When Regulatory Authorities Pay a Visit, Will Your AI Infrastructure Be Prepared?

By Mark Kelly

The US Federal Trade Commission (FTC) has officially commenced an investigation into OpenAI, the creators of ChatGPT, marked by a comprehensive query letter requesting supporting evidence pertaining to OpenAI’s business model, as well as the reliability and accountability of its large language models.

The inquiry and subsequent letter offer businesses a clear framework to evaluate their procedures and compile corroborative data to ensure that their AI systems are trustworthy and follow best practices. AI heads, CIOs, and chief data officers can reduce potential risks by addressing the following eight critical areas identified by the FTC:

AI Proficiency: Maintain and keep records of all disclosures and representations related to generative AI usage. It’s vital to have transparency, reliability, and understanding of how genAI meets expectations. Promote AI awareness among business decision-makers to ensure they are well-versed with genAI, enabling them to correctly assess risks, benefits, and compliance requirements.

Best Practices in Data Science: Establish norms for model development and training. The methods and techniques used for training, data origins and lineage, risk evaluations, and stakeholder feedback for model tuning will be scrutinized by regulators. The OECD offers guidance to organizations on AI best practices.

Regulatory Compliance: In contrast to the EU, US federal regulatory guidelines on AI products and services are nascent. Nonetheless, compliance obligations for genAI still exist. Stay updated with AI laws at the state level to understand new regulations and monitor prospective legislation.

Risk Management: GenAI, still an emerging technology, necessitates a slightly different risk management approach than established tech. Implement a governance framework for accountability, comprehensive policies and procedures, dedicated risk and control ownership, and continuous monitoring. Regularly evaluate and address genAI’s potential impacts across various risk domains, accounting for systemic risks.

Third-party Risk Management: Include genAI risk in your third-party due diligence process. You are accountable for how your third parties gather, store, and use customer data acquired via API integrations or plug-ins. Examine the data and systems third parties can access and verify if their security and risk maturity align with yours. Don’t overlook processes for ending relationships with third parties.

Incident Management: Keep a comprehensive record of incidents, problems, and risk events (including genAI “hallucinations”) along with documentation of action plans. Ensure clear guidelines on risk treatment protocols and keep an audit trail for issues, incidents, and approvals for risk acceptance.

Product Lifecycle: Manage a library and governance policies for API integrations and plug-ins. GenAI incorporates a multitude of components maintained across developer and data engineering libraries, data science notebooks, feature stores, and data governance catalogs. AI governance should adopt standards, policies, and workflows to manage optimization, changes, and versioning across business, operational, and development stages.

Data Governance: Strengthen data governance across data, data science, and genAI applications. With the potential for any staff member to construct or utilize genAI, data protection and federated data governance become vital. Data governance must address data integrity, data usage rights/consent, and data protection. Importantly, the FTC has identified data scientists, subject matter experts, and leaders as responsible for data governance.

While US lawmakers (both federal and state) are in the early stages of drafting AI protection laws, this news should motivate businesses to expedite AI governance and evaluate genAI use cases against current regulations. This is an important time to commence your AI governance program and implement proven risk management strategies. 

Artificial Intelligence (AI) possesses the transformative power to significantly reshape companies,

job landscapes, and the modus operandi of work.

Stay up-to-date with the most recent AI advancements and strategic viewpoints shared by Mark Kelly.

For further reading: