Technology related to artificial intelligence (AI) is evolving at an exponential rate and is predicted to significantly alter how businesses conduct their operations globally. Business processes, and occasionally entire industries, are becoming more and more dependent on AI as a result of competitive pressures and benefits from AI optimization. To address this demand, businesses are devoting increasing resources to creating, acquiring, or purchasing AI technologies and strategies.

Legislators and decision-makers have not ignored this. Initial AI regulation models started to appear last year, and a fresh round of AI duties for enterprises is expected to arrive in 2023. However, despite the usage of AI growing steadily around the world, there is no comprehensive federal regulation on AI in the US. Instead, there is a patchwork of different present and prospective AI regulatory regimes in the United States. Understanding these frameworks and getting ready to operate in conformity with them are essential steps for firms wishing to take use of this cutting-edge technology.

Despite the public perception that AI is becoming more common in business, some companies still view AI as something that "other industries" do. Because of this, it's possible that many businesses are still unaware of how much AI is being used in them. Companies should anticipate employing AI and begin planning how to handle the regulatory risk associated with it. A few examples of businesses heavily reliant on AI in day-to-day operations are financial services, FinTech, Payments, insurance, automotive, logistics, healthcare, retail, and marketing or advertising. This is due to the vast breadth of AI growth in recent years.

The best ways to control AI are increasingly in the spotlight due to its explosive growth. Initial laws started to appear this year, and 2023 promised to include more comprehensive AI compliance requirements. In 2022, a number of use-case-specific AI rules surfaced. However, more general AI regulation activities, such as new NIST AI standards, state data privacy laws, and FTC legislation, might appear in 2023.

An initial approach to AI legislation that was focused on particular AI-use cases started to take shape in the U.S. in 2022. The most frequently regulated application of AI was for employment or recruitment. As an illustration, New York recently joined a small number of states, such as Illinois and Maryland, in regulating automated employment decision tools (AEDTs), which use AI to make or significantly aid candidate screening or employment choices. AEDTs are required by New York law to undergo an annual "bias audit," and the findings of this assessment must be made public.

A similar endeavour was started by the Equal Opportunity Employment Commission (EEOC) on "algorithmic fairness" in the workplace. The EEOC and Department of Justice jointly released recommendations on the use of AI tools in employee hiring as the first step in this approach. The advice was on AI that might, even accidentally, break the law by excluding people with disabilities from employment. The EEOC offered a technical guidance document to help businesses comply with the Americans with Disabilities Act when utilising AI tools for recruiting, but it also cautioned businesses that they are still in charge of the hiring decisions made using the AI they utilise.

When AI algorithms make important judgements that have "legal or similarly significant impacts" on the consumer, as defined by the statutory language, consumers are given opt-out rights under state privacy laws. Generally speaking, these are choices made using AI that approve or disapprove requests for financial or lending services, insurance, housing, health care services, employment, educational opportunities, or requirements (like water).

The privacy policy would need to go into detail for each decision, including the following: (1) the reasoning behind consumer profiling that underlies the AI decision; (2) whether the AI has been assessed for accuracy, fairness, or bias; and (3) the rationale behind why consumer profiles are pertinent to the AI-powered decision. Additionally, upcoming legislation in California will specify how businesses must provide consumers with "relevant information" regarding the rationale underlying decision-making systems powered by AI. Companies are required to internally undertake and document a "data privacy impact assessment" where data processing poses a "heightened risk of harm to consumers" (DPIA). Due to the fact that state privacy laws demand DPIAs for processing operations that frequently include AI components, such as targeted advertising or consumer profiling, which may utilise AI to infer interests, behaviours, or traits, this has an impact on AI.

Legislation with an AI focus has been introduced in Congress, but it hasn't attracted much attention or support. The Federal Trade Commission does, however, appear to be considering implementing AI legislation (FTC). The FTC published two documents in recent years that hinted at a greater emphasis on AI regulation. The Fair Credit Reporting Act, Equal Credit Opportunity Act, and FTC Act are just a few of the laws that the FTC said it had become an expert in using AI to enforce.

Conclusion

After 2022, it's likely that privacy laws adopted by some governments will incorporate some of the first universal requirements that apply to all AI-use situations. Recent general data privacy laws passed by California, Connecticut, Colorado, and Virginia will take effect at various points in 2023. These laws include guidelines for "automated decision-making," which covers tools that enable AI-powered judgements. These laws, which protect privacy, are applicable when AI uses personal data to make consumer-impacting choices. The General Data Protection Regulation of the European Union serves as a model for similar restrictions in the new American AI regulations (GDPR). When businesses employ technology like AI to make solely automated judgements that have "legal... or equally significant" effects on a customer, the GDPR mandates more stringent compliance.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.