Unravelling Power of the Unseen: Towards an Interdisciplinary Synthesis of Generative AI Regulation

1.1 Generative AI as a Floating Signifier

There is no doubt that the evolution of generative AI models has become the highlight and the latest frontier of AI technology and digital transformation. From a sociosemiotic perspective, generative AI can be defined as a sign infused with social political and economic elements, which has performative effects that align with the interests of vested stakeholders in the domain. In this sense, generative AI can be seen as a “floating signifier” which was named by the anthropologist Claude (1987).

While generative AI as a term performs a function that suggests a specific referent, in order to maximize its suggestive power, overly stringent definition should be avoided as much as possible. What we call “floating” is compatible with the iterative and evolutionary nature of generative AI. Firstly, the technical flexibility and the evolutionary characteristic of generative AI make it challenging to provide a fixed definition of such an object. Generative AI models leverage deep neural networks to learn patterns and structures from large training corpus to generate new content (Cheng and Liu 2023). This technology can generate various forms of content such as text, images, audio, animations, source code, and other data types in a continuous way. The most typical models in this regard include ChatGPT and Sora. It significantly expands the potential of chatbots through the integration of deep learning and language models built on the Generative Pre-trained Transformer (GPT) architecture (Radford et al. 2018). For instance, ChatGPT generates human-like responses to inquiries that are similar to those of human experts by combining supervised fine-tuning with unsupervised pre-training. In this sense, generative AI models can be seen as a dynamic ecosystem that is continually evolving and floating. Secondly, the vague definition also aims to maximize the operational space of generative AI models. Following the path of GPT, GPT-2, and GPT-3, Open AI has launched a more complex and powerful language model GPT-4, which is the latest milestone in OpenAI’s expansion of deep learning. As a large multimodal model (accepting image and text inputs, emitting text outputs), while not as capable as humans in many real-world scenarios, it exhibits human-level performance on a variety of professional and academic benchmarks (Open AI 2024). Widespread global adoption of ChatGPT has demonstrated the vast range of use cases for this technology, including software testing, poetry, prose, business correspondence, and contracts (Dwivedi et al. 2023).

Drawing from the linguistic theories of de Saussure (2011), the data utilized for training Large Language Models (LLMs) embody only form without inherent meaning, implying that generative AI systems have no access to signifieds, only signifiers (Magee, Arora, and Munn 2023). Generative AI as a signifier involves understanding how it represents a meaning (Wagner, Matulewska, and Cheng 2020) within the domain of digital society. Firstly, in its tangible form, generative AI can be seen as a signifier through its physical representation such as hardware components and software systems. In addition to its physical form, generative AI can also serve as a conceptual signifier which encompasses algorithms, automation and deep learning. It represents that generative AI models can perform human-like behavior. Generative AI as a sign also carries cultural and social meanings (Cheng, Cheng, and Sin 2014). It symbolizes the technological extension of the human imagination, which in turn reshapes human cognition. The interpretation and re-interpretation of generative AI as a signifier fluctuates depending on the context of its use and the viewpoints of diverse stakeholders. For instance, generative AI can signify technological innovation and more opportunities, while also raising concerns about regulations, data protection and ethical implications.

In essence, understanding generative AI as a floating signifier requires acknowledging its evolutionary and multifaceted nature. It is imperative to recognize it as both a product of technological advancement and a symbol within societal and cultural contexts. At the level of potentiality, it represents the “infinite” extension of human imagination and thought at the technical level, while on the level of feasibility, it requires “finite” regulation within the confines of human ethics and rules.

1.2 Risks Call for Regulations

We are witnessing the quantum leap in generative AI technology, with new large-scale models being launched on almost a weekly basis. This transformation is reshaping the way humans work and communicate (Hacker 2023). The latest wave and profound impact of generative AI have raised many concerns around potential and actual risks in the form of discrimination, privacy violations, manipulation, disinformation, amplification of bias, and unaccountable decision-making (Bakiner 2023).

The risks and challenges posed by generative AI are primarily concentrated in five main aspects. The first is the ethical risk and the potential for social alienation, which is manifested predominantly through the amplification of societal biases, discrimination, and inequalities, particularly evident in the domain of recruitment (Raub 2018). The second risk relates to intellectual property infringement, which is highly likely to occur when data is inputted into generative AI models without authorization from data providers. The third risk pertains to privacy and data protection, concerning the lawful and compliant collection and processing of data, as well as the handling of sensitive personal information. The fourth risk involves monopoly, which stems from the innovative characteristics of generative AI that result in significant entry barriers, leading to a high concentration of pertinent technology and market among current tech giants and potentially inhibiting the growth of small tech innovators (Cheng and Liu 2023). The fifth risk concerns cybercrime and data security, where the shift in paradigms of cybersecurity attacks and defences related to generative AI (Aksela et al. 2022) indicates an urgent need for further updates in both the preparedness level of cybersecurity agencies and measures to combat cybercrime.

Hence, to foster justice, it is crucial not just to grasp the essence of technology but to overhaul our regulatory outlook towards it. This shift, towards a top-down regulatory approach, is vital for promoting the benevolent evolution of generative AI. However, this poses a challenge to developing comprehensive and critical regulatory theory and, more crucially, to informing national AI strategies, supporting inclusive generative AI innovation, and implementing regulatory guidelines that can counteract its harms (Tacheva and Ramasubramanian 2023). To address these issues and create a shared regulatory framework capable of harmonizing different regulatory stances, we propose an examination of generative AI through the analytical perspective of “panopticism” (Foucault 1977).

The analysis proceeds in four steps. First, the article disentangles the meaning of generative AI, with a perspective of semiotics. Second, it traces the global trends in AI regulation, drawing primarily on the European Union (hereinafter referred to as the EU) and the United States (hereinafter referred to as the US). Third, the article uncovers the challenges associated with regulating AI-related power, and upon reflection through the lens of panopticism, it underscores the pressing need and necessity for regulating the power of the unseen. Finally, this study draws a conclusion on the future of synthetic generative AI regulation.

2.1 A Corpus Analysis of the AI Regulation

To compare the AI regulatory approaches between the EU and the US at the text level, we built two corpora: the EU corpus (hereinafter referred to as EUAIC) and the US corpus (hereinafter referred to as USAIC). Table 1 presents detailed information about the two corpora.

The following analysis was carried out in three steps. First, the materials for the two corpora were converted to plain text files, then into a corpus analysis tool Lancsbox (Brezina, McEnery, and Wattam 2015). Second, we conducted a keyword analysis by comparing each corpus with the BNC to retrieve keywords. Keywords were identified by integrating relative frequency and Log Ratio statistics. After excluding Arabic numerals, we identified the top 30 keywords from each corpus for comparison, ensuring that the frequency of occurrence of each keyword exceeded 10 per cent of the text in each corpus (see Table 2). Third, we categorized the retrieved keywords into thematic groups, in order to obtain insights into the differing emphasis and shared concerns of the two jurisdictions in AI regulation with the support of a closer concordance analysis. We eventually categorized the keywords into three themes as listed in Table 3: (i) actions: keywords related to measures and governance in AI regulation; (ii) actors: keywords pertaining to subjects or regulatory entities involved in AI regulation; (iii) issues: keywords associated with key concerns in AI regulation. To delve deeper into how these keywords function within specific themes, we further conducted the concordance analysis for a more detailed examination.

The very initial findings of the data analysis reveal some general differences between the regulatory approaches of the EU and the US. Firstly, concerning the theme of “actions”, the EU appears to prioritize regulatory measures aligned with “hard law” more than the US does. The frequent occurrence of keywords such as “regulation”, “regulatory”, “enforcement”, and “requirements” in the EUAIC most directly underscores this point. Additionally, keywords such as “conformity”, “referred”, “compliance”, and “accordance” belong to the semantic category of relational terms, which refers to the state of being in agreement, adherence, or alignment with a particular standard, request, command, or expectation. Pragmatically, they can be used to persuade, command, request, or describe actions and behavior within the context of AI societies or institutions. For instance, in the case of “referred”, the word is repeatedly used in the EU AI Act text to connect some annexes, decisions and other articles in the text, to achieve a legal citation effect through intertextuality (Cheng and Sin 2008), which further underscores the necessity of compliance with legal regulatory documents at different levels. In addition, although “assessment” appears frequently in both corpora, it is evident that within the USAIC, there is a greater prevalence of terms expressing evaluative connotations, such as “assessment(s)” and “evaluation”. This phenomenon indicates a regulatory emphasis in the US on self-regulation and self-assessment within AI enterprises, wherein even third-party evaluations operate within the realm of social regulation rather than direct legally coercive mandates.

1. [EUAIC.txt] As regards stand-alone high-risk AI systems that are referred to in Annex III,

2. [EUAIC.txt.] and the detection, localisation, identification or prosecution of perpetrators or suspects of the criminal offences referred to in Council Framework Decision 2002/584/JHA if those criminal offences are punishable in the Member State concerned by a custodial sentence or a detention order for a maximum period of at least 3 years and as they are defined in the law of that Member State.

3. [EUAIC.txt.] The use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for the purpose of law enforcement for any of the objectives referred to in paragraph 1 point d) shall take into account the following elements

Secondly, concerning the theme of “actors”, it can be observed that the EU emphasizes regulation of the subject of obligations, whereas the US prioritizes coordination among various stakeholders. Within the EU AI Act, “provider(s)” is conceptualized in relation to the user. Within this dichotomous framework, users of AI systems are typically the party whose rights are protected, while providers are tasked with obligations or responsibilities. In the Blueprint, however, greater emphasis is placed on coordinating interests across different sectors to ensure that AI systems serve the specific interests of different specific industries.

1. [EUAIC.txt] It is appropriate that a specific natural or legal person, defined as the provider, takes the responsibility for the placing on the market or putting into service of a high-risk AI system, regardless of whether that natural or legal person is the person who designed or developed the system.

2. [EUAIC.txt] This Regulation should also apply to Union institutions, offices, bodies and agencies when acting as a provider or user of an AI system.

3. [USAIC.txt] These tools now drive important decisions across sectors, while data is helping to revolutionize global industries.

4. [USAIC.txt] Future sector-specific guidance will likely be necessary and important for guiding the use of automated systems in certain settings such as AI systems used as part of school building security or automated health diagnostic systems.

From the theme of “issues”, we can find a shared concern between the EU and the US: “surveillance”, which will be discussed in the following part from the perspective of panopticism. Furthermore, it is evident that “high-risk” ranks first in frequency of occurrence as a keyword in the EUAIC, reflecting a significant aspect of the EU AI regulation, which employs a risk-based approach to AI governance. Another notable feature of the EU AI Act is indicated by “harmonised”. This term co-occurs with “rules” or “standards” in the EUAIC. This reflects the EU’s endeavour to establish uniform standards applicable within the EU and extend its ambition beyond EU borders, which is similar to its efforts and global impact achieved with GDPR (Bennett 2018).

1. [EUAIC.txt] This explanatory memorandum accompanies the proposal for a Regulation laying down harmonised rules on artificial intelligence (Artificial Intelligence Act).

2. [EUAIC.txt] the proposal defines common mandatory requirements applicable to the design and development of certain AI systems before they are placed on the market that will be further operationalised through harmonised technical standards.

Meaningful textual analysis, interpretation, and re-contextualization can only be achieved in its specific social context (Cheng and Machin 2023). Therefore, we will extend to the text-external factors like social, political and legal contexts to explore the different regulatory paths of the EU and the US.

2.2 The EU Approach: Prioritizing Safety While Ensuring Fairness

In terms of the legislative process, in April 2021, the European Commission issued a “Proposal for a regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (artificial intelligence act) and amending certain Union legislative acts”, which initiates the “hard law” trajectory of AI governance. By December 2022, the final version of the compromise draft of the EU AI Act was formulated. In June 2023, the European Parliament adopted a negotiating mandate draft for the AI Act and revised the original proposal. On December 8, 2023, the European Parliament, the Council of the European Union, and the European Commission reached an agreement on the AI Act, which stipulates comprehensive regulation of AI. On 13 February 2024, the European Parliament adopted the final text of the EU AI Act in a joint vote.^[1] Overall, the EU AI Act establishes an ethical and legal framework for AI development and usage within the EU, supplemented by the Artificial Intelligence Liability Directive to ensure effective implementation. The discussions surrounding the EU AI Act predominantly revolve around the following aspects:

Firstly, the definition of AI and the scope of the Act. Article 3 (1) of the proposed version defined “AI system” as software developed with one or more of the technologies and approaches that can, for a given set of human-defined objectives, generate outputs such as content, predictions, recommendations, or decisions influencing the environments they interact with. This definition was broad and may encompass a wide range of software traditionally not considered as AI, which could be detrimental to AI development and governance. Henceforth, the current version constrains the definition of AI to “machine learning or logic and knowledge-based systems”, designed to operate at varying degrees of autonomy, and capable of influencing outputs such as predictions, recommendations, or decisions within physical or virtual environments, either explicitly or implicitly directed towards specific goals. Simultaneously, it omits Annex I and the authorization for the European Commission to amend the definition of AI. Regarding its scope of application, the AI Act extends its jurisdiction beyond the borders of the EU, encompassing all providers and deployers of AI systems, irrespective of whether they are established within the EU or in third countries. Additionally, it extends to all distributors, importers, authorized representatives of providers, manufacturers of products established or situated within the European Union, and EU data subjects whose health, safety, or fundamental rights might be significantly impacted by the use of AI systems.

Secondly, the regulatory approach of AI. The EU AI Act proposes a proportionate risk-based approach that imposes regulatory burdens solely when an AI system is likely to present high risks to fundamental rights and safety (Chamberlain 2023). The first is unacceptable risk, which is prohibited from deployment by any company or individual. The second is high risk, which allows relevant parties to market or utilize the AI system only after fulfilling obligations such as pre-assessment, while mandating continuous monitoring during and after deployment. The third is limited risk, exempting the need for special licenses, certifications, or reporting obligations, but the principle of transparency should be followed to allow appropriate traceability and interpretability. The fourth is minimal risk, which can be deployed and used according to the free will of the corresponding subject.

2.3 The US Approach: Emphasizing Self-Regulation and Supporting Technological Innovation

Against the backdrop of global deliberations on AI legislation and policy-making, the US has gradually formulated a regulatory framework based on the voluntary principle. A comprehensive regulation in the US is the Blueprint, released by the White House Office of Science and Technology Policy in October 2022, which aims to support the protection of civil rights throughout the design, deployment, and governance processes of automated systems.^[2] Specifically, the right-oriented framework leads with a declaration of national values, supplemented with diverse resources and best practices, aimed at fostering greater transparency and reliability in automated systems and decision-making processes. The Blueprint contains five principles: safe and effective systems, algorithmic discrimination protections, data privacy, notice and explanation, and alternative options. As the aforementioned principles lack regulatory enforcement, the Blueprint does not constitute a legislative and executable Act for rights protection; rather, it serves as a forward-looking governance blueprint rooted in future aspirations.

Presently, the US Congress has adopted a relatively non-interventionist approach to AI regulation, despite indications from Democratic leadership of plans to propose a federal law aimed at regulating AI. US Senate Majority Leader Chuck Schumer has proposed a safe innovation framework, which outlines four pillars that he hopes will guide future legislation governing AI: security, accountability, protecting foundations and explainability. However, this framework is not legislative text, and it is not clear how long it will take to begin putting together legislative proposals. Confronted with strategic competitive pressures brought about by the EU AI Act and the broad-ranging security risks posed by generative AI, federal agencies in the US have embraced a proactive stance, engaging in regulatory oversight within their jurisdictional purview.

3.1 (In) Visibility of Generative AI

This sub-section mainly takes the notion of “panopticism” and uses it to examine generative AI as a sign, breaking it down into two categories: visibility and invisibility (see Figure 1). Within these two discrete dimensions, it draws conclusions regarding regulatory approaches and power relations of generative AI. This study advocates for the manifestation of technical power in the AI society in an invisible, automatically operational manner, which achieves the apparent effect of separation of power and human beings. This portrayal clothes power in a guise of technical neutrality, thereby making individuals compliant, dependent, and compliant with standards.

In accordance with the panoramic prison theory of Bentham and Foucault, within the digital space under the control of algorithmic or AI power (Beer 2009), ordinary people are in a state of surveillance. Unlike social norms established by humans in traditional societies, in the digital or AI space, standards prioritize technical criteria, which forms a normalization of standards at the technical level and penetrates civil society in a more covert way. Netizens become the object of technological discipline, while large Internet enterprises and AI technology companies wield the power to discipline. At this juncture, it is imperative to regulate and control the technological power to prevent power generalization.

The underlying logic here is that this innovative, explosive technology exerts both visible and invisible forms of disciplinary power over traditional society. In situations where technological power holds a dominant position, the invisible dimension far surpasses the visible power, resulting in an iceberg effect. In the domain of generative AI, the visible aspect of technological power can be perceived by the user, which is embodied in the input of data and instructions and the output of generated content (Onitiu 2021). While users enjoy the transformative breakthrough brought by science and technology, they rely on it in a proactive way (Brandtzaeg, Skjuve, and Følstad 2022). To a certain extent, users are willing and active to feed data to generative AI models and expect it to generate content they want for efficiency improvement and convenience in their work or life. Furthermore, many users take advantage of this instrumental nature for their own benefit. In this dimension, users and owners of technological power are in a state of mutual surveillance, engaged in interactive dynamics without unilateral exploitation or oppression.

This is only the visible dimension at the superficial level. Generative AI has sparked discussions and fears across various sectors of society (Ray 2023), not only among the general public but also among leaders in all walks of life. In the face of such tools, the expert identity will be stripped away and transformed into mere users. This underscores that every user is under the discipline of technical power when confronted with groundbreaking technology. This is also one of the reasons to regulate AI-related power. Under this power situation, which involves a game between technological power and traditional social power, regulatory authority must come into play. Appropriately limiting the generalization of technological power and incorporating human care and ethical considerations are needed to preserve human dignity.

The other dimension is the invisible power. Unlike previous technological revolutions and transformations (Song and Ma 2022), the invisible scope of Generative AI is broader, and its rapid iteration of technology brings greater unknown fears to society. This invisible dimension primarily refers to the layers of data, algorithms, and code. These highly technical domains are incomprehensible to most users and may even be mythologized, which exacerbates fear of AI technology at the cognitive level. This extends to the demand for transparency in AI. Therefore, based on this logic, the future focus of regulating generative AI should be on regulating the invisible dimension, namely, the deeper levels of algorithms and data.

The essence of this AI technological power is not fixed or absolute but rather a form of relational power. It can only develop positively when subject to regulatory constraints (Buiten 2019). Once technological power becomes absolute, it will lead to disorderly expansion and malignant development. At the societal level, it can provoke greater cognitive panic, resulting in group irrationality and active restrictions on technological development. Positive development requires legislators and regulators to deeply understand the underlying logic of technology and the characteristics of the invisible dimension of AI-related power. It is necessary to propose targeted regulatory suggestions, impose certain restrictions from a legal perspective, dispel technological fears at the societal level, and fully respect and protect human rights. Only then can technology be fostered towards benevolent development.

3.2 Structural Challenges of the AI-Related Regulation

The widespread adoption of Al technologies changes the ethical, sociological, and political boundaries of the regulatory framework in other ways. Al-related regulation reproduces long-term, structural problems going beyond issue-by-issue regulation, is embedded within social structures that produce cumulative effects and introduces additional challenges that require a discussion about the relationship between regulation and AI technology (Bakiner 2023).

The EU aims to establish global standards for AI regulation through the AI Act, thus enabling Europe to gain an advantage in the international AI competition. The AI Act sets relatively reasonable rules for governing AI systems, which to some extent can mitigate discrimination, surveillance, and other potential harms, especially in areas related to fundamental rights. For instance, the AI Act prohibits certain uses of AI, such as facial recognition in public spaces. However, the AI Act also has shortcomings in aspects such as risk classification, regulatory intensity, rights protection, and liability mechanisms. For instance, it adopts a horizontal legislative approach, which attempts to encompass all AI systems under regulatory scope without delving into the differing features among them. This may result in challenges in the implementation of relevant risk prevention measures. The current EU framework for AI regulation unjustifiably collapses fundamental distinctions between social and individual risk by equating high-risk AI systems in the AI Act with those under the liability framework (Hacker 2023). The challenge in the current AI regulatory path in the US lies in its focus on applying existing laws to AI rather than enacting specialized AI legislation. At present, the US Congress has not yet reached a consensus on the federal legislation of AI regulation, including specifics such as regulatory frameworks and risk classification. Consequently, it will likely take a considerable amount of time for federal-level AI regulatory legislation to emerge in the US.

Building upon the analysis conducted from the perspective of panopticism, which examines visibility and invisibility, this study further proposes an analysis of the challenges in regulating AI-related power along these two dimensions. The dimension of visibility includes issues of input and output quality, while the dimension of invisibility involves process-related concerns. These two dimensions collectively lead to the challenges of legal regulation risks.

The first is the issue of input quality. AI is composed of algorithms, computing power and data elements, with data serving as its foundation (Mantelero 2018), to a certain extent determining the accuracy and reliability of its outputs. Generative AI is a subtype of AI, so its outputs (generated content) are similarly influenced by the quantity and quality of data. Generative AI must be trained with high-quality data (Whang et al. 2023); once the dataset is contaminated or tampered with, the generative AI may damage the basic rights of users, intellectual property rights, personal privacy and information data rights, and even produce social bias. The second issue pertains to output quality. In essence, risks stem from people’s inadequate understanding and control over phenomena (Lupton 2013: 3), which leads to an inability to solve the problem in time before it sprouts or even erupts. From this perspective, the level of controllability of technology is inversely proportional to its associated risks; the more difficult a technology is to control, the higher the risks. Large language models endow generative AI with logical deduction capabilities, yet also render its output increasingly unpredictable. In other words, the controllability of generative AI is relatively low, thus posing higher potential risks. For instance, due to social and cultural disparities, the output of generative AI models may be appropriate in one cultural context but offensive in another. Humans can discern such differences, but generative AI may inadvertently produce inappropriate content (Jo 2023) due to a lack of cultural pre-design, thus failing to differentiate subtle cultural nuances. The third is the concerns in the processing stage. Apart from data, the algorithmic models used during training also impact the output of generative AI (AbuMusab 2023). Even with high-quality data, if the chosen algorithmic model is flawed or not aligned with the intended purpose, it cannot yield a well-performing AI system. Issues of AI discrimination and bias stemming from machine learning algorithms and training data are collectively referred to as pre-existing algorithmic biases (Bozdag 2013), contrasting with emergent algorithmic biases triggered by the emergence of new knowledge, formats, or scenarios. Technological advancements have not eradicated the problem of fake generation; rather, they have merely repackaged and disguised it. Therefore, generative AI often encounters emergent algorithmic biases, further increasing risks and challenges (Simon et al. 2020). The input quality problems, processing problems and output quality problems of generative AI push the regulatory difficulty to a new peak, resulting in the legal risk of regulatory failure. The legal risks of generative artificial intelligence are not limited to a specific field, but cross multiple fields and require the collaborative governance of multiple departments.

The challenges related to the quality of input, processing, and output of generative AI have pushed regulatory difficulties to a new peak, which leads to the legal risk of invalid regulation. The legal risks associated with generative AI are not limited to any specific field but cut across multiple sectors and require coordinated governance across various stakes.