Artificial Intelligence & Machine Learning , Governance & Risk Management , Next-Generation Technologies & Secure Development

AI Governance: Legal Risks and Compliance Challenges

Attorney Edward Machin on Prioritizing Global AI Objectives
Edward Machin, counsel in the data, privacy and cybersecurity group, Ropes & Gray LLP

Generative AI, once a buzzword, is now the subject of a focused approach, according to attorney Edward Machin of Ropes & Gray LLP. Organizations are prioritizing specific issues around gen AI and establishing governance frameworks from the outset, Machin said.

See Also: Close the Gapz in Your Security Strategy

With AI, he said, understanding your objectives is key. This requires "bringing in the right folks from all across the business to help you form a committee, almost a roundtable, to understand the next steps for going forward in your AI journey." Machin recommended assembling a diverse group across departments, including legal, compliance, HR, ethics, and IT security.

Rather than rushing, he said, businesses are tentatively developing frameworks and procedures that recognize the need to balance risks and opportunities. The challenge lies in aligning different business units with varying perspectives on AI's potential impact, from legal considerations to commercial willingness to embrace risks, he said.

"Given that we're at such an early stage of AI regulation across the globe, the organizations that are thinking about this and doing this well are those that are not trying to create specific AI programs, for specific laws," Machin said. Instead of compartmentalizing regulatory and legal compliance efforts based on different jurisdictions, he recommends prioritizing efficiency and flexibility, which allow organizations to adapt to evolving legal requirements, such as the EU AI Act, without making extensive investments of time and resources.

In this video interview with Information Security Media Group, Machin discussed:

  • How businesses are currently approaching AI governance in the absence of well-defined legal regulations;
  • Challenges organizations face when establishing AI governance frameworks;
  • The legal issues businesses should anticipate as the regulatory environment evolves.

Machin provides clear and business-focused advice on a wide range of legal and regulatory issues in the areas of privacy, data protection and security, e-commerce and marketing, and information law. Secondments at data-rich businesses in the life sciences and market research sectors have given him a deep understanding of what clients want and inform his approach to providing practical legal and commercial solutions to organizations across Europe, the U.S. and Asia.

About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.