As AI reshapes the digital landscape, tech companies find themselves in a high-stakes game of regulatory chess, with each move potentially changing the possibilities stemming from innovation. The game board is especially intricate for global infrastructure providers like Cloudflare, involving as it does cybersecurity, data privacy, and content moderation in a complex policy framework.
“No one wants to miss the boat,” says Alissa Starzak, the company’s deputy chief legal officer and global head of public policy, referring to the rush to regulate AI. Yet, she cautions the tension between urgent action and measured response that encapsulates the complex balancing act Cloudflare navigates daily.
In a recent interview with Artificial Intelligence News, Starzak revealed how the internet infrastructure giant is working to shape a regulatory framework that fosters innovation while safeguarding against emerging cyber threats.
The AI regulatory conundrum: Speed vs. caution
Regulators worldwide face the question of how to mandate as AI technology advances. Urgency is muted by a significant fact: the main dimensions of potential AI are not fully understood yet. “No one really knows yet,” Starzak said, highlighting the challenge of crafting regulations for a technology with unknown scope.
A lack of knowledge has led to producing responsible AI development and deployment frameworks that are speculative. An example would be the AI risk framework set by the National Institute of Standards and Technology (NIST), which Starzak said were meaningful steps towards the goal. Voluntary guidelines provide companies with a roadmap for creating AI risk assessment measures and encourage them to do so without stifling innovation.
The tightrope of global regulatory harmonisation
Cloudflare is congnisant of the complexities of achieving regulatory harmony across different jurisdictions, particularly in data protection and privacy. Starzak used the EU’s General Data Protection Regulation (GDPR) to illustrate the benefits and challenges of sweeping regulatory frameworks.
It is noteworthy that GDPR has a significant role in consolidating privacy norms internationally. Starzak said that its real-life application does not always harmonise with the functioning of the internet. “It doesn’t actually feel like the way the internet necessarily works in practice,” she said, referring to restrictions on data transfers between jurisdictions.
This disconnect highlights a broader challenge: crafting regulations that protect consumers and national interests without impeding the global nature of the internet and digital commerce. Starzak emphasised the need for regulatory mechanisms that are “consistent across jurisdiction to jurisdiction, but enable information to travel.”
The imperative of targeted, narrow actions
Starzak advocates for a more nuanced, targeted approach to cybersecurity measures and content moderation. Her philosophy is rooted in recognising that broad, sweeping actions often have unintended consequences that can harm the ecosystem they aim to protect.
In terms of cybersecurity, Starzak stressed the importance of proportionality. She drew a stark contrast between targeted actions, like removing a specific piece of content, and drastic measures, like complete internet shutdowns. “The narrower that you can go, the better off you’re going to be from an open internet standpoint,” she said.
The principle extends to content moderation as well. As Starzak describes, the approach by Cloudflare involves carefully distinguishing between different types of services and their impacts. By doing so, the company aims to make more precise, effective decisions that address specific issues without unnecessarily compromising the broader internet ecosystem.
Balancing innovation and regulation in AI
The rapid advancement of AI technology presents a unique regulatory challenge. Starzak highlighted the risk of over-regulation stifling innovation and concentrating power in the hands of a few large players. “If you regulate it too much, you restrict the industry in a very significant way and make it really only available to a very small number of players,” she said.
Starzak advocates a regulatory approach that encourages responsible innovation while addressing potential harms. This includes promoting the development and adoption of AI risk assessment frameworks and encouraging industry self-regulation through model testing and ‘red teaming.’
The path forward: collaboration and flexibility
Starzak emphasises the need for ongoing dialogue and flexibility in regulatory approaches to AI and cybersecurity. She highlighted the importance of industry, government, and civil society collaboration to develop effective, balanced regulations.
According to Starzak, the key is to focus on specific harms and consumer protection rather than broad, sweeping regulations. “You have to go in with a purpose,” she stated, urging regulators to understand and articulate the problems they’re trying to solve.
A targeted approach, combined with willingness to adapt as technologies evolve offers a path forward through the complex internet and AI regulation world. As Cloudflare continues to navigate this landscape, Starzak’s insights provide a roadmap for balancing innovation, security, and responsible governance.
As the tech industry and regulators grapple with the challenge of creating effective governance frameworks, Cloudflare’s approach emphasises targeted actions, global harmonisation efforts, and regulatory flexibility. It represents a thoughtful perspective in the dialogue between tech companies and policymakers.
The way forward likely involves collaborative efforts from various stakeholders, including industry leaders, government bodies, and civil society organisations. The focus remains on striking a balance between protecting users and fostering innovation. This goal requires ongoing adaptation and cooperation across the tech ecosystem.
See also: Balancing innovation and trust: Experts assess the EU’s AI Act
Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Intelligent Automation Conference, BlockX, Digital Transformation Week, and Cyber Security & Cloud Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
