The regulatory landscape continues to evolve, addressing emerging challenges in various sectors such as finance, technology, and cybersecurity. Artificial intelligence (AI) ethics and governance have become critical areas of focus as they continue to advance and integrate into various aspects of society. Both the European Union (EU) and the United States (US) are actively developing regulatory frameworks to address the ethical and governance challenges posed by the technology.
Last August, the first comprehensive regulatory framework with a focus on AI risk came into force globally. The EU AI Act coincided with labour law, data protection, and cybersecurity regulations, such as the Network and Information Security Directive (NIS2) and the Digital Operational Resilience Act (DORA). Its primary objective is to mitigate the risks associated with AI technologies while fostering innovation and trust in AI systems. It categorises AI applications into different risk levels, with stringent requirements for high-risk systems. These include applications in critical infrastructure, education, employment and essential public services.
Whereas in the States they had already rolled out a National AI Initiative Act in 2020 to coordinate AI research, development, and policy across the federal government. This would help promote collaboration between government, industry, and academia as well as address issues related to AI ethics, fairness, and bias.
Understanding the privacy challenges posed by AI is essential for effective regulatory oversight. AI systems often process vast amounts of personal data, raising protection and privacy concerns. For example, the AI Act addresses these concerns by emphasising the principles of data minimisation, purpose limitation, and transparency. Preparing for emerging regulatory frameworks in the EU and US requires a proactive and strategic approach.
There are best practices for staying compliant in the long term and navigating both unexpected and foreseeable changes with ease.
- Conduct Assessments:Catalogue all AI systems and applications used within the organisation. Assess the risk level of each AI system according to regulations relevant to the organisation. Perform ongoing gap analyses and risk assessments to identify areas where current practices may not meet new regulatory requirements. High-risk systems will need more stringent compliance measures.
- Ethical Framework: Develop mechanisms to make decisions transparent and explainable to users and regulators. To establish ethical guidelines for AI development and deployment, decision makers should also implement procedures to detect and mitigate biases in the systems to ensure fairness and non-discrimination.
- Develop a Compliance Strategy: To remain compliant in the long run, it is vital to have a comprehensive compliance framework in place. Regularly review and update internal policies and procedures to align with emerging regulatory frameworks, such as NIST’s AI Risk Management Framework. Organisations must also follow robust data governance practices, including data quality, privacy, and security measures.
- Leverage Technology: Utilise governance, risk, and compliance (GRC) solutions to streamline compliance processes, such as automated reporting, monitoring, and data analytics. It is also important to maintain thorough documentation and reporting mechanisms to demonstrate compliance and facilitate audits. This will ensure organisations have a holistic view of the risk landscape, will be better informed on strategic decisions and will be prepared for future audits.
- External Reporting: Keep detailed documentation of AI systems. This includes their purpose, design, data sources, and decision-making processes. This way, all the information is easily accessible should compliance reports need to be submitted to regulatory authorities.
- Internal Reporting: Maintain ethical standards and accountability in the workplace. By adopting an internal reporting channel, businesses can gather detailed information on the unethical or non-compliant use of AI that may otherwise go unnoticed, which could result in fines and reputational damage.
- Collaboration: Ensure that roles and responsibilities are clear within the organisation so that clear protocols are assigned and followed. Break down work silos to ensure the business is prepared for AI regulation and, more importantly, the ethical use of AI across the board. There needs to be cross-functional teams that work in collaboration to address compliance, involving legal, risk management, IT, and human resources departments.
- Stay informed and educated: Training is designed to empower organisations to stay ahead of both the benefits and dangers presented by the fast-moving developments of emerging regulations. Organisations with interactive training can help educate employees on regulatory guidelines, and help them understand how to use AI ethically, while identifying potential risks. In addition to helping protect the business from unethical uses of AI, training can help employees stay abreast of legislative developments (e.g. AI regulations from official sources such as the European Commission, the US Federal Trade Commission (FTC), and other relevant bodies) while allowing the business to keep compliant.
- Engage with the community: Business leaders can attend webinars, public consultations, and compliance trade events to feedback on proposed regulations, exchange insights with industry peers, and establish relationships with regulatory bodies to better understand their expectations and obtain guidance.
Organisations worldwide must familiarise themselves with their obligations and invest in stakeholder involvement, accountability, and transparency to ensure compliance. The introduction of new regulatory frameworks demonstrates the EU and the US’ proactive approach to governance, ensuring that regulatory frameworks remain dynamic and responsive to emerging challenges.
