AI Compliance Playbook: Adapting the Three Lines Framework for AI Innovations

Facing imminent artificial intelligence (AI) regulation, companies using AI are looking to the respected “Three Lines of Defense” risk management framework to help them reassure the public and regulators, but they are finding that the framework’s rigor clashes with ethics-by-design thinking. This final article in our four-part series guides readers through adapting the Three Lines approach to AI/machine learning (ML) and includes actions to take during AI development and deployment, described by experts at, the Future of Privacy Forum, Linklaters and Mayer Brown. It also provides insights from AI specialists at Microsoft and Morrison & Foerster delivered during recent IAPP and Privacy + Security Forum panels. The first article in the series covered compliance essentials for AI/ML tools; the second article supplied questions to guide AI oversight; and the third article examined two recently completed audits of widely used AI services and presented commentary from algorithm auditors and AI incident responders about the practical role of AI audits. See “Asset Managers Seeking Efficiency Through Outsourcing and Technology, According to Recent Survey” (Sep. 15, 2022).

To read the full article

Continue reading your article with a HFLR subscription.