Dive Brief:
- In a tightening AI regulatory landscape, executives are grappling with the impact of new rules on implementation plans and existing practices, a KPMG survey published Thursday found.
- More than half of executives expect complying with data privacy and security requirements will increase costs for their organization. Nearly two-thirds of leaders project the requirements will tighten as regulators shape policies.
- To prepare for stricter regulation, 3 in 5 businesses are currently reviewing and updating data practices. Around half of organizations are implementing technical measures to improve the transparency and fairness of AI applications.
Dive Insight:
Regulators are closely watching the AI landscape, from enterprise deployments to vendor partnerships and company practices.
In the U.K., regulators are assessing the market competition impact of several AI partnerships between technology firms, including OpenAI, Microsoft, Amazon, Anthropic and Google. Just last week the Competition and Markets Authority launched a formal investigation into Amazon and Anthropic’s partnership.
The EU AI Act has also upped the ante for makers and deployers of AI models. The act took effect earlier this month and is expected to have an extended international reach, similar to the General Data Protection Regulation. Organizations have a lot of work to do before enforcement begins, according to Enza Iannopollo, principal analyst at Forrester.
“Each company must execute a compliance roadmap that is specific to the amount and combination of use cases they have,” Iannopollo said in an email. “Virtually, every company will have a compliance roadmap that looks like nobody else's.”
Under the U.S. federal government’s purview, AI is regulated under existing laws. But some states have worked to enact targeted rules, such as Colorado’s AI Act, and others have proposed legislation, including California’s Senate Bill 1047, which is working its way through the legislature.
Compliance could result in further fees for enterprises regarding securing counsel, updating practices and technology or paying outside partners to assist.
“Regulatory focus on AI and cybersecurity will remain intense,” Amy Matsuo, principal and regulatory insights leader at KPMG, said in an email. The impending patchwork could prove difficult for organizations to manage if leaders aren’t keeping up.
Despite the challenge, most enterprises aren’t shying away from the evolving goalposts.
Leaders are allocating more money and resources to reaching AI goals. More than three-quarters of executives remain confident in the technology’s ROI in the three years, KPMG said.
Technology leaders are working to set businesses up for success by carefully considering the value and risks of tools and applications. Nearly 4 in 5 senior leaders say cybersecurity is the key area of focus for current efforts to mitigate generative AI risk, followed closely by data quality, according to KPMG.
Enterprises often turn to third-party vendors when integrating generative AI to bypass upfront development costs and the required technical expertise. More than half of executives, however, are concerned with assuming the risk of regulatory non-compliance due to deploying vendor tools.
Even more — 76% — are worried about their data privacy and security when partnering with third parties, according to KPMG.
