ARTICLE
15 May 2025

AI Audit Best Practices For Building User And Global Trust

B
BakerHostetler

Contributor

Recognized as one of the top firms for client service, BakerHostetler is a leading national law firm that helps clients around the world address their most complex and critical business and regulatory issues. With five core national practice groups — Business, Labor and Employment, Intellectual Property, Litigation, and Tax — the firm has more than 970 lawyers located in 14 offices coast to coast. BakerHostetler is widely regarded as having one of the country’s top 10 tax practices, a nationally recognized litigation practice, an award-winning data privacy practice and an industry-leading business practice. The firm is also recognized internationally for its groundbreaking work recovering more than $13 billion in the Madoff Recovery Initiative, representing the SIPA Trustee for the liquidation of Bernard L. Madoff Investment Securities LLC. Visit bakerlaw.com
Artificial intelligence (AI) as a field encapsulates machine learning, deep learning and generative AI. As the impact of these technologies continues to grow, industry leaders and regulators...
United States Technology

Artificial intelligence (AI) as a field encapsulates machine learning, deep learning and generative AI. As the impact of these technologies continues to grow, industry leaders and regulators have been grappling with how to define the technologies' contours, how to audit AI and whether these audits are protected under the attorney-client privilege.

The recent article "AI Audits: Initial Steps Toward Building User Trust and Maintaining International Norms," published in RAIL: The Journal of Robotics, Artificial Intelligence & Law, Volume 8, No. 4 (July-August 2025), also wrestles with these issues. In particular, the article considers several primary concepts:

  • The regulatory landscape created by various agencies, and those agencies' detailed guidelines and advisories for AI use
  • State and local legislation, and the current patchwork of initiatives developed to attract AI developers while protecting constituents
  • International efforts embodied in legislation, various tools and compliance checklists
  • How "soft law" (defined as rules or standards that set substantive expectations but are not enforceable by governments) can address gaps in legislation and regulation by utilizing industry standards as a support mechanism for compliance
  • AI's "black box" nature and how that may require regular audits for bias and improved transparency
  • Implications of AI audits for attorney-client privilege and factors that can impact that analysis, including jurisdiction, purpose of the audit and ownership of the audit by counsel

To assess these matters, the article reviews the history and growth of AI's ties to auditing. Specifically, as AI has grown more sophisticated and its use has increased, the boundary lines dictating its use have been a patchwork of rules stitched together by government authorities relying on prior statutes and regulations, past enforcement and, more recently, encompassing legislation attempted only in the past several years.

Assuming that AI will continue to adapt and evolve, the authors assert that the application of soft law is critical to pave the way for additional regulation and new industry standards. While not law per se, soft law guidance is often used when writing what entities anticipate will become enforceable in the future. Soft law may also influence industry standards and best practices.

The article notes one AI soft law of particular note: the NIST AI Risk Management Framework (AI RMF). The NIST AI RMF provides well-considered suggestions for an AI governance model that have also influenced other soft laws, regulations and proposed legislation. And particular to the article's focus, the NIST AI RMF suggests how an organization might audit its AI programs to support transparency.

The challenges of developing transparent AI have created an international need for identifying the biases programmed into the AI innovations that now permeate society. The article considers the purpose behind the current legal frameworks for AI and highlights various standards for AI system audits that purport to improve the transparency of this technology.

Finally, the article further explores those factors that can impact whether an audit can be protected under the attorney-client privilege. Some of these factors include but are not limited to the purpose of the audit, the jurisdiction one is in and whether counsel engaged a third-party auditor. Ultimately, whether an AI audit is protected by the attorney-client privilege will depend on the individual facts.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More