The “Pakistan Draft National Artificial Intelligence (AI) Policy” has drawn criticism from the Asia Internet Coalition (AIC), a coalition of major international digital media companies, who point out the policy’s dependencies on other laws and conflicts with other regulations, particularly the Draft Personal Data Protection Bill (PDPB).
“The situation is further complicated by the need for the National Artificial Intelligence Policy to harmoniously coexist with the Pakistan Cloud First Policy (PCFP) and the Digital Pakistan Policy initiatives. Unlike the PDPB, the PCFP allows cross-border flows of data in certain situations,” stated Jeff Paine Managing Director AIC in a letter addressed to Amin ul Haque, Federal Minister for Information Technology and Telecommunication.
The Coalition claimed that Pakistan’s Artificial Intelligence Policy is a crucial step toward becoming a knowledge-based economy because it outlines a national strategy for creating the ecosystem required for AI adoption. It does this by utilizing an agile framework to address various aspects of distinctive user journeys that span various market horizontals and industry verticals while ensuring responsible use of AI.
“While we welcome the National Artificial Intelligence Policy, support its goals, and appreciate its balanced approach to innovation and ethics, we are nevertheless concerned by its dependencies and conflicts with other laws, particularly the Draft Personal Data Protection Bill (PDPB),” it added.
According to Paine, the Draft Policy “coherently interlaces” with both the Personal Data Protection Bill (PDPB) and the Cloud First Policy (CFP), according to the Draft Policy.
Given that it is still in the draft stage and the restrictions it places on particular categories of personal data, the PDPB may be in contradiction with the CFP.
The current PDPB draft’s Section 29(4) places new restrictions on automated decision-making without human input.
According to the Policy, concepts for implementing and promoting AI are incompatible with this prohibition. The PDPB includes regulations for local storage of “critical personal data” (CPD) and limits on external transmission of personal data and potentially sensitive personal data.
The data localization requirements in the PDPB will apply to the data used by Pakistani developers to create AI technologies if the National AI Policy is to “coherently interlace” with the PDPB, as stated on page 5 of the draft policy.
Such limitations would fragment the pool of data used by AI developers worldwide, and if other nations implemented similar regulations, Pakistani enterprises would struggle to create AI technologies since their access to training data would be limited to data kept locally.
Additionally, it would stop foreign companies from using data from Pakistan to train their AI models, which would lead to AI tools that don’t understand Pakistan’s cultural background.
The requirement for the National AI Policy to peacefully coexist with the Pakistan Cloud First Policy (PCFP) and the Digital Pakistan Policy projects further complicates the situation. The PCFP, in contrast to the PDPB, permits cross-border data flows under certain circumstances.
If the PDPB’s data localization regulations apply to the National AI Policy, Pakistani AI developers may find that accessing data in a foreign cloud is similarly restricted by matching laws in the cloud host state.
Additionally, AI depends on and is intimately related to automated, human-free decision making. While the National AI Policy aims to promote AI, the PDPB achieves the exact opposite by limiting the use of automated decision-making tools by businesses.
It is best to alter the PDPB in order to;
(i) completely remove data localization mandates
(ii) remove all restrictions on automated decision making that would impact AI development, and
(iii) make it interact harmoniously with the National AI Policy.
“We request clarification on the Policy’s requirements for local hosting and use of “international AI platforms.” We also recommend, particularly given the limitations of local computational resources noted in the Policy itself, that the policy not require the use of local cloud infrastructure. Cloud infrastructure is at its strongest, most secure, and most economical when it is not subjected to forced localization.”
To read our blog on “Under e-safety bill, Govt. can detain bloggers, anchors, block YouTube and other channels,” click here.