TO GC Talk Series #52 – AI adoption & digital risks

Omar Soufanate and Gordon Hopgood of Control Risks talk to in-house counsel on how they can navigate the risks and challenges of integrating artificial intelligence within the business.

While AI offers transformative opportunities, the risks associated with generative AI models are significant. In-house counsel are grappling with legal complexities concerning the training, usage, and protection of generative AI tools. How can organisations effectively navigate these legal considerations, both within their own products and through vendor engagements? Omar Soufanate, associate director and Gordon Hopgood, senior consultant of Control Risks led a session of The Oath GC Talk Series on June 12, 2024, addressing AI and digital risks, offering insights for corporate counsel to navigate these challenges.

Omar and Gordon commenced the session offering an introduction into AI and the current regulatory landscape across the globe. Compared to other jurisdictions, the most mature regulation is the EU AI Act, which is the first legal framework regulating emerging technology that is likely to benchmark how other countries choose to govern AI. The speakers shared some key current trends they have witnessed in regulating the use of AI in the absence of formal legal frameworks. It involves risk management based on the core principles of AI regulation, policy alignment with existing digital channels such as data privacy and cybersecurity, and increased international collaboration between countries which promotes responsible use. Gordon shared that organisations should understand the regulatory environment they are operating in, use their comprehensive data privacy policies as a blueprint for any upcoming AI regulations and engage with public officials and forums to stay abreast of regulatory changes

The speakers took the audience through how the United Arab Emirates is working towards achieving the goals of the National Artificial Intelligence Strategy 2031, which is aimed at positioning the UAE as a global leader in AI and to develop an integrated system that employs AI in vital areas in the country such as resources and energy, logistics and transport, tourism and hospitality, healthcare, cybersecurity, smart government, crypto and in the UAE Artificial Intelligence and Blockchain Council. Omar led the interactive segment sharing case studies and industry examples with the audience on the progress in the UAE. He took feedback from the in-house counsel attendees on how their organisations are integrating AI and tackling the opportunities and the challenges that come with implementation.

Next, Omar and Gordon presented three scenarios to the audience as a simulation exercise. Each scenario depicted an incident, and the attendees engaged with the speakers exploring the causes, associated risks and potential impact of each issue.

Finally, the speakers concluded emphasising on the importance of the principle of ‘security by design’ in integrating AI for organisations. They shared and elaborated on some of the risk mitigation takeaways that organisations and in-house counsel should consider as they progress on their AI journey: (i) Assess and plan what specific aspect(s) of the business need automation and if the technology in consideration is suitable. (ii) Ensure effective, secure and responsible data management and technology selection (iii) If engaging in model training, organisations should ensure that the data supplemented to AI models is sanitised, labelled and categorised. (iv) Evaluate if the AI model functions as expected through testing. (v) Constantly monitor the AI tool with regular checks and assessments. (vi) Understand and formalise the various processes involved in terms of data input/output, accessibility, authorisation, etc. (vii) With regard to people and training, equip employees to use the tools and the technologies that are in place. (viii) Take feedback if there are active users that are different from the developers of the tool.

Control Risks is a specialist risk consultancy that helps create secure, compliant, and resilient organisations. Control Risks partners with law firms and in-house counsel on domestic and multi-national engagements, providing unparalleled global expertise, local insight, and technology solutions. The firm acts as a trusted advisor, supplementing in-house capabilities and consulting on knowledge gaps to help counsel better support clients, maintaining credibility, and avoiding liability and pitfalls across a wide range of matters. Whether it is corruption, fraud or regulatory investigation, or a cyber breach, Control Risks can draw from their technical expertise and on-premises and cloud data centres strategically placed across the globe. They can handle everything from the most challenging assignments involving electronic data and evidence to delivering meaningful intelligence on a prospective investment, business partner, competitor, or adversary in litigation.