On August 7, 2024, after three years of negotiation, the United Nation’s Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes unanimously adopted the Convention Against Cybercrime. The Convention now goes to the General Assembly, where it is expected to be adopted. If ratified by 40 member states, the Convention will enter into force.
New UK Consumer Laws on Fake Reviews, Subscription Contracts and Drip Pricing: Impact on US Businesses
In May of this year, the UK Government passed the Digital Markets, Competition and Consumers Act (DMCC) into law. The DMCC is wide-ranging and covers three key areas: consumer law, digital markets, and merger and antitrust law.
In the first of our series of blog posts, we set out key points on the significant changes to consumer laws and regulatory enforcement powers of which US businesses selling to UK consumers need to be aware ahead of the law coming into force, which is expected to be later this year.
EU Artificial Intelligence Act – Legislation Adopted by the European Council
The long-awaited European Union Artificial Intelligence Act (the AI Act) is nearing implementation following its adoption by the European Council yesterday (21 May 2024). This signals the completion of the final major stage of the European Union (EU) legislative process and the AI Act is expected to enter into force imminently. We considered the impact of this legislation in detail in our previous article: EU Artificial Intelligence Act — Final Form Legislation Endorsed by European Parliament.
The only remaining formalities are the signature of the President and Secretary-General of the European Parliament and Council and publication in the Official Journal, which is expected to happen in the coming days. The AI Act will enter into force 20 days after this takes place. The AI Act will become fully applicable 24 months after its entry into force (June 2026). However, some provisions will apply before that date.
Continue reading “EU Artificial Intelligence Act – Legislation Adopted by the European Council”
UK and US Announce Partnership on Science of AI Safety
On 1 April 2024, the UK and US signed a memorandum of understanding on the science of AI safety. This partnership is the first of its kind and will see the two countries work together to assess risks and develop safety tests for the most advanced AI models.
Following their announcement of cooperation at the AI Safety Summit in Bletchley Park last November, the UK and US have formally agreed to align their scientific approaches to AI safety testing, with plans to perform at least one joint testing exercise on a publicly accessible model. The partnership will take effect immediately and will see the two countries work together to tackle the safety risks posed by next-generation versions of AI. The agreement will facilitate collaboration between the UK AI Safety Institute (formed last November) and the US AI Safety Institute (which is still in its initial stages) and will include the sharing of vital information and research on the capabilities and risks associated with AI systems, together with the exchange of expertise through researcher secondments between the institutes.
Continue reading “UK and US Announce Partnership on Science of AI Safety”
NIST Releases Cybersecurity Framework 2.0
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the NIST Cybersecurity Framework 2.0 (CSF 2.0). CSF 2.0 represents the first major update to the Cybersecurity Framework, which was first released in February 2014. CSF 2.0 provides an increased focus on entities’ governance functions and broadens the CSF’s scope. For companies subject to state and federal standards demanding “reasonable security,” CSF 2.0 is particularly important because it could very well become the de facto standard of care under various cybersecurity and data privacy laws.
Focus on Governance
CSF 2.0 builds on the five high-level functions from CSF 1.0 (Identify, Protect, Detect, Respond, and Recover) by introducing a new core function—Govern. This function focuses on ensuring that an organization’s cybersecurity risk management strategy, expectations, and policies are established, communicated, and monitored. In particular, this new core function emphasizes that an organization’s cybersecurity framework must be (i) based on the organization’s individual circumstances, goals, and risk appetite; (ii) well established and communicated within the organization to ensure compliance and continuity; and (iii) continually reviewed and improved.
Continue reading “NIST Releases Cybersecurity Framework 2.0”
UK Supreme Court Rules that AI cannot be an ‘Inventor’ Under UK Patent Law
In Thaler v Comptroller-General of Patents, Designs and Trade Marks [2023] UKSC 49, the UK Supreme Court ruled that AI cannot be an ‘inventor’ for the purposes of UK patent law. The ruling concludes a series of appeals from Dr Stephen Thaler and his collaborators, who argued that an AI system called ‘DABUS’ should be named as the inventor of two new inventions generated autonomously by it relating to food and beverage packaging and light beacons. This was part of a series of test cases, which have had limited success globally, seeking to establish that AI systems can make inventions and that the owners of such systems can apply for and secure the grant of patents for those inventions. The judgment noted that the broader questions of whether an invention generated autonomously by AI ought to be patentable, or whether the meaning of the term ‘inventor’ should be expanded to include machines powered by AI, were matters of policy that would need to be addressed by legislation.
The UK Supreme Court made three main findings.
- DABUS is not an ‘inventor’ under the Patents Act 1977 (“Patents Act”)
- An ‘inventor’ within the meaning of the Patents Act must be a natural person (a human being). Since DABUS is a machine, not a natural person, it cannot be an ‘inventor.’
- It was not Dr Thaler’s case that he was the inventor and had simply used DABUS as a highly sophisticated tool. Had Dr Thaler made that case and named himself as the inventor, the Court noted that its decision might have been different, but it was not the Court’s place to determine that question.
- Dr Thaler was not entitled to apply for and obtain a patent simply by virtue of his ownership of DABUS
- Dr Thaler sought to rely on the doctrine of accession whereby the owner of existing property would own new property generated by that existing property (in the same way that a farmer owns the cow and also the calf). The Court held that this only applies to tangible property and not to intangible inventions. For this reason, title to the invention cannot pass as a matter of law from the machine that generated it to the owner of that machine. This argument also assumes that DABUS itself can be an inventor within the meaning of the Patents Act, which, as the court had already established, it cannot.
- By failing to satisfy the requirements of the Patents Act, the two patent applications must be taken to have been withdrawn
- Because Dr Thaler had failed to name an inventor and had failed to state a valid right to apply for and obtain the patents, the UK Intellectual Property Office had been correct to find that Dr Thaler’s two patent applications would be taken to be withdrawn at the expiry of the 16-month period prescribed by UK patent law for this purpose.
Commentary
Dr Thaler’s UK patent applications were part of a project involving parallel applications to patent offices around the world. The UK Supreme Court’s ruling is unsurprising and follows similar decisions in the United States and Europe.
The ruling raises significant issues for the AI industry, but it is important to focus on what it confirms: that inventors must be natural persons for the purposes of UK patent law. The judgment does not impact the patentability of AI-generated inventions as it does not necessarily preclude a person from securing a patent, provided that a human being is named the inventor.