4 June 2024

A New Era of AI Governance: Singapore's Proposed Framework for Generative AI

​

Singapore has been at the forefront of the global effort to develop and implement artificial intelligence (AI) governance frameworks. Recognizing the transformative potential of AI, as well as the inherent risks, Singapore has proactively sought to create a balanced and trusted AI ecosystem. In response to the rapid advancements in generative AI, Singapore has proposed a Model AI Governance Framework specifically tailored to address the unique challenges and opportunities presented by this technology.

The Model AI Governance Framework, first introduced in 2019 and subsequently updated in 2020, has been a cornerstone of this effort. While not legally binding, the framework carries significant weight and influence, as it reflects the government’s expectations for AI development and deployment. It serves as a benchmark for industry players and encourages the adoption of ethical and transparent AI practices.

​

The latest iteration of the framework, the Model AI Governance Framework for Generative AI, published on 30 May 2024, builds upon the existing framework and specifically addresses the nuances of generative AI technologies, such as ChatGPT and text-to-image generators like Firefly and Midjourney. This new framework, developed in consultation with some 70 organisations ranging from tech giants Microsoft and Google to government agencies such as the US Department of Commerce, is a response to the growing global recognition that generative AI, while holding immense potential, also poses novel risks and challenges that require careful consideration and governance.

​

Key Dimensions of the Model AI Governance Framework for Generative AI

​

The proposed framework addresses nine key dimensions to foster a trusted ecosystem for generative AI:
 

1. Accountability: Establishing clear lines of responsibility throughout the AI development and deployment lifecycle.
    

2. Data: Ensuring data quality, addressing privacy concerns, and navigating copyright issues related to training data.
    

3. Trusted Development and Deployment: Promoting transparency and adopting best practices in AI development, evaluation, and disclosure.
    

4. Incident Reporting: Establishing mechanisms for reporting and addressing AI-related incidents and vulnerabilities.
    

5. Testing and Assurance: Encouraging third-party testing and the development of common standards for AI evaluation.
    

6. Security: Adapting security measures to address the unique threats posed by generative AI, such as prompt injection attacks.
    

7. Content Provenance: Implementing measures like watermarking to ensure transparency and combat misinformation related to AI-generated content.
    

8. Safety and Alignment R&D: Investing in research to improve the safety and alignment of AI models with human values.
    

9. AI for Public Good: Promoting the use of AI for societal benefit, including democratizing access, improving public services, and upskilling the workforce.
    

Current Laws and Regulations Governing Generative AI in Singapore

​

Currently, Singapore does not have specific laws or regulations that exclusively govern generative AI. However, existing laws and regulations do apply; two of the most relevant regimes are the Personal Data Protection Act (PDPA) and copyright.
 

• PDPA

The PDPA is central to the governance of generative AI due to the technology’s reliance on vast amounts of data, which often includes personal data, for training and operation. The PDPA governs the collection, use, and disclosure of personal data in Singapore, ensuring that individuals’ privacy rights are protected. 
 

1. Data Collection and Consent: Generative AI models are often trained on large datasets scraped from the internet, which may contain personal data. The PDPA requires organizations to obtain consent from individuals before collecting their personal data, unless an exception applies. This raises questions about whether and how consent can be obtained for using personal data in AI training.
    

2. Data Anonymization: To mitigate privacy risks, organizations may anonymize personal data before using it for AI training. However, the PDPA’s definition of personal data is broad, and there is a risk of re-identification, especially with the advanced capabilities of AI tools. Organizations must ensure that anonymized data remains truly anonymous and cannot be linked back to individuals.
    

3. Data Protection and Security: The PDPA mandates that organizations implement reasonable security measures to protect personal data from unauthorized access, use, disclosure, modification, and disposal. This is particularly important for generative AI models, as they may process and store large amounts of sensitive personal data.
    

4. Transparency and Accountability: The PDPA emphasizes the importance of transparency and accountability in the handling of personal data. Organizations using generative AI should be transparent about how personal data is used in their models and ensure that they can explain the decision-making processes of their AI systems.
    

The relevance of the PDPA to generative AI is further highlighted in Singapore’s proposed Model AI Governance Framework, which explicitly calls for policymakers to articulate how existing personal data laws apply to generative AI. This includes clarifying consent requirements, applicable exceptions, and providing guidance on good business practices for data use in AI applications. The framework also encourages the use of Privacy Enhancing Technologies (PETs) to protect data confidentiality and privacy while enabling AI development.
 

As generative AI continues to evolve, the PDPA will need to be continuously interpreted and adapted to address the unique challenges posed by this technology.
 

• Copyright Laws

Copyright laws are also implicated, as generative AI models can potentially generate content that is protected by copyright, and/or infringes existing copyrights.

This gives rise to a few key issues:
 

1. Use of Copyrighted Content to Train a Generative AI System: The extent to which copyrighted content can be used to train generative AI models is unclear. Singapore’s Copyright Act 2021 allows the use of copyrighted works for computational data analysis under certain conditions, but this has not been tested in court in the context of AI training.
    

2. Protection of the Output of the Generative AI System Under Copyright and/or Patent Laws: The current position under Singapore’s Copyright Act 2021 is that the author must be a natural person. Whether copyright can subsist in the output of generative AI depends on the level of human creativity involved in the prompting and editing process, and the nature of the output.
    

3. Liability for Copyright Infringement Resulting from the Output of Generative AI: This is a developing area of law. Liability for copyright infringement depends on how the generative AI tool works and how similar the output is to existing works.
    

These issues are complex and evolving, and Singaporean courts and policymakers are actively working to address them. The government is exploring legislative and non-legislative solutions, such as copyright guidelines and codes of practice, to balance the interests of copyright holders and AI developers. The outcomes of ongoing lawsuits in the US and UK and policy discussions will also help to shape the future of generative AI regulation in Singapore.
 

Singapore is also actively participating in international discussions and initiatives on AI governance, including those related to copyright and intellectual property, with the aim of developing harmonized approaches to address the global challenges posed by generative AI and copyright.
 

Future Developments in Generative AI Governance in Singapore

​

Singapore is actively working on refining its Model AI Governance Framework for Generative AI, with a focus on addressing the unique challenges posed by this technology. The government is also exploring the development of sector-specific regulations and guidelines for generative AI, particularly in sectors like finance and healthcare. 
 

Additionally, Singapore is investing in research and development to enhance the safety and alignment of AI models, as well as promoting international collaboration on AI governance. In fact, the Model AI Governance Framework for Generative AI was designed to align with international AI principles such as the Hiroshima AI Process which calls for the development of interoperable global standards of AI governance frameworks.
 

Conclusion

​

Singapore’s Model AI Governance Framework for Generative AI represents a significant step towards establishing a comprehensive and balanced approach to governing this rapidly evolving technology. By addressing key dimensions such as accountability, data, transparency, security, and safety, Singapore aims to foster a trusted ecosystem that encourages innovation while mitigating risks. 

While specific regulations for generative AI are still under development, the existing legal framework and ongoing efforts demonstrate Singapore’s commitment to responsible and ethical AI development and deployment. As generative AI continues to advance, Singapore’s proactive approach to governance will likely serve as a model for other countries grappling with the challenges and opportunities presented by this transformative technology.