Red Teaming AI Policy: A Taxonomy of Avoision and the EU AI Act
This addresses the challenge for policymakers and regulators in anticipating and mitigating loopholes in AI governance, though it is incremental as it builds on existing regulatory analysis.
The paper tackles the problem of firms potentially circumventing the EU AI Act by developing a taxonomy of 'avoision' strategies that blend legal avoidance and evasion, organized around three tiers of regulatory exposure to help red team the regulation.
The shape of AI regulation is beginning to emerge, most prominently through the EU AI Act (the "AIA"). By 2027, the AIA will be in full effect, and firms are starting to adjust their behavior in light of this new law. In this paper, we present a framework and taxonomy for reasoning about "avoision" -- conduct that walks the line between legal avoidance and evasion -- that firms might engage in so as to minimize the regulatory burden the AIA poses. We organize these avoision strategies around three "tiers" of increasing AIA exposure that regulated entities face depending on: whether their activities are (1) within scope of the AIA, (2) exempted from provisions of the AIA, or are (3) placed in a category with higher regulatory scrutiny. In each of these tiers and for each strategy, we specify the organizational and technological forms through which avoision may manifest. Our goal is to provide an adversarial framework for "red teaming" the AIA and AI regulation on the horizon.