A Regulatory Challenges Facing Automated Driving Systems and the “Moral Machine” Dilemma

At the outset, the use of terminology and taxonomy must be clarified. There exist various terms that are used to refer to vehicles equipped with different levels of driving automation systems (a generic term that covers all levels of automation), such as self-driving cars, unmanned vehicles, autonomous cars, and automated vehicles. However, for reasons to be elaborated later, this chapter consciously uses “ADSs” – namely, level 3–5 systems as defined by the SAE International’s taxonomy and definitionsFootnote ¹² – to refer to the kinds of driving automation that require only limited human intervention and that more appropriately denote the essence of commonly known terms such as “self-driving cars” or “autonomous vehicles.” Indeed, the inconsistent and sometimes confusing use of terms such as “self-driving cars” or “autonomous vehicles” may lead to problems not only related to misleading marketing practices, mistaken consumer perceptions, and information asymmetry, but also insufficient and ineffective regulatory design. For instance, in the robotics and AI literature, the term “autonomous” has been used to denote systems capable of making decisions and acting “independently and self-sufficiently,”Footnote ¹³ but the use of such terms “obscures the question of whether a so-called ‘autonomous vehicle’ depends on communication and/or cooperation with outside entities for critical functionality (such as data acquisition and collection).”Footnote ¹⁴ Some products may be fully autonomous as long as their functions are executed entirely independently and self-sufficiently to the extent entailed in level 5, while others may depend on external cooperation and connection to work (which may fall under the scope of level 3 or level 4). Yet when the term “autonomous vehicle” is commonly used to refer to level 5, levels 3 and 4, or even all levels of driving automation as defined in various legislation enacted in different states,Footnote ¹⁵ regulatory confusion ensues. Comparable conceptual and practical problems can also be found with the use of “self-driving,” “automated,” or “unmanned” in regulatory discourse.

While ADSs offer many benefits to road safety, economic growth, and transportation modernization,Footnote ¹⁶ myriad regulatory issues – such as safety, testing and certification, liability and insurance, cybersecurity, data flow, ethics, connectivity, infrastructure, and service – must be appropriately addressed.Footnote ¹⁷ First, reducing human errors does not mean that ADSs are free from machine error, especially when the technology continues to grow in complexity.Footnote ¹⁸ A review of recent incidents involving Tesla and Volvo-Uber systems suggests that ADSs may be subject to different standards of care, considering the many new safety threats and consumer expectations for the technology.Footnote ¹⁹ Other commentators also point to cybersecurity and industry risks related to ADSs, given their reliance on data collection, processing, and transmission through vehicle-to-vehicle and vehicle-to-infrastructure communications.Footnote ²⁰ The multifaceted yet under-addressed issues of privacy and personal freedom also call for clearer rules and standards.Footnote ²¹ Issues including the Internet of Things (IoT), 5G networks, and smart city development – which are beyond the scope of this chapter – also play a crucial role in the regulatory discourse surrounding ADSs.Footnote ²² The different risks posed by ADSs and IoT and their consequential interactions with the physical world may have crucial ramifications for international trade and investment law.Footnote ²³

This chapter will not exhaust all of these regulatory issues, but rather focuses on the most controversial, ethical dimension of ADSs. There are concerns about the “crash algorithms” of ADSs, which are the programs that decide how to respond at the time of unavoidable accidents.Footnote ²⁴ Ethical issues stem from the infamous “Trolley Problem,” a classic thought experiment of utilitarianism vis-à-vis deontological ethics introduced in 1967 by Philippa Foot.Footnote ²⁵ It involves a runaway, out-of-control trolley moving toward five people who are tied up and lying on the main track. You are standing next to a lever that can switch the trolley to a side track, on which only one tied-up person is lying. The problem? Would you pull the lever to save five and kill one? What is the right thing to do? In modern times, the advent of ADSs makes the Trolley Problem, once an exercise of applied philosophy, a real-world challenge rather than an ethical thought experiment.Footnote ²⁶ Should ADSs prioritize the lives of the vehicle’s passengers over those of pedestrians? Should ADSs kill the baby, the doctor, the mayor, the jaywalker, or the grandma? Or should ADSs be programmed to reach a decision that is most beneficial to society as a whole, taking into account a massive range of factors? Researchers at the Massachusetts Institute of Technology (MIT) designed scenarios representing ethical dilemmas that call upon people to identify preferences for males, females, the young, the elderly, low-status individuals, high-status individuals, law-abiding individuals, law-breaking individuals, and even fit or obese pedestrians in a fictional, unavoidable car crash.Footnote ²⁷ They collected and consolidated around 40 million responses provided by millions of individuals from 233 jurisdictions and published their results in an article titled “The Moral Machine Experiment.”Footnote ²⁸ How does the world respond to the Trolley Problem? While a general, global moral preference can be found, there exist strong and diverse demographic variations specifically associated with “modern institutions” and “deep cultural traits.”Footnote ²⁹ For instance, respondents from China, Japan, Taiwan, South Korea, and other East Asian countries prefer saving the elderly over the young, while those in North America and Europe are the opposite.Footnote ³⁰

As ADSs cannot be subjectively assessed ex post for blame or moral responsibility, it seems necessary – yet it is unclear how – to design rules to regulate the reactions of ADSs when faced with moral dilemmas.Footnote ³¹ Presumably, ethics as well as cultural, demographic, and institutional factors may play a role in likely heterogeneous regulatory measures that could increase frictions in international trade. From a practical, legalist perspective, different tort systems in varying jurisdictions may also have an anchoring effect on ADS designs.Footnote ³² While the decision at the time of unavoidable accidents has immense legal, economic, and moral consequences, it is predetermined when the algorithms are written and built into ADSs. Algorithms are not objective. Rather, they carry the existing biases and discriminations against minority groups in human society, which are reflected and reinforced by the training data used to power the algorithms.Footnote ³³ Further, algorithms do not build themselves, so they may carry the values and preferences of people who write or train them.Footnote ³⁴ Therefore, ADS manufacturers are increasing exposed to legal and reputational risks associated with these moral challenges.Footnote ³⁵ Governments have not yet addressed these ethical puzzles posed by ADS algorithms.

B Regulatory Initiatives at National and Transnational Levels

One may ask whether there are existing or emerging international standards that can serve as a reference for domestic regulations. What approaches are regulators in different jurisdictions taking to address these issues? This chapter maps out some representative regulatory initiatives that have taken place at both the national and the transnational level and are respectively backed by public, private, and hybrid institutions – without concrete harmonization.Footnote ³⁶

What are the relevant positions of the governments of these countries in the global value chain of automated vehicles? What are their respective regulatory governance strategies in light of concerns related to economic growth, national security, and business competition?Footnote ³⁷ To what extent are these countries competing (or cooperating) with one another to lead the global standard-setting process in various international arenas?Footnote ³⁸ At the national level, crucial questions have largely been left unaddressed. A leader in regulating ADSs, the United States Department of Transportation (US DoT) has been stocktaking and monitoring current ADS standards development activities, including those led by, inter alia, the SAE International, the International Organization for Standardization (ISO), the Institute of Electrical and Electronics Engineers (IEEE), the Federal Highway Administration (FHWA), the American Association of Motor Vehicle Administrators (AAMVA), and the National Highway Traffic Safety Administration (NHTSA), in relation to issues such as cybersecurity framework, data sharing, functional safety, event data recorders, vehicle interaction, encrypted communications, infrastructure signage and traffic, and testing approaches.Footnote ³⁹ While a couple of initiatives might partly touch upon some issues with ethical implications,Footnote ⁴⁰ nothing concrete has been designated to address ADSs’ ethical issues. In the United Kingdom, the British Standard Institution published a prestandardization document based on relevant guidelines developed by the UK Department for Transport and Centre for the Protection of National Infrastructure to facilitate further standardization on cybersecurity.Footnote ⁴¹ Taiwan also set up a sandbox scheme for the development and testing of vehicles equipped with ADSs,Footnote ⁴² and the sandbox is open to a broadly defined scope of experimentation, including automobiles, aircraft, and ships, and even a combination of these forms.Footnote ⁴³

Again, none has been initiated to specifically address the ethical issues of ADSs. The world’s firstFootnote ⁴⁴ concrete government initiative specifically on ADS ethical issues at the moment is the report with twenty ethical rules issued by the Ethics Commission for Automated and Connected Driving, a special body appointed by Germany’s Federal Ministry of Transport and Digital Infrastructure.Footnote ⁴⁵ The report consists of twenty ethical rules for ADSs.Footnote ⁴⁶ Of importance are the ethical rules, which ask that “[t]he protection of individuals takes precedence over all other utilitarian considerations,”Footnote ⁴⁷ that “[t]he personal responsibility of individuals for taking decisions is an expression of a society centred on individual human beings,”Footnote ⁴⁸ and that “[i]n hazardous situations that prove to be unavoidable, the protection of human life enjoys top priority in a balancing of legally protected interests.”Footnote ⁴⁹ In particular, Ethical Rule 8 provides that:

Ethical Rule 9 further prescribes that “[i]n the event of unavoidable accident situations, any distinction based on personal features,” such as age, gender, and physical or mental conditions, “is strictly prohibited.”Footnote ⁵¹ While the ethical rules are not mandatory, they certainly mark the first step toward addressing ADSs’ ethical challenges.Footnote ⁵² It remains to be seen how these ethics rules will be translated into future legislations and regulations in Germany and beyond.Footnote ⁵³

Other relevant initiatives, while not specifically addressing ADS ethical issues, include algorithmic accountability rules (generally applicable to data protection and AI applications) that may inform future regulations. For instance, the European Union’s General Data Protection Regulation (GDPR) sets out rights and obligations in relation to algorithmic explainability and accountability in automated individual decision-making.Footnote ⁵⁴ The European Commission also established the High-Level Expert Group on Artificial Intelligence in 2018, which published the final version of its Ethics Guidelines for Trustworthy Artificial Intelligence in April 2019.Footnote ⁵⁵ At the same time, lawmakers in the United States recently tabled a new bill, the Algorithmic Accountability Act of 2019, which intends to require companies to audit systems based on machine learning algorithms, to examine instances of potential bias and discrimination therein, and to fix any issues found in a timely manner.Footnote ⁵⁶

There have been active and dynamic regulatory initiatives at the transnational level.Footnote ⁵⁷ The United Nations Economic Council for Europe (UNECE)Footnote ⁵⁸ and the 1968 Vienna Convention on Road TrafficFootnote ⁵⁹ have struggled to change the formal rules under their existing framework, given the complexity of the issues, high negotiation costs, and institutional inflexibility.Footnote ⁶⁰ The Vienna Convention was somewhat passive in the development of driving automated systems until an amendment to its Articles 8 and 39 entered into force in March 2016.Footnote ⁶¹ The amendment allows for the transfer of driving tasks from humans to vehicles under certain conditions, lifting the formalistic requirement that a “human” must be in charge of driving tasks.Footnote ⁶² In September 2018, the UNECE’s Global Forum on Road Traffic Safety (WP.1) adopted a resolution to promote the deployment of vehicles equipped with ADSs in road traffic.Footnote ⁶³ This resolution is rather soft and represents an informal approach to guiding Contracting Parties to the 1968 Vienna Conventions on the safe deployment of ADSs in road traffic.Footnote ⁶⁴ In any case, because major ADS players like the United States, China, and Japan are not contracting parties to the Vienna Convention, what will be done under the treaty body may not readily generate direct policy relevance and normative influence at the national level (at least for the moment). A few additional private and hybrid organizations have also been engaging in ADS standard-setting, including the SAE International,Footnote ⁶⁵ the ISO,Footnote ⁶⁶ and the IEEE.Footnote ⁶⁷ Among such standard-setting bodies, the SAE International and the ISO are the most comprehensive, cited, and embraced references. Given the complex and dynamic nature of ADS technologies, the SAE International and the ISO, as informal, private/hybrid bodies with more institutional flexibility, have been able to incorporate their members’ expertise to work together in developing common standards – SAE/ISO standards on road vehicle and intelligent transportation systems.Footnote ⁶⁸ The SAE International further offers the ISO a Secretariat function and services for ISO’s TC204 Intelligent Transport System work.Footnote ⁶⁹ With its transnational scope, domain expertise, and industry support, the SAE International’s standards, especially the recent clarification and definition of the J3016 standard’s six levels of driving automation, serve as the “most-cited reference” for the ADS industry and governance.Footnote ⁷⁰ While there has been progress at the transnational level, these regulatory initiatives have yet to touch upon contentious ethical issues that extend beyond the narrower understanding of road safety of ADS.Footnote ⁷¹

A Public Moral Exception, Technical Regulations, and International Standards

First, import bans on vehicles equipped with ADSs because they are designed and manufactured in a jurisdiction and a manner that reflect a different value set, even if they are reasonable, could violate the national treatment or most favored nation obligations under the GATT. Certainly it would be interesting to see whether vehicles equipped with ADS algorithms that are trained with different data reflecting different cultural and ethical preferences are “like products,”Footnote ⁷⁴ or whether ADSs with “pet-friendly,” “kids-friendly,” and “elderly-friendly” algorithms are like products. How would diverse consumer morals in a given market influence the determination of likeness? The determination of likeness is “about the nature and extent of a competitive relationship between and among the products at issue,”Footnote ⁷⁵ and underlying regulatory concerns “may play a role” only if “they are relevant to the examination of certain ‘likeness’ criteria and are reflected in the products’ competitive relationship.”Footnote ⁷⁶ Given the compliance costs and the distributional role of the global value chain, “even-handed regulation would be found to treat like products less favorably.”Footnote ⁷⁷ Furthermore, to discipline algorithm designs in terms of how source codes are written and what/how training data are fed, WTO members would need to regulate not only the end product, but also the process and production methods, which remain controversial issues in WTO jurisprudence.Footnote ⁷⁸ Nevertheless, even if a violation of Article I or III is found, such measures may well be justified under GATT Article XX(a), namely when they are “necessary to protect public morals” and “not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination between countries where the same conditions prevail, or a disguised restriction on international trade” – the so-called two-tier test.Footnote ⁷⁹ Most other free trade agreements also contain such a standard exception, allowing parties to derogate from their obligations to protect public morals. Similar clauses can also be found in GATS Article XIV(a)Footnote ⁸⁰ and TBT Agreement Article 2.2. Further examinations include whether the measures are “designed to protect public morals,”Footnote ⁸¹ and whether they are “necessary” based on a weighing and balancing process.Footnote ⁸² Such a process has been the yardstick of the GATT Article XX necessity test, which is, as reaffirmed by the Appellate Body in China – Publications and Audiovisual Products, “a sequential process of weighing and balancing a series of factors,” including assessing the relative importance of the values or interests pursued by the measure at issue, considering other relevant factors, and comparing the measure at issue with possible alternatives in terms of reasonable availability and trade restrictiveness.Footnote ⁸³ Most importantly, the definition and scope of “public morals” can be highly contentious, and WTO adjudicators have embraced a deferential interpretation:

More recently, the Appellate Body in EC–Seal Products also emphasized that WTO members must be given some scope to define and apply the idea of “public morals” pursuant to their own systems and values.Footnote ⁸⁵ Given this deferential approach, WTO members appear to enjoy ample leeway in defining and applying public moral-based measures according to their own unique social systems and communal values.

Further, because the TBT Agreement cumulatively applies in conjunction with the GATT, an ADS regulatory measure that is justified may still violate the TBT Agreement, which similarly contains nondiscrimination obligations but lacks public moral exceptions. According to Trachtman, “the scope of the TBT national treatment requirement has been interpreted somewhat narrowly compared to that of GATT, excluding from violation measures that ‘stem exclusively from a legitimate regulatory distinction,’ in order to avoid invalidating a broader scope of national technical regulations than the GATT.”Footnote ⁸⁶ Under Articles 2.1 and 2.2 of the TBT Agreement, ADS regulatory measures are required to be sufficiently “calibrated” to different conditions in different areas, and to not be “more trade-restrictive than necessary to fulfill a legitimate objective, taking account of the risks non-fulfillment would create.”Footnote ⁸⁷ That is, similarly to the jurisprudence in the GATT, a holistic weighing and balancing process taking into account the degree of contribution, levels of trade restrictiveness, and the risks of non-fulfillment of the stated objectives as well as a comparison with possible alternatives are mandated.Footnote ⁸⁸ As will be demonstrated next, the necessity of regulatory measures that focus on mandatory disclosure of source codes and training data (both the substance and form of the regulation) may be fiercely challenged; at the same time, locating a reasonably available alternative can be equally problematic.

Given the transnational regulatory initiatives, Article 2.4 of the TBT Agreement also plays a crucial role here. WTO members are required to use the standards developed by the SAE/ISO and UNECE (so long as they are “relevant international standards”) as the bases for domestic regulations unless such standards cannot effectively or appropriately fulfill the legitimate objective of protecting public morals in the ADS issue area.Footnote ⁸⁹ While this may impose certain (albeit weak) restrictions on the regulatory autonomy and flexibility of WTO members when designing and imposing their ADS algorithm rules and standards in the ethical dimension,Footnote ⁹⁰ the implausible (if not impossible) global consensus on ethical decision-making means that such international standards remain far out of reach. In the long run, there might be more and more initiatives of international standards in this regard, potentially resulting in concerns over the structure, process, and participation in a standard-setting body as well as political confrontations at the TBT Committee.Footnote ⁹¹

B Automated Driving System Algorithms, Source Codes, and Training Data as “Undisclosed Information” under the TRIPS Agreement

Even if the substance of ADS regulatory measures does not violate existing obligations under the GATT and TBT Agreement, WTO members may require ADS manufacturers to disclose their algorithms designs, source code, and training data to verify compliance and achieve their regulatory objectives. If WTO members force ADS vehicle manufacturers or programmers to disclose their trade secrets – proprietary algorithm designs, source codes, and training data – can they survive the test of the TRIPS Agreement? To be sure, entities that own ADS algorithms can seek protection via various channels including patents, copyrights, and trade secrets.Footnote ⁹² However, the commercial practice in the ADS field (and many other AI applications) has been to hold both source code and training data as trade secrets to maximize the protection of interests and to remain competitive in the market.Footnote ⁹³

Article 39.1 of the TRIPS Agreement requires members, when “ensuring effective protection against unfair competition as provided in Article 10bis of the Paris Convention (1967),” to “protect undisclosed information in accordance with paragraph 2.”Footnote ⁹⁴ Article 39.2 further provides that information – when it is secret (not “generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question”), has commercial value, and is controlled by the lawful custodian – shall be protected “from being disclosed to, acquired by, or used by others without their consent in a manner contrary to honest commercial practices.”Footnote ⁹⁵ This requires WTO members to provide minimum protections for undisclosed information, recognized in Article 1.2 as a category of intellectual property,Footnote ⁹⁶ in accordance with the conditions and criteria provided in Article 39.2.Footnote ⁹⁷

Article 39 does not explicitly prohibit members from promulgating laws, consistent with other provisions of the TRIPS Agreement, to allow lawful disclosure or create exceptions where trade secrets may lawfully be forced to be disclosed. Yet what may constitute a lawful disclosure under the TRIPS Agreement can also be controversial. Can members promulgate any law that requires disclosure of trade secrets to serve certain regulatory objectives? Are all measures regulating ADSs and requiring disclosure of source code and training data for conformity assessment lawful and consistent with the TRIPS Agreement? There has been no case law related to Article 39, but the fact that the United States’ proposal to include “theft, bribery, [and] espionage” of secrets in “a manner contrary to honest commercial practices”Footnote ⁹⁸ was rejected in the negotiation process indicates that what may constitute a lawful disclosure can also prove contentious.Footnote ⁹⁹ A contextual reading of TRIPS Agreement Articles 7 and 8 suggests that “Members may … adopt measures necessary to … promote the public interest in sectors of vital importance to their socio-economic and technological development,”Footnote ¹⁰⁰ and “a balance of rights and obligations”Footnote ¹⁰¹ is called for, but such measures cannot “unreasonably restrain trade.”Footnote ¹⁰² The scope of disclosure, the regulated entities, the manner of disclosure, and enforcement and safeguard may therefore be crucial factors in determining consistency. In this sense, in China’s social credit scenario, a limited approach that requires essential source code and training data (from companies that program the algorithms making ethical decisions, instead of all of the actors along the global ADS supply chain) to be disclosed to an expert committee (or similar institutional designs)Footnote ¹⁰³ for review and certification, rather than a wholesale, systematic forced disclosure, may appear to be more TRIPS-consistent. Additional safeguards that prohibit government agencies from sharing disclosed proprietary information with others may also help to avoid inappropriate forced technology transfers, unfair competition, and unfair commercial use.Footnote ¹⁰⁴ Relatedly, some recent megaregional free trade agreements (mega-FTAs) have included provisions that explicitly prevent governments from demanding access to an enterprise’s proprietary software source code.Footnote ¹⁰⁵ Demands for stronger protection of source code and training data and limitations on governments’ regulatory room for maneuver are likely to grow in the age of AI.

C “Algorithmic Black Box” and the Limits of Regulatory Measures

An additional layer of regulatory challenge that may prevent the effectiveness (therefore necessity) of these measures stems from the technological nature of machine/deep learning algorithms – its opaque characteristic, or as criticized by a leading commentator, the “black box” problem.Footnote ¹⁰⁶ This problem refers to the complexity and secrecy of algorithm-based (especially deep learning-based) decision-making processes, which frustrates meaningful scrutiny and regulation. Without understanding and addressing the black box challenge, it may be unrealistic to rely on disclosure or source codes as a regulatory approach. The black box problem can further be disentangled into “legal black box” and “technical black box.”Footnote ¹⁰⁷ The “legal black box” is opaque because of the proprietary status of complex statistical models or source codes, as they are legally protected by trade secret laws.Footnote ¹⁰⁸ Regulatory measures focusing on forced disclosure are one way to fix such black box problems by unpacking the algorithms therein to secure a certain level of compliance.

However, the “technical black box,” which arises in applications based on machine/deep learning algorithms, is much more problematic.Footnote ¹⁰⁹ A technically inherent lack of transparency persists as decisions and classifications emerge automatically in ways that no one – even the programmers themselves – can adequately explain in human-intelligible terms why and how certain decisions and classifications are reached.Footnote ¹¹⁰ There exists “no well-defined method to easily interpret the relative strength of each input and to each output in the network” due to the highly nonlinear technological characteristic.Footnote ¹¹¹ Therefore, the measures that are limited to legally forced disclosure can hardly address this technical black box problem. Even if the regulator forces ADS manufacturers to disclose source codes and algorithm designs, the level of compliance may not be effectively ascertained and evaluated. Because of this technical black box problem, regulatory measures designed to disclose source codes and ensure compliance with ethical rules on ADSs (hence the rational nexus between regulatory means and objectives) may be significantly frustrated.

A Key Principles of Data Ethics

The fundamental component of all data ethics frameworks is the protection of human rights.Footnote ¹³ Several international and regional instruments highlight the importance of a human rights-centric approach in data governance.Footnote ¹⁴ Similarly, individual governments specifically recognise the importance of protecting human rights in the use of data-driven technologies.Footnote ¹⁵ The essence of a human rights-centric approach involves increasing individual control over personal data, and ensuring that all data is used, processed and shared in a manner compliant with fundamental human rights.

In this regard, the human rights-centric approach entails protecting individuals against discrimination, promoting digital access and inclusion, and safeguarding individual privacy.Footnote ¹⁶ From the perspective of data ethics, privacy is essential at all stages of data management, from ensuring informed consent of individuals in the collection of their personal data to increasing human control over all aspects of data processing, including the choice not to be subject to profiling and automated decision-making. The emergence of big data analytics also raises concerns around group privacy (although it remains debatable if this falls within the scope of personal privacy).Footnote ¹⁷ Unsurprisingly, various domestic laws and regulations now deal with privacy concerns, including data protection laws.Footnote ¹⁸

Data-driven technologies can be used to breach human rights other than the right to privacy in various ways. For example, AI algorithms using training data with sensitive variables such as gender and race often generate biased outcomes or decisions that adversely affect the fundamental rights of minority groups.Footnote ¹⁹ Big data analytics can be used to identify and then persecute political minorities or dissidents.Footnote ²⁰ Further, governments increasingly use automated algorithms to filter content online, potentially harming the right to freedom of expression and access to information.Footnote ²¹

A human rights-centric approach in data governance has implications for both governments and the private sector. For instance, governments are required to respect, protect and fulfil human rightsFootnote ²² by ensuring fair and non-discriminatory use of data-driven technologies for public functions; protecting individuals from potential harms and misuses of data-driven technologies by private sector entities, including enforcement of regulations requiring transparent and non-discriminatory data practices by private entities; and ensuring that private companies provide appropriate remedies to affected individuals. Governments may also require businesses to change specific practices in data management and processing to ensure compliance with a human rights-centric approach in data governance. However, the structural mechanisms by which governments hold the private sector accountable for complying with human rights norms may vary across countries. This difference is attributable to varying perceptions among countries regarding how human rights should be formulated and enforced domestically.

A human rights-centric approach in the governance of data-driven technologies necessitates algorithmic accountability. This means that companies should be held responsible for how their algorithms function, including the decisions taken using them. For instance, in AI-driven technologies, huge datasets (known as training data) are used for predictive analytics and generating decisions in various areas including healthcare, credit reporting, law enforcement, retail and marketing. Several experts argue that increasing algorithmic accountability requires data-driven technologies to be transparent and explainable (i.e. the computer programmers must be able to explain how their algorithms/designs use and process data to generate certain results).Footnote ²³ This can facilitate rectifying algorithms that generate unfair or discriminatory outcomes.Footnote ²⁴ Algorithms can be explained at a systemic level (i.e. the logic of an algorithm) or at an individual level (i.e. how the algorithm decides in a specific case),Footnote ²⁵ although this distinction remains debatable.Footnote ²⁶

Significant debate exists regarding the extent to which algorithms are or can be explainable and what regulatory mechanisms are needed to achieve the same. Certain experts argue that the transparency of source code/algorithms allows understanding the decision-making rule of the algorithms, but not their functionality in every random set of circumstances.Footnote ²⁷ Therefore, they suggest that alternative technological mechanisms must be explored to achieve stronger algorithmic accountability such as verification programs that ex ante check if algorithms meet certain specifications (e.g. if they comply with the rule of law), and holding designers/technology companies accountable if and when a program fails to meet those specifications.Footnote ²⁸ Others argue that explainability can be achieved through transparency and adequate regulatory inspection of algorithms.Footnote ²⁹ On a different note, some experts emphasise that policymakers must be concerned about how data scientists build their datasets and the possible deficiencies in that process rather than solely concentrating on algorithmic accountability.Footnote ³⁰

While it is outside the scope of this chapter to explore these arguments in detail, the diversity of perspectives on algorithmic accountability, including transparency, leads to differing regulatory approaches across countries. This is important because governments are increasingly advocating that transparency and explainability of algorithms is a means to achieving accountability in data-driven technologies.Footnote ³¹ However, certain governments also acknowledge the limitations of transparency and explainability mechanisms in ensuring algorithmic accountability.Footnote ³² Separately, governments may be concerned about the potential trade-offs between transparency and accuracy of algorithms.

The General Data Protection Regulation (GDPR) of the European Union (EU) arguably incorporates important elements of data ethics.Footnote ³³ GDPR arts 44 and 45 limit data transfers to outside the EU to ensure that all personal data of EU residents is processed according to the highest data protection standards. GDPR art. 12 imposes an obligation on the data controllers to provide concise, transparent, easily understandable and accessible information to individuals regarding how they use personal data, including the extent to which they may use or rely upon personal data for automated decision-making.Footnote ³⁴ GDPR art. 22 provides an individual the right not to be subjected to a decision solely based on automated decision-making or profiling,Footnote ³⁵ if such a decision has ‘legal effects’ or ‘significantly affects’ the concerned individuals. However, significant debate exists regarding whether GDPR art. 22 incorporates a right to explainability of algorithms, for instance, those used in AI technologies.Footnote ³⁶

More recently, other domestic laws have started focusing on data ethics. For instance, the Digital Republic Act in France requires that all algorithmic decision-making by governments should be fully explainable.Footnote ³⁷ In the USA, certain senators have proposed an Algorithmic Accountability Act, requiring companies to scrutinise their algorithms for potential risks and biases, thereby enabling greater algorithmic accountability.Footnote ³⁸ Finally, certain regional trade agreements include provisions requiring the parties to adopt basic frameworks on data protection.Footnote ³⁹ The recently concluded Digital Economy Partnership Agreement between New Zealand, Singapore and Chile includes a specific provision requiring the parties to endeavour to adopt ethical AI governance frameworks, although it only vaguely refers to ‘internationally recognised principles or guidelines’.Footnote ⁴⁰

Another key element in data ethics is ethical design, which is an extension of a human rights-centric approach in data governance. In practice, ethical design requires that all suppliers of data-driven technologies devise and implement technical designs and standards compliant with human rights. For example, privacy-by-design and security-by-design measures require digital service suppliers to use digital technologies and implement corporate policies that, by default, ensure data privacy and security. This can be instrumental in protecting personal data and increasing trust in data-driven technologies. Further, as ethical design focuses on technologically robust solutions, it promotes more reliable and sustainable outcomes in comparison to prescriptive data localisation measures or mandatory use of indigenous technical standards. GDPR art. 25 requires all digital service suppliers in the EU to adopt EU data protection principles by design and by default.

In practice, however, implementing ethical design is difficult. This challenge arises as the appropriate standards and benchmarks in the digital sector remain controversial, both in terms of regulatory practices and industry practices. For instance, with respect to privacy, considerable debate exists regarding whether the GDPR should be considered a global standard.Footnote ⁴¹ Similarly, technical standards developed by leading digital powers such as the USA and China are often market competitors, especially for AI-driven services.Footnote ⁴² Further, while laws and regulations tend to be ambiguous in their meaning (e.g. what is personally identifiable information in a privacy law), engineering models are highly dependent on precision of definitions in designing robust and reliable technologies.Footnote ⁴³

B Trade Implications of Data Ethics-Related Measures

As discussed in Section I, certain data ethics-related measures may be trade-restrictive as they hinder the cross-border supply of digital services, thereby breaching members’ obligations in WTO agreements. Some examples include: (i) restrictions on data processing or transfers; (ii) prescribing specific technical standards for digital services and products; and (iii) requiring digital technology providers to submit their algorithms, source code and other vital technical information for government scrutiny/audit.

Governments may impose restrictions on cross-border data flows/processing or even require local storage and processing of data in sensitive sectors, to safeguard individual privacy rights. Some data protection laws even restrict the use of personal data for profiling. In other cases, regulatory approvals may be required to process sensitive data outside of the borders of a country. These measures typically increase costs, especially for foreign companies, lacking local data storage or processing capabilities.Footnote ⁴⁴ When the regulatory requirements for trans-border data transfers/processing are administered in an unfair or unreasonable manner, they may be inconsistent with domestic regulation provision in GATS art. VI. Further, data processing restrictions may affect the development and accuracy of AI technologies as they prevent data accumulation on a global scale, especially affecting foreign, multi-national suppliers. Such measures may be considered discriminatory against foreign services or service suppliers, potentially breaching national treatment obligation in GATS art. XVII. Under the GDPR, digital service suppliers in the EU face several restrictions in transferring and processing personal data of EU residents abroad (except for a select group of countries that the EU identifies as having an adequate framework of data protection).Footnote ⁴⁵ This restriction on the transfer of personal data to non-EU countries may be inconsistent with the most favoured nation obligation in GATS art. II.

As data-driven services have become common, several governments have started prescribing domestic technical standards, especially in AI-related sectors. These technical standards may be imposed for a variety of reasons, including ensuring that digital technologies are robust and secure, thereby reducing the chances of misuse of data. In the future, governments may prescribe standards that they consider compliant with ethical design requirements. However, if such prescribed standards are incompatible with competitive global standards or extremely onerous to implement, they create barriers for foreign services and service suppliers. In such scenarios, domestic technical standards may violate disciplines on domestic regulation under GATS art. VI.

Requirements imposed on digital technology providers to submit their algorithms and source code for government scrutiny/audit could have an underlying data ethics rationale, but such measures could also be trade-restrictive.Footnote ⁴⁶ For instance, such measures may restrict entry of foreign competitors in domestic markets, thereby breaching national treatment obligation contained in GATS art. XVII. Additionally, such measures can prejudice the security/reputation of global data operations of digital suppliers, thereby violating obligations on domestic regulation in GATS art. VI. For instance, governments can implement such measures unreasonably or unfairly to deliberately harm the commercial interests of foreign players, including sharing their vital technical information with domestic competitors.Footnote ⁴⁷

Additionally, in rare scenarios, countries may implement extreme measures banning a certain kind of data-driven technology to prevent abuse of human rights. For example, given the potential dangers and abuses of facial recognition technology, a government could potentially ban commercial software facilitating facial recognition, especially from foreign companies. Such measures may be in conflict with obligations on market access and non-discrimination under GATS.

A Applying General Exceptions to Justify Data Ethics-Related Measures

B Applying the Public Morals/Public Order Exception to Data Ethics-Related Measures

If a data ethics-related measure qualifies under GATS art. XIV(a) or GATS art. XIV(c)(ii), the panel must examine its necessity to achieve the underlying policy objective under a ‘weighing and balancing test’. This subsection focuses on the necessity of data ethics-related measures to protect public morals or maintain public order in accordance with the ‘weighing and balancing test’.

The first step in this test is assessing the contribution of the measure to the policy objective under GATS art. XIV – that is, the nexus between the measure and the policy objective under GATS art. XIVFootnote ⁷⁰ – for instance, by looking at the design, content, structure and expected operation of the data ethics-related measure.Footnote ⁷¹ For example, if a member requires companies to provide their source code or algorithms to verify them for bias (e.g. discriminating against minorities) or other privacy loopholes (particularly, group privacy concerns), the panel will examine if this requirement contributes to protecting public morals or maintaining public order under GATS art. XIV(a). From a technological perspective, this assessment can be difficult as the efficacy of transparency/disclosure of algorithms and source code to understand the underlying logic and discriminatory outcomes in algorithmic decision-making remains debatable.Footnote ⁷² For complex AI, such disclosure requirements can also be counterproductive; for example, in autonomous vehicles, requiring access to the algorithms could compromise the security of the digital technologies. As explainability of algorithms improves with technological developments (especially the development of explainable AI or XAI), panels can make better assessments by seeking additional expert technical evidence on relevant issues.

Similarly, questions may arise regarding whether restrictions on cross-border data flows contribute to achieving the key principles of data ethics. Several studies indicate that severe restrictions on data flows are generally ineffective in enhancing the privacy or security of data-driven technologies.Footnote ⁷³ Similarly, locating data within one’s borders does not automatically increase control or access to data. To the contrary, such measures increase the possibility of unauthorised surveillance and violation of human rights as well as interfering with the development of a healthy and competitive domestic digital market, especially when few companies (potentially state-controlled) own all the domestic data centres. However, easy access to local data servers may facilitate easier regulatory enforcement (e.g. pursuing action against companies that fail to comply with data ethics-related measures).

To facilitate a higher standard of data ethics, members may impose domestic regulations requiring technology companies to comply with internationally recognised technical standards, or adopt designs that protect privacy and security by default and/or use certification mechanisms to verify compliance with these ethical design requirements.Footnote ⁷⁴ In comparison to blatant cross-border data transfer restrictions, these requirements appear more effective in facilitating digital inclusion, preventing disinformation campaigns and ensuring technologically robust solutions. Therefore, such measures are more likely to contribute to protecting public morals and maintaining public order.

The next step under the weighing and balancing test is assessing the trade-restrictiveness of the data ethics-related measure; that is, the restrictive impact of the measure on international commerce.Footnote ⁷⁵ This step involves an assessment not only of the sector affected directly by the measure but also other sectors. For example, as data-driven services are used across several industries, restrictions on cloud computing services (e.g. mandatory compliance with domestic technical standards or data/security certifications) can potentially impact several sectors.Footnote ⁷⁶

Finally, in applying the weighing and balancing test, panels will take into account any alternative less trade-restrictive measures proposed by the complainant. The key factors examined are whether such alternatives are reasonably available to and feasible to implement.Footnote ⁷⁷ Further, any proposed alternatives must achieve an equivalent level of protection of the stated policy objective as the imposed measure.Footnote ⁷⁸ With regard to regulating certain aspects of the digital sector, self-regulatory (or market-driven) approaches may be more effective and efficient than highly prescriptive laws and regulations.Footnote ⁷⁹ For example, rather than imposing specific technical standards, competitive standards developed by the industry in sectors such as AI are more likely to be transparent and secure. Similarly, instead of restricting data-driven technologies through unreasonable regulations on data processing, countries could recognise market-driven verification mechanisms that certify compliance with robust standards on ethical design.

Despite the growing popularity of these market-driven mechanisms, panels are likely to consider them as, at best, complementary measures rather than alternatives to prescriptive laws and regulations.Footnote ⁸⁰ This is because countries may be concerned about the robustness of the representativeness of private/multi-stakeholder standards, especially when developed without sufficient government oversight.Footnote ⁸¹ This would be the case even if the private/multi-stakeholder standards are robust and generally considered industry best practices. Further, verification/certification mechanisms could be very difficult and expensive for developing countries to adopt and monitor and thus not feasible. Therefore, at least in the current scenario, most market-driven or self-regulatory alternatives to data ethics-related measures are likely to fail to satisfy the threshold in GATS art. XIV. The same argument could also be made for technological mechanisms to ensure greater algorithmic accountability (as discussed in subsection A, Section II). In such cases, panels are likely to find more prescriptive measures such as mandatory disclosure of source code/algorithms compliant with GATS art. XIV.

If a trade-restrictive measure provisionally satisfies the necessity test under GATS art. XIV(a), it must further be consistent with the chapeau:

The chapeau prevents members from abusing exceptions contained in the subsections of GATS art. XIV and ensures that members implement all measures in good faith.Footnote ⁸² It requires an enquiry into the ‘design, architecture, and revealing structure of a measure’Footnote ⁸³ to assess if the measure violates the GATS art. XIV chapeau in ‘its actual or expected application’.Footnote ⁸⁴ For example, if a measure deliberately prohibits foreign service suppliers from obtaining licences or authorisations to provide their services on grounds that their algorithms or technical standards do not meet the adequate threshold (irrespective of the quality and robustness of the standard/algorithms), then it might be inconsistent with the GATS art. XIV chapeau. Another example of a potential violation is, when governments illegally share vital technical information regarding foreign digital technologies with domestic competitors, making it harder for foreign companies to compete in that market and further causing potential intellectual property losses.

C Data Ethics and International Trade Law: Possibilities and Challenges

The previous subsections indicate that although GATS art. XIV can justify data ethics-related measures, several questions remain unanswered regarding the extent to which GATS art. XIV provides sufficient policy space for members to impose data ethics-related measures. For instance, should panels place any limits in defining ‘public morals’ or ‘public order’ under GATS art. XIV(a) in accommodating data ethics concerns? Given the technological and policy uncertainty, what standard of review should panels adopt under GATS art. XIV in reviewing data ethics-related measures? Should panels be completely deferential to the risk assessment made by governments in relation to their data ethics-related measures or should they conduct a more substantive assessment? What tools should the panels use in this assessment? How will the growth of new technological mechanisms such as XAI or market-driven standards and verification mechanisms impact the assessment of data ethics-related measures under GATS art. XIV?

Data ethics-related measures are typically nuanced in nature. To understand these measures holistically, governments must focus on both their legal/policy implications and technological impact. Thus, in assessing data ethics-related measures under GATS, panels must follow a well-reasoned, cautious and coherent standard of review that looks at both the technological and legal evidence. However, given the limited technical expertise of panels, they should refrain from engaging in a de novo review of data ethics-related measures and cautiously use technical expert opinions.

In applying this standard of review, two routes are possible. First, in assessing whether certain data ethics-related measures relate to GATS art. XIV, panels can, in addition to considering local values and policy preferences of members, pay regard to developments in the international/multi-stakeholder policy community on data governance. This route is not entirely unrealistic given that data ethics issues implicate several transnational policy concerns and not just domestic concerns. Further, such an approach is also helpful given the critical role of multi-stakeholder institutions in promoting data ethics, as discussed in subsection A, Section II. In Brazil – Taxation, for instance, the panel considered not only the importance of the digital divide as a domestic policy objective within Brazil, but also discussed its relationship with the Millennium Development Goals.Footnote ⁸⁵ However, this route is politically and legally challenging in circumstances where local values conflict with international/multi-stakeholder norms. WTO tribunals do not have the capacity or mandate to determine the appropriate data ethics frameworks for individual members. Therefore, if a country considers that certain international/multi-stakeholder norms are not aligned with its policy preferences, trade tribunals must not interfere, even when those international/multi-stakeholder norms can lead to better outcomes for data ethics. This limitation, however, may lead to scepticism towards the WTO; that is, the panels cannot make decisions that clearly support a human rights-centric approach in data governance.

The second route is adopting a more stringent weighing and balancing test in assessing data ethics-related measures under GATS art. XIV(a).Footnote ⁸⁶ The necessity test can be effective in detecting discriminatory or unnecessarily trade-restrictive measures.Footnote ⁸⁷ For example, looking at the technical aspect of the measure (i.e. inviting expert evidence on whether a data ethics-related measure is actually capable of achieving important policy goals) is less controversial than examining the moral elements of the measure, which often implicates sensitive political or cultural questions. This approach, however, does not necessarily allow panels to consider innovations in the digital sector such as the potential role of technological mechanisms in the verification of data-driven technologies. For instance, engineers and computer scientists designing data-driven services can build ex ante verification mechanisms that ensure that the program/algorithm meets the specifications in domestic laws and processes.Footnote ⁸⁸ Panels are unlikely to consider such mechanisms as a viable less trade-restrictive alternative under GATS art. XIV, especially when the defendant governments do not consider them as effective as regulatory access to source code/algorithms. Similarly, panels are unlikely to consider strict scrutiny/audits of training data by the private companies themselves a fool-proof mechanism to ensure fair and transparent outcomes in algorithmic decision-making, especially when governments restrict automated decision-making in risky and sensitive sectors.Footnote ⁸⁹ However, as such market-based, technological mechanisms become more fit-for-purpose and reliable, they could be considered as more viable and qualify as potential candidates as less trade-restrictive alternatives under GATS art. XIV. Such mechanisms are also likely to be considered credible if they are developed and implemented by the private sector in collaboration with regulatory bodies, especially for countries with sufficient resources to hold private companies accountable for their poor data ethics practices.Footnote ⁹⁰

In the long run, the WTO needs to respond to the predominantly decentralised nature of data governance. For example, the WTO needs to adopt new rules and institutional mechanisms that allow collaboration between governments, technology companies and relevant multi-stakeholder or transnational organisations dealing with data governance. An important example in this regard is the development of technical standards on AI software by the private sector. Currently, GATS does not provide sufficient room for such standards for services.Footnote ⁹¹ However, at domestic/regional levels, several governments are coordinating with the private sector on certain aspects of data governance such as development of AI standards. These multi-stakeholder mechanisms could eventually grow transnationally (especially among like-minded countries) and can be facilitated through WTO committees. Eventually, such a broad-based approach could ensure that the WTO plays a more meaningful role in promoting good global data ethics practices and robust digital technologies.

A Major Controversies Concerning Artificial Intelligence Policies

Major controversies among trade powers on AI policies are manifested in two ways. The first way concerns the development of AI systems. Specifically, a country may use state power to collect personal data and “feed” them to their AI industry, or alternatively encourage the “shared use” of personal data across government and private sectors.Footnote ¹¹ For example, China’s “military-civil fusion” policy seeks to promote (if not require) data-sharing between its commercial companies and its government,Footnote ¹² apparently with the aim of “creating [at a lower cost] the large databases on which AI systems train”.Footnote ¹³

The second way concerns the use of AI systems. Specifically, AI policies can be used to undermine fundamental rights, either within the WTO member in question itself or within other members,Footnote ¹⁴ in order to pursue such policy objectives including domestic surveillance, legal enforcement or international espionage. Further, AI policies can be pursued to undermine the national security of other members, including espionage and manipulation of another member’s domestic politics such as elections.Footnote ¹⁵

B International Response to Predatory Artificial Intelligence Policies

The potential risks of AI policies have, in recent years, attracted increasing international attention. For example, in 2019, the UN Secretary-General called for international collaborations to “address the risks [of AI and] to develop the frameworks and systems that enable responsible innovation”.Footnote ¹⁶

In achieving such a goal, the Secretary-General called for an international regulatory system to be developed for the “responsible innovation” on AI, with “binding laws and instruments” in place.Footnote ¹⁷ In addition to this suggested path, WTO members may also decide to take collective or individual countermeasures as a deterrence against other states which, under their judgement, maintain problematic AI policies.

In practice, the primary deterrence against problematic AI policies appears to be unilateral economic sanctions. Such uses are piecemeal: as an example of AI sanctions targeted against human rights abuses, consider the USA’s imposition of Magnitsky sanctions in July 2020 against certain Chinese government individuals and entities that (according to the USA) used AI platforms “for racial profiling” and “data-driven surveillance” against ethnic minorities.Footnote ¹⁸ Also, consider the call in June 2020 by the European Parliament for “the EU … and the international community … [to impose] appropriate export control mechanisms including cyber surveillance items to deny China, and in particular Hong Kong, access to technologies used to violate basic rights”.Footnote ¹⁹

Sanctions may also be used to restrict AI-powered computer programs that act as surveillance and propaganda instruments for foreign countries. The US Secretary of State’s statement in July 2020 for a possible ban on China’s TikTok app, which apparently uses an AI‑powered algorithm for “censorship and surveillance”, can serve as an example.Footnote ²⁰

C Sanctions on Artificial Intelligence-Powered Goods/Services and World Trade Organization Law

From the perspective of international trade law, it appears that AI sanctions can take at least two forms. First, a sanction may take the form of an import restriction, possibly with the aim of preventing the sanctionee’s problematic AI technology from being in contact with the sanctioner: the USA’s proposed restriction against TikTok being installed on US mobile phones could be an example.

Second, a sanction may also take the form of an export barrier: examples of these measures include the USA’s restriction against China over its use of AI for “racial profiling” and “data-driven surveillance”, and the European Parliament’s proposed sanctions against China and Hong Kong. Specifically, such sanctions can either be used aggressively with the aim of terminating a (perceived) predatory AI policy (such as by cutting off the “raw materials” supply), or defensively as a measure to protect the sentiment of the invoking member’s own citizens as “abetters” of the problematic policy in question.

Sanctionees frequently argue that the sanctions they encounter are against WTO rules.Footnote ²¹ Some scholars seem to hold similar views: Lester and Zhu questioned the WTO consistency of the Trump administration’s expansive use of trade barriers on national security grounds.Footnote ²² In the context of trade restrictions to address data security or foreign influence concerns, Zhou and Kong argued that Australia’s Huawei ban is “unjustifiable under the WTO”.Footnote ²³ Similarly, Voon argued that Australia would “face significant challenges” if China were to lodge a WTO complaint against Australia’s Huawei ban.Footnote ²⁴ While the Huawei controversies primarily involve national security concerns on 5G networks, it would seem that similar arguments could be advanced against sanctions on AI products that threaten national security.

Can the trade liberalisation commitments undertaken by WTO members restrict their ability to impose AI sanctions to safeguard fundamental rights or national security? Indeed, it would seem that if a member were to impose “sanctions” in the forms of import or export restrictions on goods or services, it might prima facie contravene its obligations to offer most favoured nation (MFN) treatment (General Agreement on Tariffs and Trade (GATT) Art. I, General Agreement on Trade in Services (GATS) Art. II) and national treatment (NT) (GATT Art. III:1, GATS Art. XVII – provided specific commitments were made), as well as the general obligations to eliminate quantitative restrictions on goods (GATT Art. XI) or the market access obligations for services (GATS Art. XVI – provided specific commitments were made). Accordingly, the centre of the argument concerning the WTO consistency of AI-related sanctions would be the availability of justifications.

This chapter uses the following roadmap in assessing the relationship between predatory AI policies and WTO law. First, it considers whether certain AI policies, especially those promoting “data-sharing” mechanisms between government and private AI firms, can be challenged under WTO law. Second, it considers whether sanctions against controversial AI policies are consistent with WTO law. In doing so, this chapter examines in turn: (a) whether such sanctions contravene non-discriminatory obligations under WTO law; (b) whether “public morals” exceptions are available to such sanctions; (c) whether security exceptions are available to such sanctions; and (d) whether “international peace and security” exceptions are available to such sanctions.

A Are “Data-Sharing” Mechanisms Subsidies?

The general principle in determining actionable subsidies is well established. A measure constitutes an actionable subsidy if (a) it is a subsidy, (b) it is “specific” and (c) its use causes “adverse effects”.Footnote ²⁵ A subsidy exists when (a) there is a financial contribution provided by a government or any public body and (b) such a financial contribution confers a benefit.Footnote ²⁶

B Do “Data-Sharing” Mechanisms Meet the Standard of “Specificity”?

The examination of “specificity” largely depends on the facts of a particular case; it is difficult to make general pronunciations in abstract. However, a shared “data pool”, being a highly technical mechanism, perhaps can only be meaningfully used by the AI industry. If this is so, then it is likely that a data-sharing mechanism would be specific to “certain enterprises” and not “broadly available and widely used throughout an economy”.Footnote ⁴⁴

Further, considering that fact that a data-sharing platform designed for development of AI constitutes “a subsidy programme which is mainly used by certain enterprises”,Footnote ⁴⁵ it is likely that a “data-sharing” mechanism can (at least)Footnote ⁴⁶ constitute de facto specificity under the meaning of SCM Art 2.1(c).

In the light of this analysis, a “data subsidy” is highly like to meet the standard of specificity pursuant to the SCM Agreement.

C Do “Data-Sharing” Mechanisms Have Adverse Effects?

An examination of the adverse effects of a subsidy largely depends on the specific facts of an actual case; it is difficult to make general pronouncements concerning “data-sharing” mechanisms in abstract. However, a “data subsidy” has the potential of reducing the cost of collecting data for “training” AI systems, thus allowing commercial firms to cut the price of their AI products for exportation. This is likely to constitute “significant price undercutting” under the meaning of SCM Art. 6.3(c). As such, it is possible that a “data subsidy” will have adverse effects pursuant to Arts 5(c) and 6.3 of the SCM Agreement.

Summarising these discussions, it can be concluded that an AI policy involving a “data-sharing” mechanism is likely to constitute an actionable subsidy, under the meaning of the SCM Agreement. Consequently, injured members would be entitled to impose countervailing duties against AI products (such as AI-powered robots or vehicles) that are subsidised by “data-sharing” mechanisms.

A Availability of a “Public Moral” Defence

Assuming that an AI sanction does prima facie contravene WTO rules (such as MFN/NT, general elimination of quantitative restrictions or market access obligations), this chapter now proceeds to consider whether such a sanction may be justified under the “public moral exceptions”, especially Art. XX(a) of the GATT 1994 and Art. XIV(a) of the GATS.

B Availability of a Defence under the “Security Exception”

This chapter now proceeds to consider whether a WTO member may seek to justify an AI sanction relating to the protection of national security of fundamental rights under the “security exception”, especially Art. XXI(b)(iii) of the GATT 1994 or Art. XIV bis of the GATS.

C Availability of a Defence under the “International Peace and Security” Exceptions

It is also possible that an AI sanction can be justified under the “international peace and security” exceptions, especially Art. XXI(c) of the GATT 1994 and Art. XIV bis (c) of the GATS, both of which allow a member to justify “any action in pursuance of its obligations under the United Nations Charter for the maintenance of international peace and security”. Again, the EU’s proposed export control mechanisms on cyber surveillance items against China and Hong Kong can serve as an example.

The exact ambit of GATT Art. XXI(c) and GATS Art. XIV bis(c) remain uncertain at present, since none of the two provisions have been invoked before any WTO or GATT panel so far. However, using GATT Art. XXI(c) as an example, it appears that the text of this provision entails the following constituent tests: (a) the measure is imposed “in pursuance of” (b) “[the invoking member’s] obligations under the United Nations Charter”, (c) “for the maintenance of international peace and security”.

Moreover, the broad expression “any action”, read together with the lack of any “chapeau” similar to that in GATT Art. XX, seems to indicate that Art. XXI(c) entails less stringent tests than those under Art. XX. Nevertheless, the “obligation of good faith” requirement,Footnote ⁸³ which was first introduced to eliminate members’ “re-label[ling of] trade interests” as “essential security interests” under GATT Art. XXI(b)(iii), might play a similar role in preventing the abuse of Art. XXI(c) justifications.