Co-authored by Monique N. Bhargava , Cynthia O'Donoghue and Andy Splittgerber (me)

Artificial Intelligence (AI) is transforming industries worldwide, raising important questions about governance and regulation. In our latest podcast episode, we delve into the complexities and opportunities within this evolving landscape, focusing on generative AI and its regulatory implications across regions like Europe and the United States. 

You can listen to this podcast episode in its entirety at reedsmith.com. 

Here is a brief summary for you: 

AI governance in the EU: The EU recently introduced comprehensive legislation aimed at regulating AI, specifically through the EU AI Act, which came into effect on October 2nd. This new regulation places stringent requirements on "high-risk" AI systems, setting the stage for robust governance frameworks. It intersects with other regulations such as the GDPR, the EU’s Supply Chain Act, and the Network and Information Security Directive 2 (NIS2), creating a complex regulatory environment. Companies operating in the EU must prepare for phased compliance dates and ensure they have detailed governance structures that account for these intersecting laws.

AI governance in the US: In contrast, the US is still evaluating its approach to AI regulation. While comprehensive federal legislation is not yet in place, there are significant state-level laws, like Colorado’s AI regulation, and guidelines from the Office of Management and Budget (OMB) that influence how companies are shaping their governance strategies. The focus in the US leans more towards consumer protection, guiding AI use in areas like consumer interaction, algorithmic discrimination, and corporate governance.

Towards a global governance approach? With varying regulations across regions, can organizations develop a unified AI governance framework? While the EU AI Act and emerging US state laws share similarities, such as addressing high-risk AI systems and establishing risk management processes, a global approach would require companies to integrate principles from diverse legal frameworks. This means balancing detailed compliance requirements in the EU with more flexible, principle-based guidelines seen in the US.

Establishing effective AI governance: Organizations need to build comprehensive governance structures that cover both local and international compliance needs. Key steps include:

1. Set up a dedicated AI governance team: Include subject matter experts in data protection, cybersecurity, and AI development.
2. Create an AI inventory: Identify and document where AI is being used within the organization.
3. Define risk management processes: Establish risk management frameworks tailored to different AI system categories, such as high-risk or general-purpose AI.
4. Conduct regular impact assessments: These should evaluate the AI’s impact across privacy, security, and consumer safety, adapting as AI systems evolve.

Navigating AI governance is complex but taking a holistic view—incorporating regional regulations and internal ethics—can help organizations build resilient frameworks. As AI legislation evolves, companies will need to stay agile and proactive to ensure compliance and build trust with stakeholders globally.