News & Blogs

The American Paradox: Navigating AI Governance Without a Central Act

North America · · alexandracar.substack.com

Internal audit and assurance professionals must recognize that the absence of a single, overarching AI Act in the US does not equate to an unregulated AI landscape. Instead, organizations face a complex web of existing laws, agency mandates, and state-level regulations that already apply to AI systems. Understanding this fragmented yet binding governance framework is crucial for identifying compliance obligations and mitigating risks associated with AI deployment.


The Illusion of an Unregulated AI Market in the US

Many organizations mistakenly believe that the United States lacks significant AI regulation due to the absence of a comprehensive "AI Act" similar to Europe's. This perception, often fueled by comparisons to the EU AI Act, leads to a dangerous assumption of an unregulated market. However, this view is a paradox; while there isn't one omnibus law, a robust and intricate system of AI governance is already in place, albeit dispersed across various legal and regulatory domains. Audit professionals need to disabuse themselves of the notion that no single act means no regulation, as this misunderstanding can leave organizations vulnerable to unforeseen compliance challenges and enforcement actions.

A Fragmented but Binding Regulatory Landscape

The reality of US AI governance is far more complex than a single piece of legislation. Instead, it's a mosaic of existing laws, agency mandates, state statutes, and a rapidly evolving body of litigation. For instance, AI systems used in hiring processes are subject to employment law and scrutiny from the Equal Employment Opportunity Commission (EEOC), while AI in loan applications falls under fair lending obligations. These regulations apply regardless of whether the tool is explicitly labeled as AI. The challenge for organizations lies in identifying, assembling, and interpreting these scattered obligations, a burden that falls squarely on their compliance and risk teams.

Navigating Conflicting Pressures and Proactive Compliance

Organizations deploying AI in the US face increasing pressure from multiple directions. Federal policy, exemplified by executive orders, often aims to foster innovation and competitiveness, while a growing number of states are enacting their own rules on AI transparency, automated decisions, and consumer protection. This creates a dynamic environment where a single AI deployment can be subject to conflicting expectations depending on user location. To manage this effectively, audit and assurance professionals must guide their organizations to proactively identify existing obligations, map areas of greatest exposure, and build robust evidence of compliance. Waiting for a unified federal AI law is not a viable strategy; instead, a continuous, proactive approach to understanding and adhering to the current, fragmented governance framework is essential to avoid enforcement actions and litigation.

  • Identify all existing laws and regulations that could apply to your organization's AI systems, even if they don't explicitly mention "AI."
  • Map the geographic reach of your AI deployments to understand which state-level regulations might apply.
  • Establish clear internal policies and procedures for AI development, deployment, and monitoring, ensuring they align with identified obligations.
  • Maintain comprehensive documentation of AI system design, testing, performance, and impact assessments to demonstrate due diligence.
  • Regularly review and update your AI governance framework to adapt to the evolving legal and regulatory landscape.

Read more
Comments

No comments yet. Be the first.


Sign in to join the discussion.

Sign in or Create account
Subscribe

By email

Get audit & assurance news in your inbox.


By feed reader

We publish RSS, Atom, and JSON feeds sliced by category and region.

View all feeds →

Have a tip? Submit a story or job →

Subscribe by email

Get audit & assurance news in your inbox. Or use a feed reader — view all feeds →