The Race to Regulate Artificial Intelligence: A Global Challenge

By Jean Loup P. G. Le Roux with Frédérique Turnier-Caron

As Artificial Intelligence continues to advance, countries around the world are grappling with how to design effective standardization and regulation.

The debate on Artificial Intelligence (AI) regulation is gaining traction globally, as widespread concerns are being voiced about the potentially unchecked development of this powerful technology. With AI applications rapidly proliferating, and expert warnings about potential threats, calls for intervention have escalated.

Recently, prominent AI expert Geoffrey Hinton expressed concerns about the dangers of scaling up AI without adequate understanding or control, emphasizing the necessity of global collaboration, regulation, and standardization. He highlighted the potentially destructive impacts on the job market and the risk of AI surpassing human intelligence.

With the simultaneous appearance of bills to regulate the artificial intelligence sector, the demand for harmonized standards has grown as AI advances across numerous industries and jurisdictions. Now comes ISO 42001, a proposed global AI standard designed to address ethical issues, advance global recognition, and confirm ethical implementation and functionalities. This ambitious project does face some difficulties, though. ISO 42001 does build upon previous standards but faces the challenge of being the first ISO standard defining a certifiable management system for AI.

In this blog, we’ll explore the challenges of developing and implementing standardization in the quickly changing AI ecosystem of today. We’ll discuss the current trend in AI and certification, the debates for market adoption, the regulatory environment, the importance of timing, and the transforming auditing industry landscape.

The Shifting Trends in AI and Certification

As we stand on the brink of an AI revolution, it’s essential to take a step back and assess the ever-changing landscape of AI trends and certification. In this section, we will examine how trends in certification schemes have impacted AI adoption and the lessons that can be learned from previous attempts to standardize technologies.

Around 2015–2016, the hype surrounding blockchain technology led to an influx of professionals seeking certification and the establishment of dedicated departments at major consulting firms. However, despite the initial enthusiasm, Certification Bodies did not report a significant demand for blockchain audits. The “crypto winter” that followed left many professionals scrambling to reposition themselves as AI experts. This example highlights the challenge of predicting market demand for specific certification in emerging technologies and the competitive value of such certifications. Certification Bodies must carefully assess the industry’s evolution and needs, in addition to regulator’s response to standards like ISO 42001. The best academical quality of the framework itself isn’t enough.

Furthermore, the global landscape of AI leadership is evolving. While Montreal was once a prominent hub for AI and machine learning, other cities like Beijing, Seattle, London, and Bangalore have since emerged as leading AI centres. This shift underscores the need for a globally recognized standard like ISO 42001 to ensure consistency and ethical implementation of AI across borders. In fact, societal values can influence the acceptable legal and technical norms to follow in the development of AI systems. The hasty acceptance of ethical, developmental, and legal principles will define tomorrow’s world.

In summary, the history of certification schemes in emerging technologies serves as a cautionary tale for ISO 42001. The industry’s response to the standard, combined with the shifting landscape of AI leadership, will be critical factors in determining its success and widespread adoption.

Learning from the Past: Regulations & Market Adoption

As we continue to explore the challenges of standardizing AI, it’s crucial to examine past certification frameworks and their market adoption. In this section, we will delve into the factors that contributed to the success or failure of previous standards and how these lessons can be applied to ISO 42001.

A prime example is the ISO 37001 anti-bribery standard. Over 120 experts from over 20 countries designed and supported the standard. Certification Bodies geared up for a high demand in audits. However, the market’s appetite fell far short of expectations, resulting in only 10% of the anticipated audits being conducted globally. This discrepancy highlights the importance of accurately gauging market demand for certifications and the potential pitfalls of overestimating industry response.

The role of regulation in driving market adoption is another essential factor to consider. Heavily regulated industries, such as aviation and automobile sectors, could potentially lead the way in AI standardization, as they’ve been historically exposed to a growing list of safety rules. If these industries were to embrace ISO 42001, it could become a business requirement rather than merely a wishful thought. The future success of ISO 42001 will greatly be dependent upon requiring the certification in order to be rewarded contracts by various entities.

Drawing from the ISO 37001 example, while some companies pursued certification, many others simply claimed to follow the standard without pursuing formal certification. The same pattern will probably be observed for AI standardization, wherein organizations may implement but not certify against the standard, leading to uneven implementation and poor recognition overall.

Furthermore, regulatory efforts are underway in the European Union, with the proposed AI Act expected to enforce stringent compliance and testing requirements for high-risk AI applications. Similarly, in the United States, regulatory measures are being developed, such as the “Blueprint for an AI Bill of Rights” and the AI Risk Management Framework. However, these measures are currently voluntary, and experts argue for a more binding regulatory approach.

China, in contrast, has imposed strict regulations on AI companies in terms of data collection, algorithm training, and output generation, aligning with its overall government control and censorship policy. The Chinese approach, targeting specific AI applications rather than a broad-based approach like the EU, might appeal to more authoritarian nations.

Finally, the integration of ISO 42001 with other standards, such as ISO 17067 and ISO 17065 depending on AI model complexity and business need, is vital for promoting international recognition, trust in AI systems, and addressing ethical concerns. This comprehensive approach is necessary to ensure that AI certification schemes are robust and globally recognized.

In conclusion, the market adoption of ISO 42001 hinges on several factors, including accurate assessment of market demand, the role of government regulation in driving adoption, and the integration of the standard with other relevant frameworks. By learning from certification schemes of the past, we can better position ISO 42001 for success and widespread adoption in AI, industry wide.

The Timing Dilemma: Keeping Pace with AI Evolution

A significant challenge facing the adoption of ISO 42001 is the timing of its release and the rapidly evolving landscape of AI technologies. As we examine the potential impact of the standard, we must also consider whether it will be relevant and appealing to businesses by the time it is fully implemented.

At present, ISO 42001 is undergoing a Quality Assurance round, with an estimated publication date between 6 to 18 months from now [1]. Following that, Certification Bodies will need to train staff, develop procedures, and begin offering certifications, taking another 12 to 18 months. Given the staggering progress in AI implementations over the past six months alone, we must ask ourselves: where will AI be in 12–24 months, and will ISO 42001 still be relevant? This timing issue extends to regulators as well.

While our Prime Minister has just discovered the (now outdated) ChatGPT version 3.5, private companies continue to develop ground-breaking AI software behind the scenes. The pace of innovation in AI is relentless, and keeping up with it is no easy task for standards and regulatory bodies.

Global AI governance is being pursued by the bilateral Trade and Technology Council and the G-7 group’s digital ministers, with a focus on responsible AI and global AI governance. There is also an ongoing attempt to develop a global framework through the National Standards Strategy for Critical and Emerging Technology.

However, the discrepancy in AI regulation between Eastern and Western countries is significant, resulting in a global patchwork of AI governance. While the East is primarily focused on advancing its research and development capabilities, the West is more concerned with implementing regulatory guardrails for technology management.

Historically, such safety advancements have taken years to become widely adopted in industries. For instance, it took 10 years of research and lobbying before Airbus pioneered fly-by-wire controls in civil aviation with their A320. Now, all modern aircraft use this safer method to control flight surfaces and engines. The same slow adoption process may apply to AI regulation, with ISO 42001 potentially taking 5 to 10 years to see real adoption.

In summary, the timing of ISO 42001’s release and implementation is a crucial factor in determining its success. Ensuring that the standard remains relevant and appealing to businesses amid rapid AI advancements is essential for achieving widespread adoption and creating a safer, more ethical AI landscape.

Challenges within the Auditing Business 

Another big factor that could impact the success of ISO 42001 is the current state of the auditing industry. With an average auditor age of around 50 [2] there is a pressing need to attract younger professionals to the field, to keep up with market demand and prepare for the future. Younger professionals can challenge traditional approaches, propose refreshing ideas or perspective to meet the needs of a fast-evolving industry. They also ensure the sustainability of the industry by preparing the next generation.

The rise of AI could present an opportunity to bring fresh talent into auditing, but certain obstacles must be overcome to make this a reality. AI is an attractive subject as it is constantly evolving. A young talent can constantly learn and quickly stand out even among individuals with several years of experience by virtue of the rapid evolution of the field. It is also a trendy subject, by virtue of its technicality and the possibility of having a real impact on society. Nevertheless, young professionals with 10 to 15 years of experience often prefer riding the consulting wave, as it is perceived as trendier and more rewarding.

Also, international accreditation forums and accreditation authorities have tried pushing towards more separation between auditing and consulting, but this can be challenging. For instance, Ernst and Young (EY) recently abandoned plans to split its auditing and consulting divisions, even before cutting 3,000 jobs in the US. Auditors frequently engage in consulting on the side, which can complicate the auditing landscape. This, combined with a lack of available auditors on the market, may slower adherence and progress by both consulting and auditing firms, regardless of market demand.

The key to harnessing AI as an opportunity to attract young auditors lies firstly in addressing the war for the attraction of young talents in addition to the separation between auditing and consulting and secondly in creating a clear path for career development within the auditing field. By doing so, the auditing profession can rejuvenate itself and contribute to the successful implementation of AI standards like ISO 42001.

In conclusion, overcoming the challenges within the auditing business and attracting younger professionals to the field is essential for the success of AI certification schemes like ISO 42001. By leveraging the appeal of AI, the auditing profession can evolve, adapt, and play a critical role in ensuring the ethical and responsible use of AI technologies.

In conclusion, there are a variety of significant issues with regulating AI. It is evident that the process of standardizing AI through scheme such as ISO 42001 is difficult. The standardisation must always change considering market acceptance, trends, evolution of technologies, the role of government, and other factors.

The risk of over-regulating AI, potentially hindering its development, is a growing concern. On the other hand, there is a call for caution against the arms race rhetoric around AI development, which could be used as a justification for not strengthening or enforcing existing regulations.

Policymakers worldwide are now tasked with revisiting their rulebooks to determine if they are still fit for the fast-evolving world of AI.

Our proficiency in compliance and newly emerged AI has enabled us to comprehend the nuances involved in AI standardisation, as we’ve shown through this examination.

—

[1] ISO.org data
[2] Management system auditors performing conformance audit for certification bodies