EU warns Microsoft it could be fined billions over missing GenAI risk info
Comment
The European Union has warned Microsoft that it could be fined up to 1% of its global annual turnover under the bloc’s online governance regime, the Digital Services Act (DSA), after the company failed to respond to a request for information (RFI) that focused on its generative AI tools.
Back in March, the EU asked Microsoft and a number of other tech giants for information about systemic risks posed by generative AI tools. On Friday, the Commission said Microsoft failed to provide some of the documents it asked for. However an updated version of the Commission’s press release tweaked the phrasing used, removing an earlier claim that the EU did not receive an answer from Microsoft. The revised version states that the EU is stepping up enforcement action “following an initial request for information”.
The Commission has given Microsoft until May 27 to supply the requested data or risk enforcement. Fines under the DSA can scale up to 6% of global annual revenue, but incorrect, incomplete or misleading information provided in response to a formal RFI can result in a standalone fine of 1%. That could sum to a penalty of up to a couple of billion dollars in Microsoft’s case — the company reported revenue of $211.92 billion in the fiscal year ended June 30, 2023.
Larger platforms’ systemic risk obligations under the DSA are overseen by the Commission itself, and this warning sits atop a toolbox of powerful enforcement options that could be far costlier for Microsoft than any reputational ding it might get for failing to produce data on request.
The Commission said it is missing information related to risks stemming from search engine Bing’s generative AI features — notably, the regulator highlighted AI assistant “Copilot in Bing” and image generation tool “Image Creator by Designer.”
The EU said it is particularly concerned about any risks the tools may pose to civic discourse and electoral processes.
The Commission has given Microsoft until May 27 to provide the missing information or risk a fine of 1% of annual revenue. If the company fails to produce the data by then, the Commission may also impose “periodic penalties” of up to 5% of its average daily income or worldwide annual turnover.
Bing was designated as a so-called “very large online search engine” (VLOSE) under the DSA back in April 2023, meaning it is subject to an extra layer of obligations related to mitigating systemic risks like disinformation.
The DSA’s obligation on larger platforms to mitigate disinformation puts generative AI technologies squarely in the frame. Tech giants have been at the forefront of embedding GenAI into their mainstream platforms despite glaring flaws such as the tendency for large language models (LLMs) to fabricate information while presenting it as fact.
AI-powered image generation tools have also been shown to produce racially biased or potentially harmful output, such as misleading deepfakes. The EU, meanwhile, has an election coming up next month, which is concentrating minds in Brussels on AI-fueled political disinformation.
“The request for information is based on the suspicion that Bing may have breached the DSA for risks linked to generative AI, such as so-called ‘hallucinations,’ the viral dissemination of deepfakes, as well as the automated manipulation of services that can mislead voters,” the Commission wrote in a press release.
“Under the DSA, designated services, including Bing, must carry out adequate risk assessment and adopt respective risk mitigation measures (Art 34 and 35 of the DSA). Generative AI is one of the risks identified by the Commission in its guidelines on the integrity of electoral processes, in particular for the upcoming elections to the European Parliament in June.”
Reached for comment, a Microsoft spokesperson sent a statement in which it claims to be “deeply committed to creating safe experiences online and working with regulators on this important topic”.
“We have been fully cooperating with the European Commission as part of the voluntary request for information and remain committed to responding to their questions and sharing more about our approach to digital safety and compliance with the DSA,” Microsoft also wrote, adding: “Across our diverse range of online services, we take steps to measure and mitigate potential risks. That includes a number of actions to prepare our tools for the 2024 elections and help safeguard voters, candidates, campaigns and election authorities. We will also continue to collaborate with our industry peers as part of the Tech Accord to Combat Deceptive Use of AI in 2024 Elections.”
This report was updated with comment from Microsoft. We also updated the report to reflect a change the Commission made to its press release, at 15h30 CET, which removed the claim it had not received an answer to its earlier RFI from Microsoft and replaced it with a more generic observation that it is stepping up enforcement action following the earlier request for information
Every weekday and Sunday, you can get the best of TechCrunch’s coverage.
Startups are the core of TechCrunch, so get our best coverage delivered weekly.
The latest Fintech news and analysis, delivered every Sunday.
TechCrunch Mobility is your destination for transportation news and insight.
By submitting your email, you agree to our Terms and Privacy Notice.
Welcome to Startups Weekly! We’ve been drowning in AI news this week, with Google’s I/O setting the pace. And Elon Musk rages against the machine.
IndieBio’s Bay Area incubator is about to debut its 15th cohort of biotech startups. We took special note of a few, which were making some major, bordering on ludicrous, claims…
YouTube TV has announced that its multiview feature for watching four streams at once is now available on Android phones and tablets. The Android launch comes two months after YouTube…
Featured Article
CSC ServiceWorks provides laundry machines to thousands of residential homes and universities, but the company ignored requests to fix a security bug.
OpenAI’s Superalignment team, responsible for developing ways to govern and steer “superintelligent” AI systems, was promised 20% of the company’s compute resources, according to a person from that team. But…
TechCrunch Disrupt 2024 is just around the corner, and the buzz is palpable. But what if we told you there’s a chance for you to not just attend, but also…
Decks are all about telling a compelling story and Goodcarbon does a good job on that front. But there’s important information missing too.
Slack is making it difficult for its customers if they want the company to stop using its data for model training.
A Texas-based company that provides health insurance and benefit plans disclosed a data breach affecting almost 2.5 million people, some of whom had their Social Security number stolen. WebTPA said…
Featured Article
Microsoft won’t be facing antitrust scrutiny in the U.K. over its recent investment into French AI startup Mistral AI.
Ember has partnered with HSBC in the U.K. so that the bank’s business customers can access Ember’s services from their online accounts.
Kudos uses AI to figure out consumer spending habits so it can then provide more personalized financial advice, like maximizing rewards and utilizing credit effectively.
The EU’s warning comes after Microsoft failed to respond to a legally binding request for information that focused on its generative AI tools.
The prospects for troubled banking-as-a-service startup Synapse have gone from bad to worse this week after a United States Trustee filed an emergency motion on Wednesday. The trustee is asking…
U.K.-based Seraphim Space is spinning up its 13th accelerator program, with nine participating companies working on a range of tech from propulsion to in-space manufacturing and space situational awareness. The…
OpenAI has reached a deal with Reddit to use the social news site’s data for training AI models. In a blog post on OpenAI’s press relations site, the company said…
X users will now be able to discover posts from new Communities that are trending directly from an Explore tab within the section.
For Mark Zuckerberg’s 40th birthday, his wife got him a photoshoot. Zuckerberg gives the camera a sly smile as he sits amid a carefully crafted re-creation of his childhood bedroom.…
Strava announced a slew of features, including AI to weed out leaderboard cheats, a new ‘family’ subscription plan, dark mode and more.
We all fall down sometimes. Astronauts are no exception. You need to be in peak physical condition for space travel, but bulky space suits and lower gravity levels can be…
Microsoft will launch its custom Cobalt 100 chips to customers as a public preview at its Build conference next week, TechCrunch has learned. In an analyst briefing ahead of Build,…
What a wild week for transportation news! It was a smorgasbord of news that seemed to touch every sector and theme in transportation.
Sony Music Group has sent letters to more than 700 tech companies and music streaming services to warn them not to use its music to train AI without explicit permission.…
Winston Chi, Butter’s founder and CEO, told TechCrunch that “most parties, including our investors and us, are making money” from the exit.
The investor lawsuit is related to Bolt securing a $30 million personal loan to Ryan Breslow, which was later defaulted on.
Meta, the parent company of Facebook, launched an enterprise version of the prominent social network in 2015. It always seemed like a stretch for a company built on a consumer…
X, formerly Twitter, turned TweetDeck into X Pro and pushed it behind a paywall. But there is a new column-based social media tool in town, and it’s from Instagram Threads.…
As part of 2024’s Accessibility Awareness Day, Google is showing off some updates to Android that should be useful to folks with mobility or vision impairments. Project Gameface allows gamers…
A hacker listed the data allegedly breached from Samco on a known cybercrime forum.
A top European privacy watchdog is investigating following the recent breaches of Dell customers’ personal information, TechCrunch has learned. Ireland’s Data Protection Commission (DPC) deputy commissioner Graham Doyle confirmed to…
Powered by WordPress VIP
Leave a Comment