FairNow: Regulatory Compliance Implementation and the NIST AI RMF / ISO Readiness
FairNow's platform simplifies the process of managing compliance for the NIST AI Risk Management Framework, ISO 42001, ISO 23894, and other AI laws and regulations worldwide.
Background & Description
FairNow’s platform simplifies the process of managing compliance for the NIST AI Risk Management Framework, ISO 42001, ISO 23894, and other AI laws and regulations worldwide. Organisations can use the FairNow platform to identify which standards, laws, and regulations apply based on their AI adoption and manage the set of activities necessary to ensure compliance.
FairNow’s platform translates complex laws and standards into actionable controls that can be executed and evidenced to track compliance. FairNow’s comprehensive library of controls covers requirements for individual AI applications – including inventorying, risk reviews, bias assessments, transparency obligations, and others – as well as requirements for an organisation’s AI governance program – including Board oversight, accountabilities, training, and culture. Organisations report on compliance through FairNow’s dashboards and set alerts for any high-impact compliance gaps.
Wherever possible, FairNow’s platform automates control evidencing – including for risk assessments, ongoing monitoring, and documentation. All evidence is centrally stored, and approvals are tracked to ensure a robust audit trail. Automation and centralisation on the FairNow platform enable organisations to simplify and streamline their AI compliance activities so that they can focus their efforts on managing their AI risks. Organisations can use FairNow’s platform to access its existing control library and convert their internal policies into controls. After creating these controls, they can define the scope, set deadlines, and directly notify AI owners of new expectations through the platform.
How this technique applies to the AI White Paper Regulatory Principles
More information on the AI White Paper Regulatory Principles
Safety, Security & Robustness
FairNow’s AI compliance functionality makes it easy for organisations to follow appropriate safety, security, and robustness checks as required by the laws and standards they are in scope for, or for their own internal controls.
FairNow’s library of controls helps organisations ensure that safety, security, and robustness are demonstrated before the AI is released and attested during operation with regular monitoring and assessments.
Appropriate Transparency & Explainability
FairNow’s platform assists organisations in the adoption of regulations and standards, many of which contain requirements about disclosing certain information to stakeholders and providing affected users with explanations of model outcomes. Via the FairNow platform, organisations can more easily track, provide evidence and assign accountability to the appropriate individuals to ensure that obligations related to transparency and explainability are met.
Fairness
FairNow’s platform integrates multiple bias testing and explainability analyses with an organisation’s governance controls, enabling automatic demonstration of compliance. The first is a disparate impact assessment analysis, a standard bias assessment format widely used in employment and financial services. The second is an explainability analysis which helps organisations understand the drivers behind model decisions, which can help determine the extent to which the model bases its decisions on demographic information versus valid and application-relevant criteria. The third is a chatbot bias assessment, which evaluates chatbots for differences in quality of responses between different demographic groups.
Governance controls address risk identification and mitigation, with a strong focus on fairness and bias-related risks.
Accountability & Governance
FairNow’s platform strengthens governance by providing clarity on the specific laws and standards, such as those outlined in the NIST AI RMF, ISO 42001, and ISO 23894, that apply to an organisation’s AI usage. Each framework is broken down into sets of actionable controls, which serve as a checklist of what the organisation must achieve in order to reach compliance. By translating these frameworks into actionable controls, organisations can assign clear ownership, ensuring accountability at every level. Full records are kept of governance actions to provide an audit trail.
Why we took this approach
This approach makes it easier to break down complex laws and standards into actionable steps that organisations can follow to demonstrate compliance. By automating key parts of governance (model evaluation, document generation, evidence tracking, and more), FairNow’s platform simplifies the task of following the many existing and coming AI laws.
Benefits to the organisation using the technique
FairNow helps organisations understand which laws and regulations apply to their AI. The platform breaks down laws, regulations, and standards into individual controls to which the organisation adheres to demonstrate compliance.
The FairNow platform is the single command center for the organisation’s AI governance program and AI regulatory tracker. It automates as much as possible to reduce the time and effort needed to become compliant.
The platform lets the organisation define and customize roles and responsibilities related to AI governance, ensuring that sound accountability and ownership can be established.
Importantly, FairNow’s framework-agnostic controls enhance reusability by addressing overlapping requirements across various laws and standards. Organisations can complete a task once, and it will be applied across all relevant frameworks, eliminating the need for redundant efforts and ensuring efficient compliance management.
Limitations of the approach
The FairNow platform is designed to complement, not replace, human oversight in the risk review process. Organisations may still need to consult with legal and risk experts, depending on the specific design and use of each AI application, to make final decisions about applicable laws, regulations, and necessary actions.
Further links:
- A Guide To Automating The NIST AI Risk Management Framework
- A Guide To Automating ISO 42001
- AI Governance Tools: Regulatory Compliance Automation
- Overview Of FairNow’s AI Governance Platform
- Official National Institute of Science and Technology (NIST): AI Risk Management Framework
- Official ISO/IEC 42001:2023(en) Information technology — Artificial intelligence — Management system