AI regulatory landscape and the need for board governance

“The interplay between AI and cybersecurity is crucial. It’s imperative to ensure AI bolsters cyber safety rather than becoming a conduit for intrusions. It can do both.”

Miriam Vogel

Chair, National AI Advisory Committee

Vogel, the president and CEO of EqualAI, an organization that focuses on educating and implementing responsible AI governance, chairs the NAIAC, which advises the President and the White House on AI policy. While regulation is evolving, boards need to take action now. “We all need to have a plan in place, and we need to be thinking about how are you using it and whether it is safe.”

She underscored the urgency, noting that journalists are investigating where AI has gone wrong and where it’s discriminating against people. Additionally, there are lawyers who seize potential litigation opportunities against ill-prepared, deep-pocketed organizations. "Good AI hygiene is non-negotiable today, and you must have good oversight and best practices in place," she asserted.

Despite a lack of comprehensive Congressional AI legislation, Vogel clarified that AI is not without oversight. Four federal agencies recently committed to ensuring fairness in emerging AI systems. In a recent statement, agency leaders committed to using their enforcement powers if AI perpetuates unlawful bias or discrimination.

AI regulatory bills have been proposed by over 30 state legislatures, and the international community is also ramping up efforts. Vogel cited the European Union's AI Act as the AI equivalent of the GDPR bill, which established strict data privacy regulations affecting companies worldwide.

1. Employee satisfaction: Many companies are struggling to find highly skilled people now, and Vogel said employees don’t want to work for an organization that uses AI programs that cause harm, perpetuate bias and discrimination, or are simply ineffective. On the other hand, employees do like being part of a company that uses the latest technology ethically and effectively.
2. Brand integrity: An organization that makes good use of AI without causing harm builds trust with its customers and community through its deployment of technology.
3. Customer expansion: Companies that use AI in the right ways can broaden their customer base and deepen their relationships with existing customers without harming their brand.
4. Liability and litigation: Without targeted AI legislation on the books, judges and juries over the next several years will decide and set precedents that determine when use of the technology infringes on copyrights or discriminates against protected groups. That’s a cause for caution and careful organizational policymaking by senior management under the oversight of the board.

“No matter what industry you’re in, if you’re using AI, you need to be implementing best practices, even though it’s a tricky time where our national and international standards are not clearly outlined,” Vogel said.

1. Ensure that your AI use reflects your corporate values: Vogel suggested that companies use a framework to keep their AI use in line with their values. Several frameworks are available, but she recommended the National Institute of Standards and Technology (NIST) AI risk management framework as a valuable tool. Additional tools recommended by Vogel include EqualAI’s An Insider’s Guide to Designing and Operationalizing a Responsible AI Governance Framework and the EqualAI Algorithmic Impact Assessment tool, based on the NIST framework.
2. Establish accountability in the C-suite: AI accountability can’t be pushed down to the IT function. “This is front line. This is top line. It will have a cost. It will have liability. It will be fast-moving. So someone in the C-suite needs to be the final stop on these decisions,” Vogel said.
3. Communicate your AI frameworks and processes: Frontline workers and supervisors need to understand the framework that’s being used for AI governance and the processes that need to be used to align AI use with the framework.
4. Document processes and how they are followed: Processes need to be documented for easy review by the people who need to follow through on them. And users of AI throughout the organization should be required to document how they are following the processes.
5. Audit continuously: “AI will continue to iterate and create new patterns, new problems and new recommendations,” Vogel said. “Make sure you’re consistently monitoring on a routine cadence so you’re continually aware of whether it’s providing the results you intended.”