The Imperatives of AI Governance

If your enterprise doesn’t yet have a policy, it needs one. We explain here why having a governance policy is a best practice and the key issues that policy should address.

Why adopt an AI governance policy?

AI has problems.

AI is good at some things, and bad at other things. What other technology is linked to having “hallucinations”? Or, as Sam Altman, CEO of OpenAI, recently commented, it’s possible to imagine “where we just have these systems out in society and through no particular ill intention, things just go horribly wrong.”

If that isn’t a red flag…

AI can collect and summarize myriad information sources at breathtaking speed. Its ability to reason from or evaluate that information, however, consistent with societal and governmental values and norms, is almost non-existent. It is a tool – not a substitute for human judgment and empathy.

Some critical concerns are:

  • Are AI’s outputs accurate? How precise are they?
  • Does it use PII, biometric, confidential, or proprietary data appropriately?
  • Does it comply with applicable data privacy laws and best practices?
  • Does it mitigate the risks of bias, whether societal or developer-driven?

AI is a frontier technology.

AI is a transformative, foundational technology evolving faster than its creators, government agencies, courts, investors and consumers can anticipate.

AI is a transformative, foundational technology evolving faster than its creators, government agencies, courts, investors and consumers can anticipate.

In other words, there are relatively few rules governing AI—and those that have been adopted are probably out of date. You need to go above and beyond regulatory compliance and create your own rules and guidelines.

And the capabilities of AI tools are not always foreseeable.

Hundreds of companies are releasing AI tools without fully understanding the functionality, potential and reach of these tools. In fact, this is somewhat intentional: at some level, AI’s promise – and danger – is its ability to learn or “evolve” to varying degrees, without human intervention or supervision.

AI tools are readily available.

Your employees have access to AI tools, regardless of whether you’ve adopted those tools at an enterprise level. Ignoring AI’s omnipresence, and employees’ inherent curiosity and desire to be more efficient, creates an enterprise level risk.

Your customers and stakeholders demand transparency.

The policy is a critical part of building trust with your stakeholders.

Your customers likely have two categories of questions:

How are you mitigating the risks of using AI? And, in particular, what are you doing with my data?

And

Will AI benefit me – by lowering the price you charge me? By enhancing your service or product? Does it truly serve my needs?

Your board, investors and leadership team want similar clarity and direction.

True transparency includes explainability: At a minimum, commit to disclose what AI technology you are using, what data is being used, and how the deliverables or outputs are being generated.

What are the key elements of AI governance?

Any AI governance policy should be tailored to your institutional values and business goals. Crafting the policy requires asking some fundamental questions and then delineating clear standards and guidelines to your workforce and stakeholders.

1. The policy is a “living” document, not a one and done task.

Adopt a policy, and then re-evaluate it at least semi-annually, or even more often. AI governance will not be a static challenge: It requires continuing consideration as the technology evolves, as your business uses of AI evolve, and as legal compliance directives evolve.

2. Commit to transparency and explainability.

What is AI? Start there.

Then,

What AI are you using? Are you developing your own AI tools, or using tools created by others?

Why are you using it?

What data does it use? Are you using your own datasets, or the datasets of others?

What outputs and outcomes is your AI intended to deliver?

3. Check the legal compliance box.

At a minimum, use the policy to communicate to stakeholders what you are doing to comply with applicable laws and regulations.

Update the existing policies you have in place addressing data privacy and cyber risk issues to address AI risks.

The EU recently adopted its Artificial Intelligence Act, the world’s first comprehensive AI legislation. The White House has issued AI directives to dozens of federal agencies. Depending on the industry, you may already be subject to SEC, FTC, USPTO, or other regulatory oversight.

And keeping current will require frequent diligence: The technology is rapidly changing even while the regulatory landscape is evolving weekly.

4. Establish accountability. 

Who within your company is “in charge of” AI? Who will be accountable for the creation, use and end products of AI tools?

Who will manage AI vendor relationships? Is their clarity as to what risks will be borne by you, and what risks your AI vendors will own?

What is your process for approving, testing and auditing AI?

Who is authorized to use AI? What AI tools are different categories of employees authorized to use?

What systems are in place to monitor AI development and use? To track compliance with your AI policies?

What controls will ensure that the use of AI is effective, while avoiding cyber risks and vulnerabilities, or societal biases and discrimination?

5. Embrace human oversight as essential.

Again, building trust is key.

The adoption of a frontier, possibly hallucinatory technology is not a build it, get it running, and then step back process.

Accountability, verifiability, and compliance require hands on ownership and management.

If nothing else, ensure that your AI governance policy conveys this essential.

Trump EO Biometric Entry-Exit Section Raises Concerns of Lawmakers over Costs, Logistics

fingerprints biometricMembers of Congress from states bordering Canada, the Northern Border Caucus, have focused on a section of President Donald Trump’s Protecting the Nation from Foreign Terrorist Entry into the United States” Executive Order directing DHS to expedite “the completion and implementation of a biometric entry-exit tracking system for all travelers to the United States.” Calling it “unnecessary” on the northern border, representatives from New Hampshire, New York, North Dakota, Vermont, and Washington are concerned the system will lead to long lines and waits, interfere with commercial traffic, and damage tourism in their states.

In Buffalo, New York, there is bipartisan opposition to implementation of the biometric system. Representative Brian Higgins (D) believes the cost of implementation, $6.5 billion, will bring it to a halt when it comes to Congress for funding. In fact, that was where a similar proposal died two years ago. Representative Chris Collins (R) expressed particular concern about a reduction in sports tourism – reducing fan attendance at Buffalo Bills football and Buffalo Sabres hockey.

Because there is already a joint biometric entry-exit partnership agreement in effect between the United States and Canada, the Beyond the Border Action Plan, the Caucus has asked that the Administration do a careful cost-benefit analysis and coordinate with the Canadian government before instituting a costly enhancement.

The Canadian government, perhaps in reaction to Trump Administration policies, is considering legislation to expand preclearance at Canadian airports. Prime Minister Justin Trudeau suggested that Canadians would be better protected under the Canadian Charter of Rights if they cleared U.S. Customs on Canadian soil. But the measure would give CBP officers the right to question, or detain for hand-over to Canadian officials, any Canadian suspected of violating Canadian law. There is opposition. Canadian lawmakers are concerned about granting additional authority to CBP because the bill “does not address Canadians’ concerns about being interrogated, detained and turned back at the border based on race, religion, travel history or birthplace.”

Meanwhile, Canada is prepared to capitalize on the controversy swirling around the Trump Administration’s immigration policies. Trudeau has extended his welcome, and so has the City of Vancouver, just a two-hour flight from the Silicon Valley. Indeed, a Canadian start-up, True North, is introducing high-skilled foreign nationals and their companies to the advantages of having a back-up plan in Vancouver, providing introductions to Canadian immigration lawyers, and exploratory trips.

This post was written by Moni Gill.

ARTICLE BY Moni Gill and the Immigration Team at Jackson Lewis

Jackson Lewis P.C. © 2017