3 Lines of Defense for AI Governance

AI Governance is a complex task as it involves multiple teams across an organization, working to understand and evaluate the risks of dozens of AI use cases, and managing highly complex models with deep supply chains. On top of the organizational and technical complexity, AI can be used for a wide range of purposes, some of which are relatively safe (e.g. email spam filter), while others pose serious risks (e.g. medical recommendation system). Organizations want to be responsible with their AI use, but struggle to balance innovation and adoption of AI for low risk uses, with oversight and risk management for high risk uses. To manage this, organizations need to adopt a multi-tiered governance approach in order to allow for easy, safe experimentation from development teams, with clear escalation points for riskier uses.
How State Executive Orders are Shaping U.S. AI Policy

States continue to pave the way forward on AI policy. As we have previously discussed, 2023 saw a flurry of activity from state legislatures on various AI-related legislation. However, state legislatures were not alone in attempts to implement greater oversight for AI technologies. Over the past year, the Governors of California, Maryland, New Jersey, Oregon, […]
Is it AI? How different laws & frameworks define AI

There is no universal legal definition of artificial intelligence. And for governance teams, that gap is the whole problem. A system that triggers compliance obligations under the EU AI Act may fall outside scope under Connecticut’s SB 1103. A risk scoring tool that qualifies as “AI” under the OECD definition may not meet the autonomy […]
2023 in Review: A State-by-State Look at AI Regulations

In November 2022, Chat GPT brought the AI revolution straight into the hands of everyday consumers. However, if 2022 launched the proliferation and democratization of AI technology, 2023 can be remembered as the year in which policymakers tried to reign in AI. In the U.S., every branch of the federal government has weighed in on […]
Everything you need to know about the ISO 42001 Standard

On December 18, 2023, the International Organization for Standardization (ISO) adopted ISO 42001-2022, which sets a voluntary standard for organizations to implement an artificial intelligence (AI) management system.
The EU AI Act Should Be A Wake-Up Call for American Companies

On December 9, 2023, European Union (EU) policymakers reached an agreement on the proposed Artificial Intelligence (AI) Act, which sets the stage for the EU to pass the AI Act as early as January 2024. The impending vote on the compromise legislation marks a significant development in the global AI regulatory landscape; one that American […]
Everything you need to know about the Colorado AI Life Insurance Regulation (Regulation 10-1-1)
What is Colorado Regulation-10-1-1 ? In July 2021, Governor Jared Polis signed SB 21-169 into law, which directed the Colorado Division of Insurance (CO DOI) to adopt risk management requirements that prevent algorithmic discrimination in the insurance industry. After two years and several revisions, a final risk management regulation for life insurance providers was officially […]
Everything you need to know about the NIST AI Risk Management Framework
What is the NIST AI RMF? The National Institute of Standards and Technology (NIST) Artificial Intelligence Risk Management Framework is a voluntary framework released in 2023 that helps organizations identify and manage the risks associated with development and deployment of Artificial Intelligence. It is similar in its intent and structure to the NIST Cybersecurity Framework […]
Privacy Pioneers: AI as the New Frontier

In our new research paper, we’ll discuss how privacy professionals, and their organizations, can take on AI governance — and what will happen if they don’t. Key findings include: