks…

August Gweon counsels national and multinational companies on data privacy, cybersecurity, antitrust, and technology policy issues, including issues related to artificial intelligence and other emerging technologies. August leverages his experiences in AI and technology policy to help clients understand complex technology developments, risks, and policy trends.

August regularly provides advice to clients for complying with federal, state, and global privacy and competition frameworks and AI regulations. He also assists clients in investigating compliance issues, preparing for federal and state privacy regulations like the California Privacy Rights Act, responding to government inquiries and investigations, and engaging in public policy discussions and rulemaking processes.

Read more about August Gweon
Show more Show less