The Law and AI: Legal challenges in the defence industry

In this guest article, Yasmin Underwood, Defence Consultant and member of the National Association of Licensed Paralegals (NALP), explores the legal challenges of implementing artificial intelligence in the defence industry.

The defence industry is about so much more than bullets and guns. It is a sector that has always been at the forefront of technological innovation, including medicines, mobile phones, the internet, and now artificial intelligence. AI has the potential to revolutionise military operations, from enhancing the decision-making process to automating routine tasks; as in other industries, AI could take over jobs considered too ‘dull, dirty, or dangerous’ for people.

There is unease about AI in almost every industry, and concerns shift from business to business, but questions of accountability, transparency and legality are at the forefront of discussion in every sector. In defence, the rise in the use of autonomous/unmanned vehicles (commonly known as drones) in both military and commercial settings has been accompanied by heated debate as to how legislation is going to be able to keep up with such rapid advances in technology, and the ethical implications of their use in a military setting.

What do we mean when we talk about ‘AI’ and ‘autonomy’?

The defence industry refers to AI as “a family of general-purpose technologies, which may enable machines to perform tasks normally requiring human or biological intelligence”. However, there is no legal or statutory definition of AI. Instead, it is often defined by reference to the combination of two key characteristics:

1. Adaptivity – being “trained” and operating via inferring patterns and connections in data which are not easily discernible to humans
2. Autonomy – making decisions without the express intent or ongoing control of a human.

Let’s expand on the latter for a moment.

The UK government had previously stated that it does not possess fully autonomous weapons and had no plans to develop them. However, during a parliamentary debate in the House of Lords in 2021, it became apparent that the UK’s new posture does not rule out the possibility that “the UK may consider it appropriate in certain contexts to deploy a system that can use lethal force without a human in the loop”.

Whilst the UK does adhere to the International Humanitarian Law principles, which prohibit indiscriminate or unnecessary use of force. Currently, there is no comprehensive legislation that specifically governs the use of AI and autonomous systems in the UK. There is industry-specific guidance, such as the UK Ministry of Defence ‘Pro-innovation approach to AI regulation 2023’, and a handful of more generic regulatory policies, such as the General Data Protection Regulation (GDPR) which addresses concerns around data privacy and security that arise from the use of AI systems.

But essentially issues are dealt with on a case-by-case, and sector-by-sector basis. This lack of clarity presents several key challenges for legal professionals:

• Safety and Security
• Privacy
• Bias and Discrimination
• Responsibility and Accountability.

Pinning down accountability

Setting aside the most obvious concerns over safety, security, and privacy, arguably the most significant reoccurring concern raised by my clients when discussing AI is who should be held accountable when/if something goes wrong, and who was responsible for the outcome? Is it the developer, is it the owner of the technology, or is it the end user?

Unfortunately, it is not that simple.

The ‘black box’ nature of most modern AI systems, with layers of interconnected nodes that are designed to process and transform data in a hierarchical manner, prevents anyone from establishing the exact reasoning behind a system’s predictions or decisions. This makes it almost impossible to assign legal responsibility, in the event of an accident or errors caused by the system.

Multiple studies on algorithmic errors across various industries have shown that even the very best algorithms, operating exactly as designed, can generate internally correct outcomes, that nonetheless cause chaos. For example, in 2015, users discovered that Google Photos was categorising some African-Americans as primates. Imagine misidentifications being made in a defence scenario. What happens if an autonomous weapon system is unable to distinguish between hostile forces and children playing with toy guns? You can’t punish a machine.

There is the risk that delegation of tasks or decisions to AI systems could lead to a ‘responsibility gap’ between systems that make decisions or recommendations, and the human operators responsible for them.

I have found that often the military response regarding who is to be held accountable in these scenarios, is that it will always fall on the commanding officer. But attributing blame up or down the chain does not simplify this legal and moral complexity, and in the absence of clear legislation it is difficult to hold organisations responsible for the actions of their AI systems.

Crimes may go unpunished, and we may even find that eventually the entire structure of the laws of war, along with their deterrent value, will be significantly weakened if law makers cannot come to an agreement on some kind of universal legislation.

Bias and discrimination

Although the media might have you believing otherwise, we are nowhere near a world where AI is thinking and making decisions completely of its own accord. The reality is that AI systems are only as good as the data they are trained on, and while machine learning offers the ability to create incredibly powerful AI tools, it is not immune to bad data or human tampering. Whether that’s flawed or incomplete training data, limitations with technology, or simply usage by bad actors.

It is all too easy to embed unconscious biases into decision-making, and without legislation addressing how these biases can be mitigated or avoided, there is a risk that AI systems will perpetuate discrimination or unequal treatment.

To try to alleviate these issues, industry experts have been considering the possibility of an ‘ethics by design’ approach to developing AI. Could legal responsibility be moved up the chain to the developer? Should there be rules of development as well as rules of engagement?

Of course, this approach would bring with it yet more new obstacles for the legal profession. Though one would hope that in comparison to the previous complexities of establishing causal links where AI is involved, these obstacles should be much easier to navigate.

With proper universal regulations and ethical principles in place for tech companies to follow when developing new systems, the path of causation should be significantly more straightforward, allowing lawyers to establish clear accountability.

Where do we go from here?

With the rise of intelligent systems such as ChatGPT, the stakes are higher than ever, and we are seeing more and more high-profile industry experts calling for international regulation of AI.

The good news is that potential solutions to these issues have been being matured for several years:

In 2021, the European Commission proposed the first ever legal framework on AI, which addresses the risks of Artificial Intelligence. The proposed regulation aims to establish harmonised rules for the development, deployment, and use of AI systems in the European Union, and outlines a legal framework which proposes a risk-based approach that separates AI into four categories: unacceptable risk, high risk, limited risk and minimal risk. Each category is subject to different levels of regulatory scrutiny and compliance requirements.

This innovative new framework led to the 2022 proposal for an ‘AI Liability Directive’, which aims to address the specific difficulties of legal proof and accountability linked to AI. Although at this stage the directive is no more than a concept, it offers a glimmer of hope to legal professionals and victims of AI induced harm, by introducing two primary safeguards:

1. Presumption of Causality: If a victim can show someone was at fault for not complying with relevant obligations, and that there is a likely causal link with the AI’s performance, then the court can presume that this non-compliance caused the damage.
2. Access to Relevant Evidence: Allows victims of AI-related damage to request the court to disclose information about high-risk AI systems. This should help in identifying the person/persons that may be held liable and potentially provide insight into what went wrong.

While one might argue that this new conceptual legislation would not solve all our legal issues, it’s certainly a step in the right direction.

In addition, there are policy papers such as the UK 2022 Artificial Intelligence (AI) Strategy, and the US Department of Defence Responsible Artificial Intelligence Strategy and Implementation Pathway 2022.

These provide important guidance to both tech developers and their military end users, on adhering to international law and upholding ethical principles in the development and use of AI technology across defence.

They also present opportunities for data scientists, engineers and manufacturers to consider using ethics by design approaches when creating new AI technology, aligning the development with the related legal and regulatory frameworks to ensure that AI and autonomous systems are developed and deployed in defence in a manner that is safe, effective, and consistent with legal and ethical standards.