According to a 2024 survey, 97% of US business leaders whose companies had invested in AI confirmed positive returns. A third of those with existing investments are planning to top that off with US $10 million or more this year.
While AI adoption is on a roll, public trust in the technology is declining rapidly amid rising threats such as phishing, deepfakes and ransomware. A global online survey of trust and credibility found that people’s trust in AI organizations fell eight percentage points between 2019 and 2024. In the United States, there was a precipitous fall — from 50% to 35% — signaling US consumers’ concerns around AI.
Regulators have responded to the growing perils of digitization by evolving compliance mandates to govern the use of data and digital technologies. For example, from 2023 to 2025, different administrations added the G7 AI Principles, the EU AI Act, new OECD AI Guidelines and an Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence in the US to the list of AI regulations. The US also has a separate law, namely the US IoT Cybersecurity Improvement Act of 2020, to address the security of specific types of IoT devices.
As products and services turn increasingly digital, industry standards are changing to align with the transformation. Think HIPAA, PCI DSS, ISO 27001 and the US National Institute of Standards and Technology (NIST) framework, which extended its scope of guidance from critical infrastructure to organizations of all sizes in 2024.
These entities are working toward essential goals, such as ensuring safety, protecting fundamental rights and promoting ethical development and use of digital technologies. However, amid a growing sprawl of regulations across sectors, it is becoming challenging for enterprises to remain compliant. Large organizations must continually perform compliance checks to meet requirements of mandates at significant cost. This task becomes harder when checks involve departments operating in silos.
With this, businesses must adopt technologies to innovate and stay relevant. By aligning technology and regulatory objectives, they can ensure that innovation and compliance do not work at cross-purposes. In addition, they should take a systematic approach to compliance by doing the following:
Reassessing existing compliance practices: Regular review of compliance measures, including data governance policies, access and security protocols and breach response mechanisms can help organizations identify any gaps and vulnerabilities, prioritize areas of maximum risk and proactively strengthen compliance processes.
Adopting robust information security: As data and data regulations proliferate, a solid information security management framework becomes essential for ensuring data security and privacy in line with regulations, such as GDPR, COPPA, HIPAA, SEC/FINRA and so on. Besides recommending policies, controls and best practices for mitigating various information security risks, a framework facilitates continuous improvement by guiding enterprises to periodically examine and update controls, thereby fostering a security culture.
Laying down data policies and procedures: Procedures and policies enforce compliance with evolving regulations by detailing the rules and responsibilities for collecting, storing, accessing or disposing of data. Involving stakeholders from different functions in policy formulation builds a compliance mindset among employees.
Implementing comprehensive data protection: Data protection measures, including data governance, mitigate digital transformation risks and improve compliance. While data governance stipulates the guidelines for handling data, data management covers the tools and steps required to implement governance across the enterprise. A privacy-by-design approach helps embed data privacy in systems right from the start, rather than bolting it on later (which is less effective).
Performing periodic internal data audits: Regular audits of data policies, practices and assets help organizations better understand their data and how it’s being used, as well as align data management practices with compliance expectations. Advantages include increase in customer trust, efficient data management and improvement in quality, and strengthening of the organizations’ security standing.
Compliance first approach: Enterprises have adopted mobile-first, cloud-first, secure-first and AI-first approaches for their enterprise architecture and business functions. The same needs to be extended by adding a compliance-first approach. Frameworks governing enterprise IT architecture should have compliance checklists.
The explosion in generative AI has brought ethical implications to the forefront, stressing the need for transparency, traceability, accountability, fairness and privacy in AI development. Responsible AI (RAI) combines technology and governance to help organizations pursue their AI ambitions without compromising customer interest or stakeholder trust. RAI emphasizes fairness in AI models to prevent the perpetuation of bias and demands accountability from organizations for AI usage. It addresses concerns around AI’s lack of transparency by providing insights into data inputs, algorithmic models and decision-making criteria. It also improves explainability and reproducibility, allowing organizations to use AI confidently and safeguard data privacy rights. However, organizations should always provide a human-in-the-loop on top of RAI governance to ensure complete compliance and trust.