Part 6 – Practical Considerations

This is Part 6 of 'Regulation of AI'

AI providers have been focussing on their forthcoming AI obligations and on governance for some time, but it is now prudent for the majority of organisations to assess how their use of AI will come within the scope of regulation in key territories, become familiar with each regime, and devise a means to keep up with anticipated changes.

A plan for action that will be applicable for most businesses includes:

• building in compliance costs - the approach to AI regulation across jurisdictions currently appears so varied that organisations need to factor the costs of compliance into their strategy for the jurisdictions that they plan to provide or deploy AI in;
• implementing AI governance including systems and procedures for data retention and record keeping;
• assessing existing product and service lines and removing or adjusting products or services that use AI in a way that is prohibited or high risk, especially in the EU;
• identifying trusted advisors from the "noise" of what is being offered externally; and
• building internal AI expertise including by providing training to allow individuals to perform their roles and/or use the AI system in a way that is consistent with related policies and procedures - see here for our recommendations on training your staff on AI.

In addition, AI providers should establish written policies, procedures, and instructions for various aspects of the AI system (including oversight of the system) and produce documentation explaining the technicalities of their AI model and its output. They should assess and document the likelihood and impact of any risks associated with the AI system, including in relation to privacy and security.

Where appropriate businesses might consider using voluntary commitments in their relevant industry sector.  In December 2023, in the US, 28 healthcare companies agreed to voluntary commitments on the use and purchase of safe, secure and trustworthy AI.

Lastly, as discussed in Part 5 – AI regulation globally, ISO/IEC standards (such as ISO 23894 or ISO/IEC 4200 1:2023) can be used as tools to support the safety, security and resilience of AI systems and solutions.