Last month, I attended a panel discussion part of Eric Schmidt’s Special Competitive Projects Expo for National AI Competitiveness. The panel was organized by the Center for European Policy Analysis (CEPA) and was called “Injecting Security into the EU AI Act: Secure Data Flows in the AI Era.” I want to share a high-level summary of the EU and US representatives’ perspectives from this panel.

The full panel involved:

  • Eva Maydell, Member of the Parliament (MEP) Center-right Christian Democrats from Bulgaria
  • The Hon. Jennifer Bachus, Principal Deputy Assistant Secretary, Bureau of Cyberspace and Digital Policy, United States Department of State
  • Nicholas Bramble, Head, Trade Policy & Economic Opportunity, Google
  • Moderator: Ronan Murphy, Director, Digital Innovation Initiative, Center for European Policy Analysis

I’ll summarize what was discussed in the two sections below and then try to provide a high-level commentary that filters past buzzwords and diplomatic speak. Overall, the conversation centered around the EU AI Act and US cyber diplomacy as the new cyber bureau had just released its first strategy the “International Cyberspace and Digital Policy Strategy”.

European AI Act

The EU AI regulation, released in April 2024, is the EU’s vision for the “democratic development” of AI that “protects EU values.” It provides a legal framework for AI that harmonizes AI terms with the Organization for Economic Co-Operation and Development (OECD). Some of the provisions in the Act include setting up an AI Office, a central bureaucracy to handle registrations and oversee “high-risk” use-cases of AI such as social scoring, and remote biometric facial identification for law enforcement.

The MEP encouraged her European colleagues to learn from the US in supporting investments in AI. She noted how the European environment lacks a common market for capital investments which makes it difficult for money to follow ideas and talent. The solution doesn’t necessarily require new regulations she stated, but policy entrepreneurs that understand the “bigger picture” in everyday policymaking. Going forward, the MEP thinks the EU must have the “bigger picture” in mind and “consider all possible use cases of AI”. I’ll come back to that.

The MEP provided a straightforward perspective on the European Union’s geopolitical quandary. For the MEP, the EU and the US remain technological competitors, but the transatlantic partnership will always transcend any competitive dynamic in the face of other “nondemocratic” adversaries. Innovation and competition policy were mentioned a few times in the hour-long panel but were clearly a secondary concern. The MEP noted how the US’s securitization of IT had not fully hit the European Union until the invasion of Ukraine in early 2022. Today, as she explained, every IT decision at her level is mired in geopolitics, a trend that has increased with Gaza, and the increased competition with China.

The cost of US cyber diplomacy

The head of the State Department Bureau of Cyberspace and Digital Policy represented the US position. Two aspects of the cyber bureau’s new strategy were highlighted in the panel.

First, the “digital solidarity” pitch. It would appear that “Digital Solidarity” is now the Biden administration’s equivalent of Mike Pompeo’s “Clean Networks” (aka clean from Chinese tech) which was too much of a xenophobic conservative frame to work for the “inclusive” Democrats. Substantively however, both notions are practically equivalent in relying on a country-of-origin rationale as a basis for determining what makes technology secure. Both notions have the unfortunate quality of encouraging more data nationalism around the world by making government agencies impose their misguided priorities on the market. The Moderator, Ronan Murphy pointed out that the State Department’s new notion of “digital solidarity” contradicts the US withdrawal from the World Trade Organization (WTO) Joint Statement Initiative. In October 2023, the Biden Administration had reversed decades of US precedent by formally abandoning its demands for free trade in services from the WTO’s Joint Statement Initiative.

The State Department representative took issue with the moderator’s characterization and claimed the US is not revoking its position but merely “pausing it” so that we can have ICT trade and free data flows “with trust.” The trusted free flow of data (the second notion) is classic double-speak from the State Department, a euphemism for more digital trade barriers, protectionism, and tech nationalism. As a notable aside, the new strategy has also reversed the State Department’s usual opposition of efforts to expand the International Telecommunications Union (ITU)’s regulatory scope over internet governance. The cyber bureau vowed to enhance the ITU’s “effectiveness, transparency, and accountability.” Clearly, and for a while now, the US government thinks it can no longer afford to preference its long-term interests in an open and free rules-based system as it once did. Instead, the US will increasingly opt for bilateral or plurilateral agreements as a peer competitor to China. For example, the head of the cyber bureau noted in the panel that since the US will never be a leader in advanced wireless, it will need to work with “countries that share our values.” But there is a problem with these technology alliances. They will be costly, and China is playing the long game.

One member of the audience pointed out that Microsoft invested $1.5 billion in United Arab Emirates (UAE)-based AI firm G42 last month. The investment was conditional on the firm divesting from its Chinese ties. Brad Smith, architect of Microsoft’s USG alignment after Ukraine had stated “The U.S. is quite naturally concerned that the most important technology is guarded by a trusted U.S. company.” The cyber bureau’s new strategy will try to go beyond the US technology alliances to court non-aligned countries. However, it will be costly because those countries will play both ends against the middle. The president of the UAE, Sheikh Mohamed bin Zayed Al Nahyan (MBZ), has already declared that “The UAE has no interest in choosing sides between great powers,” instead preferring a “multilayer approach” to its various partnerships. I have a feeling that US taxpayers will end up fronting the bill for one of those layers. This is the kind of cyber diplomacy we can expect from the State Department in a nutshell. Promote national champions like Microsoft, contain Chinese technology with sticks and carrots, and throw in the labels “human rights” and “privacy” occasionally.

It does not bode well for the EU market either. Despite a few niche upstarts in specific sectors, the EU is nowhere near the US in terms of foundational AI tech or enterprise-class applications. The MEP’s appeal for Europe to keep the “bigger picture” in mind and to “consider all possible use cases of AI” likely means doubling down on top-down interventions by the European Commission. Truth be told, Western Europe doesn’t have a choice in the current geopolitical climate but to pay the price of US foreign policy. For better or worse, the EU will likely continue to leverage the large bureaucracy built around its digital economy, expanding its jurisdiction outside its borders through the power of its common market. This is the European way, always regulate a market before it fully materializes. Europe is doing so with “AI” and will soon repeat that approach with digital wallets.

My takeaway from this panel is that the all-too-familiar appeal to the public interest on “AI safety” and “trusted data flows” is very much part of the plurilateral technology alliance the US is building. AI is a general-purpose computing technology that is already regulated on an application-by-application basis. But this will not stop career bureaucrats and China hawks with no background in technology from manufacturing crises and comparing AI to the Manhattan Project. It won’t stop incumbents like OpenAI from calling for self-serving regulations to curb alleged harms caused by AI.

The US and EU representatives focused on “digital solidarity,” on “shared values”, and emphasized the need for a “transatlantic partnership.” The real purpose of these public interest slogans are to strengthen the US technology alliances and find common ground given the tensions with industrial coordination at forums like the Trade and Technology Council, the G20, and the Quad. I wish I could see anything other than heavy-handed government interventions and AI licensing regimes coming out of those meetings.