Speakers
Synopsis
In this session, I will explore 3 new global standards and regulations governing the responsible use of generative AI: the EU's AI Act, the NIST AI 600-1 Artificial Intelligence Risk Management Framework, and the ISO/IEC 42001:2023 AI Management System Standard (AIMSS). I hope this talk will not only clarify the current state of AI governance, but also provide actional insights for attendees.
Outline:
- EU AI Act: I will discuss the Act’s approach to mitigating risks associated with high-risk AI systems, including requirements for transparency and data governance.
- NIST AI 600-1: This part will cover how this framework guides organizations in managing AI risks effectively across various sectors.
- ISO/IEC 42001:2023 (AIMSS): I will then summarise how AIMSS sets out requirements for establishing and improving an AI management system.
- I will then explain the rationale behind selecting these specific frameworks for comparison.
The EU AI Act represents one of the most comprehensive legal frameworks aimed at governing AI technology within the European Union, a major market with significant influence on global regulatory trends (as seen from the development and wide adoption of GDPR).
NIST AI 600-1: this framework is selected because it was published by NIST, a global leader in flexible yet structured approach to managing risks with broad application for organisations of all sizes to better understand, manage, and reduce their cybersecurity risks.
ISO/IEC 420001:2023 is a global standard that I expect to be valuable in providing an international perspective on establishing and improving AI management systems, and will address the need for consistency and ethical implication of AI across borders. ISO has published management system standards that have been widely adopted in other areas such as ISO 9001 and ISO 27001.
A detailed comparison of these frameworks will highlight their similarities and differences in scope, compliance obligations, and the specific risks they address.
This part of the presentation will bring to life the theoretical aspects discussed earlier by examining how the selected new regulations and standards are being implemented across sectors. In anticipation of future developments, this section will touch on potential legal cases or regulatory actions that may arise under the EU's AI Act over the next six months. It will include hypothetical scenarios based on current industry practices where non-compliance could lead to litigation or fines, and how businesses can prepare for and respond to such situations. This part will also provide case studies or hypothetical scenarios from industry reports, regulator publications, or specific company releases that reflect on how industries have responded/navigated the new requirements from the NIST framework and ISO standard.
Each case study will conclude with key takeaways and best practices derived from the real-world application of these frameworks.
