Sep 11 2025

UN Adopts First-Ever Global AI Resolution: A Framework for Trust and Responsibility

Category: AI,AI Governancedisc7 @ 12:57 pm

The United Nations has officially taken a historic step by adopting its first resolution on artificial intelligence. This marks the beginning of a global dialogue where nations acknowledge both the promise and the risks that AI carries.

The resolution represents a shared framework, where countries have reached consensus on guiding principles for AI. Although the agreement is not legally binding, it establishes a moral and political foundation for responsible development.

At the core of the resolution is a call for the safe and ethical use of AI. The aim is to ensure that technology enhances human life rather than diminishing it, emphasizing values over unchecked advancement.

Human rights and privacy protection are highlighted as non-negotiable priorities. The resolution reinforces the idea that individuals must remain at the center of technological progress, with strong safeguards against misuse.

It also underscores the importance of transparency and accountability. Algorithms that influence decisions in critical areas—such as healthcare, employment, and governance—must be explainable and subject to oversight.

International collaboration is another pillar of the framework. Nations are urged to work together on standards, share research, and avoid fragmented approaches that could widen global inequalities in technology.

The resolution recognizes that AI is not merely about innovation; it is about shaping trust, power, and human values. However, questions remain about whether such frameworks can keep pace with the speed at which AI is evolving.

Why it matters: These mechanisms will help anticipate risks, set standards, and make sure AI serves humanity – not the other way around.

Read more: https://lnkd.in/epxFHkaC

My Opinion:
This resolution is a significant milestone, but it is only a starting point. While it sets a common direction, enforcement and adaptability remain challenges. If nations treat this as a foundation for actionable policies and binding agreements in the future, it could help balance innovation with safeguards. Without stronger mechanisms, however, the risks of bias, misinformation, and economic upheaval may outpace the protections envisioned.

The AI Governance Flywheel illustrates how standards, regulations, and governance practices interlock to drive a self-reinforcing cycle of continuous improvement.

Exploring AI security, privacy, and the pressing regulatory gaps—especially relevant to today’s fast-paced AI landscape

What are main requirements for Internal audit of ISO 42001 AIMS

The Dutch AI Act Guide: A Practical Roadmap for Compliance

Embedding AI Oversight into GRC: Building Trust, Compliance, and Accountability

Responsible AI in the Age of Generative Models: Governance, Ethics and Risk Management 

AI Governance: Applying AI Policy and Ethics through Principles and Assessments

AIMS and Data Governance – Managing data responsibly isn’t just good practice—it’s a legal and ethical imperative. 

DISC InfoSec previous posts on AI category

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot | Comprehensive vCISO Services | ISMS Services | Security Risk Assessment Services | Mergers and Acquisition Security

Tags: Framework for Trust and Responsibility, Global AI Resolution, UN

Sep 10 2025

The AI Governance Flywheel illustrates how standards, regulations, and governance practices interlock to drive a self-reinforcing cycle of continuous improvement.

Category: AI,AI Governance,FlyWheeldisc7 @ 9:25 am

The AI Governance Flywheel is a practical framework your organization can adopt to align standards, regulations, and governance processes in a dynamic cycle of continuous improvement.

It shows how standards, regulations, and governance practices reinforce each other in a cycle of continuous improvement.

AI Governance Flywheel

1. Standards & Frameworks

  • ISO/IEC 42001 (AI Management System)
  • ISO/IEC 23894 (AI Risk Management)
  • EU AI Act
  • NIST AI RMF
  • OECD AI Principles

➡️ Provide structure, terminology, and baseline practices.

2. Regulations & Policies

  • EU AI Act
  • U.S. Executive Order on AI (2023)
  • China AI Regulations
  • National/sectoral guidelines (healthcare, finance, defense)

➡️ Drive compliance requirements and enforce responsible AI.

3. Governance & Controls

  • AI Ethics Boards
  • Risk Assessment & Mitigation
  • AI Transparency & Explainability
  • Data Governance & Privacy (GDPR, CCPA)

➡️ Ensure AI use is aligned with business values, laws, and trust.

4. Implementation & Operations

  • AI System Lifecycle Management
  • Model Monitoring & Auditing
  • Bias/Fairness Testing
  • Incident Response for AI Risks

➡️ Embed governance in day-to-day AI operations.

5. Continuous Improvement

  • Internal & external audits
  • Feedback loops from incidents/regulators
  • Updating models, policies, and controls
  • Staff training and culture building

➡️ Enhances trust, reduces risks, and prepares for evolving standards/regulations.

📌 The flywheel keeps spinning:
Standards → Regulations → Governance → Operations → Improvement → back to Standards.

Spinning the AI Flywheel™ (Mastering AI Strategy): How to Discover, Build, Deploy and Scale AI for Lasting Business Impact (ARTIFICIAL INTELLIGENCE – AI) 

Exploring AI security, privacy, and the pressing regulatory gaps—especially relevant to today’s fast-paced AI landscape

What are main requirements for Internal audit of ISO 42001 AIMS

The Dutch AI Act Guide: A Practical Roadmap for Compliance

Embedding AI Oversight into GRC: Building Trust, Compliance, and Accountability

Responsible AI in the Age of Generative Models: Governance, Ethics and Risk Management 

AI Governance: Applying AI Policy and Ethics through Principles and Assessments

AIMS and Data Governance – Managing data responsibly isn’t just good practice—it’s a legal and ethical imperative. 

DISC InfoSec previous posts on AI category

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot | Comprehensive vCISO Services | ISMS Services | Security Risk Assessment Services | Mergers and Acquisition Security

Tags: AI Governance FlyWheel

Sep 09 2025

Exploring AI security, privacy, and the pressing regulatory gaps—especially relevant to today’s fast-paced AI landscape

Category: AI,AI Governance,Information Securitydisc7 @ 12:44 pm

Featured Read: Securing the AI Frontier: Urgent Ethical and Regulatory Imperatives for AI-Driven Cybersecurity

  • Overview: This academic paper examines the growing ethical and regulatory challenges brought on by AI’s integration with cybersecurity. It traces the evolution of AI regulation, highlights pressing concerns—like bias, transparency, accountability, and data privacy—and emphasizes the tension between innovation and risk mitigation.
  • Key Insights:
    • AI systems raise unique privacy/security issues due to their opacity and lack of human oversight.
    • Current regulations are fragmented—varying by sector—with no unified global approach.
    • Bridging the regulatory gap requires improved AI literacy, public engagement, and cooperative policymaking to shape responsible frameworks.
  • Source: Authored by Vikram Kulothungan, published in January 2025, this paper cogently calls for a globally harmonized regulatory strategy and multi-stakeholder collaboration to ensure AI’s secure deployment.

Why This Post Stands Out

  • Comprehensive: Tackles both cybersecurity and privacy within the AI context—not just one or the other.
  • Forward-Looking: Addresses systemic concerns, laying the groundwork for future regulation rather than retrofitting rules around current technology.
  • Action-Oriented: Frames AI regulation as a collaborative challenge involving policymakers, technologists, and civil society.

Additional Noteworthy Commentary on AI Regulation

1. Anthropic CEO’s NYT Op-ed: A Call for Sensible Transparency

Anthropic CEO Dario Amodei criticized a proposed 10-year ban on state-level AI regulation as “too blunt.” He advocates a federal transparency standard requiring AI developers to disclose testing methods, risk mitigation, and pre-deployment safety measures.

2. California’s AI Policy Report: Guarding Against Irreversible Harms

A report commissioned by Governor Newsom warns of AI’s potential to facilitate biological and nuclear threats. It advocates “trust but verify” frameworks, increased transparency, whistleblower protections, and independent safety validation.

3. Mutually Assured Deregulation: The Risks of a Race Without Guardrails

Gilad Abiri argues that dismantling AI safety oversight in the name of competition is dangerous. Deregulation doesn’t give lasting advantages—it undermines long-term security, enabling proliferation of harmful AI capabilities like bioweapon creation or unstable AGI.

Broader Context & Insights

  • Fragmented Landscape: U.S. lacks unified privacy or AI laws; even executive orders remain limited in scope.
  • Data Risk: Many organizations suffer from unintended AI data exposure and poor governance despite having some policies in place.
  • Regulatory Innovation: Texas passed a law focusing only on government AI use, signaling a partial step toward regulation—but private sector oversight remains limited.
  • International Efforts: The Council of Europe’s AI Convention (2024) is a rare international treaty aligning AI development with human rights and democratic values.
  • Research Proposals: Techniques like blockchain-enabled AI governance are being explored as transparency-heavy, cross-border compliance tools.

Opinion

AI’s pace of innovation is extraordinary—and so are its risks. We’re at a crossroads where lack of regulation isn’t a neutral stance—it accelerates inequity, privacy violations, and even public safety threats.

What’s needed:

  1. Layered Regulation: From sector-specific rules to overarching international frameworks; we need both precision and stability.
  2. Transparency Mandates: Companies must be held to explicit standards—model testing practices, bias mitigation, data usage, and safety protocols.
  3. Public Engagement & Literacy: AI literacy shouldn’t be limited to technologists. Citizens, policymakers, and enforcement institutions must be equipped to participate meaningfully.
  4. Safety as Innovation Avenue: Strong regulation doesn’t kill innovation—it guides it. Clear rules create reliable markets, investor confidence, and socially acceptable products.

The paper “Securing the AI Frontier” sets the right tone—urging collaboration, ethics, and systemic governance. Pair that with state-level transparency measures (like Newsom’s report) and critiques of over-deregulation (like Abiri’s essay), and we get a multi-faceted strategy toward responsible AI.

Anthropic CEO says proposed 10-year ban on state AI regulation ‘too blunt’ in NYT op-ed

California AI Policy Report Warns of ‘Irreversible Harms’ 

Responsible AI in the Age of Generative Models: Governance, Ethics and Risk Management 

AI Governance: Applying AI Policy and Ethics through Principles and Assessments

AIMS and Data Governance – Managing data responsibly isn’t just good practice—it’s a legal and ethical imperative. 

DISC InfoSec previous posts on AI category

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot | Comprehensive vCISO Services | ISMS Services | Security Risk Assessment Services | Mergers and Acquisition Security

Tags: AI privacy, AI Regulations, AI security, AI standards

Sep 07 2025

The Dutch AI Act Guide: A Practical Roadmap for Compliance

Category: AI,AI Governancedisc7 @ 10:33 pm

The Dutch government has released version 1.1 of its AI Act Guide, setting a strong example for AI Act readiness across Europe. Published by the Ministry of Economic Affairs, this free 21-page document is one of the most practical and accessible resources currently available. It is designed to help organizations—whether businesses, developers, or public authorities—understand how the EU AI Act applies to them.

The guide provides a four-step approach that makes compliance easier to navigate: start with risk rather than abstract definitions, confirm whether your system meets the EU’s definition of AI, determine your role as either provider or deployer, and finally, map your obligations based on the AI system’s risk level. This structure gives users a straightforward way to see where they stand and what responsibilities they carry.

Content covers a wide range of scenarios, including prohibited AI uses such as social scoring or predictive policing, as well as obligations for high-risk AI systems in critical areas like healthcare, education, HR, and law enforcement. It also addresses general-purpose and generative AI, with requirements around transparency, risk mitigation, and exceptions for open models. Government entities get additional guidance on tasks such as Fundamental Rights Impact Assessments and system registration. Importantly, the guide avoids dense legal jargon, using clear explanations, definitions, and real-world references to make the regulations understandable and actionable.

Dutch AI ACT Guide Ver 1.1

My take on the Dutch AI Act Guide is that it’s one of the most practical tools released so far to help organizations translate EU AI Act requirements into actionable steps. Unlike dense regulatory texts, this guide simplifies the journey by giving a clear, structured roadmap—making it easier for businesses and public authorities to assess whether they’re in scope, identify their risk category, and understand obligations tied to their role.

From an AI governance perspective, this guide helps organizations move from theory to practice. Governance isn’t just about compliance—it’s about building a culture of accountability, transparency, and ethical use of AI. The Dutch approach encourages teams to start with risk, not abstract definitions, which aligns closely with effective governance practices. By embedding this structured framework into existing GRC programs, companies can proactively manage AI risks like bias, drift, and misuse.

For cybersecurity, the guide adds another layer of value. Many high-risk AI systems—especially in healthcare, HR, and critical infrastructure—depend on secure data handling and system integrity. Mapping obligations early helps organizations ensure that cybersecurity controls (like access management, monitoring, and data protection) are not afterthoughts but integral to AI deployment. This alignment between regulatory expectations and cybersecurity safeguards reduces both compliance and security risks.

In short, the Dutch AI Act Guide can serve as a playbook for integrating AI governance into GRC and cybersecurity programs—helping organizations stay compliant, resilient, and trustworthy while adopting AI responsibly.

Embedding AI Oversight into GRC: Building Trust, Compliance, and Accountability

Source: AI Governance: 5 Ways to Embed AI Oversight into GRC

Responsible AI in the Age of Generative Models: Governance, Ethics and Risk Management 

AI Governance: Applying AI Policy and Ethics through Principles and Assessments

AIMS and Data Governance – Managing data responsibly isn’t just good practice—it’s a legal and ethical imperative. 

DISC InfoSec previous posts on AI category

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot | Comprehensive vCISO Services | ISMS Services | Security Risk Assessment Services | Mergers and Acquisition Security

Tags: The Dutch AI Act Guide

Sep 07 2025

Embedding AI Oversight into GRC: Building Trust, Compliance, and Accountability

Category: AI,AI Governancedisc7 @ 10:17 am

1. Why AI Governance Matters

AI brings undeniable benefits—speed, accuracy, vast data analysis—but without guardrails, it can lead to privacy breaches, bias, hallucinations, or model drift. Ensuring governance helps organizations harness AI safely, transparently, and ethically.

2. What Is AI Governance?

AI governance refers to a structured framework of policies, guidelines, and oversight procedures that govern AI’s development, deployment, and usage. It ensures ethical standards and risk mitigation remain in place across the organization.

3. Recognizing AI-specific Risks

Important risks include:

  • Hallucinations—AI generating inaccurate or fabricated outputs
  • Bias—AI perpetuating outdated or unfair historical patterns
  • Data privacy—exposure of sensitive inputs, especially with public models
  • Model drift—AI performance degrading over time without monitoring.

4. Don’t Reinvent the Wheel—Use Existing GRC Programs

Rather than creating standalone frameworks, integrate AI risks into your enterprise risk, compliance, and audit programs. As risk expert Dr. Ariane Chapelle advises, it’s smarter to expand what you already have than build something separate.

5. Five Ways to Embed AI Oversight into GRC

  1. Broaden risk programs to include AI-specific risks (e.g., drift, explainability gaps).
  2. Embed governance throughout the AI lifecycle—from design to monitoring.
  3. Shift to continuous oversight—use real-time alerts and risk sprints.
  4. Clarify accountability across legal, compliance, audit, data science, and business teams.
  5. Show control over AI—track, document, and demonstrate oversight to stakeholders.

6. Regulations Are Here—Don’t Wait

Regulatory frameworks like the EU AI Act (which classifies AI by risk and prohibits dangerous uses), ISO 42001 (AI management system standard), and NIST’s Trustworthy AI guidelines are already in play—waiting to comply could lead to steep penalties.

7. Governance as Collective Responsibility

Effective AI governance isn’t the job of one team—it’s a shared effort. A well-rounded approach balances risk reduction with innovation, by embedding oversight and accountability across all functional areas.

Quick Summary at the End:

  • Start small, then scale: Begin by tagging AI risks within your existing GRC framework. This lowers barriers and avoids creating siloed processes.
  • Make it real-time: Replace occasional audits with continuous monitoring—this helps spot bias or drift before they become big problems.
  • Document everything: From policy changes to risk indicators, everything needs to be traceable—especially if regulators or execs ask.
  • Define responsibilities clearly: Everyone from legal to data teams should know where they fit in the AI oversight map.
  • Stay compliant, stay ahead: Don’t just tick a regulatory box—build trust by showing you’re in control of your AI tools.

Source: AI Governance: 5 Ways to Embed AI Oversight into GRC

Responsible AI in the Age of Generative Models: Governance, Ethics and Risk Management 

AI Governance: Applying AI Policy and Ethics through Principles and Assessments

AIMS and Data Governance – Managing data responsibly isn’t just good practice—it’s a legal and ethical imperative. 

DISC InfoSec previous posts on AI category

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot | Comprehensive vCISO Services | ISMS Services | Security Risk Assessment Services | Mergers and Acquisition Security

Tags: AI Governance

« Previous Page