GOVERNANCE

GRACE Governance, Risk & Compliance for models and related data

Assure and verify that your models adhere to regulations and ethical guidelines for AI and related data.

"
GRACE Governance, Risk & Compliance for models

New technologies come with new and unexpected risks

Governance, Risk & Compliance (GRC) are important elements of any technology implementation—not least for AI and related data, which are constantly subject to new regulations and ethical guidelines from the EU, FED, and FDA. Organizations like UNESCO and the WHO also maintain recommendations for ethical practices. Consequently, any firm aspiring to implement AI must take active measures to ensure its AI practice adheres to regulations and follow ethical guidelines.

EU AI ACT

The European Commission’s legislative proposal for an Artificial Intelligence Act is the first initiative worldwide, that provides a legal framework for AI. Including the European Commission Ethics Guidelines for Trustworthy AI.

CEN-CENELEC JTC 21 & ISO SC42

ISO/IEC JTC 1/SC 42 is an international standards committee responsible for developing artificial intelligence (AI) standards. SC 42 is a joint committee of ISO and IEC.

DATA AND DIGITAL ACTS

Digital Services Act (DSA), the Digital Markets Act (DMA), the Data Governance Act (DGA), the Data Act.

GDPR.EU
GDPR.EU logo

The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.

Industry specific regulations

Multiple Financial Statement Acts introduces requirements that companies must account for their policy on data ethics in the management report.

AI SECURITY GOVERNANCE

Best practices and regulations to ensure that AI projects in the organization are security tested, documented, and ready for production.

ETHICAL GUIDELINES

Ethical guidelines and impact assessments for AI and related data that are specific to an organization or required by regulators.

GDPR.EU

GDPR.EU logo

The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.

EU AI ACT

The European Commission’s legislative proposal for an Artificial Intelligence Act is the first initiative, worldwide, that provides a legal framework for AI. Including the the European Commission Ethics Guidelines for Trustworthy AI.

Industry specific relations

Multiple Financial Statement Acts introduces requirements that companies must account for their policy on data ethics in the management report.

AI SECURITY GOVERNANCE

Several toolkits has been designed to ensure that all AI built inside the organization is security tested, documented and ready for production.

CEN-CENELEC JTC 21 AND ISO SC42

ISO/IEC JTC 1/SC 42 is an international standards committee responsible for developing artificial intelligence (AI) standards. SC 42 is a joint committee of ISO and IEC.

INTERNAL ETHICS GUIDELINES

Assessments, Reports and Rule sets, as well as guidelines specific for a Client and their external and internal processes.

DATA AND DIGITAL ACTS

Digital Services Act (DSA), the Digital Markets Act (DMA), the Data Governance Act (DGA), the Data Act.

The challenge:

Complying with a growing number of regulations and ethical guidelines for AI and related data in the EU and across the globe.

Legal requirements

Code of conduct

Ethical principles

Our solution:

GRAGE offers configurable GRC building blocks and a flexible framework to assure and verify adherence to regulations and ethical guidelines.

Assessments / Regulations

Rules & Risk management

Digital trace

The GRC building
blocks in GRACE:

Impact Assessments & Regulations

Build and implement a specific set of questions, defined by regulations and ethical guidelines, to assess the impact of your data and AI projects

Rules & Requirements

Compliance managers can collaborate with Data Scientists and IT to define, apply and monitor an AI project’s standard set of rules and requirements

Validation & Certification

Confidently validate and certify that your models follow the requirements and rules in specific regulations and ethical guidelines for AI and related data

Risk Management

Clear monitoring and reporting for all stakeholders throughout the development, deployment, and operations of your models

Audit & Reporting

Easy internal and external auditing to guarantee guidelines have been followed in the AI development process

Impact Assessment

Impact Assessments & Regulations

GRACE makes it easy to assess your AI projects’ impact from a regulatory and ethical perspective. You can activate +50 pre-built assessments defined by standard regulations and ethical guidelines or create your own business-specific assessments.

Rules & Requirements

Rules & Requirements

Compliance and IT officers often work with Data Scientists to determine specific rules and requirements for internal AI projects. GRACE streamlines this cross-functional collaboration, monitoring that the defined rules and requirements are followed and met.

Validation & Certification

Validation & Certification

GRACE empowers you to efficiently validate and certify that your models adhere to regulations and ethical guidelines for AI and data.

Risk Management

Risk Management

Mitigating potential risks depends on precise monitoring. With GRACE, you can track the entire lifecycle of any model to achieve full transparency and mitigate risks efficiently.

Audit & Reporting

Audit & Reporting

GRACE ensures that internal and external auditing processes are simple and go smoothly by offering up-to-date documentation that your AI and related data adhere to regulations and ethical guidelines.

Create trust and assurance with GRACE

We support the following regulations and frameworks amongst many others:

REGIONS
All regions
Global
Europe
Asia
North America
INDUSTRIES
All industries
Generic
Finance
Insurance
Public

General Data Protection Regulation (GDPR)

GDPR is an EU law with mandatory rules for how organizations and companies must use personal data (information identifying a living person) in an integrity friendly way.

LEARN MORE

Data Protection Impact Assessment (DPIA)

DPIAs are essential for negating risk and for demonstrating compliance with the GDPR. The assessment can identify and minimize risks arising out of the processing of personal data.

LEARN MORE

Fairness, Ethics, Accountability and Transparency (FEAT)

FEAT represents a set of generally accepted principles for how to use Artificial Intelleigence and Data Analytics (AIDA) for decision-making in the Financial Sector.

LEARN MORE

Markets in Crypto-Assets (MiCA)

MiCA represents a comprehensive regulatory framework to bring crypto-assets, including their issuers and service providers, within the perimeter of EU financial services regulation.

LEARN MORE

Financial Action Task Force Recommendations (FATF)

The FATF Recommendations are the internationally endorsed global standards against money laundering and terrorist financing.

LEARN MORE

Digital Dubai Ethical AI Toolkit

The Digital Dubai’s Ethical AI Toolkit is created to encourage organisations around the world to develop AI services that prioritize fairness, transparency and accountability.

LEARN MORE

ICO’s AI and Data Protection Toolkit

ICO’s toolkit provides organizations with practical support to reduce the potential risks to individuals’ rights and freedoms caused by the organization’s AI systems.

LEARN MORE

Assessment List for Trustworthy Artificial Intelligence (ALTAI)

ALTAI is a practical tool that helps businesses and organizations to self-assess the trustworthiness of their AI systems under development.

LEARN MORE

Datasheets for Datasets

The Datasheet for Datasets is a tool for documenting the datasets used for training and evaluating ML models. It contains a comprehensive questionnaire on datasets.

LEARN MORE

Model Cards for Model Reporting

Model cards aim to provide a concise, holistic picture of a machine learning model. To start, a model card explains what a model does, its intended audience, and who maintains it.

LEARN MORE

Equality Impact Assessment (EIA)

An EIA is an evidence-based approach designed to help organizations ensure that their policies, practices, events, and decision-making processes are fair.

LEARN MORE

AI Ethics Impact Assessment

The AI Ethics Impact Assessment identifies ethical issues at the design and audit stage in order to proactively prevent AI from causing severe social problems.

LEARN MORE

Guidelines on ICT Security and Governance

These guidelines aim to increase the operational resilience of the digital operations of insurance and reinsurance undertakings and to avoid potential regulatory arbitrage.

LEARN MORE

Data Ethics Readiness Test

The test aims to prepare your organization for integrating considerations on data ethics in development and operational processes with societal impact.

LEARN MORE

UK Government – Data Ethics Framework

The Data Ethics framework guides appropriate and responsible data use in government and the wider public sector. It helps public servants understand ethical considerations.

LEARN MORE

Cyber Resilience Review (CRR)

The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices.

LEARN MORE

Framework for AI Systems Using Machine Learning

This ISO framework provides a basis for describing a generic AI system using ML technology. The framework describes the system components and their functions in the AI ecosystem.

LEARN MORE

Off-the-shelf Governance tools

In addition to the Governance frameworks, GRACE also offers Governance tools, which cover everything from validating code quality to detecting bias in datasets and anonymizing sensitive data.

PII Scanner

The Personal Identifiable Information (PII) scanner gives quick insights about PII within a directory or database.

Code reviewer

Get feedback on the quality of the code you have written so you can improve it to make it stable and robust.

Bias Manager

Ensuring data sources do not lead to unknown or unintended biases.

Data anonymization

Model that detects personal information in text and removes it. It is an essential part of a pipeline when using text with PII.

GRC project we’re working on with clients and partners

Adhering to regulations and documenting compliance

The Clinical Imaging Consortium (CLIC) is the Capital Region of Denmark’s project to develop state-of-the-art AI solutions for radiologists. The need to adhere to and document compliance with all relevant standards and regulatory requirements will be the subset of the CLIC project for which 2021.AI will be responsible.​

2021.AI deliver the comprehensive Governance, Risk & Compliance (GRC) expertise to ensure compliance with any guidelines, requirements, and regulations

Uncovering ethical and legal consequences

With the Ethical Technology Adoption in Public Administrations (ETAPAS) project, the European Commission aims to improve public service deliveries for citizens by facilitating the ethical adoption of Disruptive Technologies in compliance with European and national strategies and guidelines.

2021.AI develops and supplies the platform for assessing the potential impact of disruptive technologies to uncover ethical and legal consequences.​

Bridging ethical principles with practice

Fujitsu has developed a resource toolkit to offer guidance on the ethical impact of AI systems. Their Artificial Intelligence Ethical Impact Assessment (AIEIA) can help close the gap between AI Ethics principles and practice in your organization by operationalizing ethics for all AI and related data.​​

2021.AI is transforming AIEIA into a dynamic platform for use across sectors and digital technologies, ensuring an ethical process for advanced and beginner ethicists to collaborate.​

Are you up to speed on the newest technology regulations?

2021.AI delivers AI platform for the responsible use of disruptive technologies in the public sector

The enterprise AI company proudly participates in the ETAPAS project, delivering an AI platform to support the governed implementation of disruptive technologies in the EU’s public sector.

READ MORE

The EU takes on Trustworthy AI with ALTAI

The AI HLEG presented the final Assessment List for Trustworthy Artificial Intelligence. 2021.AI is honored to be on the front lines of ethical innovation in the EU, contributing as one of 50 selected companies engaged in an open workstream to provide best practices for the ALTAI final development.

READ MORE

Facial recognition technology: We must welcome regulations

When it comes to facial technology and its controversies, it is clear that something needs to be done. Applying facial recognition models to identify and track citizens and allowing apps that can recognize anyone ever to post a picture online is unacceptable. But can we keep this technology in check?

READ MORE

Effectively manage GRC for AI and related data

Download our guide to get more insights on how to effectively manage GRC for AI and related data to accelerate and scale your AI implementation.

GRC brochure

Want to learn more about Responsible AI implementations?

GDPR.EU

GDPR.EU logo

The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.

EU AI ACT

The European Commission’s legislative proposal for an Artificial Intelligence Act is the first initiative, worldwide, that provides a legal framework for AI. Including the the European Commission Ethics Guidelines for Trustworthy AI.

Industry specific relations

Multiple Financial Statement Acts introduces requirements that companies must account for their policy on data ethics in the management report.

AI SECURITY GOVERNANCE

Several toolkits has been designed to ensure that all AI built inside the organization is security tested, documented and ready for production.

CEN-CENELEC JTC 21 AND ISO SC42

ISO/IEC JTC 1/SC 42 is an international standards committee responsible for developing artificial intelligence (AI) standards. SC 42 is a joint committee of ISO and IEC.

INTERNAL ETHICS GUIDELINES

Assessments, Reports and Rule sets, as well as guidelines specific for a Client and their external and internal processes.

DATA AND DIGITAL ACTS

Digital Services Act (DSA), the Digital Markets Act (DMA), the Data Governance Act (DGA), the Data Act.