Review: AI regulation & compliances

1 AI system, 10 regulations

AI is moving fast. But laws and rules about how we use AI?

It’s developing fast. But not fast enough. Good, but could very bad.

That’s a problem.

Especially with Generative AI (GenAI)—you know, the kind of AI that writes, creates, and talks back. It’s powerful, but if we’re not careful, it can also:

• Leak your personal info 😬

• Spread fake news 🧠

• Make unfair decisions 👎

So what can we do?

---

⚖️ Governments Are Catching Up

Different countries are trying to make rules:

• Europe has the AI Act – if your AI tool is risky (like face recognition), it needs human checks and detailed records.

• California wants people to know when AI is making decisions about them.

• HIPAA in the U.S. protects your health info—even from AI.

• Biden’s Executive Order tells U.S. government agencies: Be safe, be fair, be transparent.

But it’s still confusing, especially for businesses building with AI.

---

🌍 Global / International

1. OECD Recommendations on AI

2. UNESCO Recommendation on the Ethics of AI

3. GPAI (Global Partnership on AI)

4. ISO/IEC 42001:2023 (AI Management System Standard)

5. OWASP Top 10 for Large Language Model Applications

---

🇪🇺 European Union

6. GDPR (General Data Protection Regulation)

7. EU AI Act (Artificial Intelligence Act)

---

🇺🇸 United States

8. CCPA (California Consumer Privacy Act)

9. CPRA (California Privacy Rights Act)

10. California Executive Order on GenAI

11. Draft California ADMT Regulations (Automated Decision-Making Technology)

12. HIPAA (Health Insurance Portability and Accountability Act)

13. FTC Guidance on AI Privacy and Terms of Service

14. OMB AI Policy (Federal agency AI governance)

15. President Biden’s AI Executive Order

---

🌏 Asia-Pacific / Other Regions

16. China’s AI Regulations (e.g., Ministry of Science and Technology)

17. Japan’s Cabinet Office AI Policies

18. South Korea’s Ministry of Science and ICT AI Rules

19. Singapore’s AI Governance Framework

20. India’s AI for All Policy (NITI Aayog)

21. Australia’s AI Ethics Framework

22. UK AI Regulations and Ethics Guidelines

---

🧑‍⚖️ By Legal Type

23. Anti-discrimination Laws (various countries)

24. Intellectual Property Laws (copyright, patent, trade secrets)

25. Liability and Insurance for AI (including Hallucination Insurance)

26. Automated Decision-Making Laws (GDPR Art. 22, CCPA/CPRA, etc.)

🚨 What’s the Risk?

AI can "hallucinate"—make stuff up!
It can also accidentally (or not) leak data, trick people, or make biased decisions.

This is why the paper says we need:

• Strong data privacy

• Clear human oversight

• Real accountability when AI goes wrong

---

🌍 What’s the Big Picture?

🛠️ What Should Companies Do?

1. Use AI responsibly. Don't just chase shiny tools—think about the risks.

2. Know the laws. Different places have different rules.

3. Be transparent. Tell users when AI is involved.

4. Keep humans in the loop. Especially when decisions affect people’s lives.

Reference

Cloud Security Alliance. (2024). Principles to practice: Responsible AI in a dynamic regulatory environment. https://cloudsecurityalliance.org/research/working-groups/ai-governance-compliance