PulseAugur
EN
LIVE 00:19:56

AI auditability and regulatory compliance challenges detailed across multiple sources

Several articles discuss the challenges and requirements for ensuring AI systems are auditable and compliant with regulations. The UK's Prudential Regulation Authority (PRA) mandates that banks provide evidence of model governance, development, validation, and risk mitigation for all models, including AI. Similarly, the EU AI Act's Article 14 requires deployers to demonstrate human oversight through recorded review points, intervention capabilities, and tamper-evident records. Furthermore, using cloud-based AI for sensitive data like journalistic sources is discouraged due to third-party access risks and potential breaches. Reproducibility of AI decisions for audits is only possible if systems are specifically designed for it, as models and routing can drift over time. Proving the exact source used by an AI involves cryptographically signing retrieved data chunks and their document hashes to create a verifiable audit trail. AI

IMPACT Highlights the critical need for robust governance and verifiable systems to meet regulatory demands and ensure trust in AI deployments.

RANK_REASON The cluster consists of multiple articles discussing regulatory requirements and technical challenges related to AI auditability and compliance, rather than a single new event.

Read on Mastodon — fosstodon.org →

AI-generated summary · Google Gemini · from 5 sources. How we write summaries →

AI auditability and regulatory compliance challenges detailed across multiple sources

COVERAGE [5]

  1. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    PRA model risk and AI: what must a UK bank evidence under SS1/23? Under the PRA's SS1/23, a UK bank must evidence five things for every model, including AI: a r

    PRA model risk and AI: what must a UK bank evidence under SS1/23? Under the PRA's SS1/23, a UK bank must evidence five things for every model, including AI: a risk-tiered model inventory, board-level governance, documented development and use, independent validation with challeng…

  2. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    EU AI Act Article 14 human oversight: what must a deployer actually show? Under Article 14 of the EU AI Act, a deployer must show three things an auditor can in

    EU AI Act Article 14 human oversight: what must a deployer actually show? Under Article 14 of the EU AI Act, a deployer must show three things an auditor can inspect: recorded human review points before a decision takes effect, a working ability to intervene and stop, and a tampe…

  3. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    Protecting journalistic sources: why a newsroom cannot use cloud AI A newsroom cannot put confidential source material into cloud AI because the service is a th

    Protecting journalistic sources: why a newsroom cannot use cloud AI A newsroom cannot put confidential source material into cloud AI because the service is a third party that can be compelled by a court or breached. Once material leaves the building a subpoena to the vendor, not …

  4. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    Can You Re-Run an AI Decision and Get the Same Result for an Audit? Only if the system was built for it. A public cloud AI service cannot reproduce a past decis

    Can You Re-Run an AI Decision and Get the Same Result for an Audit? Only if the system was built for it. A public cloud AI service cannot reproduce a past decision because the model and routing drift. Pinned versions, recorded inputs, fixed seeds and a sealed build let an operato…

  5. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    Signed retrieval: how do you prove which source an AI actually used? You prove which source an AI used by sealing each retrieved chunk, the hash of its source d

    Signed retrieval: how do you prove which source an AI actually used? You prove which source an AI used by sealing each retrieved chunk, the hash of its source document and the exact context into a cryptographically signed audit record. An auditor can then reconstruct and verify t…