European Scrutiny Committee
Oral evidence: Regulating after Brexit, HC 125
Wednesday 12 July 2023
Ordered by the House of Commons to be published on 12 July 2023.
Watch the meeting
Members present: Sir William Cash (Chair); Margaret Ferrier; Mr David Jones; Craig Mackinlay; and Greg Smith.
Questions 248 to 292
Witnesses
I: Michael Birtwistle, Associate Director (AI and data law & policy), Ada Lovelace Institute; Neil Ross, Associate Director for Policy, techUK; and Professor Sir Nigel Shadbolt, Principal and Professorial Research Fellow in Computer Science, Jesus College Oxford.
Witnesses: Michael Birtwistle, Neil Ross and Professor Sir Nigel Shadbolt.
Q248 Chair: Good afternoon, everybody, and thank you very much for appearing before us to give evidence this afternoon. We have an especially well-qualified and expert panel for today’s session, spanning the worlds of trade, think-tanks and academia.
By way of background, we are interested in learning more about the post-Brexit regulation of data and artificial intelligence, and about how and where the UK has the freedom to regulate differently outside the EU. The latter area—artificial intelligence, or AI—is especially germane, given recent technological developments, which have been going very rapidly, and that is something we will consider in detail towards the end of the session. Taken together, tech and AI appear to be areas where the UK and the EU are diverging in their approaches to regulation, and that divergence, if managed properly, could afford the UK a competitive advantage on the world stage.
Before we get started, and for those watching at home, will you briefly introduce yourselves, starting with Professor Sir Nigel Shadbolt?
Professor Sir Nigel Shadbolt: I am Nigel Shadbolt. I am executive chair of the Open Data Institute, which I co-founded with Tim Berners-Lee over a decade ago. I am also a professor of computer science at the University of Oxford and a fellow of the Royal Society and the Royal Academy of Engineering—both organisations have written on some of the topics that we will be discussing today. Also, I am an independent digital expert, as of February 2023, for the CMA—the Competition and Markets Authority.
Neil Ross: Hello, my name is Neil Ross. I am associate director for policy at techUK. If you don’t know techUK, it is the trade association for the technology sector in the UK, and we represent just under 1,000 companies that operate in this country.
Michael Birtwistle: Good afternoon. Thank you to the Committee for having us here today. My name is Michael Birtwistle. I am associate director at the Ada Lovelace Institute, which is a research institute dedicated to ensuring that AI and data work for people and society.
Q249 Chair: Thank you very much indeed. I will ask the first question and the second question. First—this is to all three of you in order, from Sir Nigel, to Neil and then to Michael—when the UK was a member state, how far-reaching was EU regulation governing the technology sector? The second question is, do you think the tech sector in the UK wants to align with or diverge from EU rules?
Professor Sir Nigel Shadbolt: Certainly, we were covered, and most notably in the area of data. The General Data Protection Regulation was widely promoted and, of course, was in operation whilst we were in the EU. It led to very significant changes and processes across every kind of organisation within the UK—the duties and responsibilities that were required. We will perhaps be talking in a little bit more detail about the various impacts of that—everything from data protection officers to subject access request treatment.
Subsequent to our leaving, of course, we are now in a process of trying to establish the Data Protection and Digital Information Bill, which will be looking to see whether aspects of data protection can or should be modified and what would be required—in particular, to maintain adequacy to allow data to flow relatively freely between the EU and the UK. It is very interesting to see how those ideas are developing, not least in the light of a very recent development in the last couple of days: the US and the EU have agreed a data privacy framework between them. The judgment of the EU is that the US now meets the adequacy criteria with regard to that framework. That is very much in the context of allowing a widespread flow of data.
Q250 Chair: I hope I have good news for you: I went to the Vote Office just now, before this session, and in fact the Bill is now being printed as an Act, because it received Royal Assent in the last few days. When you said, “It will be,” the answer is it is, because it now has Royal Assent. I thought I would let you know, because you might even want to get a copy for yourself.
Professor Sir Nigel Shadbolt: Thank you very much.
Neil Ross: Just to follow up on what Nigel said, the main piece of regulation that was passed when we were a member of the European Union was the General Data Protection Regulation, which then became the Data Protection Act 2018. It had incredibly far-reaching implications, not just for our sector but for others. I am sure that many people in this House will remember staff going on training courses to comply with GDPR regulations as they were coming in. When it was being developed, the UK was actually very influential in the construction of the GDPR in the European Council, and also in the European Parliament.
In particular, the hon. Member for Chelmsford, who is now in this place, was very influential in some of the construction of that Bill, particularly around retaining the lawful basis of processing data, called “legitimate interests”, which is now being developed further in the UK’s own legislation. So you can see that the UK was not only impacted by the rules but shaping them while we were a member of the EU. Most of the regulation and legislation we are talking about today—competition, AI and online safety—developed after the UK had left, so at this point we are moving on to separate tracks.
When it comes to whether the tech sector wants to align with or diverge from the UK, we want the UK to be strategic about this. We want to see divergence for advantage—data and AI seem to be the most obvious ones—but we want to make sure there is convergence for convenience where it makes most sense for the UK to align with EU rules. The most notable example of that is something called CE marking. It is a marking that is put on most forms of electronic products, and we do not see any particularly good reason why the UK would have a different product certification regime from the European Union, largely because we both go to quite high standards. If you have the same mutually agreed marking, you can move goods much more freely around the European area. So there is an example of diverging for advantage, but also one where we can converge for convenience.
Q251 Chair: So you would call it constructive competition. In other words, where it is appropriate, we work together, and where there is a competitive advantage, we do our thing if we can.
Neil Ross: Yes.
Chair: Michael Birtwistle?
Michael Birtwistle: On your first question, I do not think I can add anything to the very good descriptions given by the other witnesses. On your second question, I cannot represent the views of businesses, but I will make a few observations. First, adequacy is obviously very important, and it is notable that the Information Commissioner was grilled quite heavily in the EU recently on whether or not the changes within the DPDI Bill will actually mean that the UK remains adequate.
Secondly, I think attitudes to data protection law and the cost of compliance with it probably vary quite significantly based on the size of business. If you are a small or medium-sized business that does not have a legal team or the expertise in-house in order to understand how you can navigate your way through that law, the less restrictive approach gives you fewer guidelines on how to navigate that in a low-cost way.
Thirdly, the significance of UK GDPR as a set of important safeguards on data use is only increasing in light of the explosion of commoditised AI products that we have seen come on to the market in the last six months. The DPDI Bill represents a weakening of those safeguards, and we think that that needs to be looked at again in the light of those developments.
Q252 Chair: Professor Shadbolt, am I right in thinking that there is an increasing awareness that people who are involved in AI are going to take over large sectors of activity that have previously been regarded as entirely human—if I may use that common sense, ordinary word? What is your assessment of that?
Professor Sir Nigel Shadbolt: AI is a technology that has been in our phones, devices and software for decades. It has gone unremarked on for quite some time, although occasionally people recognise that when there is an issue around face or voice recognition, there could be issues around that, so we have been struggling with the notion of how to proportionately manage AI. The big change has been around so-called generative AI where people see this whole new set of potential application contexts and systems that can generate huge amounts of extended content, summarise content, translate from one language into another, and even write code.
We are looking at needing to respond in an agile fashion to these developments—I am sure we will come on to it perhaps in later questions as well. What does that look like? Does a principles-based approach—the kind of thing we are looking at with the UK approach—give us advantages? Can we be agile in the development and employment, but also understand and anticipate the harms that might arise? The challenge will be whether we have a regulatory landscape that will be agile enough to understand where harms might arise and anticipate them without a fully-fledged system that tries to, at the outset, determine that this application context is going to be problematic or beneficial.
You are right that AI's brief is extending hugely across all sectors of our lives, and we need to work out where existing regulation and existing law need to be adopted and can be used, where we can give our regulators effective instruction and support. I think all of us are required to become in a sense more literate and informed about the benefits and the potential downsides of systems—for example, the right to a human decision or algorithmic decision making, where we do not put all the onus on the consumer to find out the problems with these systems but can anticipate them in advance.
Q253 Chair: We will come on to that in a moment. I have just one short question: will AI overtake computer science?
Professor Sir Nigel Shadbolt: I like to think of AI as a branch of computer science, absolutely. What we will see, and we have always seen this in the history of computer science—
Q254 Chair: So you see AI as part of computers.
Professor Sir Nigel Shadbolt: It is, absolutely. It is a fully-fledged branch. It is not separate. Indeed, we may be in a position where some of these systems help write the code that computer scientists use.
Chair: Thank you. Let us now move on to David Jones. David, would you like to ask a supplementary?
Q255 Mr Jones: I have a small supplementary question on our discussion so far. In terms of regulation, how much of an advantage is it to the UK that we are a common law jurisdiction rather than a civil law jurisdiction? Does the flexibility of the common law make it easier for us to regulate for AI, for example?
Professor Sir Nigel Shadbolt: I will turn to my colleagues as well, but I think that there is that sense that the harms-based approach—and understanding, on a case-by-case basis, that the notion of precedent is fundamentally important—can be advantageous because we simply do not know at this stage where benefits and harms will arise. More particularly, AI, as a part of computer science, is a general purpose technology. It can be applied to almost every aspect of human affairs. The question we will have to ask is: do we have a legal framework that is responsive to the harms and the interests of the citizens of this country?
Q256 Mr Jones: Essentially, a common law approach might reasonably be said to be that something must be of merchantable quality and that it is then a matter for the courts to decide whether a particular piece of AI is of merchantable quality, although that is oversimplifying it.
Professor Sir Nigel Shadbolt: Of course, within that framework, there is a whole set of issues around what the Americans would reference as the notion of unfair and discriminatory practices—the idea that within that there are understandings about what fairness in the delivery of a service might look like.
Q257 Mr Jones: Last year, the EU introduced several new individual items of digital regulation, such as the Digital Markets Act and the Digital Services Act. How have these EU laws been received by the industry? Do you feel that the UK would benefit from aligning with them, or do you think that it would be better for the UK to retain the option to diverge?
Neil Ross: Given the fact that we have left the European Union, I think it makes sense to develop those laws in line with the requirements and circumstances in our own country. There are, however, benefits to ensuring that the outcomes that you are trying to achieve are roughly aligned with your core trading partners and with countries that share similar cultural backgrounds.
The Data Protection and Digital Information Bill is probably the best version of this. The Bill creates a more flexible approach to complying effectively with what the GDPR is. It retains all the core citizens’ rights that are within that, but it just changes the mechanism for the delivery of those. The advantage of that for the UK is that companies based here get a slightly more flexible approach to implementing the law—an approach that is more accepting of innovation. However, as you scale, grow and move to a global compliance posture—which is dominated by a GDPR-based approach—that is a much easier journey than if the law was completely different. It puts the UK in quite a strong place of being in a position to start, scale and develop products and services, and then you can export them fairly efficiently.
There are a number of things we can do to make that better. For example, the research provisions within the DPDI Bill align quite closely with the case you would make to claim the UK Government’s R&D tax credit, which has now been expanded to cover data and cloud computing costs. You can build quite an attractive framework for bringing these companies into the country by acting in a slightly different way and still maintaining an easy route to export, which obviously we want to do.
Q258 Mr Jones: Would you agree with that, Michael?
Michael Birtwistle: Broadly, yes, in the sense that what is important is the capabilities of the UK regulatory ecosystem and whether or not it has the right capabilities to achieve its outcomes. There are probably aligned interests around having fair and competitive markets that, in a general sense, are likely to be broadly aligned across the UK and the EU. One thing that is interesting about both the Acts that you have mentioned and the CMA’s DMU is the capability to address the much larger players in the market. There is an analogy in the AI world: there are very few organisations that can train and build the most powerful models, and you may tend towards an oligopoly without the ability to address their market power.
Q259 Mr Jones: Have you anything to add, Professor Shadbolt?
Professor Sir Nigel Shadbolt: The issue around market concentration will be crucial and—with the best will in the world to those companies who are doing extraordinarily innovative things with this this new technology—we know that the very best large language models take extraordinary amounts of compute, ingest huge amounts of data and produce complex outputs, all of which demand extensive benchmarking, testing, refinement and improvement.
The issue is making sure that that space is open and contested and also that the data is fit for purpose. Something that I might wish to talk about a little more later is how we ensure a data infrastructure, in an age of AI, that will give us a competitive edge, because the UK has some unique data attributes and data resources.
Q260 Mr Jones: Such as the NHS.
Professor Sir Nigel Shadbolt: Such as the NHS. Such as our cultural heritage, our history. Such as the British Library. Such as the Office for National Statistics.
Chair: Very interesting. Greg Smith, please.
Q261 Greg Smith: My question very much follows on from Mr Jones’s questions and some of the answers that you gave. The Centre for European Reform, for example, are putting forward the argument that they believe that the EU is ahead of the UK when it comes to tech regulation and that some businesses, particularly start-ups, are choosing to be within EU countries rather than the UK.
The question is really to ask: is that true or not? But particularly with regard to the point that you made, Sir Nigel, about innovative disruptors coming along, I think the bigger question is: how do we, mindful of the ever changing tech landscape and the development, at pace sometimes, particularly within AI but also in other sectors, best regulate so that we keep up with that pace of change, rather than waiting for it to be too late, almost, to have that competitive advantage?
Professor Sir Nigel Shadbolt: First, I will turn to my colleague on the question about where companies are preferring to go; we can come back to the other question.
Neil Ross: I do not accept that assertion by the Centre for European Reform. Frankly, it is not borne out by the evidence given. Even if you look at where recently some of the largest companies we have talked about in terms of AI have been placing their resources, it is in the UK, over European destinations. It is not really an issue of regulation; regulation is a small part of that calculation.
When a company thinks about where it is going to place a business resource, an innovation department or an operation, it broadly thinks of three things: “Do I have access to the skills and infrastructure I need to develop and build the business? Do I have access to the markets, both domestically and to export to from the location I am choosing? And what is the general business environment, including both tax and regulation?”
From what I can see from where AI companies have placed their bets, it’s largely based on the fact that London is a pre-eminent destination for AI skills and development, because of the strong links with the universities, the strong access to talent, and the innovative nature of the country itself. I’m talking about the fact that you can apply AI in different sectors with expert regulators. These seem to me to be the main reasons, as opposed to the regulation itself. That is, though, something we have to be aware of.
Nigel made an important point about compute infrastructure. What you need to drive and develop these systems is access to very powerful machines and also quite large data centres. Those things require power and planning permission and sites to be developed in; and at the moment, the UK is moving very, very slowly when it comes to these large pieces of digital infrastructure.
If I may, I will move to a sort of side sector, but one I am quite familiar with. In the semiconductor industry, there are a number of companies who are thinking about developing next-generation manufacturing techniques on new materials for semiconductor chips. They are looking at the UK and asking, “Where can I find a site to build these?” They look up and down the UK, and there isn’t one that will be viable within the next few years, and as a consequence they take them abroad. The destination they usually go to is the United States—more specifically, Texas.
Q262 Greg Smith: To follow up on that, over the years there has been a debate about this, and Amazon Web Services, in particular, got caught up in having all its infrastructure overseas. I will almost reverse my question: rather than, “How can the UK best regulate?”, I want to ask, “Why are other territories getting that?” The Republic of Ireland has often come up, which is interesting because it is within the European Union but is on its own, in terms of competitive advantage, and there is also the United States. Is it a regulation question, or is it a pure infrastructure question?
Professor Sir Nigel Shadbolt: Sadly, I think it is about capital investment and the presence of organisations prepared to sink hundreds of millions of pounds into compute infrastructure. There were announcements in the last Budget, and the Prime Minister established a frontier taskforce to look at how the UK might respond to development in these so-called large language or foundation models.
Where do you secure the raw compute power? Do you need a sovereign capability? In the UK, we have historically always had, when we have needed it, compute power sufficient to our national intelligence needs, weather forecasting and scientific analysis. There is an argument about whether we need to provide access to our research and our best universities. There is possibly a real argument for being somewhat interventionist and saying that we need those basic, fundamental research services to keep this innovation space.
We certainly provide bright young talent at a rate of knots, in terms of PhD students and graduate students with the skills and ability to exploit this new wave of technology. The ongoing and evergreen question is: do we have the level of capital investment to keep the companies headquartered in the UK? How might you best resist takeover by corporates in the States and elsewhere? Of course, some countries respond to that by having specific limits on acquisition models.
Michael Birtwistle: I defer to my colleague on businesses’ choice architecture, but I respectfully disagree on the relevance of regulation. The UK has a moment of opportunity on AI regulation specifically. It has proposed an alternative model to the EU’s, and it stands a good chance of shaping how others govern AI. It has secured the support of the US on the AI summit in the autumn, and it has a head start on the prospect of setting up a UK AI assurance ecosystem. That is the prize, but to win it and to be perceived as a leader internationally, it is going to be crucial for the UK to have its house in order and to have a credible domestic AI governance regime that meets people’s expectations of the protection they will receive.
Neil Ross: I just want to make sure my comments are taken in the full context. I didn’t diminish the role of regulation; I just mentioned that it is part of a group of criteria that you would choose.
Q263 Craig Mackinlay: Sir Nigel, you mentioned infrastructure. If you have huge cloud-based data centres, which seem to be getting bigger and bigger by the day, do you think the UK’s restrictions, planning difficulties and energy difficulties—in terms of setting up new infrastructure and plumbing in big data centres, the cost of energy and our uniquely bad emissions trading system—are working against big investment in the UK? I am familiar with some companies that are literally just looking at Switzerland, because of energy supply and easier planning, and because it is well plumbed into the network of Europe, as it were. Do you think those subsidiary things, away from regulation, are working against the UK?
Professor Sir Nigel Shadbolt: You need a whole-systems approach. We can talk about the underlying fabric and the compute, both for active computation and for holding the huge amount of data that is required. That area is, of course, receiving huge amounts of research and innovation. Interestingly, the battle is always on to try and reduce the requirements that these systems need to compute what they compute—very innovative ways of keeping these systems cool, literally, and putting them in a place where energy is available.
I think these are important considerations. There have been a lot of discussions about smart city developments, where essentially data storage centres are located very locally to the usage. I think the argument then around sovereignty plays into this as well—a need for certain classes of data most assuredly not to leave the jurisdiction of a country.
The other thing that sits in this area, often in the background, is our data regime. What is it that we can do? We have a very strong history of innovation—our work in open data and our work around smart data, which is considering how we can use the data assets that we have. There are extraordinary jewels in the crown—NHS data; the data we have in the public services; the data we have in cultural heritage; and the data we have in our universities and in our research institutions. How can we use all that data to train and inform the very strongest and best sorts of AI models going forward?
Q264 Chair: I was only going to add one thought, which is that as you come from The Turl—you know what I mean; I was at Lincoln, my legal adviser was at Lincoln and Rishi Sunak was at Lincoln—I’m hoping to hear from you that The Turl is a centre of excellence for the purposes of computer science. Is that correct?
Professor Sir Nigel Shadbolt: Well, I couldn’t possibly comment on my sister colleges on The Turl. But yes, we have some very good people.
Q265 Mr Jones: On infrastructure, I read an article fairly recently, admittedly in the general press, that Google had developed a quantum computer that could do 47 years’ worth of processing in a nanosecond. Is this something that’s on the horizon and that will become usable?
Neil Ross: Quantum computers are a technology that will become available at some point. However, I think we shouldn’t underestimate the incredible difficulty of maintaining them and keeping them running over a sustained period of time. So, although their power is incredible, the access and availability of quantum computing is extremely low. Usually, you can only run quantum computers for a matter of minutes and they're not sort of useful for anything. We're going to wait and see how that sort of general purpose technology develops in the future, but today it’s still very much an emerging field.
Q266 Mr Jones: I see. No idea how quickly it might develop?
Professor Sir Nigel Shadbolt: Never bet against the exponents of computer science. I mean, it is the one technology where exponential change literally happens; you can plot a curve and the compute power goes up as a straight line.
Q267 Mr Jones: It doubles every 18 months.
Professor Sir Nigel Shadbolt: And in some areas, the doubling perhaps doesn’t quite capture the real change of power. That’s certainly the case with these most recent architectures.
Quantum could be disruptive. There are lots of application contexts, not just in computing but in quantum sensing, where these things are available now and are changing the landscape of quantum materials work. But I think that we understand the infrastructure that we have available now. What will be happening is that, with that infrastructure, there will be a huge amount of work to try and make it more cost-effective. There will be huge amounts of innovation around designing the very best sorts of semiconductor chips and instruction sets to support this new capability. The UK has historically been extremely good at this and has on occasion notably let those capabilities go.
Neil Ross: I would add that the UK has developed a fantastic quantum strategy that is investing £2.5 billion in the sector, so we are well placed to take advantage of this technology when it develops. Nigel mentioned some of the extremely good use cases, and quantum navigation is other one as well. I think there was a recent development with the Royal Navy being able to use a quantum compass to find where a ship was without having to rely on various other things. You have these incredible applications, so we need to keep investing in them to bring them on stream.
Q268 Chair: In terms of the availability of what I call the indigenous materials that are needed for semiconductors and things like that, I think I read recently that there is a company in Cambridge that was effectively put in a position where it couldn’t continue to develop on the same scale because the materials and the metals—whatever they are—were not available. Is that an issue for the United Kingdom? It's a bit like this rare-earth argument we hear about. Is this something that could inhibit our ability to expand, because we don't have the natural resources?
Neil Ross: Yes, access to critical minerals and materials will be hugely important as we go forward. You can see from the positions that different countries around the world are taking, notably China and the US, with export restrictions on both high-end technologies and the materials to build them that this is becoming a more contested space. One of the things that the UK could do, and could take a leadership role in Europe on, is look at the recycling and reuse of materials to ensure that we are more independent.
Q269 Chair: But we do not have an immediate lack of it at the moment or into the immediate future?
Professor Sir Nigel Shadbolt: No, but there can be bottlenecks. We have seen bottlenecks, haven't we, occurring in the supply of semiconductors? That has concentrated everybody's mind, not least in the United States, where they are reacquiring some of that capability to build and design. Again, I think the UK has extraordinary innovative capabilities in material science, which allows new developments, new insights in how you can compute at all in what material substrates, and how you might use that through the whole digital chain.
Q270 Margaret Ferrier: My questions are to Sir Nigel and Mr Ross. Advocacy group Article 19 has argued that new UK regulation, such as the Online Safety Bill, may lead to difficulties in enforcement and compliance. To what extent do you agree with this, and how will this impact tech businesses in the United Kingdom?
Neil Ross: The Online Safety Bill is a very complicated and broad piece of legislation. The National Audit Office, I think only yesterday, released a report saying that, to deliver, Ofcom will have to develop about 40 different pieces of regulatory guidance, and that the start date for the regime is likely to be 2025, which is quite a long time after the original conception of the Bill.
Ultimately, what we want is for the Bill to get through this House as soon as possible so that we, as the tech sector, and Ofcom can start working on putting it into practice. I think the Bill suffers a bit from unclear terms and a lack of specificity. There are a couple of areas on things like general monitoring and the role of encryption that we think could do with more clarity, but ultimately we will rely on the sector and Ofcom to work together to bridge the gaps. We need to start that work as soon as possible, because it is such an important regime and is well valued by many people in this House.
Professor Sir Nigel Shadbolt: It is interesting to see how the Digital Services Act, the European obligations and the Online Safety Bill, if it lands in the way we expect, might actually complement one another. Clearly, the Online Safety Bill has become particularly concentrated around particular types of harm, which I think is entirely understandable.
There is a lot to be said, though, for understanding the intermediary processes that you need to guarantee and support an effective duty of care for the consumers who are using the various services. I think that aspects of the Digital Services Act, which may end up shaping a lot of how tech companies deliver their services, sat alongside aspects of the Online Safety Bill, could be quite complementary.
Q271 Chair: As you may have heard, Miriam Cates and I began this inquiry into the question of whether the Online Safety Bill needed amendment to stop algorithms from having an effect on young people. We got some substantial research together. I would be really interested to hear your view about this, because we came to the conclusion—it is still in the House of Lords right now—that if we do not deal with this problem effectively, self-harm will continue to increase.
There is the Molly Russell case in particular, which you are obviously familiar with. The result would be that we would end up with more self-harm and even suicides connected with these algorithms. It is a matter of social concern. Do you generally agree with that as a principle, and that you must have effective legislation to ensure that people do not wilfully go down the wrong road and make available material to young people who are very vulnerable?
Neil Ross: Yes.
Professor Sir Nigel Shadbolt: The clear requirement is that we have ways of keeping young and vulnerable individuals and elderly and vulnerable individuals safe in this context. We all need to be kept safe in this context. We need an ability to spot and take down really harmful material. The challenge is how far that scope extends. Again, in work that the Royal Society did on the online information environment, it was interesting that, in other areas, the breadth, range, and application of takedown notices has to be managed quite carefully. I think that is where we need effective and resourced regulators.
The situation we do not want to find ourselves in is where the kind of services that are being provided cannot be interrogated adequately by a regulatory regime. We need to focus on how we properly support those other organisations, Ofcom and the CMA, and look at where they ultimately end up being accountable to. I would submit that it should be to Parliament, not to Ministers.
Chair: That is extremely interesting because we are in the middle of this right now. The Secretary of State is looking at the amendments that are being proposed, including the one that I put forward with Miriam Cates, which said that there should ultimately be—in extreme but necessary circumstances—a criminal offence for wilfully allowing people to be drawn into that network. I have seen the films; it is quite devastating to see how suicide has been incurred as a result. As the coroner said in the Molly Russell case, quite honestly, there was no justification for the child to be brought into that environment in the first place.
We cannot spend all afternoon on that, but I just wanted to get your view on it because it is relevant to what is going on in the House of Lords right now.
Q272 Craig Mackinlay: We have been discussing the Online Safety Bill, as was brought up by Ms Ferrier in the previous question. It is a lengthy and complex Bill, and it is not completed yet. Obviously, Parliament can do as it pleases, but does the Bill proscribe things in too much detail, and therefore leave the role of Ofcom somewhat diminished? What do you think the effect of the Online Safety Bill will be on Ofcom and the degree of discretion it enjoyed in the past? What does the Bill do to that relationship? It is a broad question; Mr Birtwistle, have you considered that at all?
Michael Birtwistle: We have not done research specifically on the Online Safety Bill, but I would observe that the UK's approach on AI regulation is very much the opposite. It is one of institutional empowerment and passing responsibility for achieving general principles down to regulators, in order to ensure that something is regulated proportionately. That would seem to be different to the approach taken with the Online Safety Bill.
Neil Ross: Of all the different issues we are talking about today, the Online Safety Bill is the one I am least familiar with. I can certainly send you our briefing to Members in the Lords covering all the different issues we have.
Craig Mackinlay: Sir Nigel, do you have any views on that?
Professor Sir Nigel Shadbolt: One thing we have thought about is data and the Online Safety Bill. From the discussions around data we recommended that the Government utilise data better to understand online harms and make more data available to external researchers. Full Fact called for Ofcom to be given a remit for researching and understanding the harms caused by misinformation, and then publishing the information in a report. There is a need for actual detailed data to drive learning and progress in what is a very complex domain. I think we would all admit that.
Would the notion of an independent evidence centre be an appropriate place to go to try and assess in detail what is happening here? There is a lack of data around some of those issues. We have tragic cases that come to our attention, and then an awareness that there are entire ecosystems where significant societal harms are being perpetrated.
Q273 Chair: Could I just make a pitch for the National Society for the Prevention of Cruelty to Children, which has played a big part. I thank Mr Collard and the team for the work they have done on this. If any of you have any reason to ask them any questions or to offer them any advice, I hope this is an opportunity that you take.
Neil Ross: We have worked with a huge range of people on the Online Safety Bill. Ultimately, the Bill will be successful if it empowers Ofcom to work with our members and our companies to ensure that as they develop and deploy their services, they provide effective safeguards to children and young people and also guard against the other parts of the Bill.
We want to make sure that that is a proper partnership between the regulator and businesses and that it is appropriate to the sort of technologies that we can deploy. Some parts of the Bill point towards accredited technologies in different forms of systems, which we just do not think are readily available yet. We need to work in detail on what the actual requirements are and make sure that it is a co-design service. Equally, as you have pointed out, you want to make sure that there are sufficient sanctions if people repeatedly and wilfully contravene the regime.
Q274 Mr Jones: We have already mentioned the Data Protection and Digital Information Bill. What, in your view, is the potential impact of the Bill on the EU’s adequacy decisions in respect of the United Kingdom? Could we start with Mr Birtwistle, please?
Michael Birtwistle: We have not done a specific analysis on whether the UK’s approach, as in the Bill, is likely to retain data adequacy. The areas in which the UK is proposing to diverge from the current UK GDPR are generally around the accountability framework built across the Bill. That is, the role and responsibilities of data protection officers as they currently exist.
Then there is the shift from a lot of the safeguards in there from all forms of processing to only high-risk processing and reducing the amount of information recorded by businesses and the amount of assessment they have to do up front about whether harm is likely to be caused. Also, there is the area around article 22 that governs automated decision making, which is relevant for artificial intelligence. Those key areas are likely to be areas of focus for the EU in understanding whether the data of their citizens being sent over here will receive adequate protection.
Neil Ross: We do not see any particular risk from the Data Protection and Digital Information Bill to EU adequacy. The EU has adequacy decisions with 15 jurisdictions, including the UK and, as referenced earlier, the United States. Even if the Data Protection and Digital Information Bill is passed in its current form, the UK will have the most similar data protection regime to the European Union of any jurisdiction in the world.
If there are specific issues that the EU raises with UK data protection rules because of court cases or various things that might pop up, it is unlikely that adequacy would be removed, given the similarity. They may amend the decision to identify the potential changes they want to see, but I think the risk of losing adequacy is very low.
Mr Jones: Do you agree, Sir Nigel?
Professor Sir Nigel Shadbolt: Yes, certainly, with the way things are shaping up. There have been estimates that a dual system would be very burdensome. In fact, there have been estimates by the Government that standard contractual clauses could cost anything between £190 million and £460 million in one-off costs. That is, annual costs in the hundreds of millions of pounds to maintain dual track. I think businesses would struggle with two different data protection systems.
However, at this stage, there is a degree of relative sanguineness about the likelihood of losing adequacy. As I say, with the recent agreements, the EU is also looking to find ways to make a reasonable arrangement. The example with the US is interesting, where you could argue that in certain places US standards are not as strong or as developed as the UK.
Q275 Chair: What impact will the Digital Markets, Competition and Consumers Bill have on tech start-ups in the UK and the tech industry as a whole? I will ask Neil Ross that question first. Then I have a second question, so I will throw them in at the same time. Some critics of the Bill have argued that it says no to big tech—that is the tagline—and that the UK is becoming an increasingly unfavourable environment to build a digital business. What are your thoughts on that? Because you are in the hot seat, more or less, on that, aren’t you?
Neil Ross: I have worked closely on this Bill, and I gave evidence to the Public Bill Committee a couple of weeks ago. There is no reason why it should be a “no to big tech” Bill. The Bill confers a range of powers on the CMA through this new specialised unit—the digital markets unit—to do two things.
One is to address the consequences of market powers, so being realistic that these companies exist, that they confer a huge amount of consumer benefits, and that they are massively important in allowing other companies in our economy to scale and grow. But it is identifying that there are some issues with competition, so how do you address those through conduct requirements? The other tool at the unit’s disposal is to address the root causes of market power, and that requires an additional assessment and what is called a pro-competition intervention.
The Bill is very broadly scoped, and its maxim confers a lot of power on the CMA potentially with relatively few safeguards, so there are basically two worlds in which this Bill could operate. There is one world where the CMA exercises its power very widely across a large range of markets, creating uncertainty for companies across the economy. The other world, which is actually the world I think the Government, the CMA and ourselves want to get to, is where the powers are very well targeted and the guidance is very precise, and it focuses on significantly less than 10 very large companies. It also offers a lot of reassurance and engagement with those companies in developing the remedies.
If we end up in that second world, there is no reason why it should be a “no to big tech” Bill or why it should not benefit start-ups and other companies in the economy, because they will be able to have more access to users and to use different platforms to employ their services from. However, we have to ensure that we get there.
Some of the things we should be doing to ensure that we get there are things that we submitted in our evidence to the Public Bill Committee, such as to ensure the regime is accountable. When Ofcom was set up in 2003, it was required to report to Parliament on what it intended to do in its first year and then to report back every year saying how it had performed against its duties. Currently, there is no requirement specifically on the digital markets unit to do that in the Bill. That is something we could look at, given the wide-ranging powers it has.
The other thing we want to see is the guidance for the regime set out as soon as possible. Lots of companies are looking at the Bill and reading into it in lots of different directions, and we need the CMA to add meat on the bones of the guidance on, most importantly, things like the strategic market status designation process, how evidence can be submitted, how the CMA will consult people, and what consumer benefit measures they will use, particularly when it comes to pro-competition interventions.
The third bit is making sure that we get the appeal standards and the legal mechanisms right for the Bill. We are looking at the way a judicial review standard would be applied in this particular case and thinking that it potentially only provides a very narrow series of grounds on which to appeal a decision. How do we make sure that that is more flexible given that the Bill, in theory, can perform in a huge range of different circumstances? I think we want to work with the Government to find out whether we can stretch that, or look at how we can advance that standard to ensure that it is suitable for all the different requirements that are likely to be brought up.
Q276 Chair: At the moment, I am not sure exactly what stage the Bill is in. Is it about to receive Royal Assent? I know the competition markets Bill that I referred to earlier has just got Royal Assent. Because we are getting towards the end of July, I always get a bit nervous about these things.
Neil Ross: I think the Financial Services and Markets Bill that you referred to has received Royal Assent.
Chair: It has received Royal Assent. It is online now, actually.
Neil Ross: The Digital Markets, Competition and Consumers Bill has just left Public Bill Committee, and I think the Government are working to a Royal Assent date of April, which means it is probably likely to come back before us.
Chair: That gives plenty of time for your contribution at this Committee to be taken account of, and hopefully that will produce a good result. I will now move to Margaret Ferrier.
Q277 Margaret Ferrier: In April, the Competition and Markets Authority prevented Microsoft’s proposed purchase of Activision Blizzard, which led to Microsoft accusing the Government of discouraging technology innovation and investment. The CMA has recently announced that the merger could be approved, subject to a restructure of the proposals, shortly after the US agreed it could go ahead. Would you say the CMA has more freedom to protect competition in the UK market than EU countries, or conversely that it is potentially more susceptible to pressure to align with other countries, despite its own misgivings, to avoid being the lone opponent to mergers?
Professor Sir Nigel Shadbolt: It is interesting to note that that decision is back in play, and there is an interesting discussion going on around just that. With the powers that the CMA is being granted, the intention is not to bash big tech, but I think that we have somehow to understand how we manage inadvertent super-concentration; prevent monopolies, cartelisation and other negative behaviours; and encourage competition. That has to be the right thing to do.
In the case of looking at whether a restructure might happen, I think having significant regulatory perspectives from the US, EU and UK can help in the serious interrogation of whether particular proposals have the right balance. I think that is entirely the right way to be going. Encouraging competition through fostering innovation and helping new entrants—that has to be where the CMA’s interests align.
Neil Ross: This is an incredibly complicated case. We are probably still going to have to digest the ruling against the FTC and then see what happens when the CMA sits down with Microsoft to see what assurances it can get in that case. We want as predictable a regime as possible, and in many ways that relies not so much on the type of regime, but on the evidential base, academic thinking and engagement with companies around the world, to think about what the competition remedies should be in certain circumstances.
If we can get to a common understanding of the facts and the appropriate way forward, we are less likely to have divergence between these different competition authorities around the world. That is just going to be better for business, because you are going to have much more certainty and predictability about what the likely consequences will be if you go for a merger. I think this is still a very evolving discussion, but we want to get to a place where there is certainly a lot more predictability in the system than has come out as a result of this case.
Q278 Chair: If you look at our historical innovatory history and innovation in fields like television or the jet engine—the list is very considerable—there is something very remarkable, is there not? There is AstraZeneca, and so it goes on. We seem to be capable, for whatever reason, of being innovative at the right time. Is there a danger that somehow we get to a certain point and then we sell out, so that we end up not getting the fuller benefits that we could have got?
Am I right in thinking that you are collectively taking a view that we are doing pretty well, and that you are very optimistic about our capacity to develop these new technologies, in the context of AI and the rest of it, in a way that is very much in line with the British tradition and its demonstrable capacity? Would you say that that is your general feeling at the moment, all things considered?
Professor Sir Nigel Shadbolt: I do not see that there is any reason to be doom-mongering about this.
Chair: That is what I want to know.
Professor Sir Nigel Shadbolt: I think that we have the human talent and the data capital. We have already discussed the issue about compute capability. We also have a particular regulatory environment; reg tech—regulatory technology—is an innovative capability in its own right. It may sound odd to say that, but in other areas we have seen this. My own group at Oxford has researched tools to track where the mobile data on your phone or on the apps you use goes.
Those sorts of tools turn what is invisible visible, and allow organisations like the CMA to get a sense of where there may be unseen concentrations happening. So much of this is happening in the ether, literally. It is happening in ways of which we might not always be entirely aware. Developing a technology that is fit for regulatory purposes—the tools we need to watermark, to determine the provenance of content, and to enhance and support privacy—sits alongside concerns that regulators have in managing this market.
Neil Ross: You would expect me to say this, as a representative of the sector, but we think that the tech sector is the UK’s modern economic success story. It adds about £150 billion to the economy every year, and we think with the right support that could be up to about £200 billion a year by the middle of the decade.
On the whole, we are moving in the right direction. We may have quibbles or questions about the approach to seeking talent, building infrastructure, and regulation, but the trajectory is positive. The Government are strongly engaged, and the Opposition also see this as an opportunity, so we should very much be continuing on that path.
Michael Birtwistle: I will come in on the point about regulator capability being an important part of the UK being able to take advantage of the opportunity presented by those technologies to develop its economy. Being able to govern the technologies appropriately, keeping up with the tech and being an attractive regulatory environment, however, involve resourcing regulators properly.
The Digital Regulators Co-operation Forum, which is four of our biggest digital regulators, recently made a submission to the AI White Paper calling for the resourcing. Other regulators have also made that call. If we think of comparable regulatory domains that are about critical infrastructure for the UK and have safety concerns around them, they are funded to the tune of tens if not hundreds of millions of pounds a year—not necessarily from the public purse, but often through licensing regimes. That is the scale of the challenge that we see, particularly for governing AI. It is right for regulators to be supported in that capacity.
Q279 Greg Smith: At the start of the session, we talked about AI in a generic sense and the wider, broader regulation piece. Focusing specifically on regulation of AI and its emerging landscape, the Government have had a White Paper, the consultation has finished and we expect a road map.
In the Liaison Committee recently, the Prime Minister said that he did not see the need for legislation, but that there might be such a need. We are going to have a global summit in the autumn. Different models across the globe have various critiques—the US is accused of being too light touch, the EU of a heavy fist coming down in regulating this sector, and we are somewhere in between.
Where will this end up? Is there a case here for an emerging technology to be on the lighter-touch end of the spectrum? We need not only to do what we need to so that the plot of “The Terminator” does not become reality, but to allow the technology to emerge as fast and as well as it can. Who wants to have a first crack at answering that?
Michael Birtwistle: I am happy to start. The UK has set out a different approach. If I characterise the EU approach very simplistically as being a heavily rules-based approach, the UK's approach is an institutionally focused approach, so it says, “Let’s have some principles; let’s give them to regulators; and let’s empower those regulators through some central functions to co-ordinate better around a technology with wide-reaching implications across the economy.”
The promise of that approach is to have the impact of the technologies and therefore the amount of regulation that applies to them as proportionately and as close to the point of use as possible. In that sense, it is going to be more proportionate, if that is what you mean. There will be fewer requirements on less risky tech, because the impact of a scoring algorithm varies hugely if it is recommending you Netflix shows to watch versus recommending you for parole. So the UK's approach does hold that promise, but it needs certain things, certain conditions to be met, in order for that institutional approach to work properly.
I have already talked about resourcing, but another big area is around powers. The range of powers available to regulators varies massively, and many regulators will look at those principles and go, “I can’t achieve that with the powers that I have.” There is a case for looking at common powers that go across regulators with regards to AI.
One thing that most regulators do not have is the ability to look at developers, to look up the AI supply chain; they mostly look at use. If you are the Equality and Human Rights Commission, you are looking at, “Has this public body met its duty?”; you are not looking at the person who supplied them with that tech and you are not looking at the tech that it was built on. That is a capability gap among regulators that is true of most western economies, not just the UK.
Again, we may need a different approach that is capable of looking at that part of the AI supply chain that supports regulators, which otherwise are going to be looking at very narrow bits of their own patches. We see much merit in the UK’s general approach, but some significant gaps need addressing.
Q280 Greg Smith: Before the others come in, perhaps I can add another dynamic to this. Fundamentally, this is the House of Commons and we are a democracy. Public opinion dictates which of us come here and who does not. Do you think the public get AI? The next general election may well have regulation of AI—it is not going to be the headline thing, but some people might start to think around these lines when they choose who to vote for. Do you think an understanding of AI exists among the British public and that it will feed into the debate as to where we end up on this regulation?
I used the very flippant example of the plot of “The Terminator” in my last question. Do you think that is actually what the public think when they think about AI, or do they think about more practical and useful applications—from recommending a film to the stuff in cars now that stops us crashing? Where do you think the public are on that, and how much of a say is that going to have on where we end up on regulation?
Michael Birtwistle: I think people understand when they have been impacted by AI or an algorithm, and we have examples of the public’s discomfort with data being used in unexpected ways or decisions being made about them that they are not comfortable with—contact tracing, the Ofqual exams algorithm and the GP data issue. There is a risk of backlash, particularly around the concerns, which are in the news a lot, about Terminator-type scenarios, which we think are long-term risks that need to be addressed, but we have time to address them.
The Ada has done a lot of public attitudes research, and there is clear support. The majority of people want regulation for AI and want to understand that they are protected from it, so that is potentially going to be an important differentiator, in the sense that I think people are going to understand whether or not what is being proposed as the right governance solution for AI will protect them from the impacts. We have published research with the Alan Turing Institute, and the Government’s own Centre for Data Ethics and Innovation has also published public attitudes research on public support for regulation, so I think it will be an important issue.
Neil Ross: We have not done extensive public polling. The Government has done, and I think the general sense is that people see the benefits of AI and can envisage how it would help them at work, but also how it could support the health service and public services in various different ways. But, as Michael has said, they also want to be protected from some of the risks of it. That is fairly similar to how you would expect them to reply to anything. I think one survey found that only about 13% of people could properly explain to you what AI was, so in many ways this is still a pretty open debate.
Where are people going to most likely confront AI in their day-to-day lives? With ChatGPT, we have seen the first example of that, because people can literally go on the internet and type something in, and it will give something back to you. There are other places where you are likely to bump into it in your day-to-day work. If your CRM system or email system can start to give you stuff when you ask for it, you might be able to ask, “When am I free over the next two weeks?”, and it can pull up your calendar and say, “You can say you’re free at these times, and I can send a message to someone.”
All these sorts of things are incredibly useful. They can massively boost productivity and show the public the benefit of it, so we want to make sure that those kinds of solutions and those kinds of positive use cases are deployed, and that we ensure that people have the right skills and attitude to use them properly to improve their lives and improve business outcomes.
But at the same time, as Michael said, we need to be clear-eyed about the potential risks of where AI could be used to harm people, making sure that if a significant or legal decision has been made about you, you have the right to challenge it; that there is transparency and explainability around how an AI system operates, should you ask for it; and that you are being kept safe when a system is being used. All these things will be vitally important to make sure that we get the benefits of AI and bring the public with us as it is deployed.
Professor Sir Nigel Shadbolt: AI is not a new technology. AI has been with us for decades. In fact, we have been using AI in critical parts of our national infrastructure, in everything from medicine through to defence, for decades. In the late ’70s, when I went to the Department of Artificial Intelligence at the University of Edinburgh—there was only one in the country at that stage—it was technology that was already beginning to demonstrate the possibilities. Periodically we become very much more re-engaged with the impact.
But if you think back to when Kasparov was beaten by Deep Blue, or when so-called knowledge-based systems were being used to do medical diagnosis in medical contexts, those ethical and regulatory challenges have been with us. In many respects sectoral regulation has kept us safe, and we have applied those same high principles to using the technology in specific sectors. We use it now.
The worry came, I think, when we saw recommender systems. This is where we get straight into issues like the Online Safety Bill. Companies began to deploy AI-driven systems without any sense of the people using them, of what was being used, and what was the basis of that recommender system. There is a need for transparency so that we can have a sense of how the algorithms are determining and making the choices. AI has been used for a very long time to do credit scoring and fraud detection. You would like to know, and people demand to know, that there are rules around understanding the characteristics used in making those decisions.
The right to transparency and clarity around how these systems operate has been persistent. We will need that going forward. I think our framework promises that proportionate balance. I am excited, as I have been throughout my career in AI, to see the next period. I think we have to be alert—as I say, it is not always the artificial intelligence that we need to worry about. It is the natural stupidity of people in misapplying the technology.
Q281 Chair: Could I venture a thought on this with regard to a recent story on AI systems denying the applications of certain customers—we do not need to mention names, because they become quite prolific—to open new bank accounts?
There has been a suggestion in the newspapers that this is a consequence of algorithms descending on certain categories of people without any explanation. Apparently, there is no explanation that even the companies themselves can offer as to why these companies are closing people's bank accounts, which is rather a serious social problem. Have you any thoughts on that? We are all genuinely puzzled.
Neil Ross: This speaks to why you have to get AI and algorithmic governance right within firms and also within Government. You do not want to take a position where, if the computer says no, people move on. These decisions should always be able to be challenged and you should be able to identify areas of potential bias. Often when these things happen, it is usually a failure of the people who govern the systems. The systems are largely doing what they are told to do. You have to make sure that that approach is correct.
To back up what both Nigel and Michael said, I think the UK's approach does seem to be the right one, certainly compared with the EU’s approach. But we need to ensure that regulators are well resourced.
Q282 Chair: People having their bank accounts closed is now an endemic story. It is not just about the individuals; it is the fact that it is causing no end of social—
Professor Sir Nigel Shadbolt: It is really important to bring those examples to the fore. What is the basis of that apparent discrimination? Is it the original training set that was used by the algorithm and it has picked up some latent bias in the original training set? Training sets are not perfect. They have to be amassed, surveyed and assured.
Back to the original point around what the public understands about AI, too often it is easy to reach for “The Terminator” Hollywood image.
Chair: The Schwarzenegger approach.
Professor Sir Nigel Shadbolt: Indeed. But there is a great deal to be done to help all of us become more educated, informed and aware of what is happening, where things are likely to go, and what the impact on lives is. It is not going to destroy every job in the UK. In my experience, the extraordinary thing is that human beings are extremely able to find new and novel ways to pay them wages for doing things that other human beings find interesting, but these tools will augment and supplement those abilities.
Michael Birtwistle: This goes back to the Data Protection and Digital Information Bill. Our data protection regime is fundamentally an underlying cross-cutting framework that gives people the right to an explanation, and transparency about when their data is being processed.
Even under the current UK GDPR, you may not be aware of the sort of processing that is taking place—for example, of how your data is being used by the bank to judge that loan. You will have a very generic privacy notice, and you may not be able to get information about the decision made about you, which makes it very hard to contest that decision. Those provisions are being weakened in the DPDI Bill, so it all interconnects. It is important that the sort of action that the UK is taking in its AI White Paper is read alongside what is happening in the DPDI Bill.
Q283 Chair: So what you are really saying is that, almost by virtue of the discussion that we are having on this recent topic, it would not be a bad idea for the Ministers concerned to have a good look at your evidence, so that they can form a judgment about the extent to which they need to get this right, if that is the cause of the problem.
Michael Birtwistle: I very much agree with that. We will also publish next Tuesday legal advice that presciently includes a scenario on banks making automated decisions around loans, and which looks specifically at these protections. We would be happy to send those to the Committee.
Q284 Chair: Even if there are no other benefits to this session, it will help to alleviate the problems for some of those who have been caught up in this recently.
Neil Ross: We want the data protection legislation to maintain the right to review an automated decision. When the Bill was consulted on, the Government asked, “Should we remove that?” We, as the industry, said that that would not be a good idea, because if you do not have trust and redress in these systems, people will lose faith.
The systems will not be used, and companies such as ours will have a limited base to sell to. That is why we have engaged very constructively with the White Paper process, and continue to make the point about correct data and AI governance in businesses and organisations, and getting the legislative or regulatory framework in place to support that.
Q285 Craig Mackinlay: Sir Nigel, you said that AI has been with us for many decades; for my own interest, is that what they used to call fuzzy logic, years ago?
Professor Sir Nigel Shadbolt: Yes, indeed.
Craig Mackinlay: You probably have not heard that phrase for some time. I am showing my age.
Professor Sir Nigel Shadbolt: AI is a suite of methods and techniques, and the current wave of AI is being propelled by a particular form of machine learning—a particular style of deep neural network called the Transformer architecture.
Q286 Craig Mackinlay: I do not want to get into that. I just wanted to make sure that it was a form of that. We were having a debate at lunch today, funnily enough, at which the topic of AI came up. It is not all fun in the Dining Room; we were discussing serious things. We were making the point, “Why is it that the huge global digital giants—your Metas, Googles, and all the rest of it—are all American?” I suppose that TikTok in China would be a later example.
Why is it that during our period of EU membership, when we have all been on the same pathway of regulation in the data space, both Europe and the UK, which has been better placed, given our use of the English language and all that stuff, have been so behind the curve, while the US has just battled ahead in a way that we are unlikely to be able to replicate very easily?
Further to that, the Prime Minister said that he wanted an international AI conference in the UK. Could Britain be the Wimbledon? We have flashes of brilliance very rarely—once a decade or so. This year was much the same as usual—we were out in the second and third rounds—but it is still the most prestigious place to watch tennis and have a tennis competition. Could Britain occupy that space, if it gets the right sort of architecture? The big mystery is: how come Europe, and the UK particularly, missed out on what we have seen abroad? Is it too late to replicate a Meta or Google in the UK? I personally feel that it is. That was an expansive question, I know.
Professor Sir Nigel Shadbolt: On just a part of that—colleagues may want to take it further—I think that it would be misreading it somewhat to imagine that it was a problem to do with being in the EU. The US has some extraordinary advantages in terms of scale, the ecosystem that is the west coast, the availability of tech talent and capitalisation. Those have been well studied and researched. Of course, there is some evidence that the UK is really quite successful, and is becoming more successful, in promoting a start-up economy, and one has to hope that we will see disruptive companies emerge again. The question is how you keep them secured.
DeepMind, a very few years ago, was literally leading the world in the demonstration of a new wave of AI reinforcement learning-based systems. It beat the world’s best Go player, gave us protein folding, and had a huge range of accomplishments. It was acquired by Google; we can understand why, at that stage, the company needed that injection of funds and resource. That is about the market context and the capital context in which these companies find themselves. One has to ask how we make the UK the most attractive environment for not just spinning out and developing, but nurturing and growing; that is very much the challenge that techUK faces.
Neil Ross: I would totally agree with that. There are specific advantages that the United States has, but the UK, as I mentioned, has done incredibly well. It is the clear European leader when it comes to developing these kinds of companies and attracting this kind of talent, and it is third in the world when it comes to venture capital investment.
The UK also has some remarkable tech successes on a similar scale. We have semiconductor design companies in the UK that probably designed the chips in everyone’s phone here today, and we have software design companies that have built software that is used by businesses all over the world, so there are some massive success stories to look at. What Nigel said, though, is right: the wider market and industrial context is the issue here, as opposed to whether we are members of the European Union. That is the bit we need to focus on. That comes back to the points that I made earlier about how you get investment—
Q287 Craig Mackinlay: But you understand my point: the UK economy is one sixth, seventh or eighth of the size of the US economy, but we do not have a market capitalised digital leader of anything like an eighth of the capitalisation of one of the US leaders. The EU—when we were it—as a whole had a GDP possibly slightly bigger than the US, yet we were nowhere near having a capitalised company on the scale of those in the US. This is just an aside; it is off track, really.
I want to use your excellence to answer questions that have been on my mind. I have for some time had a concern about the internet of things. Say you buy a baby monitor, merrily plug it in, and connect it to your wi-fi. You might have bought it from Amazon or wherever. It probably has the CE marking on, so it will not catch fire when you plug it in. Nobody seems to be testing the software in that unit. That seems to be completely ignored by market regulators and trading standards.
We all have these products; every couple of months, they say, “We need a software upgrade tonight”. Your internet-connected thing, whether it is your fridge of the future or your baby monitor, goes off to the internet and downloads a new suite of software that is completely unknown to you—completely different from the software that was there on the day it was purchased, and on the day it came across either an EU or a UK border. What are we doing in that space? Is there any risk in that space that is just not being addressed? I feel that there is, but I suppose we have concerns about China and data and all those good things going on.
Neil Ross: I am not super familiar with this issue.
Q288 Craig Mackinlay: No, I did not particularly think you would be, but is it an issue that anybody is thinking about?
Neil Ross: For international data transfers, for example, you have to have a transfer risk assessment, and you have to show where it is going to, if it is not an adequate country. There are regulatory measures that the ICO could take if that was the case. Any citizen has the right to ask, “Where is the data going?”.
Q289 Craig Mackinlay: You see the risk of harm.
Professor Sir Nigel Shadbolt: I do, absolutely. The IoT is a great example of that. There are notorious examples of where this has gone wrong. In the US, for example, there were the so-called smart toys. Huge amounts of capability started becoming available, so you could put some AI capability—face recognition and voice recognition—into a teddy bear, but suddenly the systems deployed in the US were found to have no effective security at all, and all sorts of personal data was being recorded. You can’t imagine a more intimate conversation than between a parent and a child. Customer data was available. A company that was attempting to do business rapidly went bankrupt in the face of that, and was litigated against after the fact.
That is important because one of the deployment contexts for much of the AI we are going to be talking about is the internet of things. It is the friend we have invited into our home to run our music for us and tell us what the temperature is. All that will essentially have AI as a service behind it, so it will be incumbent on us to use the kind of deliberations that we have had today, and those from other scrutiny bodies and the regulators, to understand that AI will be ubiquitously deployed. Questions about where data goes and how it is used are fundamental to that deployment.
Chair: Time is ticking on. I am sure my colleagues agree that this session has been extraordinarily interesting, in terms of the quality of analysis that we have received. It also disposed of some of the doom-mongering that has run in certain publications. Thank you very much for coming. We are going to vote almost immediately, and I don’t want to be caught by the bell ringing in the middle of your answers to these questions—for whom the bell tolls. Thank you very much for coming. We will be able to look at the material when we see the written evidence, and then we will take it further.
Craig Mackinlay: Sir Bill, do we have just a moment to consider Horizon? Does it have any benefits for the UK, or would we be better looking elsewhere?
Chair: Yes, we have about one and a half minutes, I think. David Jones was going to ask that question, but Craig has jumped the gun, so here we are.
Q290 Mr Jones: We are told that we are on the brink of a deal with the EU on Horizon, which of course has been problematic for some time. The Government put forward an alternative—Pioneer, which I am sure you are aware of. Do you feel that the UK tech sector would welcome a deal, or would it be more interested in proceeding with Pioneer?
Neil Ross: I will answer very quickly, so my fellow panellists can get in. Horizon is seen as a one-of-a-kind scheme that companies are very used to using. If there is a deal available, our sector would encourage the Government to take it. It also provides a basis for joining something called EuroHPC, which is a supercomputing sharing programme. That is hugely important for our sector. That is an example of the way that, although we are not in the European Union, there are obvious partnerships that benefit both sides, which we should be part of.
Q291 Mr Jones: I suppose it would depend a lot on the cost, wouldn’t it?
Neil Ross: From what I understand, that issue has hopefully been resolved to the Treasury’s satisfaction.
Professor Sir Nigel Shadbolt: When we were in it, we did very well out of it. Being out of it, I would like to be in it again. That is the view of most scientific leadership. Of course, we welcome the fact that there has been interim support, but there is a strong sense that it allows us to understand the wider European context. There is extraordinary talent there, and it is often attracted into the UK system.
Q292 Chair: It is not just European; it is international.
To finish—we are running out of time—I want to ask a general question as a result of this session. You have thrown a lot of light into some very dark corners, for example through the answer to the question from David Jones about common law and precedent value. That is very much on our minds, because we have just been through the retained EU law Act, which has just received Royal Assent. Accelerating the common law approach is very important for us. In fact, I am just about to go to a meeting with the Ministers concerned. I would finally like to ask you a rather big general question. You are pretty upbeat about our opportunities, but we need to get a number of things sorted—would that be the general consensus?
Michael Birtwistle: I am optimistic that the UK can achieve its ambition on AI regulation, but it will require a level of political commitment around resourcing and legislation that has so far been slow to emerge.
Neil Ross: I would agree with that. On the retained EU law Bill, the one thing this community is not fond of is the lack of certainty about what that means. If you can be as specific as possible, that would be helpful.
Chair: We know—others do not—that the best way to keep a secret is to make a speech in the House of Commons. Nigel, did you want to add anything?
Professor Sir Nigel Shadbolt: No. I would just echo my colleagues’ points.
Chair: Thank you very much for coming.