Unless your organization can overcome the very real compliance hurdles of using AI, it faces massive risks of future regulation.

AI governance sits at the intersection of blisteringly fast tech evolution, rapid business adoption and ponderously slow regulation. AI is already transforming how businesses do business and what consumers expect from companies. At the same time, regulators have been slow to provide guardrails to industry in the use of AI.

Given this inflection point, what should businesses do if they want to leverage AI to its fullest without underwriting undue future regulatory and compliance risk? After all, no one wants to face a data authority and be forced to disgorge an AI application that’s the backbone of a core business.

In this context, getting AI governance right is a strategic differentiator. Firms that solve AI governance can get to market faster, with greater assurance that they’ll be able to do business when regulation catches up with industry and outpace their competitors who haven’t addressed governance.

Hedging Your Bets

While future proofing, strictly speaking, isn’t possible, future hedging is. After all, AI governance, in terms of data risk and compliance, is in many ways a subset of the Venn diagram of information governance and privacy compliance, so we have a lot of data points from these domains to guide our nascent AI governance efforts.

Given this, there’s a tried-and-true method for developing AI governance programs to meet regulatory requirements and enable the speed of business. It goes something like the following.

AI Governance Playbook

Although every company is distinctive and every industry requires different AI governance considerations, the following are the key tactical steps every firm leveraging AI needs to take to govern AI at a de minimis level.

• AI System Inventory — What AI are you using? Unless you know (and document) all the on-premises and SaaS AI tools in use, you can’t govern them. Start by documenting them and the key data they handle. (EU AI Act Articles 11 and 13 are a good baseline to adopt.)
• AI Use Case Inventory — How is the business using AI? Visibility into how the business actually uses AI is required for you to know how to govern it.
• AI Regulatory Crosswalk — Once you know what AI tools you’re using and for what business use cases — and given your industry and geo footprint — you can detail the laws and regulations you’re subject to, and the specific requirements tied to specific use cases. AI governance just got real.
• AI Governance Roadmap — Given the legal and regulatory requirements you identified in the crosswalk, where are you today? Where do you need to go in the next six, 12, 18, 24 months to make reasonable progress vis-à-vis what a regulator will likely expect?

A Starting Point

You now have the broad outlines of an AI governance playbook, which is as straightforward as diet and exercise — what you need to do is clear and known. However, the devil’s in the doing: Actually executing on the playbook is hard work. In the next few posts, we’ll dig into the details and lay out precisely what steps you need to take to execute the playbook. Doing so is not just a matter of good governance but of strategic business importance.

Unless your organization can overcome the very real compliance hurdles of using AI, it faces massive risks of future regulation. A thoughtful AI governance program hedges against these risks and allows the business to realize the benefits of AI and lets everyone sleep a little easier. While not a guarantee, proactively approaching AI governance will help pass the test of reasonable, good-faith effort.

This article was first published on Reworked.