Business leaders acknowledge that some form of data governance is important in all aspects of operations, and this approach also applies to large and small enterprises wanting to utilise AI.
As AI has grown in power and dominance, it has become more crucial than ever for businesses to be mindful of AI governance and data sovereignty in the countries they operate within.
“A startup with a good grip on their data sovereignty and governance is instantly easier and less risky to invest in,” Filippo Sanesi, startup program manager at OVHcloud, tells Maddyness UK. “As I often say, governance and regulation are a business opportunity for startups.
“Sovereignty is about respecting data; good data sovereignty shows your customers and stakeholders that you know where their data is, who controls it and how it’s being handled.”
Sanesi says AI has quite different infrastructure requirements to ‘traditional’ IT, which can lead startups to work with more than one provider. This means a more complicated technology supply chain and makes it even more important to adopt sovereignty by design.
“A startup that has its house in order shows customers and investors that a number of potential risks to data security – for example, data being used for intelligence processing purposes – are being considered and, where possible, mitigated,” adds Sanesi.
New regulations
In recent years, governments worldwide have implemented new regulations surrounding AI governance and data sovereignty. These regulations aim to address concerns about the ethical use of AI, the protection of personal data, and the national security implications of AI development and deployment.
New regulations of note include the EU's General Data Protection Regulation (GDPR) and AI Acts. GDPR is a comprehensive data protection law that applies to all companies that process the personal data of EU citizens – and it includes several provisions related to AI, such as the requirement for companies to obtain consent before using personal data for AI purposes.
Another is The United States' National AI Initiative Act of 2020 and The Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.
The act establishes a national AI strategy and includes several provisions related to AI governance, such as the creation of an AI Advisory Committee and the development of AI ethics guidelines.
“The new regulations surrounding AI governance and data sovereignty have a significant impact on every enterprise,” Rik Van Bruggen, vice president EMEA at Hopsworks, tells Maddyness UK.
“Organisations that operate in multiple countries need to comply with the regulations of each country in which they operate. This can be a complex and time-consuming process.”
Ensuring adherence
Van Bruggen says businesses must prioritise legal compliance in this field, as violating AI governance and data sovereignty regulations can result in legal penalties, fines or even criminal charges.
Reputational damage is another key consideration, as operating in violation of regulations can damage an enterprise’s reputation and make it difficult to attract investors, customers and partners.
“When applied to sensitive data, the loss of control from working with cloud infrastructures can have serious consequences, such as financial losses or industrial espionage,” says Van Bruggen.
“Organisations that comply with AI governance and data sovereignty regulations will have a competitive advantage over those that do not, as they will be able to operate more efficiently and effectively.”
Van Bruggen notes that there is another key reason why businesses need to be mindful of AI governance and data sovereignty – and that’s cash.
A partnership between OVHcloud and Hopsworks is helping clients to make the most of the value of AI and meet their business goals, all while achieving governance compliance at a much reduced cost.
“The fact is that AI governance and data sovereignty is one of the few domains where an organisation can not only achieve compliance, manage risks and control, and maintain competitive advantage – but it can also save costs,” he says.
“Thanks to open source infrastructure software and sovereign OVHcloud hardware, AI applications can be developed and deployed in a much more affordable way.”
Positive takeaways
There are other upsides for businesses to take on board with new AI regulations, too. By establishing clear rules and standards, the new regulations can help to create a level playing field for startups and large companies alike.
Startups can also protect themselves from liability in the event of a data breach or other AI-related incident by complying with the new regulations.
“All regulations exist to promote as well as protect – even if their primary function seems to be the latter,” says Sanesi. “Regulations like GDPR exist for a reason, and smart organisations will see this as an opportunity as much as an administrative burden.
“Being compliant and sovereign says to your customers that you respect their data, you handle it properly, and this builds the basis of trust.”
Sanesi notes that without trust, retaining customers is nearly impossible – adding that regulations create business opportunities for startups too. Where there is a regulation, he says, there is an opportunity to better serve customers.
“By providing a clear framework for AI development and deployment, the new regulations can help to promote innovation in this rapidly evolving field,” adds Van Bruggen.
“And by using sovereign cloud-based AI systems that use open source infrastructure software, organisations can effectively achieve great value from AI at a fraction of the cost that many of the public cloud infrastructure vendors would charge them.
“All of these effects demonstrate that regulations don’t just provide negative, but also positive incentives for its subjects.”
Staying on track
For startups, new regulations can feel overwhelming to process and difficult to adhere to on a tight budget with a small team. However, with the right planning, adherence can be simpler to implement.
“Regulation doesn’t happen overnight, and there are lengthy discussion and implementation windows that are there for a reason,” says Sanesi. “Policymakers understand that implementing change is hard, so there’s always time to adapt – but don’t leave it until the last minute.”
Here, Van Bruggen shares four tips on how to operate with the new AI governance and data sovereignty rules:
- Stay informed: Keep up-to-date on the latest regulatory developments in AI governance and data sovereignty.
- Conduct a risk assessment: Identify the potential risks associated with your AI activities and develop a plan to mitigate those risks.
- Implement a compliance programme: Develop and implement a compliance programme to ensure that your company complies with all applicable regulations.
- Compare the costs and benefits of cloud computing AI solutions to sovereign cloud-based solutions that use leverage open source software.
“Understanding the bigger picture of regulatory compliance can both make the administrative burden more palatable, but also help teams to realise the positive impacts,” concludes Sanesi.
“For example, a good approach to data sovereignty can make it quicker and easier to launch in certain markets because you’re already ‘compliant by default’.”
If you're building a successful, sustainable, innovative startup or scale-up, you can benefit from up to £100K in cloud credits with OVHcloud. Learn more about the program here.