Exploring Key AI Regulations and What They Mean for Business Leaders

Understanding the AI Regulatory Landscape

Overview of AI Principles and Guidelines

The OECD AI Principles encourage the development and use of AI that is innovative, reliable, and compliant with human rights and democratic values. These principles were approved in May 2019 and they provide guidelines on the use of AI that are reasonable and sustainable for the future. They help AI companies in their quest to create trustworthy AI and offer policymakers guidelines on how to create policies that will be effective. Countries employ the OECD AI Principles and associated resources to develop policies and AI risk frameworks, thus laying the groundwork for international compatibility of jurisdictions. The European Union, the Council of Europe, the United States of America, and the United Nations, among other jurisdictions, have adopted the OECD’s definition of an AI system and its life cycle in their legislation, regulation and guidance materials.

The OECD Recommendation on AI is the first international governmental approach to AI, which has 47 signatories to the Principles. As per the OECD, “An AI system is a machine-based system that, for explicit or implicit purposes, performs one or more of the following tasks: (i) data analysis; (ii) knowledge generation; (iii) knowledge communication; (iv) decision-making; (v) physical action.” The various AI systems differ in their degree of freedom and ability to learn after implementation.

Pivotal Movements Shaping the AI Regulatory Landscape

Over the past few years, we have seen significant shifts in the AI governance landscape, with major stakeholders in the European Union (EU), the United States (US), and the United Kingdom (UK) taking action to respond to the risks associated with AI.

The EU’s Comprehensive Approach: The AI Act

Leading these efforts is the EU’s AI Act, a comprehensive regulatory proposal introduced in April 2021 for the management of AI systems in the EU. Interestingly, Article 28b of the AI Act focuses on the requirement for enterprises to manage the risks of AI foundation models appropriately and guarantee that the AI they apply is safe and ethical.

The final version of the AI Act was approved by the European Parliament on June 14, 2023, thus paving the way for a harmonized approach to AI regulation within the EU.

The US Executive Order on Safe, Secure, and Trustworthy AI

On the other side of the Atlantic, the United States followed with its own set of guidelines on October 30th, 2023, when President Biden signed the Executive Order on Promoting the Safe, Secure, and Trustworthy Use of Artificial Intelligence. This order outlines principles for the use of AI, promotes further government and private sector research and development of AI, and aims to ensure that AI technologies are safe and beneficial for the public.

The UK’s AI Safety Summit

To support these measures, the UK held the AI Safety Summit at Bletchley Park on November 1st and 2nd, 2023. This event involved the participation of international governments, AI companies, civil society, and researchers in order to discuss the risks of misuse and the loss of control over both the limited and emerging forms of AI.

The goals of the summit were to build a common understanding of the challenges of frontier AI, to create a basis for international cooperation on AI safety, to define possible actions for increasing AI safety within organizations, to discuss possibilities for cooperation on AI safety research, and to demonstrate how safe AI can be used for the benefit of everyone.

Key Regulatory Trends

Alignment with OECD AI Principles

The OECD AI Principles encourage the development and application of AI that is innovative, reliable, and compliant with human rights and democratic values. Released in May 2019, they offer a set of guidelines that are realistic and scalable for the long-term use of AI. Countries adopt the OECD AI Principles and other tools to design policies and develop AI risk frameworks, establishing a basis for compatibility across jurisdictions. Currently, the European Union, the Council of Europe, the United States, and the United Nations and other jurisdictions apply the OECD’s definition of an AI system and its lifecycle in their legal acts and recommendations.

The OECD Recommendation on AI is the first international standard on AI, with 47 countries that have committed to the Principles. The OECD defines an AI system as “a machine-based system that is designed to perform specific tasks and, depending on the objectives it is programmed to achieve, generates outputs such as predictions, content, recommendations, or decisions that can affect the physical or virtual world.”

Risk-Based Approach to AI Regulation

Almost all jurisdictions have tried to promote AI development and investment and, at the same time, regulate potential risks. They are adopting a risk-based approach to AI regulation where they are developing their AI laws based on the risks that AI poses to their core values of privacy, non-discrimination, transparency, and security. This “tailoring” is based on the principle of proportionality, where low risk requires no or few compliance obligations while high risks require numerous and stringent obligations.

Sector-Specific Considerations

Due to the differences in the application of AI, some jurisdictions are considering the need for specific rules for each sector as well as general rules applicable to all sectors. For instance, the European Union’s AI Act defines the areas where the use of automated decision-making systems is allowed or prohibited. On the other hand, Canada’s modified risk-based approach regulates all AI applications but gives the companies the freedom to design their own risk management plans.

Integration with Other Policy Areas

Currently, jurisdictions are addressing AI-related regulation in the context of other digital policies including cybersecurity, data protection, and intellectual property rights – with the EU being the most proactive. This policy alignment ensures that the regulation of AI is in line with other legal frameworks and that there are no contradictions or duplications.

Key Considerations for Enterprises in the Evolving AI Regulatory Landscape

Since the EU’s AI Act and the US Executive Order on AI are two of the most important pieces of regulatory frameworks for AI by two of the largest economies in the world, organizations must prepare for these changing environments.

1. Prioritizing Safety and Security

The EU AI Act and the US Executive Order also have a high focus on the security of AI systems. For example, Article 28b of the EU AI Act prescribes that enterprises shall address risks related to AI in a responsible manner, and the US order requires developers to submit safety test results to the government. Such regulations require enterprises to implement adequate safety and security measures to meet the set standards.

2. Comprehensive Risk Management

This is because the EU approach to risk assessment and mitigation is evident in the US strategy where red team testing is required in order to launch AI systems to the public domain. Businesses must implement robust risk management strategies, which include testing and assurance to detect and address risks.

3. Transparency and Ethical Deployment

Transparency in the use of AI and ethical use of AI are key principles to both sets of regulatory frameworks. The US is more concerned with the identification of AI-generated content, and the EU sets specific obligations for companies in the use of AI. It is crucial for enterprises to be more transparent and implement their AI initiatives in compliance with these ethical principles.

4. Adopting Open Standards and Automated Defenses

To mitigate the new risks of AI, including prompt injections, enterprises should adopt practical open standards like the OWASP Top 10 for LLM (Large Language Models). Also, purchasing automated AI security solutions can assist organizations in detecting and avoiding threats from data poisoning to toxic language generation.

5. Integrating Security and Ethics

AI security is not only limited to conventional approaches but also addresses the ethical concerns that AI systems may cause. It is, therefore, crucial for enterprises to adopt data ethics frameworks and secure-by-design principles to meet safety challenges and promote responsible innovation.

6. International Collaboration and Alignment

In light of the new AI threats, there is a lack of coordination among organizations to standardize protection against AI threats. This collaboration will avoid contradictions and enhance cooperation against risks such as privacy inference attacks on LLMs and contribute to the harmonized regulation of AI systems.

A Roadmap for Responsible AI Adoption

Given the current and future state of the regulatory environment for AI, companies should be strategic in AI implementation and prepared for change. Through safety, security, transparency, and ethical considerations, companies can build trust and ensure that they are in compliance with current and future regulations.

1. Building a Strong AI Governance Framework

The first step in this journey is to create an effective AI governance structure within the organization. This framework should include specific policies, procedures, and accountability mechanisms to support the appropriate development, implementation, and oversight of AI systems.

Identifying Ethical Principles and Guidelines

It is important to have a set of ethical principles and guidelines that reflect the organization’s values and the general societal norms regarding AI. These principles should act as a beacon, influencing the decision-making processes and the development and use of AI technologies.

Implementing Risk Management Strategies

Thus, it is important to implement efficient risk management measures to address possible weaknesses and meet legal standards. This involves undertaking proper risk management, proper testing and assurance, and incorporating security principles into the AI development life cycle.

Fostering Transparency and Accountability

Transparency and accountability should be integrated into the AI governance framework. This includes ensuring that there is proper communication with the stakeholders, having proper records and documentation, and having proper measures for monitoring and evaluation.

2. Investing in AI Security and Ethics Expertise

As the legal framework for AI continues to evolve, the need to safeguard AI security and ethics is even more important. It is therefore important for companies to proactively allocate resources to these areas, engage the services of competent AI service providers, and test their AI products thoroughly. In this way, they can safeguard their assets, gain the trust of stakeholders, and encourage ethical practices so that the positive impact of AI can be achieved in the right way. Investing in AI security expertise helps companies to:

Protect Sensitive Data. Most AI systems work with huge volumes of data that may contain personal information. It is crucial to protect this information from unauthorized access and data leakage.

Maintain Trust and Credibility. It is important for customers and stakeholders to be sure that their information is protected. Strong AI security measures are useful in establishing and enhancing confidence.

Ensure Business Continuity. Security breaches can affect the normal running of business. A robust AI security framework provides continuity and reduces the chances of downtime.

The Importance of Ethical AI

Ethical issues in AI design and use are also crucial. Malpractices in AI include bias, invasion of privacy, and causing damage to individuals and society. Companies must prioritize ethical AI to:

Avoid Bias and Discrimination. AI systems must be designed to avoid prejudice that may result in discriminating against individuals on the basis of race, gender, or any other characteristic.

Uphold Privacy. AI systems should not violate user privacy and should disclose the purpose of data collection.

Promote Accountability. There should be clear lines of responsibility to deal with any ethical issues that may emerge.

3. Team up with Trustworthy AI Services Providers

To effectively address AI security and ethics, companies should consider partnering with reliable AI services companies like Processica, which can offer several advantages:

Expertise in Advanced Security Measures

The security measures used by Processica’s AI specialists are up to date to protect the AI systems.

Ethical Frameworks and Best Practices

We are familiar with ethical guidelines and can assist in the incorporation of such principles into AI solutions.

Customized Solutions

Working with Processica enables the provision of customized solutions that address the client’s business needs and compliance standards.

Rigorous Testing for Compliance

It is crucial to test AI products to meet security and ethical standards. This process should include:

Security Audits. Systematic checks to determine and address risks in AI systems.

Bias Testing. Periodic checks to identify and eliminate possible biases in the AI models to provide equal treatment of subjects.

Compliance Checks. Ongoing monitoring to check that the AI systems are conforming to the applicable laws, regulations, and best practices.

Through hiring AI security and ethics professionals and collaborating with Processica, organizations can not only protect their processes but also promote responsibility and trust.

Our innovative and robust framework for QA of AI products ensures your solutions are tested for their security, ethics, and compliance, which are crucial in promoting responsible AI innovation.