New technologies come with new and unexpected risks
Governance, Risk & Compliance (GRC) are important elements of any technology implementation—not least for AI and related data, which are constantly subject to new regulations and ethical guidelines from the EU, FED, and FDA. Organizations like UNESCO and the WHO also maintain recommendations for ethical practices. Consequently, any firm aspiring to implement AI must take active measures to ensure its AI practice adheres to regulations and follow ethical guidelines.
EU AI ACT
The European Commission’s legislative proposal for an Artificial Intelligence Act is the first initiative worldwide, that provides a legal framework for AI. Including the European Commission Ethics Guidelines for Trustworthy AI.
CEN-CENELEC JTC 21 & ISO SC42
ISO/IEC JTC 1/SC 42 is an international standards committee responsible for developing artificial intelligence (AI) standards. SC 42 is a joint committee of ISO and IEC.
DATA AND DIGITAL ACTS
Digital Services Act (DSA), the Digital Markets Act (DMA), the Data Governance Act (DGA), the Data Act.
GDPR.EU

The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
Industry specific regulations
Multiple Financial Statement Acts introduces requirements that companies must account for their policy on data ethics in the management report.
AI SECURITY GOVERNANCE
Best practices and regulations to ensure that AI projects in the organization are security tested, documented, and ready for production.
ETHICAL GUIDELINES
Ethical guidelines and impact assessments for AI and related data that are specific to an organization or required by regulators.
GDPR.EU
The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
EU AI ACT
The European Commission’s legislative proposal for an Artificial Intelligence Act is the first initiative, worldwide, that provides a legal framework for AI. Including the the European Commission Ethics Guidelines for Trustworthy AI.
Industry specific relations
Multiple Financial Statement Acts introduces requirements that companies must account for their policy on data ethics in the management report.
AI SECURITY GOVERNANCE
Several toolkits has been designed to ensure that all AI built inside the organization is security tested, documented and ready for production.
CEN-CENELEC JTC 21 AND ISO SC42
ISO/IEC JTC 1/SC 42 is an international standards committee responsible for developing artificial intelligence (AI) standards. SC 42 is a joint committee of ISO and IEC.
INTERNAL ETHICS GUIDELINES
Assessments, Reports and Rule sets, as well as guidelines specific for a Client and their external and internal processes.
DATA AND DIGITAL ACTS
Digital Services Act (DSA), the Digital Markets Act (DMA), the Data Governance Act (DGA), the Data Act.
The challenge:
Complying with a growing number of regulations and ethical guidelines for AI and related data in the EU and across the globe.
Legal requirements
Code of conduct
Ethical principles
Our solution:
GRAGE offers configurable GRC building blocks and a flexible framework to assure and verify adherence to regulations and ethical guidelines.
Assessments / Regulations
Rules & Risk management
Digital trace
LEGAL REQUIREMENTS
Various legal requirements from international, national, industry, and domain specific legislations.
- GDPR
- EU AI Act
- SR 11-7
- EU Medical Device Regulation (MDR)
ETHICAL PRINCIPLES
- Accountable
- Respectful of Privacy & Data Governance
- Robust & Reliable
- Transparent & Explainable
- Fair & Equitable
CODE OF CONDUCT
Meet a gold-standard set of principles working with AI and handling data to the highest standards
ASSESSMENTS / REGULATIONS
Questionnaires to record and document the use of Data and AI, evaluation risks and other metric associated with these
RULES & RISK MANAGEMENT
Practical indicators for evaluate and measure risks of Data and Models in real-world applications
DIGITAL TRACE
Documentation of everything that happens from data ingestion, across system development, to operations
The GRC building
blocks in GRACE:

Impact Assessments & Regulations
Build and implement a specific set of questions, defined by regulations and ethical guidelines, to assess the impact of your data and AI projects

Rules & Requirements
Compliance managers can collaborate with Data Scientists and IT to define, apply and monitor an AI project’s standard set of rules and requirements

Validation & Certification
Confidently validate and certify that your models follow the requirements and rules in specific regulations and ethical guidelines for AI and related data

Risk Management
Clear monitoring and reporting for all stakeholders throughout the development, deployment, and operations of your models

Audit & Reporting
Easy internal and external auditing to guarantee guidelines have been followed in the AI development process
Create trust and assurance with GRACE
We support the following regulations and frameworks amongst many others:

General Data Protection Regulation (GDPR)
GDPR is an EU law with mandatory rules for how organizations and companies must use personal data (information identifying a living person) in an integrity friendly way.
LEARN MORE

Data Protection Impact Assessment (DPIA)
DPIAs are essential for negating risk and for demonstrating compliance with the GDPR. The assessment can identify and minimize risks arising out of the processing of personal data.
LEARN MORE

Fairness, Ethics, Accountability and Transparency (FEAT)
FEAT represents a set of generally accepted principles for how to use Artificial Intelleigence and Data Analytics (AIDA) for decision-making in the Financial Sector.
LEARN MORE

Markets in Crypto-Assets (MiCA)
MiCA represents a comprehensive regulatory framework to bring crypto-assets, including their issuers and service providers, within the perimeter of EU financial services regulation.
LEARN MORE

Financial Action Task Force Recommendations (FATF)
The FATF Recommendations are the internationally endorsed global standards against money laundering and terrorist financing.
LEARN MORE

Digital Dubai Ethical AI Toolkit
The Digital Dubai’s Ethical AI Toolkit is created to encourage organisations around the world to develop AI services that prioritize fairness, transparency and accountability.
LEARN MORE

ICO’s AI and Data Protection Toolkit
ICO’s toolkit provides organizations with practical support to reduce the potential risks to individuals’ rights and freedoms caused by the organization’s AI systems.
LEARN MORE

Assessment List for Trustworthy Artificial Intelligence (ALTAI)
ALTAI is a practical tool that helps businesses and organizations to self-assess the trustworthiness of their AI systems under development.
LEARN MORE

Datasheets for Datasets
The Datasheet for Datasets is a tool for documenting the datasets used for training and evaluating ML models. It contains a comprehensive questionnaire on datasets.
LEARN MORE

Model Cards for Model Reporting
Model cards aim to provide a concise, holistic picture of a machine learning model. To start, a model card explains what a model does, its intended audience, and who maintains it.
LEARN MORE

Equality Impact Assessment (EIA)
An EIA is an evidence-based approach designed to help organizations ensure that their policies, practices, events, and decision-making processes are fair.
LEARN MORE

AI Ethics Impact Assessment
The AI Ethics Impact Assessment identifies ethical issues at the design and audit stage in order to proactively prevent AI from causing severe social problems.
LEARN MORE

Guidelines on ICT Security and Governance
These guidelines aim to increase the operational resilience of the digital operations of insurance and reinsurance undertakings and to avoid potential regulatory arbitrage.
LEARN MORE

Data Ethics Readiness Test
The test aims to prepare your organization for integrating considerations on data ethics in development and operational processes with societal impact.
LEARN MORE

UK Government – Data Ethics Framework
The Data Ethics framework guides appropriate and responsible data use in government and the wider public sector. It helps public servants understand ethical considerations.
LEARN MORE

Cyber Resilience Review (CRR)
The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices.
LEARN MORE

Framework for AI Systems Using Machine Learning
This ISO framework provides a basis for describing a generic AI system using ML technology. The framework describes the system components and their functions in the AI ecosystem.
LEARN MORE
Off-the-shelf Governance tools
In addition to the Governance frameworks, GRACE also offers Governance tools, which cover everything from validating code quality to detecting bias in datasets and anonymizing sensitive data.

PII Scanner
The Personal Identifiable Information (PII) scanner gives quick insights about PII within a directory or database.

Code reviewer
Get feedback on the quality of the code you have written so you can improve it to make it stable and robust.

Bias Manager
Ensuring data sources do not lead to unknown or unintended biases.

Data anonymization
Model that detects personal information in text and removes it. It is an essential part of a pipeline when using text with PII.
VISIT OUR MODEL LIBRARY TO LEARN MORE
GRC project we’re working on with clients and partners

Adhering to regulations and documenting compliance
The Clinical Imaging Consortium (CLIC) is the Capital Region of Denmark’s project to develop state-of-the-art AI solutions for radiologists. The need to adhere to and document compliance with all relevant standards and regulatory requirements will be the subset of the CLIC project for which 2021.AI will be responsible.
2021.AI deliver the comprehensive Governance, Risk & Compliance (GRC) expertise to ensure compliance with any guidelines, requirements, and regulations

Uncovering ethical and legal consequences
With the Ethical Technology Adoption in Public Administrations (ETAPAS) project, the European Commission aims to improve public service deliveries for citizens by facilitating the ethical adoption of Disruptive Technologies in compliance with European and national strategies and guidelines.
2021.AI develops and supplies the platform for assessing the potential impact of disruptive technologies to uncover ethical and legal consequences.

Bridging ethical principles with practice
Fujitsu has developed a resource toolkit to offer guidance on the ethical impact of AI systems. Their Artificial Intelligence Ethical Impact Assessment (AIEIA) can help close the gap between AI Ethics principles and practice in your organization by operationalizing ethics for all AI and related data.
2021.AI is transforming AIEIA into a dynamic platform for use across sectors and digital technologies, ensuring an ethical process for advanced and beginner ethicists to collaborate.
Are you up to speed on the newest technology regulations?
2021.AI delivers AI platform for the responsible use of disruptive technologies in the public sector
The enterprise AI company proudly participates in the ETAPAS project, delivering an AI platform to support the governed implementation of disruptive technologies in the EU’s public sector.
The EU takes on Trustworthy AI with ALTAI
The AI HLEG presented the final Assessment List for Trustworthy Artificial Intelligence. 2021.AI is honored to be on the front lines of ethical innovation in the EU, contributing as one of 50 selected companies engaged in an open workstream to provide best practices for the ALTAI final development.
Facial recognition technology: We must welcome regulations
When it comes to facial technology and its controversies, it is clear that something needs to be done. Applying facial recognition models to identify and track citizens and allowing apps that can recognize anyone ever to post a picture online is unacceptable. But can we keep this technology in check?
Effectively manage GRC for AI and related data
Download our guide to get more insights on how to effectively manage GRC for AI and related data to accelerate and scale your AI implementation.

Want to learn more about Responsible AI implementations?
GDPR.EU
The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
EU AI ACT
The European Commission’s legislative proposal for an Artificial Intelligence Act is the first initiative, worldwide, that provides a legal framework for AI. Including the the European Commission Ethics Guidelines for Trustworthy AI.
Industry specific relations
Multiple Financial Statement Acts introduces requirements that companies must account for their policy on data ethics in the management report.
AI SECURITY GOVERNANCE
Several toolkits has been designed to ensure that all AI built inside the organization is security tested, documented and ready for production.
CEN-CENELEC JTC 21 AND ISO SC42
ISO/IEC JTC 1/SC 42 is an international standards committee responsible for developing artificial intelligence (AI) standards. SC 42 is a joint committee of ISO and IEC.
INTERNAL ETHICS GUIDELINES
Assessments, Reports and Rule sets, as well as guidelines specific for a Client and their external and internal processes.
DATA AND DIGITAL ACTS
Digital Services Act (DSA), the Digital Markets Act (DMA), the Data Governance Act (DGA), the Data Act.