The European Union has warned Microsoft that it could possibly be fined as much as 1% of its global annual turnover under the bloc’s online governance regime, the Digital Services Act (DSA), after the corporate failed to answer a request for information (RFI) that focused on its generative AI tools.
Back in March, the EU asked Microsoft and quite a lot of other tech giants for details about systemic risks posed by generative AI tools. On Friday, the Commission said Microsoft failed to supply a few of the documents it asked for. Nevertheless an updated version of the Commission’s press release tweaked the phrasing used, removing an earlier claim that the EU didn’t receive a solution from Microsoft. The revised version states that the EU is stepping up enforcement motion “following an initial request for information”.
The Commission has given Microsoft until May 27 to produce the requested data or risk enforcement. Fines under the DSA can scale as much as 6% of world annual revenue, but incorrect, incomplete or misleading information provided in response to a proper RFI may end up in a standalone nice of 1%. That would sum to a penalty of up to a few of billion dollars in Microsoft’s case — the corporate reported revenue of $211.92 billion within the fiscal yr ended June 30, 2023.
Larger platforms’ systemic risk obligations under the DSA are overseen by the Commission itself, and this warning sits atop a toolbox of powerful enforcement options that could possibly be far costlier for Microsoft than any reputational ding it would get for failing to supply data on request.
The Commission said it’s missing information related to risks stemming from search engine Bing’s generative AI features — notably, the regulator highlighted AI assistant “Copilot in Bing” and image generation tool “Image Creator by Designer.”
The EU said it is especially concerned about any risks the tools may pose to civic discourse and electoral processes.
The Commission has given Microsoft until May 27 to supply the missing information or risk a nice of 1% of annual revenue. If the corporate fails to supply the info by then, the Commission can also impose “periodic penalties” of as much as 5% of its average each day income or worldwide annual turnover.
Bing was designated as a so-called “very large online search engine” (VLOSE) under the DSA back in April 2023, meaning it’s subject to an additional layer of obligations related to mitigating systemic risks like disinformation.
The DSA’s obligation on larger platforms to mitigate disinformation puts generative AI technologies squarely within the frame. Tech giants have been on the forefront of embedding GenAI into their mainstream platforms despite glaring flaws comparable to the tendency for giant language models (LLMs) to fabricate information while presenting it as fact.
AI-powered image generation tools have also been shown to supply racially biased or potentially harmful output, comparable to misleading deepfakes. The EU, meanwhile, has an election coming up next month, which is concentrating minds in Brussels on AI-fueled political disinformation.
“The request for information relies on the suspicion that Bing could have breached the DSA for risks linked to generative AI, comparable to so-called ‘hallucinations,’ the viral dissemination of deepfakes, in addition to the automated manipulation of services that may mislead voters,” the Commission wrote in a press release.
“Under the DSA, designated services, including Bing, must perform adequate risk assessment and adopt respective risk mitigation measures (Art 34 and 35 of the DSA). Generative AI is one among the risks identified by the Commission in its guidelines on the integrity of electoral processes, particularly for the upcoming elections to the European Parliament in June.”
Reached for comment, a Microsoft spokesperson sent a press release through which it claims to be “deeply committed to creating secure experiences online and working with regulators on this vital topic”.
“We have been fully cooperating with the European Commission as a part of the voluntary request for information and remain committed to responding to their questions and sharing more about our approach to digital safety and compliance with the DSA,” Microsoft also wrote, adding: “Across our diverse range of online services, we take steps to measure and mitigate potential risks. That features quite a lot of actions to arrange our tools for the 2024 elections and help safeguard voters, candidates, campaigns and election authorities. We may also proceed to collaborate with our industry peers as a part of the Tech Accord to Combat Deceptive Use of AI in 2024 Elections.”
This report was updated with comment from Microsoft. We also updated the report back to reflect a change the Commission made to its press release, at 15h30 CET, which removed the claim it had not received a solution to its earlier RFI from Microsoft and replaced it with a more generic statement that it’s stepping up enforcement motion following the sooner request for information
