FairNow: Regulatory Compliance Implementation and the NIST AI RMF / ISO Readiness

FairNow's platform simplifies the process of managing compliance for the NIST AI Risk Management Framework, ISO 42001, ISO 23894, and other AI laws and regulations worldwide.

From:
Department for Science, Innovation and Technology
Published
26 September 2024
Use case:
Big data analytics, Data-driven profiling, Natural language processing and generation, Image recognition and video processing, Machine learning, Deep learning, Virtual agents or artificial conversational interfaces, Robotic process automation and decision management, Robotics and autonomous vehicles/systems
Sector:
Agriculture, Forestry and Fishing (SIC Code Section A), Mining and Quarrying (SIC Code Section B), Manufacturing (SIC Code Section C), Energy & Utilities (SIC Code Sections D & E), Construction (SIC Code Section F), Retail (SIC Code Section G), Transportation & Storage (SIC Code Section H), Accommodation and Food Service (SIC Code Section I), Digital & Comms (SIC Code Section J), Financial and Insurance (SIC Code Section K), Real Estate (SIC Code Section L), Professional, Scientific & Professional Activities (SIC Code Section M), Administrative & Support Services (SIC Code Section N), Public Administration & Defence (SIC Code Section O), Education (SIC Code Section P), Healthcare & Social Work (SIC Code Section Q), Arts, Entertainment & Recreation (SIC Code Section R)
Principle:
Safety, security and robustness, Appropriate transparency and explainability, Fairness, Accountability and governance
AI Assurance Technique:
Compliance audit, Performance testing, Risk Assessment, Impact Assessment, Impact Evaluation, Conformity Assessment, Bias Audit
Assurance Technique Approach:
Technical, Procedural

Background & Description

FairNow’s platform simplifies the process of managing compliance for the NIST AI Risk Management Framework, ISO 42001, ISO 23894, and other AI laws and regulations worldwide. Organisations can use the FairNow platform to identify which standards, laws, and regulations apply based on their AI adoption and manage the set of activities necessary to ensure compliance.

FairNow’s platform translates complex laws and standards into actionable controls that can be executed and evidenced to track compliance. FairNow’s comprehensive library of controls covers requirements for individual AI applications – including inventorying, risk reviews, bias assessments, transparency obligations, and others – as well as requirements for an organisation’s AI governance program – including Board oversight, accountabilities, training, and culture. Organisations report on compliance through FairNow’s dashboards and set alerts for any high-impact compliance gaps.

Wherever possible, FairNow’s platform automates control evidencing – including for risk assessments, ongoing monitoring, and documentation. All evidence is centrally stored, and approvals are tracked to ensure a robust audit trail. Automation and centralisation on the FairNow platform enable organisations to simplify and streamline their AI compliance activities so that they can focus their efforts on managing their AI risks. Organisations can use FairNow’s platform to access its existing control library and convert their internal policies into controls. After creating these controls, they can define the scope, set deadlines, and directly notify AI owners of new expectations through the platform.

How this technique applies to the AI White Paper Regulatory Principles

More information on the AI White Paper Regulatory Principles

Safety, Security & Robustness

FairNow’s AI compliance functionality makes it easy for organisations to follow appropriate safety, security, and robustness checks as required by the laws and standards they are in scope for, or for their own internal controls.

FairNow’s library of controls helps organisations ensure that safety, security, and robustness are demonstrated before the AI is released and attested during operation with regular monitoring and assessments.

Appropriate Transparency & Explainability

FairNow’s platform assists organisations in the adoption of regulations and standards, many of which contain requirements about disclosing certain information to stakeholders and providing affected users with explanations of model outcomes. Via the FairNow platform, organisations can more easily track, provide evidence and assign accountability to the appropriate individuals to ensure that obligations related to transparency and explainability are met.

Fairness

FairNow’s platform integrates multiple bias testing and explainability analyses with an organisation’s governance controls, enabling automatic demonstration of compliance. The first is a disparate impact assessment analysis, a standard bias assessment format widely used in employment and financial services. The second is an explainability analysis which helps organisations understand the drivers behind model decisions, which can help determine the extent to which the model bases its decisions on demographic information versus valid and application-relevant criteria. The third is a chatbot bias assessment, which evaluates chatbots for differences in quality of responses between different demographic groups.

Governance controls address risk identification and mitigation, with a strong focus on fairness and bias-related risks.

Accountability & Governance

FairNow’s platform strengthens governance by providing clarity on the specific laws and standards, such as those outlined in the NIST AI RMF, ISO 42001, and ISO 23894, that apply to an organisation’s AI usage. Each framework is broken down into sets of actionable controls, which serve as a checklist of what the organisation must achieve in order to reach compliance. By translating these frameworks into actionable controls, organisations can assign clear ownership, ensuring accountability at every level. Full records are kept of governance actions to provide an audit trail.

Why we took this approach

This approach makes it easier to break down complex laws and standards into actionable steps that organisations can follow to demonstrate compliance. By automating key parts of governance (model evaluation, document generation, evidence tracking, and more), FairNow’s platform simplifies the task of following the many existing and coming AI laws.

Benefits to the organisation using the technique

FairNow helps organisations understand which laws and regulations apply to their AI. The platform breaks down laws, regulations, and standards into individual controls to which the organisation adheres to demonstrate compliance.

The FairNow platform is the single command center for the organisation’s AI governance program and AI regulatory tracker. It automates as much as possible to reduce the time and effort needed to become compliant.

The platform lets the organisation define and customize roles and responsibilities related to AI governance, ensuring that sound accountability and ownership can be established.

Importantly, FairNow’s framework-agnostic controls enhance reusability by addressing overlapping requirements across various laws and standards. Organisations can complete a task once, and it will be applied across all relevant frameworks, eliminating the need for redundant efforts and ensuring efficient compliance management.

Limitations of the approach

The FairNow platform is designed to complement, not replace, human oversight in the risk review process. Organisations may still need to consult with legal and risk experts, depending on the specific design and use of each AI application, to make final decisions about applicable laws, regulations, and necessary actions.

Updates to this page

Published 26 September 2024
Contents