The European Union has warned Microsoft it could be fined up to 1% of its global annual turnover under the bloc’s online governance regime, the Digital Services Act (DSA), after the company failed to respond to a legally binding request for information that focused on its generative AI tools.
Back in March the EU asked Microsoft and a number of other tech giants for info about systemic risks posed by generative AI tools — but on Friday the Commission said Microsoft failed to provide some of the documents it asked for.
It’s given the company until May 27 to supply the sought for data or risk enforcement. Fines under the DSA can scale up to 6% of global revenue — but incorrect, incomplete, or misleading information provided in response to a formal request for information (RFI) can result in a standalone fine of 1%. Which could sum to a penalty of up to a couple of billion dollars in Microsoft’s case.
Larger platforms’ systemic risk obligations under the DSA are overseen by the Commission itself. And its written warning to Microsoft today for failing to provide requested info sits atop a toolbox of powerful enforcement options that could be far more costly for the company than any reputational ding it might get from being rebuked for failing to produce data on request.
The Commission said it’s missing information from Microsoft related to risks stemming from its search engine Bing’s generative AI features — notably it highlights its AI assistant “Copilot in Bing” and image generation tool “Image Creator by Designer”.
The EU said it’s particularly concerned about risks the tools may pose to civic discourse and electoral processes.
It’s given Microsoft until May 27 to provide the missing info or risk a 1% fine. If the company fails to produce the data by then the Commission may also impose “periodic penalties” of up to 5% of its average daily income or worldwide annual turnover — further amping up how many billions Microsoft could be on the hook for over this issue.
Its search engine Bing was designated as a so called very large online search engine (VLOSE) under the EU’s DSA back in April 2023 — meaning it’s subject to an extra layer of obligations related to mitigating systemic risks like disinformation.
The DSA’s obligation on larger platforms to mitigate disinformation puts generative AI technologies squarely in the frame as tech giants have been at the forefront of embedding GenAI into their mainstream platforms — despite glaring flaws such as the tendency for large language models (LLMs) to fabricate information while presenting it as fact.
AI-powered image generation tools have also been shown producing racially biased or other potentially harmful output, such as misleading deepfakes. The EU, meanwhile, has an election coming up next month which is concentrating minds in Brussels on AI-fuelled political disinformation.
“The request for information is based on the suspicion that Bing may have breached the DSA for risks linked to generative AI, such as so-called ‘hallucinations’, the viral dissemination of deepfakes, as well as the automated manipulation of services that can mislead voters,” the Commission wrote in a press release.
“Under the DSA, designates services , including Bing, must carry out an adequate risk assessment and adopt respective risk mitigation measures (Art 34 and 35 of the DSA). Generative AI is one of the risks identified by the Commission in its guidelines on the integrity of electoral processes, in particular for the upcoming elections to the European Parliament in June.”
Microsoft has been contacted for comment on the EU’s grievance.