We’ve reached a new frontier. AI is here, and it carries with it seemingly boundless possibilities. Curing cancer, providing personalized medicine, enhancing care of aging populations, and reaching solutions for sustainability are just a few of the wonders that the headlines have touted. It also has the potential to grow our global economy by $7 trillion. It also comes with a heavy duffle bag of enterprise-level legal risks around bias, privacy, security, misinformation, intellectual property, and antitrust violations.
Companies can maximize opportunities and avoid a parade of threats if they build AI systems in accordance with the proposed legal frameworks for trustworthy AI that are detailed in the EU Draft Artificial Intelligence Act on track to be adopted by Q4 2023, as well as 3000+ pages of additional legislation pending in 37 countries in six continents. These draft laws—which were prepared in consultation with sophisticated AI research scientists—contain valuable guidance to which CEOs and Boards can ask their data innovation team to adhere. The most likely
Regardless of your industry, this is a transformative time. Pre-Chat GPT4’s release, the global AI market was estimated to be $1.82 trillion in 2022. By 2028, those estimates are trending closer to $9 trillion. In response, companies are moving quickly to rebuild and compete in the AI arms race. We will be destined to repeat the mistakes of Web 2.0 before Web 3.0 is even fully formed unless we bring clarity to AI governance.
Build AI In Accordance With (Not Ignorant Of) Legal Trends.
‘Move fast and break things’ can’t work anymore. The prevailing ethos of the tech explosion of the last 15-20-odd years created a gold rush that would connect billions of people to the internet in the palm of their hand. In doing so, companies built systems without mapping to looming—but not as yet finalized—legislation covering data privacy that started in the EU in 2003, and has now extended to 161+ countries, with the recent adoption of the Indian Digital Personal Data Protection Act. What does this mean? It means that global companies did not discuss privacy in the boardroom as systems were being built. Companies spent billions to build systems without being advised about pending legislation. As such, their systems and certain business models (like the 400 billion digital ad tech sector) have had to be totally reimagined in the past 12 months amid roiling markets.
Companies can future-proof their investments by building AI system governance that is in alignment with draft legislation pending in six continents. Ignorance of looming draft data privacy laws in the early 2000s caused companies to build systems without the regulatory governance “baked-in”. As a result, customers exercised privacy rights that a niche group of privacy professionals knew were looming but no one else in the C-Suite or Board Room were really apprised. It was only when some companies adopted data privacy-forward business measures that consumers exercised those rights, causing over 1.4 trillion in losses for the previously lucrative digital marketing industry last year. Both in the US and abroad the consequences were heavy job loss and near-catastrophic fines, with regulators levying nine-figure penalties. Given this stark reality, responsible data stewardship should be a top priority for any CEO now that we are starting the AI governance journey. The consensus in draft legislation worldwide contains a roadmap that companies can use to build their systems in a manner that will be deemed legally compliant 10 years from now. The problem is magnified if you lead a publicly traded company. With such steep financial risks looming, the argument has already been made by some advocates that leaders have a fiduciary duty to get data compliance right.
We already know how to responsibly handle data to achieve trusted AI. Regulators have removed the guesswork of responsible AI. The draft laws lay out what is expected. There are also technical specifications recently released as a companion to the White House AI Bill of Rights that every innovation team could audit against. While the new AI systems are being built, privacy engineering and cyber-preparedness tools could be baked in now. In order to do this, CEOs and Board Members can ensure that their innovation teams:
- Know about draft legal requirements to test AI systems before and after deploying them, anti-bias testing, monitoring, IP protection and privacy, cyber requirements
- Build the AI systems to those legal specifications, even though the laws have not yet passed.
- Ask what laws the AI is mapping to.
The policy work has been done for you. Calamitous nine-figure fines are TOTALLY avoidable. But, it’s true that these laws can be complex, saturated with technical jargon and legalese that deter even the best-intentioned leaders. CEOs aren’t alone though, nor do I believe they have acted in bad faith—at least not the vast majority. This is a new conversation, and that means compliance is also a communication issue. While much of the responsibility of trustworthy AI and data practices falls on the leader, their advisors have a duty to make this vital information accessible, digestible, and actionable.
This is the perfect time to get compliant. Another calamity visited upon the “move fast and break things” companies of Web 2.0 wasn’t evident until they scaled. That $1.4 trillion out the door mentioned above was a direct hit to market cap and the balance sheet. Companies eventually got the message from regulators. And when they did, they were woefully unprepared. They grew and grew and all the while legal requirements for data were never discussed in the Boardroom. So, when the bill came due, many had to tear down core policies, processes, and protocols to get compliant—at huge cost and risk to the continuity of their enterprise. Many are still scrambling to comply. Now, though, AI—in a roundabout way—has leveled the playing field on compliance. Companies are already aggressively restructuring, restrategizing, tearing down, and rebuilding to position themselves for our AI future. The companies that consistently follow the procedures recommended by pending AI legislation will be the winners.
With this view of the field, leaders have a decision to make: they can move fast and break their enterprise building around AI sui generis, or they can move fast with “trust” to integrate data compliance into their AI strategy. Web 3.0 is here, and while it’s not a movie we’ve seen before, we know the tropes. This time around, you don’t have to build something that must be dismantled when forced to become compliant. If you’re spending the money anyway, spend some of it getting compliant right now so you don’t have to spend a lot of it later at the risk of jobs, market cap, and the future of your enterprise.
