Despite legal mandates for the right to be forgotten, AI operators routinely fail to comply with data deletion requests. While machine unlearning (MU) provides a technical solution to remove personal data's influence from trained models, ensuring compliance remains challenging due to the fundamental gap between MU's technical feasibility and regulatory implementation. In this paper, we introduce the first economic framework for auditing MU compliance, by integrating certified unlearning theory with regulatory enforcement. We first characterize MU's inherent verification uncertainty using a hypothesis-testing interpretation of certified unlearning to derive the auditor's detection capability, and then propose a game-theoretic model to capture the strategic interactions between the auditor and the operator. A key technical challenge arises from MU-specific nonlinearities inherent in the model utility and the detection probability, which create complex strategic couplings that traditional auditing frameworks do not address and that also preclude closed-form solutions. We address this by transforming the complex bivariate nonlinear fixed-point problem into a tractable univariate auxiliary problem, enabling us to decouple the system and establish the equilibrium existence, uniqueness, and structural properties without relying on explicit solutions. Counterintuitively, our analysis reveals that the auditor can optimally reduce the inspection intensity as deletion requests increase, since the operator's weakened unlearning makes non-compliance easier to detect. This is consistent with recent auditing reductions in China despite growing deletion requests. Moreover, we prove that although undisclosed auditing offers informational advantages for the auditor, it paradoxically reduces the regulatory cost-effectiveness relative to disclosed auditing.
翻译:尽管存在法定被遗忘权要求,AI运营者却经常未能遵守数据删除请求。虽然机器遗忘(MU)提供了一种从训练模型中消除个人数据影响的技术解决方案,但由于MU技术可行性与监管实施之间存在根本性差距,确保合规性仍然具有挑战性。本文通过将认证遗忘理论与监管执行相结合,首次提出了用于审计MU合规性的经济学框架。我们首先利用认证遗忘的假设检验解释来刻画MU固有的验证不确定性,从而推导审计者的检测能力;随后提出博弈论模型来捕捉审计者与运营者之间的策略互动。关键的技术挑战源于模型效用和检测概率中固有的MU特定非线性特征,这些特征产生了传统审计框架无法处理的复杂策略耦合,同时也阻碍了闭式解的获得。我们通过将复杂的二元非线性不动点问题转化为可处理的单变量辅助问题来解决这一挑战,从而能够解耦系统并建立均衡的存在性、唯一性和结构特性,而无需依赖显式解。反直觉的是,我们的分析表明,随着删除请求的增加,审计者可以最优地降低检查强度,因为运营者弱化的遗忘行为使得不合规行为更容易被检测。这与近期中国删除请求增长而审计强度反而降低的现象相符。此外,我们证明,尽管未公开审计能为审计者带来信息优势,但相较于公开审计,它反而会降低监管的成本效益。