Risk Management Archives - IPOsgoode /osgoode/iposgoode/tag/risk-management/ An Authoritive Leader in IP Fri, 10 Feb 2023 17:00:00 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 NIST Releases their AI Risk Management Framework 1.0 /osgoode/iposgoode/2023/02/10/nist-releases-their-ai-risk-management-framework-1-0/ Fri, 10 Feb 2023 17:00:00 +0000 https://www.iposgoode.ca/?p=40589 The post NIST Releases their AI Risk Management Framework 1.0 appeared first on IPOsgoode.

]]>

Gregory Hong is an IPilogue Writer and a 1L JD candidate at Osgoode Hall Law School.


The (NIST) has been tasked with promoting “U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology.” On January 26, 2023, NIST released their alongside a suggesting ways to use the AI RMF to “incorporate trustworthiness considerations in the design, development, deployment, and use of AI systems”. Both the framework and playbook are intended to help organizations understand and manage the potential risks and benefits of AI. The framework is also meant to ensure that AI systems are developed, deployed, and used in a responsible and trustworthy manner. The framework is intended to be a flexible and adaptable tool that can be applied to a wide range of AI systems, including those used in various industries such as healthcare, finance, and transportation.

NIST describes a trustworthy AI to have a set of characteristics: valid and reliable, safe, secure, and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair – with harmful bias managed.

Valid and reliable: Produces accurate and consistent results. Its performance should be evaluated and validated through ongoing testing and experimentation, with risk management prioritizing the minimization of potential negative impacts.

Safe: Does not cause harm to people or the environment and should be designed, developed, and deployed responsibly with clear information for responsible use of the system

Secure and resilient: Maintains confidentiality, integrity, and availability through protection against common security such as data poisoning, and the exfiltration of  other intellectual property through AI system endpoints.

Accountable and transparent: Provides appropriate levels of information to AI actors to allow for transparency and accountability of its decisions and actions.

Explainable and interpretable: representing the underlying AI systems’ operation and the meaning of its output in the context of its designed functional purposes. Explainable and interpretable AI systems offer information that will help end users understand their purposes and potential impact.

Privacy-enhanced: Protects the privacy of individuals and organizations in compliance with relevant laws and regulations.

Fair – with harmful bias managed:  NIST has identified three major categories of AI bias to be considered and managed: systemic (broad and ever-present societal bias), computational and statistical (typically due to non-representative samples), and human-cognitive (perceptions of AI system information in deciding or filling in missing information).

AI RMF’s core is organized around four specific functions to help organizations address the risks of AI systems in practice: Govern, Map, Measure, and Manage.

Govern: This includes establishing policies, procedures, and standards for AI systems, key decision-makers, developers, and end-users.

Map: AI RMF is intended to contextualize and frame risks by identifying the system's components, data sources, and external dependencies, as well as to understand how the system is used and by whom.

Measure: AI RMF evaluates the potential risks and benefits of the AI system by assessing the system's vulnerabilities and potential social impacts.

Manage: AI RMF allocates risk resources to mitigate identified risks and continuously monitor the system and its environment by establishing monitoring processes and procedures to detect and respond to incidents, as well as updating controls as needed.

NIST’s AI risk management framework is a voluntary but very important prompt for organizations and teams who design, develop, and deploy AI to think more critically about their responsibilities to the public. Understanding and managing the risks of AI systems will help to enhance trustworthiness, and in turn, cultivate public trust in AI – a critical part in AI adoption and advancement.

The post NIST Releases their AI Risk Management Framework 1.0 appeared first on IPOsgoode.

]]>
Artificial Intelligence and Data Act (AIDA) signals more AI regulation to come /osgoode/iposgoode/2022/08/12/artificial-intelligence-and-data-act-aida-signals-more-ai-regulation-to-come/ Fri, 12 Aug 2022 16:00:00 +0000 https://www.iposgoode.ca/?p=39900 The post Artificial Intelligence and Data Act (AIDA) signals more AI regulation to come appeared first on IPOsgoode.

]]>

Aaron Dishy is an IPilogue Writer and a 3L JD Candidate at Osgoode Hall Law School.


The proposed Artificial Intelligence and Data Act (AIDA) would introduce greater regulation of the use and development of artificial intelligence (AI) in Canada’s private sector. On June 15th, 2022, the Minister of Innovation, Science and Industry, François-Phillippe Champagne introduced Bill C-27, or the . Bill C-27 reiterates much of , tabled in 2020, reintroducing a modified Consumer Privacy Protection Act (CPPA) and Personal Information and Data Protection Tribunal Act (PIDPTA). However, Bill C-27 also introduced newly proposed legislation like AIDA which, if enacted, would make long advocated-for changes to Canada’s AI regulatory landscape.

AIDA would create new assessment and risk-mitigation tools for the use and transparency of high-impact AI systems. It would establish persons responsible for monitoring AI systems, such as the Artificial Intelligence and Data Commissioner — their role is to assist the Minister in the administration and enforcement of AIDA. Monetary penalties for the AIDA contraventions are also set out to enforce trust and deter the reckless and fraudulent uses of AI. In this way, Bill C-27 and AIDA would direct Canada towards harmonization with international regulatory frameworks, like that of the .

With that being said, AIDA would be more limited in scope when compared to its EU counterpart. For example, unlike EU legislation, AIDA would not apply to both public and private sectors, and all federal government institutions would be exempt.[1] Further, EU legislation sets out specific prohibited AI practices, alongside criteria for determining the degree of risk presented by any AI system. AIDA establishes no specific prohibited AI practices and distinguishes only between high-risk AI and all other systems; complex and salient matters are left to incoming regulation.

Beyond its limited scope, AIDA may be uncertain in its delineation of provincial and federal responsibilities. For example, AIDA’s consideration of “regulated activity,” would capture many elements of AI development and use, including “designing, developing or making available for use an artificial intelligence system or managing its operations.”[2] This language indicates the legislation is pursuant to Parliament's trade and commerce power under section of the Constitution Act, 1867. However, the federal government may also intend provinces to legislate on intraprovincial uses of AI, notwithstanding the rarity of circumstances under which such AI systems would be developed.

Lastly, attention is required of the breadth of persons AIDA considers “responsible” for an AI system in the course of trade.[3] It holds designers, developers and managers of AI systems subject to AIDA’s administrative and operational requirements. If those parties are expected to monitor or conduct audits of consumer deployment of AI systems, assessments must be made of risk potentials and mitigation from both perspectives. Additional regulation may be required in the full consideration of such perspectives.  

AIDA remains proposed legislation and may be modified prior to implementation. However, it represents a much larger move by international legal bodies to regulate the development and use of AI. Businesses must be prepared for greater AI regulation in Canada. Thankfully, informative and responsive policy for the consideration of AI systems is also being developed, such as a by the Law Commission of Ontario. If correctly applied, AIDA should empower more Canadians to engage with trustworthy and transparent AI systems.


[1] This may be extended to exclude provincial departments or agencies by regulation as set out in s.3 of AIDA.

[2] See s.5(1) of AIDA.

[3] Ibid at s.5(2).

The post Artificial Intelligence and Data Act (AIDA) signals more AI regulation to come appeared first on IPOsgoode.

]]>