On 26 July 2024, the US National Institute of Standards and Technology (NIST) released five AI related products, including new guidance, in response to Executive Order 14110 (i.e., President Biden’s Executive Order on AI dated 30 October 2023). These products are designed to assist AI developers/providers and deployers, and are relevant for organisations who are subject to the EU AI Act (which came into force on 1 August 2024, albeit with the now familiar staggered implementation).
The NIST’s products are as follows:
- New draft guidance on ‘Managing Misuse Risk for Dual-Use Foundation Models’
- Dioptra (a new open-source software package aimed at helping AI developers and customers test AI software)
- The finalised version of the AI RMG Generative AI profile, to assist organisations with identifying and mitigating 12 risks associated with generative AI
- Finalised guidance on ‘Secure Software Development Practices for Generative AI and Dual-Use Foundation Models’
- Final publication on ‘A Plan for Global Engagement on AI Standards’
These products are relevant to AI developers/providers and deployers, and the guidelines in particular can be a useful resource to assist organisations with alignment on the various obligations set out in the EU AI Act (for a high-level summary of the obligations see our article here).
Further details regarding the rules for general-purpose AI model providers will be outlined in the upcoming General-Purpose AI Code of Practice. The EU AI Office called for expressions of interest to participate in the Code, and launched a consultation on trustworthy general-purpose AI models.
In the interim, the NIST’s documents offer practical guidance which can help organisations meet their obligations under the EU AI Act. For instance, the guidance on managing misuse risk includes detailed recommendations for transparency, such as a recommendation to publish transparency reports that include details on how misuse risks are managed. Following that particular set of recommendations can assist organisations in fulfilling the transparency obligations stipulated in Article 50 of the EU AI Act.
The NIST products are therefore a useful resource for organisations with obligations under the EU AI Act.