AI regulations in globally and in India

Ai is becoming very widespread in today’s world and these systems continue to penetrate
every sector and are delivering enormous benefits to the industries in the in the form of new
business opportunities, deeper customer insights, improved efficiency and enhanced agility.
Many people believe in in the coming years AI will work closely with people in every
industry sector and will reshape the jobs.

But with great benefits come great risks. If AI is not configured properly the following may
happen. In banking and finance, flawed algorithms may encourage excessive risk-taking and
drive an organisation toward bankruptcy. In the health care sector, flawed algorithms may
prescribe the wrong medications, leading to adverse medical reactions for patients. In the
legal sector, flawed algorithms may provide incorrect legal advice, resulting in severe
regulatory penalties.  In February 2018, a group of leading researchers published a report
,that raised alarm bells about the increasing possibilities that rogue states, criminals, terrorists
and other malefactors could soon exploit AI capabilities to cause wide spread harm using
deep fakes

The reasons for this is because to date, no industry standards exist to guide the secure
development and maintenance of AI systems. Further exacerbating this lack of standards is
the fact that start-up firms still dominate the AI market.

It’s clear that addressing this growing threat will prove complex and expensive, but the task is
pressing. Legislators are starting to tighten the squeeze, with a growing number of bills
introduced in US Congress and state governments.

Some methods that could be used are:

1) Use existing, industry-accepted industry standards where possible. Although these are not
specifically designed for artificially intelligent systems, they can help businesses to identify
common security risks and establish a solid baseline for securing new technologies. Notable
frameworks include:

 Open Web Application Security Project (OWASP) Top 10 —A list of the 10 most
current critical web application security flaws, along with recommendations to ensure
that web applications are secured by design.
  US National Institute of Standards and Technology (NIST) Cyber Security
Framework —Consists of standards, guidelines and practices to promote the
protection of critical cyber infrastructure.

 COBIT 2019 —Provides detailed and practical guidelines for security professionals

to manage and govern their organisation’s information and technology, and make
more informed decisions while maintaining awareness about emerging technologies
and the accompanying threats.

2) Grant minimum system privileges and deploy strong controls to protect service accounts
that are used by AI systems to eliminate alleviate critical tasks from abuse—especially those
with administrator-equivalent privileges.

3) Adopt defence in depth to ensure that a failure in one control layer will not result in a
system breach

4)In India the NITI AYOG developed a paper which described the national policy for
AIcalled National Strategy for Artificial Intelligence #AIforAll .This paper identifies five
focus areas where AI development could enable both growth and greater inclusion as well as
the five barriers to AI implementation.

5)  Organisations must embrace Explainable AI as a best practice in order to understand how

AI makes its decisions.

6) Microsoft is developing a tool that can automatically identify bias in a series of AI

algorithms. It’s a significant step towards automating the detection of unfairness that may
find their way into Machine Learning.

7) To overcome the lack of labelled data, many organisations are developing machines that
can learn from the limited data. ‘Unsupervised/Semi-Supervised Learning’, ‘Active
Learning’, and so on are just a few examples of the next-generation AI algorithms that can
help resolve this.

8) Engage experienced security consultants to review critical controls for AI products

(including detailed penetration testing) and fix any exploitable security vulnerabilities before
going live

9) Grant minimum system privileges and deploy strong controls to protect service accounts
that are used by AI systems to eliminate alleviate critical tasks from abuse