The European Union has warned Microsoft that it could be fined up to 1% of its global annual turnover under the bloc’s online governance regime, the Digital Services Act (DSA), after the company failed to respond to a request for information (RFI) that focused on its generative AI tools.
Back in March, the EU asked Microsoft and a number of other tech giants for information about systemic risks posed by generative AI tools. On Friday, the Commission said Microsoft failed to provide some of the documents it asked for. However an updated version of the Commission’s press release tweaked the phrasing used, removing an earlier claim that the EU did not receive an answer from Microsoft. The revised version states that the EU is stepping up enforcement action “following an initial request for information”.
The Commission has given Microsoft until May 27 to supply the requested data or risk enforcement. Fines under the DSA can scale up to 6% of global annual revenue, but incorrect, incomplete or misleading information provided in response to a formal RFI can result in a standalone fine of 1%. That could sum to a penalty of up to a couple of billion dollars in Microsoft’s case — the company reported revenue of $211.92 billion in the fiscal year ended June 30, 2023.
Larger platforms’ systemic risk obligations under the DSA are overseen by the Commission itself, and this warning sits atop a toolbox of powerful enforcement options that could be far costlier for Microsoft than any reputational ding it might get for failing to produce data on request.
The Commission said it is missing information related to risks stemming from search engine Bing’s generative AI features — notably, the regulator highlighted AI assistant “Copilot in Bing” and image generation tool “Image Creator by Designer.”
The EU said it is particularly concerned about any risks the tools may pose to civic discourse and electoral processes.
The Commission has given Microsoft until May 27 to provide the missing information or risk a fine of 1% of annual revenue. If the company fails to produce the data by then, the Commission may also impose “periodic penalties” of up to 5% of its average daily income or worldwide annual turnover.
Bing was designated as a so-called “very large online search engine” (VLOSE) under the DSA back in April 2023, meaning it is subject to an extra layer of obligations related to mitigating systemic risks like disinformation.
The DSA’s obligation on larger platforms to mitigate disinformation puts generative AI technologies squarely in the frame. Tech giants have been at the forefront of embedding GenAI into their mainstream platforms despite glaring flaws such as the tendency for large language models (LLMs) to fabricate information while presenting it as fact.
AI-powered image generation tools have also been shown to produce racially biased or potentially harmful output, such as misleading deepfakes. The EU, meanwhile, has an election coming up next month, which is concentrating minds in Brussels on AI-fueled political disinformation.
“The request for information is based on the suspicion that Bing may have breached the DSA for risks linked to generative AI, such as so-called ‘hallucinations,’ the viral dissemination of deepfakes, as well as the automated manipulation of services that can mislead voters,” the Commission wrote in a press release.
“Under the DSA, designated services, including Bing, must carry out adequate risk assessment and adopt respective risk mitigation measures (Art 34 and 35 of the DSA). Generative AI is one of the risks identified by the Commission in its guidelines on the integrity of electoral processes, in particular for the upcoming elections to the European Parliament in June.”
Reached for comment, a Microsoft spokesperson sent a statement in which it claims to be “deeply committed to creating safe experiences online and working with regulators on this important topic”.
“We have been fully cooperating with the European Commission as part of the voluntary request for information and remain committed to responding to their questions and sharing more about our approach to digital safety and compliance with the DSA,” Microsoft also wrote, adding: “Across our diverse range of online services, we take steps to measure and mitigate potential risks. That includes a number of actions to prepare our tools for the 2024 elections and help safeguard voters, candidates, campaigns and election authorities. We will also continue to collaborate with our industry peers as part of the Tech Accord to Combat Deceptive Use of AI in 2024 Elections.”
This report was updated with comment from Microsoft. We also updated the report to reflect a change the Commission made to its press release, at 15h30 CET, which removed the claim it had not received an answer to its earlier RFI from Microsoft and replaced it with a more generic observation that it is stepping up enforcement action following the earlier request for information
Comment