That's a very good question.
The title of the paper is that we need to establish a “New Approach”. That's a reference to the EU approach.
Since 1985, the European Commission has had the authority to make standardization requests to its standards body. I was just out of university in 1985. Some of you were still in high school, I'm sure—or primary school, some of you. It's been a long time.
Think of the example of AI. In Europe, there was a law regarding high-risk AI applications. It was passed in March. Well, in December of last year, the European Commission asked its standards body to develop 10 standards to frame compliance to its new, upcoming legislation. From data collection to ensuring that privacy requirements are met to documentation to conformity assessment, it's all there. The European Union has a mechanism to mandate the development of standards.
The other thing about that is that once the standard is out, there is a presumption of conformity. Once the standard is out.... The regulators have helped design that standard. When it's published, it becomes part of the legislative tools. Industry has to comply with it.
In the U.S., you have executive orders from the White House. The White House regularly asks its National Institute of Standards and Technology, NIST, to develop standards so that products and systems are safer. They've done it for the smart grid. They're doing it for AI now. In the U.K., they've designed a standards institute for AI, and they approve standards in a list of recognized standards. They don't even need a regulation. You can put them on a website, and people know they have to comply with these standards.
That's a long answer to your question.