Posts

Showing posts with the label Corporate Compliance Insights

CMMC Cybersecurity Rules Are Rolling Into Defense Contracts

US defense contractors are now encountering CMMC cybersecurity requirements in their contracts. Ambika Biggs of Hirschler reviews the program’s structure, the levels at which contractors may self-certify and where inaccurate certifications have drawn False Claims Act scrutiny from the Justice Department. A US government focus on cybersecurity is not new. DFARS 252.204-7012 , which is included in defense contracts involving controlled unclassified information (CUI), became effective in 2016. However, after a defense department inspector general report in 2019 found that defense contractors were not consistently implementing security requirements to protect CUI, the defense department developed the cybersecurity maturity model certification (CMMC) program to assess implementation of cybersecurity requirements by defense contractors and subcontractors.  A final rule was published in November 2020 and became effective in 2024; the department began incorporating CMMC program requirem...

Where in the Loop? Testing AI Across 120 Compliance Tasks to Find Out Where Humans Are Most Needed

Oversight should sit at decision points where errors carry the highest ethical or legal weight, not on every output As compliance teams experiment with AI for everything from risk assessments to policy interpretation, a practical question emerges: Which tasks can be automated reliably, and which still require human judgment? Steph Holmes, director of compliance and ethics strategy at EQS Group, dives into her organization’s research on six AI models, finding that it excels at rule-driven work but struggles in the gray zone where data meets intent and culture intersects with language. The findings suggest oversight should be strategic, not universal, but there’s no doubt the loop isn’t complete without humans.  When people talk about responsible AI, the concept of “human in the loop” tends to surface quickly, and for good reason. It sounds reassuring, almost self-evident. But as  compliance  teams start experimenting with AI, a practical question emerges: Where in the loo...