Posts

Showing posts with the label Risk Management

Keeping Humans in the AI Loop

I spent this week in Lithuania attending a conference for compliance officers in Eastern Europe, and this being Europe, of course that meant artificial intelligence and data privacy were all over the agenda. So it’s rather poetic that European regulators also just published fresh guidance on human oversight of automated decision-making systems.  The guidance  was released last month by the European Data Protection Supervisor , which acts as the EU’s independent data protection authority — and more recently, also as one of the lead agencies responsible for enforcing the EU AI Act. As part of that mission, the EDPS releases guidance on privacy and AI issues that other regulators and corporations alike can consider.  Why care about this specific piece of guidance? Because automated decision-making systems are regulated by both the EU General Data Protection Regulation ( Article 22 ) and the EU AI Act ( Article 14 );  and  those same regulatory demands for human ove...

Considerations for Artificial Intelligence Policies in the Workplace

  Because the use of AI in the workplace can present serious risks to an organization, particularly involving security, intellectual property, confidentiality, and labor and employment legal risks, employers should consider adopting an AI policy to ensure that their use of AI is responsible, ethical, and legally compliant. AI policies can help employers comply with regulations, reduce liabilities, and manage AI risks. Regular audits, employee training, and policy updates help ensure that AI is used in a responsible and legally compliant manner, especially because of the rapidly evolving legal landscape. In recent years, many organizations have implemented new policies on artificial intelligence (AI) use to help prevent bias, plagiarism, or use of AI tools that produce inaccurate or misleading information. Meanwhile, many courts and state bars across the country have introduced AI usage policies to ensure that AI is properly used in the practice of law, including policies requirin...

New Executive Order Issued on AI; Prior AI Order Revoked

Among the blizzard of executive orders issued following his inauguration, President Trump revoked former President Biden’s executive order addressing artificial intelligence (AI). A few days later, on January 23, 2025, President Trump issued his own AI executive order, entitled, “ Removing Barriers to American Leadership in Artificial Intelligence ” (“AI Executive Order”). As background, on October 30, 2023, then-President Biden issued an “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, ” which addressed concerns surrounding the use of AI. It identified several areas, including labor, competition, cybersecurity, education, health, and privacy. The Biden order not only called on federal agencies to collaborate, provide more guidance, and conduct training, but it also urged agencies to develop principles and best practices to mitigate harms and maximize benefits of AI for workers . Throughout the remainder of his term, President Biden’...

People and Policy: Building Compliance and Ethics into Your Company’s DNA

Image
  It’s not enough to have the right policies in place — you have to embed those policies into the fabric of your organization. In today’s fast-paced and interconnected business world,  ensuring compliance and building an ethical corporate culture  isn’t just a regulatory checkbox—it’s part of your organization’s DNA. Governance, Risk Management, and Compliance (GRC) has evolved from a back-office necessity to a front-line enabler, engaging everyone from employees to third-party partners in the process . This shift emphasizes that c ompliance and ethics must be woven into every aspect of the company’s operations, influencing attitudes, behavior, and, ultimately, organizational culture. At the core of this transformation is the concept of engagement, a critical trend shaping the future of GRC. In the modern organization, GRC is no longer the domain of just compliance officers or risk managers; it involves every employee, contractor, vendor, and partner across the extended e...