Featured image of post Generative AI for compliancy : risk and maturity levels
Blog Draft

Generative AI for compliancy : risk and maturity levels

Among the many promising generative AI use cases, helping users to evaluate the compliancy of their solution with complex regulation corpus is a particularly important one. This blog provides a quick overview of these use cases, and briefly review the essential railguards to consider before deploying such AI.

Compliancy and Regulations

The regulatory landscape, including the US Executive Order, the Bletchley Park Declaration or the EU`s AI Act is ever increasing. Not to mention the numerous domain specific: eco design, security, best practices rules.

The task to evaluate how compliant a software architecture or component with respect to any one of (or several of) these documents is costly and error prone. Generative AI is a possible solution ([1], [2]):

  • Automated Risk Assessment: Generative AI excels in analyzing vast datasets to identify potential risks and compliance breaches. It can autonomously assess the compliance landscape, flagging potential areas of concern and enabling proactive mitigation strategies.
  • Policy Creation and Documentation: Crafting and updating compliance policies is a time-consuming task. Generative AI can assist in the creation and maintenance of policies by analyzing regulatory texts and generating comprehensive, easily understandable documentation tailored to the specific needs of a business.
  • Training and Awareness: Keeping employees informed about the latest compliance requirements is crucial. Generative AI can generate training materials and awareness campaigns, ensuring that staff members are well-versed in the evolving landscape of regulatory compliance.
  • Real-time Monitoring and Reporting: Generative AI facilitates real-time monitoring of transactions and activities, automatically generating reports that highlight potential compliance issues. This proactive approach allows businesses to address concerns promptly, reducing the risk of regulatory penalties.

The expected benefits are enhanced efficiency, improved accuracy and consistency, an easier adaptability to regulatory changes, and of course cost reduction by automating repetitive compliance tasks and avoiding penalties for non-compliance.

Risks

Using generative AI for compliancy, just like for any use case, requires careful consideration ([3]). Company-sensitive information and personally identifiable data must be protected, and potential compliancy to the above mentioned regulations must be (of course) also anticipated.

The minimal recommended process is to identify, even for mvps or low trl innovation projects the two following levels.

Evaluate your AI Act risk level

A first good practice is consist in evaluating at what level of risk your application is according to the AI act classification:

  • Unacceptable risk: like social scoring, is prohibited.
  • High-risk such as those used in critical infrastructure or education, must meet strict requirements, including rigorous testing and documentation.
  • Low or minimal risk such as chatbots or video games, are subject to lighter transparency obligations.

This structured approach aims to balance innovation with safety and accountability.

Info: the marto innovation track explores this topic through a concrete AI use case.

Evaluate the required AI maturity level

The following schema proposes 6 levels of AI maturity.

AI maturity levels

  • Level 0: If the primary goal or capability is to collect and organize data for future GenAI initiatives, the organization is likely at Level 0. data of course is the foundational element that fuels AI; whether predictive AI or generative AI.
  • Level 1 & 2: If the focus is on using GenAI for basic tasks like content generation , summarizing content, question answering using the base capability and knowledge of the foundation model being served or to information retrieval, the organization might be at Levels 1 or 2.
  • Level 3 & 4: Organizations looking to customize GenAI models with their data or ensure the quality and relevance of outputs are likely at Levels 3 or 4.
  • Level 5 & 6: For complex use cases requiring multi-agent systems, advanced reasoning, or responsible AI practices, organizations might be aiming for Levels 5 or 6.

References

  1. Generative AI for compliance: Framework, applications, benefits and solution, leewayhertz
  2. Generative AI in Compliance: Revolutionizing Regulatory Adherence
  3. Unleashing AI to Transform Regulatory Compliance
  4. The GenAI Maturity Model
  5. White Paper on Artificial Intelligence: a European approach to excellence and trust
© 2020 - 2025 IHub Blog