Kokila Alagh, the Founder of KARM Legal Consultants, says that the laws and policies governing AI are rapidly evolving in the region
Are companies aware of regional and global policies surrounding the use of Gen AI?
While companies are aware that the laws and policies governing AI are rapidly evolving in the region, we see that a lot of players in the market are still not up to speed in terms of the exact nuances of the applicable laws. Businesses want to better understand how these laws specifically impact their businesses. For example, a noteworthy development that we are seeing businesses wanting to more about is the amendment to the DIFC Data Protection Law. This may impact how businesses deploy AI tools.
Further, in today’s globalised world, cross-border businesses need to be mindful of not just what the law is here, but also of what the law as well as the industry best practices are globally, and what they are likely to be in the near future. So, it is important for global, data-driven companies to assess the regulatory impact of key global developments, such as the proposed EU AI Act, or the US Artificial Intelligence Risk Management Framework.
What factors do companies need to consider before adopting Gen AI such as having a centralised data strategy?
The utilization of generative AI must be preceded by consideration of various legal factors, the most prominent ones being privacy, data confidentiality and intellectual property rights.
Confidentiality: AI systems utilize user-provided data to refine and continually train their algorithms, putting sensitive information at risk of potential breaches. Businesses need to rigorously scrutinize the data handling practices of their chosen AI service providers. Moreover, sensitive information from AI models can be extracted maliciously or unintentionally by querying them in specific, tailored ways. Many companies recently banned AI tools being used at work when they realised that the tools mimicked internal company data.
Privacy: It is crucial for businesses to possess an in-depth knowledge of how user data will be utilized and safeguarded, especially in domains that frequently involve the divulgence of sensitive information, such as healthcare, legal consultations, or financial services. As businesses venture into integrating AI into their customer interactions, they must also familiarize themselves with their responsibilities under prevailing data protection regulations.
Intellectual property: Generative AI has predominantly been employed for the generation of content, encompassing images, videos, and text. In many instances, companies integrate the AI-produced output directly into their offerings without any human intervention or modifications. Yet, the legal landscape surrounding copyright and the output of generative AI remains in flux. Thus, before leveraging generative AI, it’s crucial for businesses to evaluate the intellectual property rights (IPR) stipulations and indemnity provisions in their agreements with AI service providers.