>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

GOVERN-1.1Legal and regulatory requirements involving AI are understood, managed, and documented.

>Control Description

Legal and regulatory requirements involving AI are understood, managed, and documented.

>About

AI systems may be subject to specific applicable legal and regulatory requirements. Some legal requirements can mandate (e.g., nondiscrimination, data privacy and security controls) documentation, disclosure, and increased AI system transparency. These requirements are complex and may not be applicable or differ across applications and contexts.

For example, AI system testing processes for bias measurement, such as disparate impact, are not applied uniformly within the legal context. Disparate impact is broadly defined as a facially neutral policy or practice that disproportionately harms a group based on a protected trait. Notably, some modeling algorithms or debiasing techniques that rely on demographic information, could also come into tension with legal prohibitions on disparate treatment (i.e., intentional discrimination).

Additionally, some intended users of AI systems may not have consistent or reliable access to fundamental internet technologies (a phenomenon widely described as the “digital divide”) or may experience difficulties interacting with AI systems due to disabilities or impairments. Such factors may mean different communities experience bias or other negative impacts when trying to access AI systems. Failure to address such design issues may pose legal risks, for example in employment related activities affecting persons with disabilities.

>Suggested Actions

  • Maintain awareness of the applicable legal and regulatory considerations and requirements specific to industry, sector, and business purpose, as well as the application context of the deployed AI system.
  • Align risk management efforts with applicable legal standards.
  • Maintain policies for training (and re-training) organizational staff about necessary legal or regulatory considerations that may impact AI-related design, development and deployment activities.

>Documentation Guidance

Organizations can document the following

  • To what extent has the entity defined and documented the regulatory environment—including minimum requirements in laws and regulations?
  • Has the system been reviewed for its compliance to applicable laws, regulations, standards, and guidance?
  • To what extent has the entity defined and documented the regulatory environment—including applicable requirements in laws and regulations?
  • Has the system been reviewed for its compliance to relevant applicable laws, regulations, standards, and guidance?

AI Transparency Resources

GAO-21-519SP: AI Accountability Framework for Federal Agencies & Other Entities.

>References

Andrew Smith, "Using Artificial Intelligence and Algorithms," FTC Business Blog (2020).

Rebecca Kelly Slaughter, "Algorithms and Economic Justice," ISP Digital Future Whitepaper & YJoLT Special Publication (2021).

Patrick Hall, Benjamin Cox, Steven Dickerson, Arjun Ravi Kannan, Raghu Kulkarni, and Nicholas Schmidt, "A United States fair lending perspective on machine learning," Frontiers in Artificial Intelligence 4 (2021).

AI Hiring Tools and the Law, Partnership on Employment & Accessible Technology (PEAT, peatworks.org).

>AI Actors

Governance and Oversight

>Topics

Legal and Regulatory
Governance
AI Actor Training

>Cross-Framework Mappings

ISO/IEC 42001

via Microsoft/NIST AI RMF to ISO 42001 Crosswalk
4.1
Compare
6.2
Compare
B.2.2
Compare

ISO/IEC 23894

via INCITS/AI AI RMF to ISO 23894 Crosswalk
5.1
Compare
5.2
Compare
6.3.5
Compare
6.4.2.1
Compare
6.5.2
Compare

EU AI Act

Art. 5(1)(a)
Compare
Art. 5(1)(b)
Compare
Art. 5(1)(c)
Compare
Art. 5(1)(d)
Compare
Art. 5(1)(e)
Compare
Art. 5(1)(f)
Compare
Art. 5(1)(g)
Compare
Art. 5(1)(h)
Compare
Art. 9
Compare
Art. 53
Compare
Art. 55
Compare

Ask AI

Configure your API key to use AI features.