Thank you for your question.
It's a really interesting one that I'll try to tackle in a couple of ways.
One is that it's super-important that we recognize the import at this time of pursuing research into AI safety and evaluation mechanisms to be able to understand the underlying mechanisms and potential for harms within algorithms. That's at the heart of the Canadian AI safety institute and at the heart of our work with the Canadian Institute for Advanced Research in their role in the Canadian AI safety institute: It's to be able to advance the science that's helping us know how actual AI algorithms and advanced AI systems are playing out and to help create evaluative mechanisms that are going to assist developers and deployers to test effectively what the potential vulnerabilities and harms are in relation to their systems. That's one important piece.
The second is that it's super-important that we also continue to advance international efforts toward the ways that standardization can assist industry and provide certainty to industry in ensuring that there are effective mechanisms they can readily tell their users and their customers that they are complying with to ensure that they're not actually deploying systems that have the capacity to harm their customers. Canada is participating in a number of those efforts, whether it's within our standards bodies themselves or within the safety institute and some of our research communities that are pursuing some of that effort.
It's increasingly important that we also set out some of the ways in which industry can commit itself to being able to do some of that work in their own development and deployment. That's where the voluntary code for industry on the use of generative AI is extraordinarily helpful. It provides assurances to the market as well as to industry about their ability to assess whether or not they've met the basic terms by which they are doing things like ensuring transparency in the development and use of their algorithms or their work as it relates to things like red teaming, actually testing whether or not they know the potential outcomes and are creating mechanisms for some sort of feedback mechanism when actual risks and harms are adjudicated. I'd say that's one of the ways that we're going to be able to find that space.
The other, which I'll just briefly mention, is that there's an assumption that the only way we're going to get to good outcomes in artificial intelligence is through generalized AI legislation or generalized AI regulation. That's an open debate, but one of the things it misses is that there's extraordinary room within sector-based and existing verticals of regulatory efforts to be able to get at potential AI harms, whether that's capacities for our medical device examiners to know how to effectively interpret the safety of a medical device that utilizes artificial intelligence or whether it's the use of our private sector privacy laws to ensure that when an automated decision-making system makes a decision on the basis of someone's personal information, they get to know which aspects of personal information were used in that decision.