Ethical Guidelines for Legal AI Applications

The Belgium Data Protection Agency (DPA) published a report explaining the intersection between the GDPR and the AI Act and how organizations can align AI systems with data protection principles. The report emphasizes transparency, accountability, and fairness in AI, particularly for high-risk AI systems. The report also outlines how human oversight and technical measures can ensure compliant and ethical AI use. AI systems are defined based on the AI Act as machine-based systems that can operate autonomously and adapt based on data input. Examples in the report: spam filters, streaming service recommendation engines, and AI-powered medical imaging. GDPR & AI Act Requirements: The report explains how both frameworks complement each other: 1) GDPR focuses on lawful processing, fairness, and transparency. GDPR principles like purpose limitation and data minimization apply to AI systems which collect and process personal data. The report stresses that AI systems must use accurate, up-to-date data to prevent discrimination or unfair decision-making, aligning with GDPR’s emphasis on data accuracy. 2) AI Act adds prohibitions for high-risk systems, like social scoring and facial recognition. It also stresses bias mitigation in AI decisions and emphasizes transparency. * * * Specific comparisons: Automated Decision-Making: While the GDPR allows individuals to challenge fully automated decisions, the AI Act ensures meaningful human oversight for high-risk AI systems in particular cases. This includes regular review of the system’s decisions and data. Security: - The GDPR requires technical and organizational measures to secure personal data. - The AI Act builds on this by demanding continuous testing for potential security risks and biases, especially in high-risk AI systems. Data Subject Rights: - The GDPR grants individuals rights such as access, rectification, and erasure of personal data. - The AI Act reinforces this by ensuring transparency and accountability in how AI systems process data, allowing data subjects to exercise these rights effectively. Accountability: Organizations must demonstrate compliance with both GDPR and the AI Act through documented processes, risk assessments, and clear policies. The AI Act also mandates risk assessments and human oversight in critical AI decisions. See: https://lnkd.in/giaRwBpA Thanks so much Luis Alberto Montezuma for posting this report! #DPA #GDPR #AIAct

State Bar of California approves guidance on use of generative AI in the practice of law. Key points: 🔹 A lawyer must not input any confidential information of the client into any generative AI solution that lacks adequate confidentiality and security protections. A lawyer must anonymize client information and avoid entering details that can be used to identify the client. (Duty of confidentiality) 🔹 AI-generated outputs can be used as a starting point but must be carefully scrutinized. They should be critically analyzed for accuracy and bias, supplemented, and improved, if necessary. (Duty of competence and diligence) 🔹 A lawyer must comply with the law (e.g. IP, privacy, cybersecurity) and cannot counsel a client to engage, or assist a client in conduct that the lawyer knows is a violation of any law, rule, or ruling of a tribunal when using generative AI tools. (Duty to comply with the law) 🔹 Managerial and supervisory lawyers should establish clear policies regarding the permissible uses of generative AI and make reasonable efforts to ensure that the firm adopts measures that give reasonable assurance that the firm’s lawyers and non lawyers’ conduct complies with their professional obligations when using generative AI. This includes providing training on the ethical and practical aspects, and pitfalls, of any generative AI use. (Duty to Supervise) 🔹 The lawyer should consider disclosure to their client that they intend to use generative AI in the representation, including how the technology will be used, and the benefits and risks of such use. A lawyer should review any applicable client instructions or guidelines that may restrict or limit the use of generative AI (Duty to communicate) 🔹 A lawyer may use generative AI to more efficiently create work product and may charge for actual time spent (e.g., crafting or refining generative AI inputs and prompts, or reviewing and editing generative AI outputs). A lawyer must not charge hourly fees for the time saved by using generative AI. (Charging for work produced by AI) 🔹 A lawyer must review all generative AI outputs, including, but not limited to, analysis and citations to authority for accuracy before submission to the court, and correct any errors or misleading statements made to the court. (Duty of candor to tribunal) 🔹 Some generative AI is trained on biased information, and a lawyer should be aware of possible biases and the risks they may create when using generative AI (e.g., to screen potential clients or employees). (Prohibition on discrimination) 🔹 A lawyer should analyze the relevant laws and regulations of each jurisdiction in which a lawyer is licensed to ensure compliance with such rules. (Duties in other jurisdictions) #dataprivacy #dataprotection #AIprivacy #AIgovernance #privacyFOMO Image by vectorjuice on Freepik https://lnkd.in/dDUuFfes

✳ Bridging Ethics and Operations in AI Systems✳ Governance for AI systems needs to balance operational goals with ethical considerations. #ISO5339 and #ISO24368 provide practical tools for embedding ethics into the development and management of AI systems. ➡Connecting ISO5339 to Ethical Operations  ISO5339 offers detailed guidance for integrating ethical principles into AI workflows. It focuses on creating systems that are responsive to the people and communities they affect. 1. Engaging Stakeholders  Stakeholders impacted by AI systems often bring perspectives that developers may overlook. ISO5339 emphasizes working with users, affected communities, and industry partners to uncover potential risks and ensure systems are designed with real-world impact in mind. 2. Ensuring Transparency  AI systems must be explainable to maintain trust. ISO5339 recommends designing systems that can communicate how decisions are made in a way that non-technical users can understand. This is especially critical in areas where decisions directly affect lives, such as healthcare or hiring. 3. Evaluating Bias  Bias in AI systems often arises from incomplete data or unintended algorithmic behaviors. ISO5339 supports ongoing evaluations to identify and address these issues during development and deployment, reducing the likelihood of harm. ➡Expanding on Ethics with ISO24368  ISO24368 provides a broader view of the societal and ethical challenges of AI, offering additional guidance for long-term accountability and fairness. ✅Fairness: AI systems can unintentionally reinforce existing inequalities. ISO24368 emphasizes assessing decisions to prevent discriminatory impacts and to align outcomes with social expectations.  ✅Transparency: Systems that operate without clarity risk losing user trust. ISO24368 highlights the importance of creating processes where decision-making paths are fully traceable and understandable.  ✅Human Accountability: Decisions made by AI should remain subject to human review. ISO24368 stresses the need for mechanisms that allow organizations to take responsibility for outcomes and override decisions when necessary. ➡Applying These Standards in Practice  Ethical considerations cannot be separated from operational processes. ISO24368 encourages organizations to incorporate ethical reviews and risk assessments at each stage of the AI lifecycle. ISO5339 focuses on embedding these principles during system design, ensuring that ethics is part of both the foundation and the long-term management of AI systems. ➡Lessons from #EthicalMachines  In "Ethical Machines", Reid Blackman, Ph.D. highlights the importance of making ethics practical. He argues for actionable frameworks that ensure AI systems are designed to meet societal expectations and business goals. Blackman’s focus on stakeholder input, decision transparency, and accountability closely aligns with the goals of ISO5339 and ISO24368, providing a clear way forward for organizations.

"On Nov 6, the UK Department for Science, Innovation and Technology (DSIT) published a first draft version of its AI Management Essentials (AIME) self-assessment tool to support organizations in implementing responsible AI management practices. The consultation for AIME is open until Jan 29, 2025. Recognizing the challenge many businesses face in navigating the complex landscape of AI standards, DSIT created AIME to distill essential principles from key international frameworks, including ISO/IEC 42001, the NIST Risk Management Framework, and the EU AI Act. AIME provides a framework to: - Evaluate current practices by identifying areas that meet baseline expectations and pinpointing gaps. - Prioritize improvements by highlighting actions needed to align with widely accepted standards and principles. - Understand maturity levels by offering insights into how an organization's AI management systems compare to best practices. AIME's structure includes: - A self-assessment questionnaire - Sectional ratings to evaluate AI management health - Action points and improvement recommendations The tool is voluntary and doesn’t lead to certification. Rather, it builds a baseline for 3 areas of responsible AI governance - internal processes, risk management, and communication. It is intended for individuals familiar with organizational governance, such as CTOs or AI Ethics Officers. Example questions: 1) Internal Processes Do you maintain a complete record of all AI systems used and developed by your organization? Does your AI policy identify clear roles and responsibilities for AI management? 2) Fairness Do you have definitions of fairness for AI systems that impact individuals? Do you have mechanisms for detecting unfair outcomes? 3) Impact Assessment Do you have an impact assessment process to evaluate the effects of AI systems on individual rights, society and the environment? Do you communicate the potential impacts of your AI systems to users or customers? 4) Risk Management Do you conduct risk assessments for all AI systems used? Do you monitor your AI systems for errors and failures? Do you use risk assessment results to prioritize risk treatment actions? 5) Data Management Do you document the provenance and collection processes of data used for AI development? 6) Bias Mitigation Do you take steps to mitigate foreseeable harmful biases in AI training data? 7) Data Protection Do you implement security measures to protect data used or generated by AI systems? Do you routinely complete Data Protection Impact Assessments (DPIAs)? 8) Communication Do you have reporting mechanisms for employees and users to report AI system issues? Do you provide technical documentation to relevant stakeholders? This is a great initiative to consolidating responsible AI practices, and offering organizations a practical, globally interoperable tool to manage AI!" Very practical! Thanks to Katharina Koerner for summary, and for sharing!

Insightful Sunday read regarding AI governance and risk. This framework brings some much-needed structure to AI governance in national security, especially in sensitive areas like privacy, rights, and high-stakes decision-making. The sections on restricted uses of AI make it clear that AI should not replace human judgment, particularly in scenarios impacting civil liberties or public trust. This is particularly relevant for national security contexts where public trust is essential, yet easily eroded by perceived overreach or misuse. The emphasis on impact assessments and human oversight is both pragmatic and proactive. AI is powerful, but without proper guardrails, it’s easy for its application to stray into gray areas, particularly in national security. The framework’s call for thorough risk assessments, documented benefits, and mitigated risks is forward-thinking, aiming to balance AI’s utility with caution. Another strong point is the training requirement. AI can be a black box for many users, so the framework rightly mandates that users understand both the tools’ potential and limitations. This also aligns well with the rising concerns around “automation bias,” where users might overtrust AI simply because it’s “smart.” The creation of an oversight structure through CAIOs and Governance Boards shows a commitment to transparency and accountability. It might even serve as a model for non-security government agencies as they adopt AI, reinforcing responsible and ethical AI usage across the board. Key Points: AI Use Restrictions: Strict limits on certain AI applications, particularly those that could infringe on civil rights, civil liberties, or privacy. Specific prohibitions include tracking individuals based on protected rights, inferring sensitive personal attributes (e.g., religion, gender identity) from biometrics, and making high-stakes decisions like immigration status solely based on AI. High-Impact AI and Risk Management: AI that influences major decisions, particularly in national security and defense, must undergo rigorous testing, oversight, and impact assessment. Cataloguing and Monitoring: A yearly inventory of high-impact AI applications, including data on their purpose, benefits, and risks, is required. This step is about creating a transparent and accountable record of AI use, aimed at keeping all deployed systems in check and manageable. Training and Accountability: Agencies are tasked with ensuring personnel are trained to understand the AI tools they use, especially those in roles with significant decision-making power. Training focuses on preventing overreliance on AI, addressing biases, and understanding AI’s limitations. Oversight Structure: A Chief AI Officer (CAIO) is essential within each agency to oversee AI governance and promote responsible AI use. An AI Governance Board is also mandated to oversee all high-impact AI activities within each agency, keeping them aligned with the framework’s principles.

The European Commission and the European Research Area Forum published "Living guidelines on the responsible use of generative artificial intelligence in research." These guidelines aim to support the responsible integration of #generative #artificialintelligence in research that is consistent across countries and research organizations. The principles behind these guidelines are: • Reliability in ensuring the quality of research and awareness of societal effects (#bias, diversity, non-discrimination, fairness and prevention of harm). • Honesty in developing, carrying out, reviewing, reporting and communicating on research transparently, fairly, thoroughly, and impartially. • Respect for #privacy, confidentiality and #IP rights as well as respect for colleagues, research participants, research subjects, society, ecosystems, cultural heritage, and the environment. • Accountability for the research from idea to publication, for its management, training, supervision and mentoring, underpinned by the notion of human agency and oversight. Key recommendations include: For Researchers • Follow key principles of research integrity, use #GenAI transparently and remain ultimately responsible for scientific output. • Use GenAI preserving privacy, confidentiality, and intellectual property rights on both, inputs and outputs. • Maintain a critical approach to using GenAI and continuously learn how to use it #responsibly to gain and maintain #AI literacy. • Refrain from using GenAI tools in sensitive activities. For Research Organizations • Guide the responsible use of GenAI and actively monitor how they develop and use tools. • Integrate and apply these guidelines, adapting or expanding them when needed. • Deploy their own GenAI tools to ensure #dataprotection and confidentiality. For Funding Organizations • Support the responsible use of GenAI in research. • Use GenAI transparently, ensuring confidentiality and fairness. • Facilitate the transparent use of GenAI by applicants. https://lnkd.in/eyCBhJYF

Connecticut has introduced Senate Bill No. 2, setting new standards for the development and deployment of AI systems. Here's what companies need to know about their potential obligations under this bill: 🔒 Risk Management and Impact Assessments: Companies developing high-risk AI systems must use reasonable care to protect consumers from algorithmic discrimination and other risks. This includes conducting impact assessments to evaluate the system's potential effects on consumers and mitigating any identified risks. 📝 Transparency and Documentation: Developers of high-risk AI systems are required to provide deployers with detailed documentation, including the system's intended uses, limitations, and data governance measures. This documentation must also be made available to the Attorney General upon request. 🛡️ Deployment Safeguards: Deployers of high-risk AI systems must implement risk management policies and programs, complete impact assessments, and review the deployment annually to ensure the system does not cause algorithmic discrimination. 👁️ Consumer Notifications: Deployers must notify consumers when a high-risk AI system is used to make significant decisions affecting them, providing clear information about the system's purpose and nature. 🤖 General-Purpose AI Systems: Developers of general-purpose AI models must take steps to mitigate known risks, ensure appropriate levels of performance and safety, and incorporate standards to prevent the generation of illegal content. 📊 Reporting and Compliance: Companies must maintain records of their compliance efforts and may be required to disclose these records to the Attorney General for investigation purposes. It also includes prohibitions on synthetic content, especially related to elections or explicit content. This bill represents a significant shift towards more accountable and transparent AI practices in Connecticut. Companies operating in the state should prepare to align their AI development and deployment processes with these new requirements... even if the Bill does not pass, you should be doing most of this stuff anyway. #ArtificialIntelligence #Connecticut #AIEthics #RiskManagement #Transparency Jovana Davidovic, Jeffery Recker, Khoa Lam, Dr. Benjamin Lange, Borhane Blili-Hamelin, PhD, Ryan Carrier, FHCA

https://lnkd.in/g5ir6w57 The European Union has adopted the AI Act as its first comprehensive legal framework specifically for AI, effective from July 12, 2024. The Act is designed to ensure the safe and trustworthy deployment of AI across various sectors, including healthcare, by setting harmonized rules for AI systems in the EU market. 1️⃣ Scope and Application: The AI Act applies to all AI system providers and deployers within the EU, including those based outside the EU if their AI outputs are used in the Union. It covers a wide range of AI systems, including general-purpose models and high-risk applications, with specific regulations for each category. 2️⃣ Risk-Based Classification: The Act classifies AI systems based on their risk levels. High-risk AI systems, especially in healthcare, face stringent requirements and oversight, while general-purpose AI models have additional transparency obligations. Prohibited AI practices include manipulative or deceptive uses, though certain medical applications are exempt. 3️⃣ Innovation and Compliance: To support innovation, the AI Act includes provisions like regulatory sandboxes for testing AI systems and exemptions for open-source AI models unless they pose systemic risks. High-risk AI systems must comply with both the AI Act and relevant sector-specific regulations, like the Medical Device Regulation (MDR) and the In Vitro Diagnostic Medical Device Regulation (IVDR). 4️⃣ Global Impact and Challenges: The AI Act may influence global AI regulation by setting high standards, and its implementation within existing sector-specific regulations could create complexities. The evolving nature of AI technology necessitates ongoing updates to the regulatory framework to balance innovation with safety and fairness.