AI Model Registries: A Regulatory Review

By Deric Cheng, Elliot Mckernon, Convergence Analysis @ 2024-03-22T16:01 (+6)

This article is the third in a series of ~10 posts comprising a 2024 State of the AI Regulatory Landscape Review, conducted by the Governance Recommendations Research Program at Convergence Analysis. Each post will cover a specific domain of AI governance (e.g. incident reportingsafety evals, model registries, etc.). We’ll provide an overview of existing regulations, focusing on the US, EU, and China as the leading governmental bodies currently developing AI legislation. Additionally, we’ll discuss the relevant context behind each domain and conduct a short analysis.

This series is intended to be a primer for policymakers, researchers, and individuals seeking to develop a high-level overview of the current AI governance space. We’ll publish individual posts on our website and release a comprehensive report at the end of this series.

What are model registries? Why do they matter?

Note: The phrase “model registry” may also often be used to refer to a (typically) private database of trained ML models, often used as a version control system for developers to compare different training runs. This is a separate topic from model registries for AI governance.

Model registries, in the context of AI regulation, are centralized governance databases of AI models intended to track and monitor AI systems usually in real-world use. These registries typically mandate the submission of a new algorithm or AI model to a governmental body prior to public release. 

Such registries will usually require basic information about each model, such as their purpose or primary functions, their computational size, and features of their underlying algorithms. In certain cases, they may request more detailed information, such as the model’s performance under particular benchmarks, a description of potential risks or hazards that could be caused by the model, or safety assessments designed to prove that the model will not cause harm.

Model registries allow governmental bodies to keep track of the AI industry, providing an overview of key models currently available to the public. Such registries also function as a foundational tool for AI governance - enabling future legislation targeted at specific AI models. 

These registries adhere to the governance model of “algorithms as an entry point”, allowing governments to focus their regulations on individual algorithms or AI models rather than regulating the entire corporation, access to compute resources, or creating targeted regulations for specific algorithmic use cases. 

As these model registries are an emerging form of AI governance with no direct precedents, the requirements, methods of reporting, and thresholds vary wildly between implementations. Some registries may be publicly accessible, providing greater accountability and transparency, whereas others may be limited to regulatory use only. Some may enforce reporting of certain classes of AI algorithms (such as China), whereas others may only require leading AI models with high compute requirements (such as the US). 

What are some precedents for mandatory government registries? 

While algorithm and AI model registries are a new domain, many precedent policies exist for tracking the development and public release of novel public products. For example, reporting requirements for pharmaceuticals is a well-established and regulated process, as monitored by the Food and Drug Administration (FDA) in the US and the European Medicines Agency (EMA) in the EU. Such registries typically require: 

Many of these structural requirements will transfer over directly to model reporting, including a focus on transparent reporting, pre-deployment safety testing by unbiased third-parties, and postmarket surveillance. 

What are current regulatory policies around model registries?

China

The People’s Republic of China (PRC) announced the earliest and still the most comprehensive algorithm registry requirements in 2021, as part of its Algorithmic Recommendation Provisions. It has gone on to extend the scope of this registry, as its subsequent regulations covering deep synthesis and generative AI also require developers to register their AI models.

The EU

Via the EU AI Act, the EU has opted to categorize AI systems into tiers of risk by their use cases, notably splitting permitted AI systems into “high-risk” and “limited-risk” categorizations. In particular, it requires that “high-risk” AI systems must be entered into an EU database for tracking.

The US

The US has chosen to actively pursue “compute governance as an entry point” - that is, it focuses on categorizing and regulating AI models by the compute power necessary to train them, rather than by the use-case of the AI model. 

How will model registries be used in the near-term future?

Model registries appear to be a critical tool for governments to proactively enforce long-term control over AI development.

The US, EU, and China are pursuing substantially differing goals in their approaches to model registries as an entry point to regulation.

Model registries will serve as a foundational tool for governments to enact additional regulations around AI development.


SummaryBot @ 2024-03-25T13:36 (+1)

Executive summary: Model registries are an emerging form of AI governance that require developers to submit information about AI models to a centralized database, enabling governments to track and regulate AI development.

Key points:

  1. Model registries require submitting basic information about AI models (purpose, size, algorithms) and sometimes more detailed data (benchmarks, risks, safety assessments).
  2. Registries allow governments to monitor the AI industry, target regulations at specific models, and enforce an "algorithms as entry point" governance approach.
  3. Precedents exist in other domains like pharmaceutical registries, which require safety testing, incident reporting, and postmarket surveillance.
  4. China has the most comprehensive registry requirements, the EU requires registration of "high-risk" systems, and the US focuses on compute power thresholds.
  5. Model registries indicate differing regulatory priorities: content control (China), citizen rights (EU), and national security (US).
  6. Registries will enable future regulations like mandatory safety assessments, transparency, incident reporting, and postmarket evaluations.

 

 

This comment was auto-generated by the EA Forum Team. Feel free to point out issues with this summary by replying to the comment, and contact us if you have feedback.

Heramb Podar @ 2024-03-23T16:47 (+1)

Also, here is a link if anyone wants to read more on the China AI registry which seems to be based on the model cards paper

Heramb Podar @ 2024-03-23T16:45 (+1)

Nice summarization! I generally see model registries as a good tool to ensure deployment safety by logging versions of algorithms and tracking spikes in capabilities. I think a feasible way to push this into the current discourse is by setting it in the current algorithmic transparency agenda. 

 

Potential risks here include who decides what is a new version of a given model. If the nomenclature is left in the hands of companies, it is prone to be misused. Also, the EU AI Act seems to take a risk-based approach, with the different kinds of risks being more or less lines in the sand.

 

Another important point is what we do with the information we gather from these sources - I think there are "softer"(safety assessments, incident reporting) and "harder"(bans, disabling) ways to go about this. It seems likely to me that governments are going to want to lean into the softer bucket to enable innovation and have some due process kick in. This is probably more true with the US which has always favoured sector-specific regulation.