AI Governance: Legal Risks and Compliance ChallengesAttorney Edward Machin on Prioritizing Global AI Objectives
Generative AI, once a buzzword, is now the subject of a focused approach, according to attorney Edward Machin of Ropes & Gray LLP. Organizations are prioritizing specific issues around gen AI and establishing governance frameworks from the outset, Machin said.
With AI, he said, understanding your objectives is key. This requires "bringing in the right folks from all across the business to help you form a committee, almost a roundtable, to understand the next steps for going forward in your AI journey." Machin recommended assembling a diverse group across departments, including legal, compliance, HR, ethics, and IT security.
Rather than rushing, he said, businesses are tentatively developing frameworks and procedures that recognize the need to balance risks and opportunities. The challenge lies in aligning different business units with varying perspectives on AI's potential impact, from legal considerations to commercial willingness to embrace risks, he said.
"Given that we're at such an early stage of AI regulation across the globe, the organizations that are thinking about this and doing this well are those that are not trying to create specific AI programs, for specific laws," Machin said. Instead of compartmentalizing regulatory and legal compliance efforts based on different jurisdictions, he recommends prioritizing efficiency and flexibility, which allow organizations to adapt to evolving legal requirements, such as the EU AI Act, without making extensive investments of time and resources.
In this video interview with Information Security Media Group, Machin discussed:
- How businesses are currently approaching AI governance in the absence of well-defined legal regulations;
- Challenges organizations face when establishing AI governance frameworks;
- The legal issues businesses should anticipate as the regulatory environment evolves.
Machin provides clear and business-focused advice on a wide range of legal and regulatory issues in the areas of privacy, data protection and security, e-commerce and marketing, and information law. Secondments at data-rich businesses in the life sciences and market research sectors have given him a deep understanding of what clients want and inform his approach to providing practical legal and commercial solutions to organizations across Europe, the U.S. and Asia.