Gaming and law: What businesses need to know

Why is AI relevant to gaming?

For many, gaming is one of the first applications that comes to mind when thinking about implementations of AI. Games provide an opportunity for people to be transported to a virtual world with people, dialogue and other features of the real-world replicated on-screen. 

Traditionally this has all been done by developers manually. Each character was manually modelled and dressed and had its movement scripted. Each building was designed and placed somewhere and even rays of light would be ‘baked into’ in-game textures. As processing power for game engines has increased, we have seen greater automation of these processes. Games like Assassins Creed and Grand Theft Auto were early examples of how the aesthetics of characters can be procedurally generated (i.e. generated algorithmically rather than manually) to better mimic the diversity of people in the real-world. Similarly, games like Minecraft brought procedurally generated worlds into the mainstream, automatically generating landscapes and other interesting features for players to explore. 

While games have come a long way, there is sometimes still a sense of things not quite feeling real. You may hear two different-looking characters use the same dialogue. You may see a building that you swore you saw on the other side of town. 

As developers push to create bigger, more diverse and more immersive worlds, AI promises to be a solution to many of the challenges they face. AI can be used to create characters that fit into a scene while remaining diverse. It can generate buildings that are appropriate in a city and it can even allow you to talk to characters as you would a real person. 

Already, it is easy to see the amount of data that could be captured and analysed by this technology and the opportunities (and challenges) that this creates for businesses. 

How might AI regulation impact upon gaming?

The EU has adopted the first comprehensive framework on AI worldwide, and, on 8 December 2023, the European Parliament and the Council reached political agreement on the  Regulation setting out harmonised rules for development and deployment of AI (the AI Act). The European Parliament approved the AI Act on 13 March, leaving only approval by the Council and publication in the Official Journal to become law.

The AI Act will apply to any system designed to ‘operate with varying levels of autonomy’ which ‘infers… how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments’. As the AI Act specifies that impact on ‘virtual environments’ falls within scope, gaming applications could fall within its scope.  

The AI Act categorises AI systems into four risk types:

• Unacceptable.
• High.
• Limited.
• Minimal.

Unacceptable risks

Under the AI Act these AI use cases are considered to pose an unacceptable level of risk to EU citizens and are, therefore, prohibited. 

Those most relevant to gaming include AI systems that:

• Use subliminal techniques beyond the level of human consciousness, appreciably impairing the person’s ability to make an informed decision.
• Exploit the vulnerabilities of certain individuals due to their age, disabilities or in order to distort their behaviour.

In both cases, the prohibition only applies where this causes or is likely to cause significant harm.

This would apply more to player-facing elements of AI in video games, such as NPCs (i.e. non-player characters such as bots) able to communicate with a player. Those implementing AI systems in their game will therefore need measures to verify who their audiences and have strict controls over what their AI system is allowed to do and say. 

High risk systems

Under the AI Act ‘High risk’ AI systems are:

• Subject to a range of obligations relating to risk, governance, and documentation, and a declaration of conformity.  Most of these obligations fall on the provider.  Those who deploy AI systems have certain obligations including ensuring appropriate and competent human oversight, and for certain high-risk AI, completing a fundamental rights impact assessment.
• Generally those that fall:
  •  Under certain EU product safety rules; or
  • Within a specific list of AI areas of application, known as the “Annex III list”.

Annex III of the AI Act covers use cases in areas such as access to and enjoyment of essential private and public services and employment, which would not generally apply to gaming (outside employment use cases).  However, AI systems using emotional recognition are high risk.

Limited risk systems

‘Limited risk’ is a label applied by the AI Act to AI systems caught by certain transparency obligations. These transparency requirements apply systems designed to interact directly with people (e.g. chatbots), AI systems generating synthetic audio, image, video or text content and emotion recognition and biometric categorisation systems, generally regardless of the risks arising from the systems.  The most relevant to gaming are likely to be the following obligations:

• Providers must ensure their systems inform users when they are interacting with an AI system.   Video games already allow players to play with real people and NPCs (non-player characters such as bots)  at the same time. As it becomes harder to differentiate between the two, developers should ensure that it is made clear to players when they are interacting with and AI-generated player.   
• Providers must ‘watermark’ synthetic audio, image, video or text content as artificially generated or manipulated.
• Deployers of an emotion recognition system must inform individuals of its use.

Minimal risk systems

Most applications of AI under the AI Act will fall in this category, e.g. AI used for product or content recommendation, inventory management system and spam filters.  AI systems in this category can be developed and used subject to existing legislation without additional legal obligations.  Providers of those systems may choose to apply the requirements for trustworthy AI and adhere to voluntary codes of conduct.

General purpose AI models

‘General purpose’ AI models under the AI Act are those that show significant generality and competency to perform a wide range of tasks. Such models are often deployed into tailored AI systems to produce sophisticated and tailored output, e.g. chatbots in games. 

Providers of general purpose AI models have a range of obligations, including drawing up and maintaining technical documentation, training and testing processes, and evaluation of the model’s energy consumption, as well as putting in place a policy to respect EU copyright law and summary of content used to train the model.  

Such obligations may be relevant in gaming in some contexts, as a ‘provider’ is anyone who develops a model and places it on the market or puts it into service under its own name or trademark.  In some scenarios, customising (or ‘fine tuning’) another provider’s model can bring an organisation in scope for the provider obligations.

More stringent obligations apply to general purpose AI models considered to have systemic risk, defined in relation to having high impact capabilities evaluated on the basis of appropriate technical tools and methodologies, or based on a decision of the Commission.

Regulation in the UK

There is currently no specific legislation governing AI in the UK. The UK government recently confirmed its proposed approach to govern AI using existing law and through setting out cross-sectoral principles to be interpreted and applied by existing regulators.

For more information on:

• AI, see our knowledge hub, Artificial intelligence.
• Gaming, see State of play: The dawn of a new digital landscape for gaming companies.