Anticipating AI’s regulatory risks is essential to unlocking its potential innovations—and future-proofing your business despite uncertainty.
At a time when generative artificial intelligence (AI) seems to be moving at the speed of light, the importance of managing the related risks is shooting up the C-suite’s priority list just as quickly.
Risk and compliance experts are being challenged to keep up, but then that begs the question: Keep up with what? Formal laws around AI and generative AI (GenAI) technologies, or even informal guidelines, have not yet been established, so company leaders must proactively set appropriate protocols of their own to ensure safety, fairness, and ethical usage.
They must also understand where the regulatory trends are going as legislative scrutiny intensifies and AI systems in general become more user-friendly, accessible, and ubiquitous. In many ways, companies need to be as adaptable as GenAI itself by continuously evaluating inherent biases, transparency, governance, and data privacy—and then updating their approach accordingly.
For context, our recent 2023 KPMG Generative AI Survey gathered insights from 200 senior US business leaders about the transformational impact this emerging technology is already having on their businesses, as well as how they’re navigating adoption amid a regulatory fog that’s been slow to lift.
For now, most are moving forward with a mix of intent and caution:
Nearly 8 in 10 business leaders say that unclear and evolving regulations are impacting the time, money, and people investments they’re making in AI.
On the other hand, a third of them say they aren’t slowing their adoption of AI at all, while another 41 percent are willing to watchfully wait—but not longer than six months for fear of losing ground to competitors.
How can organizations innovate and adopt technologies like generative AI while ensuring trust and compliance? The industry leaders we talked to identified three near-term areas of focus, as we outline in our new report, “Where will AI/GenAI regulations go?”
Debate about what guardrails, if any, should be placed around AI is almost as hot as the technology itself. Existing regulations that apply to all “automated systems” also regulate the use of AI as well. Still, many believe that this is not enough.
Over the past six months, bipartisan legislation has been introduced in both the US House and Senate around AI disclosure. The European Union just released landmark legislation that would regulate AI following a risk-based approach. Meanwhile, more than two dozen states have introduced bills aimed at protecting consumers from the misuse of AI.1
The business leaders we surveyed identified several key legislative areas they’re watching:
Which includes protections against inappropriate or discriminatory uses of AI
Which includes AI applications that encroach on consumer- and employee-protection laws
Which includes access, consent, use, and safety of consumer data.
Of course, this is only the legislation business leaders can see coming. Regulations are evolving quickly, and leaders don’t believe that pace of change will slow anytime soon.
The promise of AI is as evident as the peril, and that’s precisely the challenge business leaders face when it comes to adoption. Legal compliance is likely to diverge across state, federal, and global jurisdictions. There are moral and ethical considerations as well—not to mention consumer sentiment that will heavily influence each leader and organization.
In this environment, it’s difficult to anticipate where the puck is going, given the dozens of possible caroms and redirections. (If only business leaders could ask ChatGPT what to do.) What is clear, according to the executives we interviewed, is what organizations can do to set themselves up for success, no matter how regulations change or where they land. That includes:
1
2
3
Speaking of risk management: Like the benefits of AI, the potential risks of emerging AI regulation span the entire enterprise as well, landing on the desks of those responsible for data, privacy, security, intellectual property, and more.
To mitigate these threats, companies must holistically assess the purpose and application of the technology across the organization. What’s more, leaders must prepare for—and feel comfortable operating in—an environment of continuous regulatory change.
This requires having a robust understanding of what regulators are looking for, from responsible design, to effective validation, to sound governance, and controls. But it also means standing up the internal capability to monitor developments in real time and adjust business models accordingly.
Effective AI adoption means reinventing traditional approaches to risk management. To that end, KPMG has created a four-part framework that organizations can use as a guide:
These pillars contain more than two dozen suggested recommendations and next steps to establishing a comprehensive thorough oversight framework that will help companies move forward not only proactively, but also purposefully. Consider them your checklist for intelligent, mindful, and successful AI adoption.
For over a decade, KPMG has been innovating with AI to help clients prepare, accelerate, and achieve value. We are a proud member of the Responsible AI Institute (RAI Institute), which is a global and member-driven non-profit dedicated to enabling successful responsible AI efforts in organizations.
National Conference of State Legislatures, September 27, 2023:
We have pioneered many advanced AI technologies and accelerators, such as our development and spin-out of Cranium, a cutting-edge software company that enables organizations to secure their AI technologies.
Insight
Where will AI/GenAI regulations go?
Demonstrating 'trusted AI systems'
Insight
Trusted AI
Accelerate the value of your AI solutions with confidence
Insight
2023 KPMG Generative AI Survey
An exclusive KPMG survey shows how top leaders are approaching Generative AI
Turn insight into opportunity with unique perspectives and actionable insights addressing the burning issues atop the C-suite agenda. Delivered monthly.