Someone needs to test the KI models Norway relies on

This week, over twenty state leaders and 45 ministerial delegations met in New Delhi for This year's AI Summit — the world's most important arena for AI security policy. Minister of Digitalization Karianne Tung represents Norway.

We hope Tung comes home inspired. Norway is lagging behind in its efforts to secure IT, which is necessary for the government's vision to apply IT across the entire public sector to be realised.

Many countries, experts and international organizations are rightly concerned about whether advanced KI models are safe to roll out into society.

Can they be manipulated or used to manipulate the population?

Do they discriminate?

How do they process data?

To answer such questions, ten countries, including key allies such as UK, Canada and France, established state security institutes for KI that test models, coordinate security work across borders and advise their governments. They work together through International Network of AI Safety Institutes.

Norway lacks a body that can attend to these functions. Thus, we also do not get to participate in this important network of like-minded countries.

Norway has strong research environments in the field of AI security, for example at Simula and the KI Centre Trust at the University of Oslo. But research communities, which rightly operate at arm's length from government, cannot fill the role that an AI security institute has with our allies.

We need a body with a mandate to test and evaluate KI models before they are rolled out in the public sector, drive international coordination and provide strategic advice to authorities.

The government aims for Norway to become the world's most digitized country by 2030. It involves using KI in key public tasks. KI models will be used by power company, health care and Nav, and should be considered national critical infrastructure — on a par with mobile and broadband networks.

An important part of our safety efforts is to gain more control over the KI models we adopt. Several forces contribute to this. The university environments contribute basic research and human capital. National Library and NorWai builds Norwegian basic models on top of open models from abroad. In addition, important management environments are established for KI in connection with KI Regulation, for coordination, tutelage and supervision.

These contributions are important, but none of them have the mandate to test and evaluate the models we rely on under realistic conditions.

Without such a technical control body, we are at the mercy of the KI companies' own risk assessments or those of international actors that are not adapted to Norwegian law, language and values.

A Norwegian security body will not be a brake on the development of KI. Quite the contrary. A “seal of approval” from an independent body would lower the threshold for more widespread use and experimentation in the public and private sectors.

The knowledge that the car has good brakes allows us to drive faster.

Our close ally, the British, are leading the way internationally, spending nearly £900 million annually on its KI Security Institute. We should look to them for inspiration and cooperation, but Norway cannot copy the model. We are a small country with a fierce battle for tip skills.

A cheaper and more agile solution could be to establish a pointed KI security body under KI Norge in Digdir, with a direct link to the Prime Minister's Office and the National Security Advisor. It can purchase technical evaluations from Norwegian research communities. The capacity and the will are there.

For example, Simula recently conducted an evaluation of the National Library's latest KI model.

Such ordering organization keeps costs down and leverages expertise that has already been built up.

The security body can thus prioritise competences that are easier to build up in a management environment, such as experts in the field of IT policy and security. They can represent Norway in international forums, transfer knowledge to ministries and supervisory authorities and keep key decision-makers informed on an ongoing basis.

KI is not an area where you can lean on a NOU every four years.

Norway can achieve the ambition of having the world's most KI-driven public sector. But it is an important, national task to ensure that the models we adopt are safe. It assumes international cooperation, as in New Delhi.

It also assumes that we take responsibility at home.