There’s a global divide in how countries are approaching AI regulation. While some governments are prioritizing deregulation to accelerate innovation, others are tightening rules to address growing societal concerns.
The EU rolled out its AI Act late last year, categorizing risk, outlining ownership and responsibilities, and even prohibiting certain high-risk systems. Countries like Spain have gone a step further by establishing a singular AI governing board.
In the U.S., there’s an ongoing debate as lawmakers weigh responsible AI use and legislation with concerns about stifling innovation in the face of growing global competition. WSJ sums up the stakes and the current stance on AI in the U.S. well. “Uncertainty about how AI will be regulated is hanging over the tech sector and the entire economy. Over 1,000 AI bills have been proposed at the state level, with many lawmakers struggling to keep up with the rapidly evolving technology.”
As the U.S. firms up its approach to AI and other global controls unfurl, one thing is clear: AI regulations will directly impact how organizations innovate and operate.
Those who clearly understand how to leverage AI and actively mitigate its risks will be better positioned. They will also be able to transparently communicate their AI use cases to customers and other key stakeholders. This approach will help them take advantage of the evolving technology while remaining compliant as the government landscape shifts.
Laying the Groundwork for Evolving Regulations
While AI brings many new groundbreaking opportunities for organizations (streamlining operations, analyzing feedback and sentiment, expediting search), the stakes are high. We’re still just scratching the surface of practical applications of AI. To stay compliant and gain a competitive advantage with emerging technologies, organizations must double down on the basics.
In practice, this means establishing strong guardrails for AI use. Establish clear guidelines with employees and educate internal stakeholders on acceptable AI use and data rights. Set rules around data ownership, approvals, and retention policies. Consistently connect with employees to understand where and how they’re currently using AI, and get a pulse check on their future needs, concerns, and challenges to continually adapt your guidance as the technology and demand for it evolve.
More stringent and better communicated guardrails on which AI tools, devices, and applications employees can use, and how they will allow IT and security teams to reduce risks posed by widening digital estates (a core component of scaling a compliant and resilient business). Right now, so much AI use happens outside of properly configured and managed channels. Microsoft’s 2024 Work Trend Index Annual Report found that 78% of employees are bringing their own AI tools to work, and a 2024 IBM report found that 38% of employees acknowledged sharing sensitive work information with AI tools outside their employers’ consent.
Organizations don’t just need to set guidelines to mitigate AI-related risks; they also need a strong data management foundation. Backups, cloud storage, rigorous data auditing, and automated endpoint management are the foundation of a sustainable and effective technology strategy. They all play critical roles in ensuring that when things go awry, organizations adapt, recover, and resume operations quickly while minimizing disruption, data loss, and compliance exposure.
Charting the Unwritten Future
As AI adoption and use cases evolve, regulators worldwide will try to keep pace. For IT leaders, investing in infrastructure and practices to stay ahead of these regulations will be essential for avoiding penalties and fines, maintaining trust with customers, and ensuring AI remains a force for good.
AI will undoubtedly be a game-changer in how modern work is done, and regulation will play a significant role in determining our relationship with the technology. But we’re still in the early stages of AI; how we use it, the opportunities it presents, and the risks we incur in leveraging it remain largely unknown. Organizations must take a thoughtful approach to AI and prioritize data and security best practices so we can use the technology to propel us forward without compromising privacy, safety, or security in the process.
