Senior Fellow for Emerging Technologies Lindsay Gorman testified before the US-China Economic and Security Review Commission about areas of convergence between the United States and the European Union on technology issues. Below is a copy of her written testimony.
Commissioner Mann, Commissioner Friedberg, and distinguished members of the Commission, thank you for the opportunity to testify before you today. The views I express in this testimony and before you are my own and should not be taken as representing those of my current or former employers.
I serve as the head of the Technology and Geopolitics Team at the German Marshall Fund’s Alliance for Securing Democracy, where I lead a research initiative studying how democracies can together outcompete autocrats—chiefly China—in emerging technologies. I had the privilege of serving at the White House, where I crafted a technology and national security competitiveness strategy for the US government. I also developed initiatives to implement that strategy, including through multilateral initiatives. I was part of the team that stood up the US-EU Trade and Technology Council (TTC), served as the US lead for the TTC’s work on artificial intelligence (AI), and led the US delegation in the Quad Critical and Emerging Technology Working Group effort on Horizon Scanning. Both during my time at GMF and in government, I have had the opportunity and privilege of engaging extensively with officials, policy, and technology communities across the Atlantic, both at the EU and at the member state level on China technology matters from 5G and digital infrastructure to AI and international standards setting. Finally, my academic training is in quantum physics and computer science, and I spent the first part of my career working with start-up companies and venture capital, including founding a firm looking at emerging technologies.
My testimony will focus on: (i) the underpinnings of European technology competitiveness and its convergence and divergences with the United States at the strategic level; (ii) China’s technology transfer as a case study for the interplay among technical, economic, and national security objectives that define competitiveness; (iii) AI regulatory models from the EU, United States, and China; (iv) prospects for the US-EU Trade and Technology Council; and (v) recommendations for the US Congress.
But let me start by emphasizing that on the question of US and European views on technology competition with China, the direction is unequivocally that of convergence. Precise transatlantic alignment may never materialize. But enthusiasm in the TTC is high on a new approach to transatlantic technology policy–one that is more connected, more allied, and ultimately more conducive to both sides’ strategic goals. The United States must seize on this motivation, cement channels for technology policy coordination, and deliver concrete joint outcomes.
A growing credible threat of techno-authoritarianism
Europe’s technological competitiveness agenda—particularly the aspects that involve China—must be understood in the context of the changing geopolitical climate around the global threat of authoritarianism. For years, and even decades, European discussions around technology competitiveness have focused on the United States, not China, as the main, pacing competitor. In recent years, however, and especially due to Russian President Vladimir Putin’s invasion of Ukraine and growing closeness to Chinese President Xi Jinping in spite of the war, the rising tide of authoritarianism has become concrete for Europe, leading to a gradual return to a more strategic posture on security and prosperity. Germany’s release of a national security strategy for the first time is an exemplar of this reality, and its China strategy is to follow next month. Democratic values too are increasingly part of European rhetoric, including on technology. At the first TTC Ministerial in Pittsburgh the United States and EU put shared values at the heart of their work on AI. They wrote:
“The European Union and the United States acknowledge that AI technologies yield powerful advances but also can threaten our shared values and fundamental freedoms if they are not developed and deployed responsibly or if they are misused. The European Union and the United States affirm their willingness and intention to develop and implement AI systems that are innovative and trustworthy and that respect universal human rights and shared democratic values.”
Yet still, key differences with the United States approach to technology competition remain. First, the United States’ view of technology competition is more centered in and animated by systemic competition with China. The threat of China’s global technological and international leadership is a kick in the pants and rallying call for bipartisan action in the United States, as evidenced by conversations around the CHIPS Act and the House China Commission. For Europe, this is far less of a zero-sum game. Indeed, the EU’s “Digital Decade” initiative largely predates rising concerns about Chinese global influence and is motivated more by a desire to position Europe itself as a global technology leader, or at least have a strong footing of its own in an era of US-China technology competition.
Second, despite enormous progress over the last two years, an inherent degree of skepticism of the United States and especially US technology companies persists. This sentiment is not likely to be readily overcome as the United States enters the 2024 election season and questions of protectionism in US foreign policy again surface.
Third, whereas the United States has moved further and faster on the defensive toolkit of measures, such as export controls and investment screening, to counter China’s malign activity, intellectual property theft, and the threats posed by Chinese military-civil fusion in technology, Europe has leaned in harder in its quest to be a global technology regulatory leader, developing country-agnostic solutions that position the continent as a standard bearer for a human-centered or responsible approach to tech regulation and which apply regardless of actor. With the landmark General Data Protection Regime and now the EU AI Act—but also the Digital Services Act and Digital Markets Act—Europe is cementing its track record on this approach. Ultimately, this is fertile ground for deepening transatlantic partnership. The United States would do well to adopt country-agnostic solutions, such as on federal data privacy legislation, that Europe has taken. Likewise European policymakers are starting to recognize some of the limits of a purely country-agnostic approach, especially when it comes to critical infrastructure such as 5G.
From “partner, competitor, systemic rival” to “de-risking”: increasing alignment in US and EU technology competition strategy
At the same time, while differences among and certainly within member states persist, much of the naivete that characterized the Western relationship with China’s government has been shed, at least at the level of the European Commission. As European Commission President Ursula von Der Leyen stated pointedly in March at the Mercator Institute, “the Chinese Communist Party’s clear goal is a systemic change of the international order with China at its centre…and we have seen the show of friendship in Moscow which says a thousand words about this new vision for an international order.” Such a clear-eyed pronouncement would have been unthinkable five years ago and reflects this acceleration in European strategic thinking brought about by both pandemic supply chain shocks and the Ukraine war.
The European ‘China strategy’ that this ‘de-risking’ speech laid out is chiefly an economic and technology strategy with striking and encouraging similarities in approach to US technology competition strategy. Its four pillars include: (1) making Europe’s economy more competitive and resilient; (2) more assertively enforcing trade instruments for security concerns such as the 5G Toolbox, investment screening mechanism, export controls, Foreign Subsidies Regulation, and a new anti-coercion instrument; (3) developing new defensive tools for critical sectors such as microelectronics, quantum computing, robotics, artificial intelligence, and biotech to close gaps in leakage in CET; and (4) aligning with other partners. (The United States is not mentioned as such a partner, however.)
The technology competitiveness strategy framework that US National Security Advisor Jake Sullivan laid out to the National Security Commission on AI in 2021 and the Special Competitive Studies Project in 2022 highlights four pillars: investing in the US technology ecosystem, nurturing STEM talent, protecting technology advantages, and deepening cooperation with allies and partners.
Increasingly, US and EU descriptions of the “defensive” or “protect” toolkit are aligning, as are the mechanisms of action under consideration, including investment screening (inbound and outbound), technology export controls, and concern around Chinese intellectual property theft.
So too are the promotional pieces of these strategies converging on a recognition of strategic industries. The EU Chips Act ambitiously aims to double the EU’s global market share in semiconductor production to 20% by 2030 with $43 billion in public and private investment. Many are skeptical, however, that the quadrupling of production necessary to meet this target will be realistic. Both the United States and EU have called for leadership in the clean tech revolution and are focusing on reducing dependency on China for critical raw materials. Interested in making Europe “the home of clean tech and industrial innovation,” the Commission aims to produce 40% of clean tech needed for the green transformation and decrease its 98% dependency on China for rare earth minerals.
Finally, both sides have embraced the EU terminology of “de-risking” to describe the technology relationship with China.
We have truly come a long way. The work of the next two years will need to translate what is now a side-by-side alignment on the risks, opportunities, and tools to address them into a more closely fused notion of allied competitiveness that builds transatlantic partnership into the respective implementation of these tools.
European efforts to combat tech transfer: Intellectual Property theft and Standard Essential Patents for 5G
Part of the complexity in this era of strategic competition is that the competition is playing out on the non-traditional battlefields of industrial policy—not in the seas or skies, but the labs and factories. This interplay among technological, economic, and national security imperatives is illustrated by China’s use of IP theft and forced technology to gain technological supremacy.
In late 2020, the European Commission adopted its Action Plan on Intellectual Property, which recognized that, in the words of Commissioner Thierry Breton, “Europe is home to some of the world’s leading innovations, but companies are still not fully able to protect their inventions and capitalise on their intellectual property.” The plan also commits to “stepping up the response to unfair practices committed by third country players, such as industrial espionage or attempts to misappropriate IP in the context of R&D cooperation.” As of its March 2022 implementation update, action on “fair global play” is notably thin. But the EU has taken this issue to the World Trade Organization with a dispute settlement case against China launched last year over Chinese efforts to restrict EU companies to pursue legal action in non-Chinese courts to protect their intellectual property. The Commission has also identified China as the priority country in its May 2023 Report on the Protection and Enforcement of Intellectual Property Rights (IPR) in third countries, with specific concern on the lack of good faith negotiations on licensing of standards essential patents, such as in 4G and 5G telecommunications infrastructure.
Despite these advances, the scope and scale of impact of Chinese intellectual property theft in Europe remains poorly understood, and cyberattacks and theft continue. Earlier this year, Dutch semiconductor firm ASML discovered a former employee in China had misappropriated data from the company unauthorized. Last year, cybersecurity firm Cybereason unearthed a massive Chinese state-sponsored campaign by threat actor APT-41 targeting at least 30 multinational companies in North America, Europe, and Asia for high tech industrial espionage. The hackers stole blueprints to fighter jets and missiles, solar energy and vacuum system designs, and pharmaceutical IP in line with China’s strategic technology priorities. These attempts and campaigns are only likely to escalate with tightened screws on China’s semiconductor industry from export controls, as well as the expanded use of that tool for technological advantage across critical industries.
Building a shared transatlantic understanding of Chinese IP theft, including via cyber means, undergirded by economic data is an area ripe for deeper cooperation. As we at the Alliance for Securing Democracy at GMF have recommended, the work of the US Commission on the Theft of American Intellectual Property is a strong model for such an initiative, which could be pursued as part of the US-EU TTC or US-EU Dialogue on China.
Artificial Intelligence regulation: Europe, the US, and China
Adopted by the EU Parliament, the EU AI Act is the world’s first comprehensive attempt to regulate artificial intelligence. It uses a risk-based approach that categorizes AI systems according to their risk to society in four tiers with corresponding regulation:
- “Unacceptable risk” AI systems—such as social scoring systems, cognitive behavioral manipulation, and real-time and remote biometric identification systems are banned outright.
- “High risk” systems fall into two categories based on their potential negative impact on safety or fundamental rights, and as such require pre-market life cycle assessment:
- The first category involves products such as toys, aviation, cars, and medical devices that fall under the EU’s product safety legislation.
- The second category includes uses such as biometric identification, critical infrastructure, law enforcement, education, access to public services and benefits, application of law.
- “Limited risk” AI systems, such as chatbots, come with specific transparency obligations.
- “Minimal or no risk” AI systems—which include the vast majority of applications in use—are allowed free use.
The act also outlines regulations on General Purpose AI, such as Large Language Models in terms of risk, robustness, and transparency.
While the United States has also adopted this ‘horizontal’ risk-based approach most notably in NIST’s AI Risk Management Framework and spelled out AI harms and guardrails in its Blueprint for An AI Bill of Rights, the key difference is that these initiatives are non-binding.
That has not stopped initial transatlantic cooperation at the TTC, though there is a lot of ground to cover. In December, the United States and EU published the TTC Joint Roadmap on Evaluation and Measurement Tools for Trustworthy AI and Risk Management looking at terminologies and tools for trustworthy AI, categorizing AI risks and harms, and coordinating on AI standards. Building on this work, the EU and United States are drafting an AI Code of Conduct as a bridge to the adoption of legislation. This code will likely also feed into the newly announced G7 Hiroshima AI Process. To be sure, the United States and the EU will not be the only democratic actors charting the global course on AI regulation, with different approaches coming from the UK, Japan, and others as well.
On the autocratic side, China’s approach to AI regulation is driven by competitiveness, but also a heavy emphasis on security and control. With the rise of generative AI, such control means limiting Chinese citizens’ own ability to use generative AI tools like ChatGPT or DALL-E and Midjourney to undermine state power. In short, China’s government is worried about its ability to control the proliferation of information—text, images, and videos that could spread politically liberal ideas or undermine the Communist Party leadership. In April, the Cyberspace Administration of China (CAC) released draft rules for generative AI that insist companies adhere to Chinese censorship rules with AI systems that “reflect socialist core values.” Under the rules generative AI providers would be required to apply to the CAC for a security assessment and are also responsible for content produced by their systems. The draft rules build on similar rules for “deep synthesis” technologies, which require digital watermarks for all AI-generated content.
Unfortunately, AI image generator Midjourney CEO David Holz has already laid his cards on the table. He is quoted as saying on Discord that the company’s objectives are to “minimize drama.” “Political satire in China is pretty not-okay…the ability for people in China to use this tech is more important than your ability to generate satire.” Midjourney blocks images of Xi Jinping, despite allowing satire of other political leaders, though in its initial release was fairly easy to evade. Amidst significant attention to concern around deepfakes, algorithmic harms, and the threat of AI-driven extinction, these geopolitical questions concerning freedom of expression should not receive a pass in TTC or G7 processes on AI.
The US-EU Trade and Technology Council as an important connective tissue
I will turn briefly to the TTC. While some have criticized the TTC due to its non-binding nature and perceived sluggishness at delivering concrete results, I would submit that the enthusiasm level matters, and I know from personal experience that standing up international bureaucratic initiatives takes time—even when there is high-level buy-in on both sides. Building connective tissue matters if the United States and EU are aiming for a paradigm shift in the development of transatlantic technology competitiveness policy. Moreover, the TTC has already been used as a model for cooperation between the EU and India, who have launched a TTC of their own.
The TTC’s ten working groups have proceeded at different speeds, in large part due to the complexity of issues at hand. On technology standards, contact groups allow for coordination in the standards-setting process. In addition to the initiatives I described earlier, the AI sub-working group has delivered joint analyses of AI’s impact on labor and commitments to develop and advance privacy-enhancing AI technologies. The TTC has produced joint technical recommendations for smart grids. On future digital infrastructure, the two sides are developing a common vision and industry roadmap on research and development for 6G wireless communication systems. Such an effort will help both the United States and EU avoid a Huawei 5G situation in the future, where defensive tools have become necessary due to Chinese market dominance. Together, the EU and the United States can get ahead of the technology risks and pickles when it comes to reliance on China that we face today.
Recommendations for Congress
Finally, I offer seven recommendations for the US Congress to enhance transatlantic technology competitiveness vis-à-vis China:
- Invest in the TTC for semi-permanence: Congress should consider building a line-item into the State and Foreign Operations budget to support the TTC over a five- to 10-year timescale. Connective tissue is important, and bureaucratic mechanisms take time and effort to stand up and to build trust. Congress can help insulate this mechanism from changing political winds in the United States, while providing the means for its strategic evolution and adaptation over time.
- Improve joint Chinese tech analysis: Build a US-EU joint analysis center to quantify and qualify technology leakage to China. This effort should include sharing and studying the scope of Chinese intellectual property theft in critical technology sectors.
- Coordinate on outbound investment screening: While discussions on outbound investment screening are further ahead in the United States, aligning approaches and critical technology sectors with Europe can help drive allied competitiveness.
- Develop a new export control regime for critical and emerging technologies that includes a strong consideration of human rights abuses.
- Lead by example on autocratic apps: Develop a comprehensive, risk-based framework for addressing the threats posed by autocratic internet apps and critical information infrastructure. Lead a small international coalition to co-develop and adopt similar frameworks, including by raising the issue in IPAC.
- Consider areas for alignment with the EU on AI regulation: As the United States builds out its own AI regulatory efforts, it should identify areas where a common allied approach can provide a distinct, high-standards democratic offer to third countries.
- Invest in responsible AI: Support the transatlantic adoption of content authenticity frameworks, as well as other democracy-affirming technologies, such as privacy-preserving AI.
Thank you for your time and I look forward to your questions.