The draft Royal Decree on Artificial Intelligence System Service Business, which was introduced by the Office of the National Digital Economy and Society Commission earlier for public comment in October last year, focuses on potential risks from artificial intelligence (AI) systems to public health, safety, and freedoms. The framework emphasizes the importance of risk assessment, reporting requirements, and the establishment of specific measures and criteria deemed necessary to minimize AI risks.
AI Systems Defined by the Decree
Under the draft royal decree, an AI system is defined as a machine-based system that can make predictions, recommendations, or decisions that affect real or virtual environments pursuant to the objectives set by humans. The definition clarifies that artificial intelligence systems are designed to operate at different levels of autonomy, including:
- machine learning AI;
- logic-based and knowledge-based AI;
- statistical AI;
- Bayesian estimation AI; and
- search and optimization AI.
The draft AI royal decree takes a risk-based approach to regulation and specifically identifies prohibited or high-risk AI services that could cause harm or engage in unethical practices to ensure that AI systems do not pose major risks to public health, safety, or freedoms.
The extent of regulatory scrutiny applied to an AI system corresponds to the level of risk presented by the AI system. For example, AI systems that pose unacceptable risks are generally prohibited, AI systems considered to be high-risk are subject to a conformity assessment, and AI systems considered to be limited-risk are subject to transparency requirements. Compliance with specified criteria and procedures to minimize potential risks of each AI service would be further outlined in subregulations.
Prohibited AI Systems
The draft AI royal decree prohibits AI systems that:
- employ subliminal techniques to covertly influence human behavior (below the threshold of conscious awareness);
- utilize social scoring;
- access sensitive personal information like age or disabilities; or
- employ real-time remote biometric identification in public areas.
AI system service providers that are located outside of Thailand but provide AI system services to users in Thailand, irrespective of any remuneration received, must appoint a local representative and comply with registration requirements under the draft royal decree.
According to the current draft, the AI royal decree will not apply to AI systems that are under the supervision of specific regulators, including the Bank of Thailand and the Office of the Securities and Exchange Commission, provided that such services have rules ensuring transparency and fairness to a standard no lower than that specified under the royal decree.
To learn more about the draft AI royal decree, please contact the Tilleke & Gibbins technology team at [email protected].