Additionally, companies using third party AI systems should establish a rigorous third party management program. The program should include a robust due diligence process for selecting a third party AI system that includes a review of the vendor’s policies and procedures on data protection and cybersecurity and interviews to determine whether such protocols are followed in practice. The program should also include internal controls to monitor and mitigate identified risks with policies and proper oversight mechanisms over the logistics of third party AI use, such as keeping track of who has access to it, what data is being used, and assessing and verifying the data inputs and outputs. Implementing mechanisms such as blocking untrusted and unverified AI services with a firewall can also help to mitigate risks. As an additional level of protection, companies should impose contractual obligations specifying required security measures and providing companies with audit rights to assess compliance.

Future of AI Cyber Regulation

In the US, the Biden administration and Congress are calling for the introduction of laws and regulations to govern the development and use of AI, including those that address cybersecurity concerns. For example, the White House released a Blueprint for an AI Bill of Rights that calls for “safe and effective systems.” The Blueprint says consumers should expect AI to be thoroughly tested prior to being deployed and to be monitored on an ongoing basis. In addition, Congress has tasked NIST with developing the AI risk management framework (AI RMF) to address the reliability, security, and resilience of AI systems. The private sector is also focused on AI regulation, as demonstrated recently by the US Chamber of Commerce’s recommendation that lawmakers “focus on filling gaps in existing regulations to accommodate new challenges created by AI usage.”

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]