EU vs AI: Flick Fisher on the Legal Opinion for US Companies

Michael Koenig: Hey, it's Michael. If you've been on a Zoom with me lately, you'll notice that you have my full attention. It's because I'm not taking notes. Instead, I rely on fellow and AI meeting assistant to take notes for me, along with tracking action items and decisions, handling recordings, transcripts, and summaries, all in one secure platform. It's kind of like magic. Built with security and privacy at its core, fellow is the only AI meeting assistant that thousands of leaders and organizations trust to capture meeting notes and recordings while keeping your data safe. They're so confident that you'll love it. They're offering an insane deal to you all between two COOs listeners, 90 days of unlimited AI powered note taking and recording completely free. Visit fellow app slash COO to sign up today and experience the AI meeting assistant trusted by leaders everywhere. . Welcome back to another episode of Between two COOs. Today we're diving into one of the hottest topics in AI and privacy with a returning guest Flick Fisher, a leading expert on EU privacy law. If you've tuned in before, you'll remember flicks deep insights on GDPR enforcement data transfer and AI's legal risks. But today we're tackling something even bigger, the eus Artificial Intelligence Act. It's officially law and it's setting the bar for AI regulation. Worldwide, which matters if you're a US company with global ambitions, we'll cover what this means for businesses using ai, the compliance headaches companies need to prepare for, and how this law fits into the broader EU privacy framework. We'll also explore the latest regulatory actions, including recent enforcement cases, and discuss what's next for AI regulation both in the US and eu. So if you're a COO founder working on product or anyone navigating AI in business, this is an episode you don't wanna miss. Let's jump in. Flick, welcome back.[00:02:00]

Flick Fisher: Yeah. Thanks very much for having me. It's my favorite topic

Michael Koenig: naturally. It's your job. It better be your favorite topic.

Flick Fisher: Yeah, it's a good one.

Michael Koenig: First off, please, can you gimme a refresher on what the eus AI Act is?

Flick Fisher: Yeah, so the eus AI Act is really the first comprehensive piece of AI legislation that we've seen globally implemented. It's the first of its kind and it sets to regulate AI systems with the goal of making sure really that deployers and users of AI systems are doing so in a transparent, safe, and ethical way with a sort of human-centric approach. And that we have a. Risk-based way of making sure that certain AI systems that we think are just not tolerable to society should be prohibited. And other AI systems that we deem to be high risk. There are certain sort of requirements that need to now be complied with if you're [00:03:00] going to be deploying those high risk AI systems. Then it also introduces some general sort of good hygiene transparency requirements for other, more sort of limited risk AI systems to make sure that people are aware that they're interacting with an AI system, like a chat bot and other things, and also some rules specific rules if you've got a general purpose AI model, so your generative AI tools, they are also specifically regulated under the act. So first of its kind and I think it triggered many other countries around. The world to look at their own regulation of AI and perhaps take some inspiration from that. We'll wait to see what happens there. But it's Europe leading the way with ai regulation.

Michael Koenig: So in terms of the actual contents of this, how is the EU going about just making sure that things are safe, ethical, transparent, with a human-centric approach. Seems rather daunting with something as huge and [00:04:00] unpredictable as ai.

Flick Fisher: Yeah they've tried to create a piece of legislation that is flexible and is going to be future proof to some extent. Um, Because we know that this is a, a space which, things are changing by the day. We've got vast and rapid sort of technological developments there. So they've tried to create a piece of regulation, which is going to keep pace with that by having a very much a risk based system. So, As I mentioned, they've sort of identified certain AI systems, which they deemed to be. So risky to society that we really need to take steps to prohibit them. And actually that is where we see the first sort of area of the acts coming into force. The first provisions of the app. Came into effect . And these are really some general AI literacy requirements, which we can talk about in more detail. But also we've got the first prohibitions of certain AI practices coming into effect. And as I mentioned, these are really sort of AI systems where Europe saying we are not [00:05:00] gonna tolerate these types of AI systems being placed on the market in Europe. And so we are really talking about AI systems that are doing things like deploying subliminal technique. Or manipulative or deceptive techniques to distort someone's behavior with the intent of really causing significant harm. There's also any ai, AI system that's really gonna exploit vulnerable people, so children, anybody with protected characteristics like disabilities, et cetera. If there's an intent to cause harm with the AI system there. It also prohibits what we call social scoring. Um, Again, if that social scoring is really intended to cause significant harm or a favorable treatment to individuals. So I think people are fairly familiar or have heard about some of the social scoring that may have been happening in China. I. It's really trying to get at that type of, of activity. Um, So if we're doing lots of kind of creepy profiling of people to generate automated scores, which would then [00:06:00] be used to treat people in a detrimental way, then we, that's just not gonna be tolerated in Europe. If you've got an AI system that's being used to predict, someone's risk of co, of committing a criminal offense, and that's based solely on profiling somebody or assessing automatically their personality traits and characteristics not allowed. We've also got the sort of clear view uh, model, which is, scraping lots of images of people to create a facial recognition database. Not gonna be tolerated in Europe. And then also, which I think is quite relevant for lots of companies which is if you are using systems to infer the emotions of people in your workforce or in educational institutions. So if you perhaps have CCTV or video footage, which you are, placing in a workplace to record people and then inferring their emotions. Are they angry? Are they sad? And using that to treat them in a certain way, does that feed into their um, you know, or that. Not gonna be allowed either. [00:07:00] And then there's certain sort of biometric categorization of people to deduce or infer more sensitive categories about them and other sort of remote biometric identification systems in publicly accessible areas for law enforcement. Also going to be prohibited as well. So I think the initial task with people is to have a quick check on what they're doing in terms of, the use of AI systems to check. Anything that they're doing may fall within that prohibited list of AI systems because they are no longer allowed. And the Europe's not gonna start fining you yet until August next year. But that is a live piece of law. And so you'd be minded to just check and review what you're doing to make sure, again, that nothing is on the prohibited list.

Michael Koenig: It almost sounds like the. Folks who crafted this just went through all of the movies about AI that have come out and said, yeah, that was problematic in that movie. We [00:08:00] should write that in. What I'm very curious about is how. The people actually go about enforcing these types of things, how it's discovered and then how it can come to light. What does this look like in practice?

Flick Fisher: Yeah, it's a really good question. I think we've yet to see how Europe will and how the regulators will enforce this. But we've now got the EU AI office, which has been tasked with producing guidance, enforcing the new regulation, and they've staffed it up with lots of staff members. I think it's fair to say that I can't really imagine that the regulator's gonna come and do a dawn raid on your organization to see whether you're not, you are undertaking prohibitive practices. I think it's more likely that it would come to light because you get a disgruntled employee who feels that you've used a piece of technology, an A, an AI tool that's being used to treat them unfavorably. Perhaps because you're doing emotional recognition or there's some nefarious scoring going on. Or it could be that you have a [00:09:00] consumer facing product, an individual. Say, look I just think this type of AI system is being used to score me in a way that's entirely detrimental. I can't get access to basic services because you've created this score about me using all kinds of data sets that are unrelated to this particular activity. And it's being used to treat me unfavorably. And at that point. They could issue a complaint to the regulators and there may be an investigation. So, you know, Like all of this, I think it's to, of course, see how that settles out. But I suspect the big risk is really just from consumer, individual employee complaints coming into regulators because they feel that something is being done or rolled out in a way that's, in breach of these. Prohibitions. And then of course there's always that sort of does this law really have any teeth from a fining perspective? And like the GDPR, there's the ability for regulators to issue big fines on paper. That's 35 million euros or 7% of your global turnover of your group of undertakings. So they've given [00:10:00] it some teeth there.

Michael Koenig: You just started talking about GDPR and that was. Kind of one of the things that I was going to compare this to, but setting that aside, what we have here that I think is very interesting is a prescriptive list of things you cannot do. And this is. Really a thought experiment. However, ai, as you mentioned previously, is developing from day to day. Will this be something that is constantly updated, and if so, how frequently? Because this moves much more quickly than something does. In the States.

Flick Fisher: Yeah, I think that's a fantastically insightful question. So I think that there are various provisions in the law, which kind of say we have the ability to, for example, add, a list of AI systems or categories of AI systems, which we treat as high risk. We've, I've just talked about the sort of AI system. Systems that are clearly prohibited, but there is a second [00:11:00] bucket of AI systems, which aren't prohibited per se, but have been, are going to be regulated as high risk. And there is at the moment a what's positioned as a non-exhaustive list of the types of systems which will be regulated as high risk, but the regulators reserve the ability to add additional systems. There, there's also, much of what's set out in the law needs to be accompanied by codes of conduct and guidance, which are gonna be issued by the AI office. And so I think that provides them with some additional flexibility to flesh out and put some meat on the bones of this regulation in terms of how it should be practically implemented. We know what the law says. Don't at the moment have a really clear understanding of how companies are practically supposed to interpret some of the provisions there. So I think there is room there through guidance changes to the law in the future to manage and keep pace. But of course, we know the European legislation has a history of [00:12:00] falling behind the pace of technological developments. It takes a long time to make changes to law, to issue new law, but certainly there has been an attempt here with this regulation to try and create a framework approach that isn't specifically. Boxing itself into a particular sector or anything like that.

Michael Koenig: We've seen some of the main LLM companies, for instance, OpenAI, they do something which is not uncommon and that is releasing new features within the us. And holding off until things get sorted out within the EU or they're ready to do that. Is this a practice that you would advise other US companies to emulate or is it just Go ahead.

Flick Fisher: Yeah, it's a, it's an interesting one. I think it really depends on your risk to your sort of appetite for risk. But also the sector or the product that you have Now we know generative ai and the tools that have been pushed into the market by open AI and others, and [00:13:00] more recently Deep Seek who's created quite the splash there. We know that they are a huge target for regulators, in part because there's a huge wealth of. Privacy activists and consumers policy groups are very worried about the real world impacts of lots of these generative AI tools and the use of consumer or, individual's personal data to train these models. There's also a lot of fear that we don't necessarily fully understand the all of the potential impacts at this point. This is all to say that if you were. Bringing to market an LLM, then you know, you should be aware, as we've seen, trailblazed by open AI and others, that the regulators are going to ask you questions. They're going to want to understand, your privacy program, your privacy narrative. So if you have an enormous risk. Tolerance and you think we're just gonna go to market anyway. It should come with the expectation that you will get regulatory questions and that there is the power, as we've seen, the, a number of the regulators [00:14:00] exercise this ability to block a new product from operating in Europe if they think that it has been launched negligently without any regard for European privacy requirements. And I think deep seek is currently taking the hit there because. We've seen regulators across the block come out the Italians were off the block first again the ee and said, no, you cannot use, or, you can't process Italian user information through your chat bot. We don't want it in Italy until you've addressed these privacy concerns. I think the interesting thing we've seen with Deep Sea, 'cause they've now said. Don't care what you say, we're not subject to the GDPR. So it's gonna be an interesting battleground there around some of their attempt to push some jurisdictional arguments and say, nice Troy regulators. We're not established in Europe. What we've done today hasn't been subject to the GDPR, so we are just gonna crack on anyway. I think that is gonna be an interesting one to, to watch, play out. But at this point, I think there's not a regulator [00:15:00] in town who hasn't issued formal investigation against them. Or in the case of the Italians obviously gone one step further and said, don't want your product in Italy.

Michael Koenig: It's so interesting also because the deep seek, italy kerfuffle that you're referencing happened before Deep seek put out R one. So you've been on top of deep seek far before everyone else. I wonder. You have such an interesting view into companies as they're developing their policies and how their procedures for product development or go to market, whatever it may be, changes over time to fit with the regulations and comply with them. With GDPR rollout, it took people a moment to catch up and then I think. Companies started to think privacy first while they were developing. Like Are you seeing a similar pattern here with AI where people are now catching up or it's too early still?

Flick Fisher: It's a great question because actually I [00:16:00] think the world is witnessing what's effective in AI arms race, right? This technology is moving at enormous pace and there are investors who are demanding that we get product to market quickly and we get return on investment and there's been vast investment into. If we're talking about generative AI tools, and so against that sort of backdrop I think that we are moving fast and breaking things, we're just. Companies are pushing product at great speed and there's not necessarily the ability against that pressure to keep up with pace to do all of that, have your perfect compliance program in place or have done that prior consultation with the regulators, which is what they would love. They would love every generative AI companies come and, have tea with them in the UK and talk about what they're about to do before they launch. Not something that everybody is able to do, given the bright and speed that of which they need to launch. And even though regulators can be slow. And if you get caught up in that wheel of [00:17:00] dialogue with them I don't think that's always practically possible, but it's fair to say that you cannot get a product to market in Europe and keep it on the market without having to pay lots of lawyers to keep it live for you because you can be fighting regulators. Day in, day out, unless you've put in place and had some regard for your privacy program. And there's the hot topics all the regulators are really concerned about. Are you being transparent with users? Have you thought about children when you are rolling out these toys toys, tools if you've got age verification measures. To make sure we're not offering this product to people that, children of vulnerable teens or others that shouldn't be accessing it. There's a huge focus on what data are you using and scraping to train these models? And, it feels like for many companies this is publicly available data. Surely we should be able to access and use it to train our models. But, there are so many issues there, both from a privacy and IP perspective, and regulators are jumping on that and saying no PE. Put [00:18:00] the, their information out there, they may not have fully understood that you're now gonna use it to train your model. And we can go into whether or not we think that argument is valid or not, or we're not gonna go into that. But that's the sort of regulator's view is, Hey we, people are losing control over their data here, and we need to give them transparency and we need to give them choice about it. So you will have seen or may not have seen that obviously the Italians issued an enormous 15 million Euro fine against OpenAI for breaches of the GDPR back in December. And a lot of their concern was just what I talked about. You've been using data without the right transparency to train your models and we know you don't have a direct relationship with those individuals 'cause you've scraped it from the internet. But we don't care. You've now gotta go and do a massive expensive public campaign on media outlets, on websites that you could, to push information to tell people what you're doing with their data and to let them know the choices that they have. So these are issues that regulators care about. And going to market without [00:19:00] any regard for that. You could come up against some issues if you're in that space.

Michael Koenig: And, oh, the irony, we have open AI getting this fine and then open AI turning around and pointing finger at deep seek, saying that you trained on ours. Oh, it's. It'd be funny if it's a if horrible feeling,

Flick Fisher: isn't it? Someone scraped. Scraped your IP is what they say. Insane. Quite insane

Michael Koenig: there. Yeah. You mentioned the words arms, race, and, I don't think you meant that specifically, but I am curious there are geopolitical tensions that are arising from this. You talked about how a Chinese company deeps seek is saying Italy, we don't really care, but also Chinese companies. Are imposing their own regulation, or rather the Chinese government is imposing their own regulations, do we see a potential scenario where AI regulation could actually become a trade issue between the US and the eu? Similar to, to data privacy laws. [00:20:00] And the reason why I ask is we have the EU moving very quickly, quickly in quotes, per the legal process to. Impose regulations. And then now with the new administration,

Flick Fisher: not wishing to get too much into politics here, but obviously with the new administration, we've already had them signal, as you say, a sort of move to deregulate and particularly to deregulate some of the work that the Biden administration had done through its executive orders to implement frameworks to ensure, a safer sort of development of ai. Biden was instrumental in establishing the NIST group and the NIST framework, which has become a sort of defacto. Gold standard governance framework if you are designing and developing AI tools and obviously he mandated anyone in the public sectors who's procuring AI systems should be checking that these AI systems have been developed with that NIST framework in mind. And we see that kind of dissolving with some of Trump's plans [00:21:00] there. And I think as the USD regulates and Europe regulates up around ai, I think it's going to almost. Potentially push Europe into a sort of stronger line of regulation to make sure that we're standing up to, or providing a sort of bull work against some of the threat that deregulated AI presents. But of course, that could come at the expense of innovation and. And other things. So there's a balancing act there, and I think Europe and the UK are certainly trying to find their feet there to figure out how we make sure that we're protecting people's human rights and we're protecting them against, the detrimental impacts of unregulated ai. But also, these are places where certainly in the UK the government is keen to make us a center of ai and that remains a. Political tussle. How do we manage that while also making sure we're protecting individuals? I think it is gonna be an interesting [00:22:00] space to watch as the US goes in a very different direction to Europe.

Michael Koenig: There are two broad applications of AI that I wanna draw out here. The first is from a product sense. I am a company building an AI product. I'm going to deploy this and sell this. And then there's the second, which is I am an operator and I'm going to deploy AI within my internal operations for whatever purpose. If you had to advise a US company that's starting to deploy AI today or even in eu, but maybe let's focus on the us, how would you advise them to. The goal about this is in an intelligent way so that they are not gonna get down the road and get into some trouble potentially quickly.

Flick Fisher: Yeah, very good question. So I think a lot of it will come down to having a good governance program within your organization. I think most sophisticated or almost, companies that we work with in the us have got some data governance program in place to deal with privacy issues. I think. That needs to be built out if we're [00:23:00] starting to deploy and integrate AI into our tools, particularly if that's a customer facing tool. I think we need to expand on existing data governance practices to make sure we're capturing the new and novel risks and issues that arise from integrating ai. And that doesn't necessarily require that we completely reinvent the wheel, but at the very least we're adapting our policies and risk assessments. Notices and other things to make sure that we're capturing, what we're doing with ai. And that starts at a very basic level. Do we actually know what AI systems we are using within the organization? So if we've done some sort of model inventory exercise to track what's been integrated, what's being developed, what's being deployed out there? Do we understand the supply chain behind it and the contracts that have been signed up to, and what data we may be giving away when we integrate those AI systems. So I think there's a basic hygiene exercise of understand what you're actually using, what you are planning to develop or use, [00:24:00] making sure we've mapped that and that there's a way within the organization to keep track of that 'cause it can quickly spin out control and everybody's signing up. To new AI features and without really thought for what that means, both, internally if your employees, if you're using it to, with your sort of HR tools and systems, but also with your customer facing features. There are going to be implications there. And it's very hard to understand those unless we've got a good understanding of what we're starting to use. So there's a piece there, and I think it's about adapting existing risk assessments that you might be doing. To integrate unique issues that we need to think about from an AI perspective. And it goes beyond privacy. There are also IP issues as well to think about there. For example,

Michael Koenig: I love chatting with you because not only are you a very talented attorney, but you're also incredibly pragmatic, which is one of the things that makes you exceedingly talented. You're on the bleeding edge of this. What is one thing with AI where that you are thinking about, where you're just like, this [00:25:00] totally freaks me out.

Flick Fisher: Oh my goodness, that is a difficult question. I, you know, I have the sort of privilege of getting to lift the lid on lots of what companies are doing, and I think the bit that really freaks me out is the increasing introduction of AI bots to do more HR type activities, recruitment activities. I think that's an interesting one to watch there. Next time you do an interview may not be with a human. Next time you do your appraisal, I'll be rolling out the HR bot to do that. Or next time you get fired, it's not gonna be your manager that does it. And that's quite an interesting space there.

Michael Koenig: If you remove the human element from the actual human element of a company, it becomes quite dangerous.

Flick Fisher: Yes. And then at a personal level, I do worry about. The threat to information integrity that [00:26:00] comes from using these tools. I think there is a real risk of misinformation and losing that source of truth for information. And I think that. That poses threats on all kinds of levels to society, democracy, all kinds of things. But that's a huge topic, and that's not so much, that's more of my sort of personal feeling about some concern I have. Certainly

Michael Koenig: I, there is no longer one single truth anymore.

Flick Fisher: I think there's also a real issue around people losing their. Critical thinking because we are starting to think that these tools speak the truth and we're not interrogating the information that comes outta them in the right way. I think what we currently have are tools. They're not a replacement at the moment for that layer of critical thinking, which is so important, and we should be evaluating information that we gather from these tools, I guess it's, I dunno whether the analogy is we, airplanes, we've long had, they've been driven autonomously, but you hope that the [00:27:00] pilot knows how to fly the plane. It starts to crash and they're still applying important thinking that goes on to do that. I'm not sure that's the best analogy, but I think we need to remain alert to the need to continue to interrogate information sources and think about issues. For ourselves and not re regard a lot of these sources as our replacement.

Michael Koenig: So we were talking about governance. Getting back to that real quick. When you think about advising companies on implementing these, what are some of the misconceptions or wrong turns that you have seen some companies take so far when implementing that governance and compliance aspect?

Flick Fisher: Yeah, I mean, I, I think it's fair to say we, everyone talks a lot about governance, but I'm not sure that there's, people are scrambling around for how to practically do that. They're looking, the more sophisticated companies are, are looking to like the NIST frameworks or the ISO frameworks to try and put in place governance. But for, as you say, for the most. Of the, smaller companies where they're still [00:28:00] struggling to put in place basic privacy compliance. The idea that we now have to have this sophisticated, spun up governance program is too much to stomach. And there's just not enough bandwidth to do that kind of exercise. But I think in the midst of that. At the very least, there are some really important hygiene things that you can be doing. So when you sign up with vendors who are offering you generative AI or AI tools to integrate into your own product suite, just make sure that you have a good understanding of what data they may be wanting to use from you to train and improve those models, because that reuse of data could put you outta. Step or in breach of your own customer commitments that you've made. So if you are a processor and you have a great new SaaS tool and you've now integrated AI features, and at the backend you may have a GPT-4 or whatever you might be using, just make sure that you are not giving away your customer's data to train that model without having thought about whether or not you have the permissions from your own customers. [00:29:00] To do that. I think it's very important to also understand what testing and has been done at the backend on these models. What are the limitations of them? Because you could be taking on liability in the middle for those features without having an understanding of where the flaws are and what the disclaimers should be when you put that feature out and incorporate it into your own product. And then security is obviously really important as well. Making sure we're not. Sending information in into a third party who has not got their security measures tight enough to avoid breaches, which could be very embarrassing for you, but also you don't wanna see your customers or your own confidential information regurgitated at the back end of these models because there's memorization issues or kinds of things like that. So I think you need to go in with a critical. Eye to how these tools are gonna be processing information, whether it's gonna be secure, whether they're gonna respect the use rights that you know, they've contractually signed up to.

Michael Koenig: One of the things that I think is [00:30:00] super interesting about this, and there are obviously so many, is that, previously when we talked about privacy and data privacy, it was always around how are companies using our information and is that ethical? Is it transparent , part of the story I. And debate is how are countries using that information and is it a potential adversarial relationship? And how does that contribute?

Flick Fisher: I think it's AI has become so politicized at this point to your earlier comment. And there is, with everything that comes with AI at the moment, there's this sort of background fear that's thread into the narrative of if you use deep seat, the Chinese government's gonna get your data. Or if you use open ai, the US government might get access to your data. So it continue to be an injection of fear around governments getting access to data because of the international transfers that happen. Because all of this ai, from a European perspective, the innovation is all happening outside of Europe at this point. They would love to say that we. In [00:31:00] innovation, but we can't because. Principally out of Silicon Valley at this point and China now that we've got deep seek and others. So I think there remains an ongoing concern around what that means for European users when their data leaves Europe and the safeguards that it's used to there and is then processed by these companies that are based in countries where we don't have the same protections. For data because of the privacy regimes. And I think those fears are only getting heightened, say with the Trump administration and the obvious disregard already for privacy law, even in the us So

Michael Koenig: interesting. And of course this creates opportunity for companies within Europe to develop AI with some sort of compliance with European standards. There are a couple that I'm thinking about that are certainly on the edge and they. The EU is a big enough market that could be something that is quite enticing. Flick last question for you. Pulling out your crystal ball. Given what we're seeing in the EU and the us, [00:32:00] where are we in terms of AI regulation in five years?

Flick Fisher: Hopefully in five years. We know in the next five years the AI Act is gonna gradually come into force. So we've got this sort of staggered timeframe for the various parts of the act coming into effect. The, those who are gonna be regulated as high risk AI systems that's coming in next year, around August. And then it carries on, there, there's various timeframes. So hopefully in five years, all well, we know all of the provisions will have come into effect and we'll start to see. How people practically comply with the law, whether any changes are needed, as you say, to adapt to evolving circumstances. But I, I think it's very hard to have a sort of crystal ball gaze on what regulation at this point, because I think the space is changing so much that we almost certainly know that the law won't be able to keep pace. I don't think Europe has got any other plans for a major other, new eu. AI type act. We've got the [00:33:00] AI Act and now they've got it. Put it into effect, enforce it, produce all the guidance. That's a vast amount of work for them to do. So I can't see any major additional changes there. We know there's a bit of law on the books around sort of product liability, so starting to expand out the existing. Product liability regimes to account for defective AI systems and what that's gonna mean. So that would be an interesting area to watch. I think what's gonna be more interesting is where the rest of the world goes and whether or not this famous brussel effect actually, reveals itself. So are we going to see other regimes and countries, I should say, around the world, be inspired by the AI Act? To implement their own regulation. We're starting to see that happen in various places. The UK is taking an interesting approach at the moment, which is that we're gonna go with a principle-based approach. We're not going to have an equivalent AI regulation in the uk. The labor government has just issued its plan. It's sort of action, what it's calling an action plan or opportunity action plan for [00:34:00] ai where it's signaled you know, its goal to become an AI maker, not an AI taker, is their language. And they're trying to lay down some foundations to improve the infrastructure, investment resources, AI talent is all a big focus on that. I dunno how, whether or not that's going to. Have an impact. But we'll see where the UK goes. But yeah, the rest of the world is the one to watch and how we start to see AI regulated. I don't think places are gonna go quite as far as the EU AI Act, which is seen as, landmark regulation given how, because it's so comprehensive, I think other countries may take a slightly more pragmatic approach and want to make sure that they're not stifling innovation. In a way that people fear the EU AI Act could for Europe. So yeah, I want to watch that.

Michael Koenig: I look forward to looking back on this in five years with you and seeing how your prognostications came out. It is like a laughable question. What is this gonna look like in, in five years when we [00:35:00] don't really know what it's gonna look like in terms of AI technology in, a month, however. Regulation tends to move slow enough that it is maybe a little safer to say, okay, here's where I think it might be.

Flick Fisher: Yeah. I think for Europe, we've got some consistency now for the next five years, I don't think we're gonna see landmark changes in ai regulation where they've got a lot to handle with this new law. So it's gonna be betting that in and saying how. You know how people practically comply with that, so it be in the meantime, obviously this remains a fascinating and interesting space. Will the bots take over? Will it just be you and I as sort of avatars doing this? Podcast in a few years, I'll just send my avatar to do it.

Michael Koenig: And it could get to a point where now AI is regulating itself and writing its own regulations. And we're all, yeah. This is flick. Thank you so much. I know you must be very busy with everything that's going on and I appreciate you coming back for another legal corner.

Flick Fisher: No, thank you so much for having me. Very [00:36:00] much enjoyed the conversation

Michael Koenig: and thank you to you all for listening to Between Two COOs. I'm your host, Michael Koenig, and a very special thank you to Flick Fisher. If you need any AI or privacy or GDPR, go to flick. She's at Field Fisher outta San Francisco. She is the best, along with her team. And tune in next time for our next chat um, between two COOs and be sure to subscribe on Apple Podcast, Spotify, or wherever you listen, so you never miss an episode. Just visit between two coos.com for more. Thanks for listening, and until next time, so long.